Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/ecf71776-ef54-415b-8543-7ec55f9b1d9d.roa
File: ecf71776-ef54-415b-8543-7ec55f9b1d9d.roa (raw, json)
Hash identifier: bFnVyT0m8SFYIcXYSMzvjQHdPR8O+7C6zagBnyhxZBM=
Subject key identifier: 1D:65:AB:4C:7D:C7:DA:05:57:40:D8:C4:4D:44:57:9A:9D:53:B5:D8
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 6C7527DCEF7338F9C3A6525B638F081626566178
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/ecf71776-ef54-415b-8543-7ec55f9b1d9d.roa
Signing time: Fri 23 May 2025 00:51:08 +0000
ROA not before: Fri 23 May 2025 00:51:08 +0000
ROA not after: Fri 27 Jun 2025 23:59:59 +0000
asID: 16509
IP address blocks: 51.44.0.0/16 maxlen: 16
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 05 Jun 2025 00:00:17 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
6c:75:27:dc:ef:73:38:f9:c3:a6:52:5b:63:8f:08:16:26:56:61:78
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: May 23 00:51:08 2025 GMT
Not After : Jun 27 23:59:59 2025 GMT
Subject: serialNumber=1300f77f9966cda7cf68073c1578474709646d22335d63ce89a2585859fad919, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a9:a5:f7:46:22:09:eb:e5:bd:d2:29:a5:a1:31:
ad:25:fd:15:1f:ae:e3:d2:13:55:0c:62:a0:b6:b0:
c6:0c:b3:01:11:b1:49:5b:8b:15:b7:60:53:67:04:
6b:26:0d:83:db:0c:11:e6:02:22:d8:c7:f3:cc:0c:
8d:8f:00:c8:84:68:2d:a9:89:83:d1:09:04:bf:5f:
ff:50:3b:c2:20:d3:ec:58:86:d4:3c:bb:a2:2b:20:
2f:7b:b3:14:86:a2:82:13:33:d8:9c:72:4d:7e:c6:
b4:e5:d8:17:1a:6b:ba:24:48:4d:8b:96:bf:9f:85:
12:be:f6:76:ab:0c:3c:e0:1d:f6:f1:2e:42:67:b3:
69:34:d7:b7:d3:41:7b:cd:06:9b:02:0e:72:32:ee:
4b:22:3e:d4:b9:0b:9e:23:8d:a2:22:9d:44:95:a2:
f7:0a:93:77:21:df:21:1a:56:1d:2d:25:22:b3:8e:
ca:bf:08:5f:63:7a:4a:e1:b7:c3:4a:3b:83:cc:7f:
a6:1e:33:35:b3:c9:07:9d:b4:05:24:5c:7f:f0:67:
86:97:d0:0d:c4:5f:01:e3:0c:43:96:04:f8:42:4e:
19:6c:c9:aa:ad:cf:64:6b:09:53:c7:42:19:00:39:
23:3c:bd:a1:0e:e4:ed:2f:90:e5:7f:b6:07:c7:1d:
ec:77
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1D:65:AB:4C:7D:C7:DA:05:57:40:D8:C4:4D:44:57:9A:9D:53:B5:D8
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/ecf71776-ef54-415b-8543-7ec55f9b1d9d.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
51.44.0.0/16
Signature Algorithm: sha256WithRSAEncryption
5d:dd:d9:6a:59:53:5c:0a:f3:8e:06:bb:c2:ab:8e:5a:b8:07:
19:94:37:f6:07:b2:25:67:e4:1f:71:d7:02:20:ee:57:cb:63:
8b:39:a8:06:9f:d4:7b:14:98:23:65:b9:b2:4e:8a:73:5d:f5:
b4:d4:29:d1:ae:f1:16:dd:a4:b3:5d:22:e7:2f:66:81:92:e7:
44:6c:ce:ca:55:3b:8f:6f:b9:62:fb:83:4d:e7:3b:95:67:a6:
10:01:8a:aa:3d:6c:0f:06:2d:9d:b1:c8:a0:0e:6f:0f:11:fc:
17:2b:cd:26:49:f9:6e:ff:8a:a4:00:c0:ac:83:d8:62:c9:52:
99:d2:2b:05:91:c1:cf:a8:d3:92:86:78:47:42:84:6a:ed:cd:
b6:b4:20:8c:7c:ee:63:ef:b9:42:e2:28:99:41:61:f8:89:a2:
bd:54:65:9b:96:3f:79:b1:9e:eb:36:62:39:c3:fc:a0:5f:44:
61:c0:de:bf:ea:d6:12:cf:61:8f:63:a9:3e:24:c9:3c:4e:9e:
12:24:e2:3f:b9:bc:cc:9b:ae:e3:f8:60:41:3b:46:b3:4b:57:
b5:14:ba:b2:1d:0e:7d:69:3b:b0:64:f2:76:84:0f:e6:de:27:
26:a3:0d:24:42:a6:41:b8:ae:09:52:2b:61:9e:51:69:74:06:
bd:60:67:14
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUbHUn3O9zOPnDplJbY48IFiZWYXgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTA1MjMwMDUxMDhaFw0yNTA2MjcyMzU5NTlaMHoxSTBHBgNV
BAUTQDEzMDBmNzdmOTk2NmNkYTdjZjY4MDczYzE1Nzg0NzQ3MDk2NDZkMjIzMzVk
NjNjZTg5YTI1ODU4NTlmYWQ5MTkxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKml90YiCevlvdIppaExrSX9FR+u49ITVQxioLawxgyzARGxSVuLFbdgU2cE
ayYNg9sMEeYCItjH88wMjY8AyIRoLamJg9EJBL9f/1A7wiDT7FiG1Dy7oisgL3uz
FIaighMz2JxyTX7GtOXYFxpruiRITYuWv5+FEr72dqsMPOAd9vEuQmezaTTXt9NB
e80GmwIOcjLuSyI+1LkLniONoiKdRJWi9wqTdyHfIRpWHS0lIrOOyr8IX2N6SuG3
w0o7g8x/ph4zNbPJB520BSRcf/BnhpfQDcRfAeMMQ5YE+EJOGWzJqq3PZGsJU8dC
GQA5Izy9oQ7k7S+Q5X+2B8cd7HcCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBQdZatM
fcfaBVdA2MRNRFeanVO12DAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
ZWNmNzE3NzYtZWY1NC00MTViLTg1NDMtN2VjNTVmOWIxZDlkLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDADMsMA0G
CSqGSIb3DQEBCwUAA4IBAQBd3dlqWVNcCvOOBrvCq45auAcZlDf2B7IlZ+QfcdcC
IO5Xy2OLOagGn9R7FJgjZbmyTopzXfW01CnRrvEW3aSzXSLnL2aBkudEbM7KVTuP
b7li+4NN5zuVZ6YQAYqqPWwPBi2dscigDm8PEfwXK80mSflu/4qkAMCsg9hiyVKZ
0isFkcHPqNOShnhHQoRq7c22tCCMfO5j77lC4iiZQWH4iaK9VGWblj95sZ7rNmI5
w/ygX0RhwN6/6tYSz2GPY6k+JMk8Tp4SJOI/ubzMm67j+GBBO0azS1e1FLqyHQ59
aTuwZPJ2hA/m3icmow0kQqZBuK4JUithnlFpdAa9YGcU
-----END CERTIFICATE-----
Generated at Wed Jun 4 10:37:17 2025 by rpki-client