Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/e1d9282c-1734-4426-ab04-111f2637372c.roa
File: e1d9282c-1734-4426-ab04-111f2637372c.roa (raw, json)
Hash identifier: /16lxnD/fzgOoAsFpoG+QuhSc7BNDLo2LD3xcC5miTo=
Subject key identifier: FD:60:EA:96:AB:D9:A1:5C:3A:91:9C:B2:39:66:A9:8D:32:8F:39:98
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 1BF3811554B6BD7142E26B431129C473AD7C3F5E
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/e1d9282c-1734-4426-ab04-111f2637372c.roa
Signing time: Fri 08 Aug 2025 00:40:51 +0000
ROA not before: Fri 08 Aug 2025 00:40:51 +0000
ROA not after: Fri 12 Sep 2025 23:59:59 +0000
asID: 16509
IP address blocks: 212.173.128.0/17 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 21 Aug 2025 08:01:00 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
1b:f3:81:15:54:b6:bd:71:42:e2:6b:43:11:29:c4:73:ad:7c:3f:5e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Aug 8 00:40:51 2025 GMT
Not After : Sep 12 23:59:59 2025 GMT
Subject: serialNumber=29ab9b6a2d6ecd427ba239e0432a0d0a0eea0a16e6bc91c5a0517f9ae6d36589, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ba:e0:81:00:eb:7c:bb:6e:1c:4f:ac:f5:ec:e0:
bd:1e:4e:59:6f:8b:e0:cd:d8:7f:13:bc:c8:0e:80:
7c:b5:c7:02:59:58:48:01:0e:5e:a5:64:6e:c8:7c:
b6:14:3f:ac:f7:ec:52:b6:e6:4f:bd:39:76:cf:34:
90:e2:fa:a4:3f:3f:7f:07:c6:62:de:94:9b:fd:f7:
40:ca:32:63:5d:f6:e1:01:29:57:7f:6f:98:21:94:
ae:ca:af:06:fc:04:18:a1:dd:85:92:12:9d:b3:73:
12:e1:23:5b:c9:e9:08:b9:db:19:01:94:37:6a:c3:
25:54:27:cb:d3:b6:b7:21:33:ee:0b:ae:98:af:38:
2c:d9:81:a0:0a:48:80:7d:f5:a7:18:61:de:ad:21:
04:24:68:26:46:61:ff:be:ea:93:9a:97:6c:1a:50:
bf:2e:6d:e0:06:95:02:f7:64:79:86:50:da:26:3a:
58:01:57:1d:13:2d:d1:0e:92:fa:f9:85:cf:74:1e:
7b:c0:81:77:2d:15:23:3a:52:eb:b9:d5:21:f2:e5:
0d:1a:d8:19:04:d9:14:92:26:93:de:da:d4:7b:ad:
18:5a:0e:65:10:5f:20:ab:fd:3b:53:16:03:ae:2d:
b0:4c:76:3f:de:de:90:3d:c5:c3:d7:7c:59:da:9f:
f8:57
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FD:60:EA:96:AB:D9:A1:5C:3A:91:9C:B2:39:66:A9:8D:32:8F:39:98
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/e1d9282c-1734-4426-ab04-111f2637372c.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
212.173.128.0/17
Signature Algorithm: sha256WithRSAEncryption
9f:88:8c:52:39:96:91:0d:7e:c6:d0:41:77:0e:7a:e2:8a:01:
55:01:3d:e3:07:57:17:9d:9e:55:41:d7:89:2c:bc:84:d6:2f:
91:85:25:6f:5f:1e:78:d8:d8:90:e8:f5:8b:c7:b8:41:4e:de:
aa:01:fa:68:4b:7a:bf:c5:3b:f2:0b:ec:cc:b5:89:0c:11:27:
a6:57:51:e9:91:99:02:00:3d:46:07:a1:a4:fe:63:e4:2c:0b:
e9:2d:e3:bf:b4:c8:e8:25:58:a7:b8:c9:60:22:81:3a:d7:b2:
4e:c1:43:38:b9:95:8b:4c:7b:62:1d:90:0d:c8:98:49:86:d1:
de:41:cb:81:d0:04:ae:36:32:3a:ae:4f:01:8b:20:69:32:82:
64:61:cf:9e:31:67:49:de:3d:9e:c9:f6:ab:99:c3:f6:1d:6b:
0d:1a:66:e0:d5:20:2c:20:07:9f:00:54:08:52:70:47:d1:84:
c5:c1:a8:19:dc:fa:df:52:dd:89:48:5a:d9:94:7f:47:96:28:
4e:72:c1:2a:11:b8:4d:96:2d:e3:77:2f:91:26:69:24:dd:06:
8d:ee:97:47:42:dc:5b:67:35:90:6d:a4:9a:23:f6:e6:95:2f:
8b:8f:38:8c:af:42:af:0b:43:79:c8:2f:2e:d2:00:92:ef:8b:
40:2f:fd:16
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUG/OBFVS2vXFC4mtDESnEc618P14wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTA4MDgwMDQwNTFaFw0yNTA5MTIyMzU5NTlaMHoxSTBHBgNV
BAUTQDI5YWI5YjZhMmQ2ZWNkNDI3YmEyMzllMDQzMmEwZDBhMGVlYTBhMTZlNmJj
OTFjNWEwNTE3ZjlhZTZkMzY1ODkxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALrggQDrfLtuHE+s9ezgvR5OWW+L4M3YfxO8yA6AfLXHAllYSAEOXqVkbsh8
thQ/rPfsUrbmT705ds80kOL6pD8/fwfGYt6Um/33QMoyY1324QEpV39vmCGUrsqv
BvwEGKHdhZISnbNzEuEjW8npCLnbGQGUN2rDJVQny9O2tyEz7guumK84LNmBoApI
gH31pxhh3q0hBCRoJkZh/77qk5qXbBpQvy5t4AaVAvdkeYZQ2iY6WAFXHRMt0Q6S
+vmFz3Qee8CBdy0VIzpS67nVIfLlDRrYGQTZFJImk97a1HutGFoOZRBfIKv9O1MW
A64tsEx2P97ekD3Fw9d8Wdqf+FcCAwEAAaOCAiEwggIdMB0GA1UdDgQWBBT9YOqW
q9mhXDqRnLI5ZqmNMo85mDAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
ZTFkOTI4MmMtMTczNC00NDI2LWFiMDQtMTExZjI2MzczNzJjLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEB9StgDAN
BgkqhkiG9w0BAQsFAAOCAQEAn4iMUjmWkQ1+xtBBdw564ooBVQE94wdXF52eVUHX
iSy8hNYvkYUlb18eeNjYkOj1i8e4QU7eqgH6aEt6v8U78gvszLWJDBEnpldR6ZGZ
AgA9RgehpP5j5CwL6S3jv7TI6CVYp7jJYCKBOteyTsFDOLmVi0x7Yh2QDciYSYbR
3kHLgdAErjYyOq5PAYsgaTKCZGHPnjFnSd49nsn2q5nD9h1rDRpm4NUgLCAHnwBU
CFJwR9GExcGoGdz631LdiUha2ZR/R5YoTnLBKhG4TZYt43cvkSZpJN0Gje6XR0Lc
W2c1kG2kmiP25pUvi484jK9CrwtDecgvLtIAku+LQC/9Fg==
-----END CERTIFICATE-----
Generated at Wed Aug 20 10:40:14 2025 by rpki-client