Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/ecf71776-ef54-415b-8543-7ec55f9b1d9d.roa
File: ecf71776-ef54-415b-8543-7ec55f9b1d9d.roa (raw, json)
Hash identifier: iIoYjZa/if0iA6LNqEIJyIphLEX3aD5vBR/WbWyi+Z0=
Subject key identifier: FA:1C:16:D6:7F:7E:7E:71:0B:64:E1:94:E3:9A:ED:AD:AB:F4:1A:FF
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 7418B75BD0B7F7F7F5B5BC325EA72E3683724551
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/ecf71776-ef54-415b-8543-7ec55f9b1d9d.roa
Signing time: Mon 29 Sep 2025 15:40:11 +0000
ROA not before: Mon 29 Sep 2025 15:40:11 +0000
ROA not after: Mon 03 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 51.44.0.0/16 maxlen: 16
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 21 Oct 2025 09:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
74:18:b7:5b:d0:b7:f7:f7:f5:b5:bc:32:5e:a7:2e:36:83:72:45:51
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Sep 29 15:40:11 2025 GMT
Not After : Nov 3 23:59:59 2025 GMT
Subject: serialNumber=fa33ce09589f3ff11081cf510c0913c979eac765f8662deff16a07de9be6cd4c, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b9:4c:06:01:fb:cb:38:ce:57:94:f2:ab:a9:e4:
b5:35:68:09:78:fb:79:d9:f4:c9:3c:18:ca:9c:ee:
b8:e0:c1:07:3a:55:d3:41:8f:ed:57:4d:1d:38:dc:
79:d3:91:c4:fe:76:cc:59:8e:c8:8d:68:a7:3d:2e:
f1:48:07:10:52:4e:8a:75:17:8b:27:d3:6b:34:b8:
eb:ed:93:0a:0a:28:fd:64:f3:28:e0:36:a9:d6:8a:
21:7c:54:66:60:e0:d5:60:b1:48:4c:fa:97:1b:c3:
c4:5a:40:b7:73:bb:89:0f:51:26:8f:f8:0b:4e:96:
37:4b:68:dd:55:fd:a2:20:14:0a:61:cd:cb:57:64:
b2:3d:87:d5:0e:59:74:01:4c:d2:23:c4:97:a0:fd:
9e:23:ce:bb:38:c8:c6:8b:13:44:a6:f2:f5:4c:ab:
61:d2:52:41:7d:1c:f5:b4:91:e5:03:07:57:69:c4:
74:3f:68:09:e3:18:a4:fa:4a:5b:3f:c3:3d:5c:a5:
2a:d4:9a:e5:e4:8d:53:2d:75:7a:57:b5:47:ee:7e:
4d:f8:86:40:e7:e8:8d:70:43:44:4d:60:64:71:0b:
d7:37:f3:fd:44:b4:d5:7a:57:4e:37:5d:b5:1a:74:
81:7f:cf:ab:02:24:25:b6:9e:01:ff:00:b0:d0:9b:
68:5d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FA:1C:16:D6:7F:7E:7E:71:0B:64:E1:94:E3:9A:ED:AD:AB:F4:1A:FF
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/ecf71776-ef54-415b-8543-7ec55f9b1d9d.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
51.44.0.0/16
Signature Algorithm: sha256WithRSAEncryption
77:bf:f9:81:c3:89:41:51:9b:20:0c:aa:ea:04:81:98:79:f1:
f7:d6:13:a5:77:3f:26:69:ac:d7:d9:9d:5b:e1:a7:ae:26:79:
c0:a6:17:f7:62:ee:42:c2:b0:a9:7f:a4:1a:9b:95:f5:b0:64:
da:e4:27:f4:3d:dc:47:af:07:34:10:11:f0:d6:23:3a:95:9f:
e5:56:5f:3f:8c:54:f3:8f:0f:7a:dc:25:09:63:0e:89:86:b5:
00:7a:ae:ec:39:99:75:68:5e:02:39:77:2f:b5:f7:94:37:ce:
83:b3:ad:40:4a:38:fe:e9:08:6c:9a:88:06:e0:e4:35:69:3b:
4f:50:49:11:f3:99:82:30:35:b5:4e:f8:a4:cb:c6:d5:63:f8:
69:77:d3:22:d0:91:15:11:a7:31:a2:aa:de:bb:54:8f:5b:33:
49:9f:29:ab:93:ca:a7:e1:dd:56:bc:4f:b7:46:70:70:de:96:
49:70:e0:b7:85:d6:51:0f:9c:9e:de:a6:70:c7:7d:4b:6d:62:
ca:95:8c:57:c0:c5:44:c1:3a:04:83:09:20:90:ed:c1:82:ac:
1d:8f:53:80:e8:81:6d:b6:69:46:50:65:f9:94:c4:ba:96:b2:
74:80:4a:93:6d:c2:9c:72:ca:0a:bb:93:64:af:06:97:43:95:
ef:2e:83:d7
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUdBi3W9C39/f1tbwyXqcuNoNyRVEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTA5MjkxNTQwMTFaFw0yNTExMDMyMzU5NTlaMHoxSTBHBgNV
BAUTQGZhMzNjZTA5NTg5ZjNmZjExMDgxY2Y1MTBjMDkxM2M5NzllYWM3NjVmODY2
MmRlZmYxNmEwN2RlOWJlNmNkNGMxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALlMBgH7yzjOV5Tyq6nktTVoCXj7edn0yTwYypzuuODBBzpV00GP7VdNHTjc
edORxP52zFmOyI1opz0u8UgHEFJOinUXiyfTazS46+2TCgoo/WTzKOA2qdaKIXxU
ZmDg1WCxSEz6lxvDxFpAt3O7iQ9RJo/4C06WN0to3VX9oiAUCmHNy1dksj2H1Q5Z
dAFM0iPEl6D9niPOuzjIxosTRKby9UyrYdJSQX0c9bSR5QMHV2nEdD9oCeMYpPpK
Wz/DPVylKtSa5eSNUy11ele1R+5+TfiGQOfojXBDRE1gZHEL1zfz/US01XpXTjdd
tRp0gX/PqwIkJbaeAf8AsNCbaF0CAwEAAaOCAiAwggIcMB0GA1UdDgQWBBT6HBbW
f35+cQtk4ZTjmu2tq/Qa/zAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
ZWNmNzE3NzYtZWY1NC00MTViLTg1NDMtN2VjNTVmOWIxZDlkLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDADMsMA0G
CSqGSIb3DQEBCwUAA4IBAQB3v/mBw4lBUZsgDKrqBIGYefH31hOldz8maazX2Z1b
4aeuJnnAphf3Yu5CwrCpf6Qam5X1sGTa5Cf0PdxHrwc0EBHw1iM6lZ/lVl8/jFTz
jw963CUJYw6JhrUAeq7sOZl1aF4COXcvtfeUN86Ds61ASjj+6QhsmogG4OQ1aTtP
UEkR85mCMDW1Tviky8bVY/hpd9Mi0JEVEacxoqreu1SPWzNJnymrk8qn4d1WvE+3
RnBw3pZJcOC3hdZRD5ye3qZwx31LbWLKlYxXwMVEwToEgwkgkO3Bgqwdj1OA6IFt
tmlGUGX5lMS6lrJ0gEqTbcKccsoKu5NkrwaXQ5XvLoPX
-----END CERTIFICATE-----
Generated at Mon Oct 20 13:52:56 2025 by rpki-client