Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/ecfa3c13-cba9-4529-84cf-7b6bf8e5cd4a.roa
File: ecfa3c13-cba9-4529-84cf-7b6bf8e5cd4a.roa (raw, json)
Hash identifier: E4dbeL6o8FSe+YNDyyOmnQdZkM3kFlPPLWal8aD9CVE=
Subject key identifier: D9:47:9B:D3:CD:CA:02:8B:8B:FE:BA:C4:AF:39:78:98:B8:CE:1E:FD
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 719DAB2AE1CB5AA3A3E1F3485C40CDD4D5249029
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/ecfa3c13-cba9-4529-84cf-7b6bf8e5cd4a.roa
Signing time: Tue 05 Aug 2025 20:30:08 +0000
ROA not before: Tue 05 Aug 2025 20:30:08 +0000
ROA not after: Tue 09 Sep 2025 23:59:59 +0000
asID: 16509
IP address blocks: 51.200.0.0/15 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 21 Aug 2025 08:01:00 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
71:9d:ab:2a:e1:cb:5a:a3:a3:e1:f3:48:5c:40:cd:d4:d5:24:90:29
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Aug 5 20:30:08 2025 GMT
Not After : Sep 9 23:59:59 2025 GMT
Subject: serialNumber=a772453a0a1edad180122ebca105d2ff12bf1ae58ee3e310861f39c3fbe3346d, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a2:78:db:0f:e2:70:b2:92:3e:5d:19:e1:1b:86:
c1:d8:97:6c:13:22:c7:4f:a9:0b:64:b1:53:95:de:
23:eb:81:89:42:48:0f:65:df:d2:81:8e:e0:67:11:
2c:f7:e3:31:7e:08:1e:83:29:53:7e:a2:c2:a5:2d:
44:29:cd:98:74:d6:6a:08:9e:e7:65:6f:f5:03:89:
17:d6:b9:5b:e1:5d:1e:f8:54:9a:15:f9:45:44:28:
3b:39:64:fc:b1:65:c3:09:c0:06:dd:ed:00:2e:8e:
2c:e9:26:56:6e:7e:6e:40:ba:0f:a4:b7:47:09:61:
5b:fe:a3:73:3c:4c:ec:bb:aa:b4:bc:56:b0:8b:0b:
a3:d4:ca:68:7c:75:96:f7:d6:87:ce:51:60:d4:fa:
cd:8e:39:a1:94:d8:8b:9e:9f:7e:dc:05:6b:94:6e:
72:37:61:54:c9:b5:56:3a:11:52:33:b9:8e:65:64:
58:79:67:b5:ee:d1:39:a4:41:15:5f:5e:57:18:45:
51:9d:d8:a1:da:60:9d:f0:52:59:7b:d1:d6:3e:3c:
12:b0:c1:42:9c:c0:6b:ca:29:fb:42:87:36:4f:bf:
3a:36:e6:0b:f6:d4:09:78:ad:0a:f4:3c:4b:48:0b:
8e:b0:98:11:a4:e3:ac:6d:b4:f6:53:82:b1:d4:d5:
92:67
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D9:47:9B:D3:CD:CA:02:8B:8B:FE:BA:C4:AF:39:78:98:B8:CE:1E:FD
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/ecfa3c13-cba9-4529-84cf-7b6bf8e5cd4a.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
51.200.0.0/15
Signature Algorithm: sha256WithRSAEncryption
9c:8c:03:4c:1f:74:05:7e:a3:45:ff:e6:64:74:25:4d:fe:74:
45:9d:37:01:f4:ba:ee:49:05:31:35:f8:dc:d3:43:f5:84:92:
97:67:79:0e:71:37:c4:dd:94:41:14:0b:0f:15:ad:55:35:fc:
6a:f9:8c:ed:c6:dd:74:a9:c3:33:2a:9d:1a:43:2d:13:81:e4:
57:9a:f2:3c:2f:f2:b5:0d:ff:da:3e:32:55:16:b4:6b:6f:46:
08:fa:43:14:54:ed:0f:75:fe:67:e2:eb:64:3f:43:6f:eb:35:
e8:8b:94:d5:ab:66:de:66:7a:fa:53:b6:d8:ee:d6:47:57:37:
37:fe:d8:ff:0e:1c:4c:d4:49:0f:e4:39:25:3a:69:dc:5e:d1:
7f:35:42:de:db:1a:34:b1:62:94:58:4d:13:c9:26:7b:56:a6:
ef:89:f6:dc:48:e1:ac:af:05:44:c1:d2:6e:8a:6c:9a:f4:23:
6d:83:49:f1:ae:88:17:a2:c4:4f:71:3b:b4:c4:6e:e2:b6:48:
3c:22:27:d4:23:0f:73:e7:88:b1:7a:75:b4:c6:f3:d4:11:67:
05:73:0a:c1:5c:4b:35:f5:03:4f:2c:9e:68:f7:d2:3f:08:ed:
6f:f9:01:c6:51:fe:98:ed:56:1b:ff:6b:ac:77:7b:48:8b:f2:
49:53:63:01
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUcZ2rKuHLWqOj4fNIXEDN1NUkkCkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTA4MDUyMDMwMDhaFw0yNTA5MDkyMzU5NTlaMHoxSTBHBgNV
BAUTQGE3NzI0NTNhMGExZWRhZDE4MDEyMmViY2ExMDVkMmZmMTJiZjFhZTU4ZWUz
ZTMxMDg2MWYzOWMzZmJlMzM0NmQxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKJ42w/icLKSPl0Z4RuGwdiXbBMix0+pC2SxU5XeI+uBiUJID2Xf0oGO4GcR
LPfjMX4IHoMpU36iwqUtRCnNmHTWagie52Vv9QOJF9a5W+FdHvhUmhX5RUQoOzlk
/LFlwwnABt3tAC6OLOkmVm5+bkC6D6S3RwlhW/6jczxM7LuqtLxWsIsLo9TKaHx1
lvfWh85RYNT6zY45oZTYi56fftwFa5RucjdhVMm1VjoRUjO5jmVkWHlnte7ROaRB
FV9eVxhFUZ3YodpgnfBSWXvR1j48ErDBQpzAa8op+0KHNk+/OjbmC/bUCXitCvQ8
S0gLjrCYEaTjrG209lOCsdTVkmcCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBTZR5vT
zcoCi4v+usSvOXiYuM4e/TAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
ZWNmYTNjMTMtY2JhOS00NTI5LTg0Y2YtN2I2YmY4ZTVjZDRhLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDATPIMA0G
CSqGSIb3DQEBCwUAA4IBAQCcjANMH3QFfqNF/+ZkdCVN/nRFnTcB9LruSQUxNfjc
00P1hJKXZ3kOcTfE3ZRBFAsPFa1VNfxq+Yztxt10qcMzKp0aQy0TgeRXmvI8L/K1
Df/aPjJVFrRrb0YI+kMUVO0Pdf5n4utkP0Nv6zXoi5TVq2beZnr6U7bY7tZHVzc3
/tj/DhxM1EkP5DklOmncXtF/NULe2xo0sWKUWE0TySZ7VqbvifbcSOGsrwVEwdJu
imya9CNtg0nxrogXosRPcTu0xG7itkg8IifUIw9z54ixenW0xvPUEWcFcwrBXEs1
9QNPLJ5o99I/CO1v+QHGUf6Y7VYb/2usd3tIi/JJU2MB
-----END CERTIFICATE-----
Generated at Wed Aug 20 10:40:32 2025 by rpki-client