Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/ecf71776-ef54-415b-8543-7ec55f9b1d9d.roa
File: ecf71776-ef54-415b-8543-7ec55f9b1d9d.roa (raw, json)
Hash identifier: CkuEM0RXaALZAnNgkRfcpMRNMrwMlIAPgrGSguAARfQ=
Subject key identifier: D8:31:7A:AD:D3:3A:A8:FE:AC:C0:73:7F:12:8B:CA:47:91:31:5D:1D
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 2499D6D51BBEAE61D5403F76AB88CD2205AA4500
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/ecf71776-ef54-415b-8543-7ec55f9b1d9d.roa
Signing time: Fri 08 Aug 2025 00:40:14 +0000
ROA not before: Fri 08 Aug 2025 00:40:14 +0000
ROA not after: Fri 12 Sep 2025 23:59:59 +0000
asID: 16509
IP address blocks: 51.44.0.0/16 maxlen: 16
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 21 Aug 2025 08:01:00 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
24:99:d6:d5:1b:be:ae:61:d5:40:3f:76:ab:88:cd:22:05:aa:45:00
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Aug 8 00:40:14 2025 GMT
Not After : Sep 12 23:59:59 2025 GMT
Subject: serialNumber=ffa1008c35930722254e2963cf2e716d00fbc2cb4faeb5669977b551e48bd491, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f3:d5:bf:de:96:fc:78:d6:b0:36:ce:42:24:f8:
f9:c9:19:90:c3:06:f4:af:bb:d8:09:aa:11:ae:20:
0f:b5:8a:b5:e1:36:90:4e:f1:12:66:62:e4:6d:84:
dd:5a:16:d5:a5:eb:d8:70:73:da:7a:d0:ab:cb:f9:
09:07:f1:ad:af:03:13:b0:db:32:a4:77:f1:0d:8b:
78:5c:49:8b:97:fc:99:83:03:59:10:a1:d6:80:cf:
d4:da:a1:5e:e4:f9:e3:b6:da:0a:0a:06:9a:65:84:
54:6f:cc:9d:36:37:21:1b:66:56:bb:0c:57:22:7f:
50:69:ea:1d:8a:0c:71:d4:2b:2f:f1:bf:4f:21:dd:
93:62:41:93:9a:48:79:4f:c6:c7:e7:de:47:cc:fc:
16:e2:67:e9:04:7f:56:ae:90:22:fe:1e:55:06:e7:
1f:df:38:5f:13:b3:f6:1c:c5:48:66:48:e3:8a:a1:
c5:ff:31:10:2d:79:d8:40:93:47:fc:46:d0:93:5e:
cf:c1:b1:c9:e5:1e:55:ce:d1:45:40:7b:14:11:c1:
4e:79:e8:19:86:43:0b:1b:77:b7:bb:4b:a5:d0:a1:
d2:e0:87:df:80:28:8d:e4:c8:ce:3c:aa:71:1d:26:
8a:a6:78:ee:49:48:16:b3:06:93:d6:45:50:27:e7:
ee:79
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D8:31:7A:AD:D3:3A:A8:FE:AC:C0:73:7F:12:8B:CA:47:91:31:5D:1D
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/ecf71776-ef54-415b-8543-7ec55f9b1d9d.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
51.44.0.0/16
Signature Algorithm: sha256WithRSAEncryption
b3:04:de:3d:62:eb:9b:80:8d:70:f7:20:2b:37:d5:ef:b0:3f:
81:af:e2:9c:ae:8f:74:bd:4d:2d:a8:51:00:62:63:a1:49:89:
d7:c0:0b:50:17:93:bd:8a:e1:66:e6:6c:a4:ce:fe:97:c7:37:
c7:2f:05:a1:e4:99:15:92:8e:53:e8:bd:dc:e0:45:a4:89:9b:
93:df:fb:5a:f2:10:a9:01:f9:4f:f9:4c:fb:34:22:de:49:96:
e4:09:d3:b9:92:46:36:62:e8:44:66:d6:23:ae:6e:8a:e0:2c:
f2:07:a0:e8:86:87:84:d1:e1:8f:f0:76:3b:dd:f1:c9:88:0f:
f9:20:61:b7:b9:99:df:32:68:59:76:4b:02:19:96:72:65:47:
45:c7:23:3d:7f:ea:d0:5a:29:7d:cd:72:80:f4:5d:dd:e1:42:
b1:44:dd:83:6d:4b:5b:53:12:d7:80:37:15:7a:2a:ca:6e:c0:
a6:bc:7b:00:a4:7a:b8:e9:54:0b:6e:c5:73:20:b2:a4:f0:b3:
20:70:a9:09:d3:2d:8c:72:f0:9f:13:ea:37:04:66:9e:af:f5:
dd:0b:6a:ff:00:d9:af:b0:99:0d:c9:20:cf:cb:58:08:42:56:
89:70:0f:96:43:c0:2a:ba:51:bb:f3:b5:16:37:3b:0c:c5:bd:
0b:52:6d:1b
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUJJnW1Ru+rmHVQD92q4jNIgWqRQAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTA4MDgwMDQwMTRaFw0yNTA5MTIyMzU5NTlaMHoxSTBHBgNV
BAUTQGZmYTEwMDhjMzU5MzA3MjIyNTRlMjk2M2NmMmU3MTZkMDBmYmMyY2I0ZmFl
YjU2Njk5NzdiNTUxZTQ4YmQ0OTExLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAPPVv96W/HjWsDbOQiT4+ckZkMMG9K+72AmqEa4gD7WKteE2kE7xEmZi5G2E
3VoW1aXr2HBz2nrQq8v5CQfxra8DE7DbMqR38Q2LeFxJi5f8mYMDWRCh1oDP1Nqh
XuT547baCgoGmmWEVG/MnTY3IRtmVrsMVyJ/UGnqHYoMcdQrL/G/TyHdk2JBk5pI
eU/Gx+feR8z8FuJn6QR/Vq6QIv4eVQbnH984XxOz9hzFSGZI44qhxf8xEC152ECT
R/xG0JNez8GxyeUeVc7RRUB7FBHBTnnoGYZDCxt3t7tLpdCh0uCH34AojeTIzjyq
cR0miqZ47klIFrMGk9ZFUCfn7nkCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBTYMXqt
0zqo/qzAc38Si8pHkTFdHTAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
ZWNmNzE3NzYtZWY1NC00MTViLTg1NDMtN2VjNTVmOWIxZDlkLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDADMsMA0G
CSqGSIb3DQEBCwUAA4IBAQCzBN49YuubgI1w9yArN9XvsD+Br+Kcro90vU0tqFEA
YmOhSYnXwAtQF5O9iuFm5mykzv6XxzfHLwWh5JkVko5T6L3c4EWkiZuT3/ta8hCp
AflP+Uz7NCLeSZbkCdO5kkY2YuhEZtYjrm6K4CzyB6DohoeE0eGP8HY73fHJiA/5
IGG3uZnfMmhZdksCGZZyZUdFxyM9f+rQWil9zXKA9F3d4UKxRN2DbUtbUxLXgDcV
eirKbsCmvHsApHq46VQLbsVzILKk8LMgcKkJ0y2McvCfE+o3BGaer/XdC2r/ANmv
sJkNySDPy1gIQlaJcA+WQ8AqulG787UWNzsMxb0LUm0b
-----END CERTIFICATE-----
Generated at Wed Aug 20 10:42:26 2025 by rpki-client