Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/fc50f617-7597-4f4e-b8f6-87763b28caf0.roa
File: fc50f617-7597-4f4e-b8f6-87763b28caf0.roa (raw, json)
Hash identifier: 5oezud+E1J9Skle19filMY2zcPp7J1G1BIYK+THlWPM=
Subject key identifier: BF:52:34:02:7E:9A:BB:1B:97:BA:19:51:9E:29:37:60:58:61:4D:DE
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 0EDFD4DF732DFB3003749A94B5AADE031CC066EC
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/fc50f617-7597-4f4e-b8f6-87763b28caf0.roa
Signing time: Mon 01 Sep 2025 21:31:12 +0000
ROA not before: Mon 01 Sep 2025 21:31:12 +0000
ROA not after: Mon 06 Oct 2025 23:59:59 +0000
asID: 16509
IP address blocks: 51.121.0.0/16 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 18 Sep 2025 15:33:09 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
0e:df:d4:df:73:2d:fb:30:03:74:9a:94:b5:aa:de:03:1c:c0:66:ec
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Sep 1 21:31:12 2025 GMT
Not After : Oct 6 23:59:59 2025 GMT
Subject: serialNumber=60fb63d004d949bd8e945aeb561f35de10791be5b45a774a08e5c4d48362b7ab, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d1:07:c8:c1:ee:ac:ac:c9:52:9b:46:e7:b0:d4:
37:08:c2:8a:22:7d:c8:85:73:b8:3b:55:95:b7:a8:
50:00:a6:a0:f8:e2:ae:48:e1:4f:c5:8f:96:6d:b0:
a7:16:88:15:51:7a:0e:2f:89:fa:d8:9c:db:6e:67:
99:d4:de:6a:6c:f8:22:9c:de:2a:63:5f:7d:d7:ec:
0a:6b:00:60:fa:6a:55:c5:8d:2f:76:21:6c:f2:cc:
1a:90:0d:59:05:14:20:41:88:14:5b:c6:a8:f7:9d:
91:e6:8f:0f:f9:ea:2d:2a:46:55:42:92:e9:82:06:
11:d3:c9:5c:a0:b1:8c:dc:e1:8f:16:84:66:0b:b2:
80:7b:29:39:e0:52:29:75:0a:39:10:e9:f4:13:d9:
5f:47:6f:ce:ea:c9:87:68:9b:eb:51:fc:6d:b7:30:
b4:e7:1b:2a:49:d1:6f:59:c1:16:52:17:12:ce:14:
b6:e0:5b:a0:59:0b:57:f8:1c:4f:71:05:cd:02:53:
7b:5d:bc:f4:87:5d:0b:82:a6:6a:81:5c:6e:00:37:
f7:61:90:23:fc:6c:31:00:08:f3:c8:20:24:7f:0c:
f1:87:c2:de:c3:1d:a7:53:a7:e2:8e:10:e6:60:c8:
c6:2c:5e:b4:3c:9e:7f:a0:7b:a5:45:d9:be:21:8f:
c4:81
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BF:52:34:02:7E:9A:BB:1B:97:BA:19:51:9E:29:37:60:58:61:4D:DE
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/fc50f617-7597-4f4e-b8f6-87763b28caf0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
51.121.0.0/16
Signature Algorithm: sha256WithRSAEncryption
a7:db:35:77:b8:7c:6c:64:71:c7:1a:72:7a:38:25:0f:9c:1f:
da:c7:90:3f:e1:ce:fb:34:fc:65:34:43:81:49:53:bb:f2:c9:
0d:22:6b:71:ff:6c:39:a7:49:bc:fe:b8:db:d9:43:0b:e2:a1:
7a:dd:98:1a:c8:4d:6a:9f:58:71:e5:15:75:b5:24:54:db:a7:
50:bb:c0:1d:44:f8:41:61:73:3c:3e:6d:aa:4d:09:1e:46:a3:
dd:90:32:75:b7:8c:bd:4e:2d:b2:55:07:18:f2:4a:4c:5c:e6:
8c:d7:f0:48:a2:3e:68:2f:b9:d1:f0:a2:24:59:52:e3:d2:1a:
6b:be:5b:8e:0c:b7:5b:23:c3:64:b7:d8:e7:59:12:5c:e6:2f:
28:c3:9f:2e:c5:37:d4:d8:9e:97:0e:af:53:6c:6e:7a:38:24:
6a:ac:39:70:96:53:ca:01:d5:13:41:a1:a3:8a:be:64:9b:fb:
2d:4c:7d:5c:95:c0:d6:cf:3a:4b:c0:42:a1:dc:0c:da:d3:b6:
89:3d:59:2d:c6:3c:7c:de:72:c9:aa:bf:12:d3:04:a9:f5:d2:
2a:43:90:b4:b6:24:6d:16:a0:42:9b:bb:08:2f:bf:07:e2:dc:
12:33:ee:65:69:80:20:06:92:a1:2a:8e:1b:b6:4f:bb:9c:4f:
34:9f:15:71
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUDt/U33Mt+zADdJqUtareAxzAZuwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTA5MDEyMTMxMTJaFw0yNTEwMDYyMzU5NTlaMHoxSTBHBgNV
BAUTQDYwZmI2M2QwMDRkOTQ5YmQ4ZTk0NWFlYjU2MWYzNWRlMTA3OTFiZTViNDVh
Nzc0YTA4ZTVjNGQ0ODM2MmI3YWIxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANEHyMHurKzJUptG57DUNwjCiiJ9yIVzuDtVlbeoUACmoPjirkjhT8WPlm2w
pxaIFVF6Di+J+tic225nmdTeamz4IpzeKmNffdfsCmsAYPpqVcWNL3YhbPLMGpAN
WQUUIEGIFFvGqPedkeaPD/nqLSpGVUKS6YIGEdPJXKCxjNzhjxaEZguygHspOeBS
KXUKORDp9BPZX0dvzurJh2ib61H8bbcwtOcbKknRb1nBFlIXEs4UtuBboFkLV/gc
T3EFzQJTe1289IddC4KmaoFcbgA392GQI/xsMQAI88ggJH8M8YfC3sMdp1On4o4Q
5mDIxixetDyef6B7pUXZviGPxIECAwEAAaOCAiAwggIcMB0GA1UdDgQWBBS/UjQC
fpq7G5e6GVGeKTdgWGFN3jAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
ZmM1MGY2MTctNzU5Ny00ZjRlLWI4ZjYtODc3NjNiMjhjYWYwLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDADN5MA0G
CSqGSIb3DQEBCwUAA4IBAQCn2zV3uHxsZHHHGnJ6OCUPnB/ax5A/4c77NPxlNEOB
SVO78skNImtx/2w5p0m8/rjb2UML4qF63ZgayE1qn1hx5RV1tSRU26dQu8AdRPhB
YXM8Pm2qTQkeRqPdkDJ1t4y9Ti2yVQcY8kpMXOaM1/BIoj5oL7nR8KIkWVLj0hpr
vluODLdbI8Nkt9jnWRJc5i8ow58uxTfU2J6XDq9TbG56OCRqrDlwllPKAdUTQaGj
ir5km/stTH1clcDWzzpLwEKh3Aza07aJPVktxjx83nLJqr8S0wSp9dIqQ5C0tiRt
FqBCm7sIL78H4twSM+5laYAgBpKhKo4btk+7nE80nxVx
-----END CERTIFICATE-----
Generated at Wed Sep 17 21:49:49 2025 by rpki-client