Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/ecfa3c13-cba9-4529-84cf-7b6bf8e5cd4a.roa
File: ecfa3c13-cba9-4529-84cf-7b6bf8e5cd4a.roa (raw, json)
Hash identifier: am8ZzWKU+w421fjWgxZMGzZhBew4Jt8vktqKsBJmGfA=
Subject key identifier: B8:00:63:5F:56:73:AE:C7:7E:19:FC:C0:2B:D8:3F:C7:0C:01:F2:F3
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 288FA829A6C11ADE7D820CCC558947A8A458A2B8
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/ecfa3c13-cba9-4529-84cf-7b6bf8e5cd4a.roa
Signing time: Tue 21 Oct 2025 14:50:06 +0000
ROA not before: Tue 21 Oct 2025 14:50:06 +0000
ROA not after: Tue 25 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 51.200.0.0/15 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 06 Nov 2025 12:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
28:8f:a8:29:a6:c1:1a:de:7d:82:0c:cc:55:89:47:a8:a4:58:a2:b8
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Oct 21 14:50:06 2025 GMT
Not After : Nov 25 23:59:59 2025 GMT
Subject: serialNumber=c9378d4df3bf8864bd7bc150463c7dd7d9dee34c685264c3d30be86156cc58da, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c7:d2:d3:0f:60:89:64:7f:84:ad:ba:5c:b4:da:
3d:a0:13:59:24:eb:a6:67:16:40:7d:77:ea:b0:00:
d9:df:40:b2:5e:fe:6c:bb:c2:56:10:46:41:56:7f:
7d:96:67:c8:e6:b5:9c:79:98:4a:d8:26:26:e7:9f:
5a:94:47:4c:c2:35:54:05:e3:70:1b:29:ff:30:ca:
d6:86:38:49:3c:15:fd:6f:33:e9:a7:52:cb:f3:b7:
66:59:c5:de:f7:ab:02:54:35:95:76:c1:3f:17:d5:
10:8a:49:e7:a2:cf:9e:c5:62:0a:3d:08:29:3f:7e:
b7:a8:75:1c:eb:d1:a4:2e:30:4e:92:56:b8:25:4a:
e7:92:4c:8a:64:8e:25:74:c9:e3:1f:0b:8c:45:5d:
fb:1b:8a:09:85:a7:54:be:c6:a7:42:1a:4f:f1:6e:
4b:46:dd:9c:97:31:88:e4:8d:24:53:83:cd:d7:46:
6f:f4:66:86:17:9f:b3:84:a4:8b:ff:ed:3a:62:37:
dc:e3:a9:a5:e4:ed:5e:8b:8f:e4:4f:b6:5f:d1:ec:
21:13:01:f6:17:f9:5a:b6:cc:c2:87:27:b1:a6:0c:
49:1a:69:b3:81:34:75:17:10:88:60:d2:fd:8d:b0:
6c:8f:da:b3:33:06:cb:f7:7d:30:70:5f:0b:c9:ec:
d2:f7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B8:00:63:5F:56:73:AE:C7:7E:19:FC:C0:2B:D8:3F:C7:0C:01:F2:F3
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/ecfa3c13-cba9-4529-84cf-7b6bf8e5cd4a.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
51.200.0.0/15
Signature Algorithm: sha256WithRSAEncryption
69:f0:f1:a8:a5:dc:31:fe:ce:24:bc:ba:1b:3a:74:29:b2:5b:
f0:c0:f7:2d:b5:ff:07:01:c0:24:cb:85:98:33:a3:f3:9b:5f:
b9:10:14:5a:b7:bf:98:32:98:70:1a:46:f5:6a:eb:2f:45:7e:
d4:12:dc:60:5e:52:c1:2e:90:ec:b9:3f:3e:66:d6:95:69:9d:
4a:5f:db:aa:24:34:85:68:72:4c:20:1a:fe:ea:c1:cf:81:87:
d5:2b:8e:2e:17:3f:33:77:77:96:d9:c2:de:62:c4:b7:ba:2a:
75:4b:68:69:00:80:c2:b2:2f:04:87:9b:db:2a:ac:84:01:64:
0e:f8:6f:ed:9a:83:99:42:85:a3:4b:70:12:00:85:ae:a9:c0:
40:7f:28:80:f1:3e:b5:7d:f8:52:fc:61:85:73:14:d5:92:55:
2f:ba:93:9c:bc:ae:0b:f1:af:68:48:46:48:38:35:66:c5:4d:
ba:05:35:6e:c9:d0:c5:d7:15:5b:b7:39:10:96:73:4e:4d:ae:
33:80:a3:c4:76:4f:66:12:44:9b:7e:0c:46:13:e8:da:0c:51:
5a:d8:f2:e4:c1:2f:32:94:23:a8:c6:91:3a:4d:7b:1e:3e:e6:
3b:9d:1e:6b:d4:64:26:17:de:8e:04:99:06:4f:e6:ce:ed:24:
1d:2f:9a:fa
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUKI+oKabBGt59ggzMVYlHqKRYorgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNTEwMjExNDUwMDZaFw0yNTExMjUyMzU5NTlaMHoxSTBHBgNV
BAUTQGM5Mzc4ZDRkZjNiZjg4NjRiZDdiYzE1MDQ2M2M3ZGQ3ZDlkZWUzNGM2ODUy
NjRjM2QzMGJlODYxNTZjYzU4ZGExLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMfS0w9giWR/hK26XLTaPaATWSTrpmcWQH136rAA2d9Asl7+bLvCVhBGQVZ/
fZZnyOa1nHmYStgmJuefWpRHTMI1VAXjcBsp/zDK1oY4STwV/W8z6adSy/O3ZlnF
3verAlQ1lXbBPxfVEIpJ56LPnsViCj0IKT9+t6h1HOvRpC4wTpJWuCVK55JMimSO
JXTJ4x8LjEVd+xuKCYWnVL7Gp0IaT/FuS0bdnJcxiOSNJFODzddGb/Rmhhefs4Sk
i//tOmI33OOppeTtXouP5E+2X9HsIRMB9hf5WrbMwocnsaYMSRpps4E0dRcQiGDS
/Y2wbI/aszMGy/d9MHBfC8ns0vcCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBS4AGNf
VnOux34Z/MAr2D/HDAHy8zAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
ZWNmYTNjMTMtY2JhOS00NTI5LTg0Y2YtN2I2YmY4ZTVjZDRhLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDATPIMA0G
CSqGSIb3DQEBCwUAA4IBAQBp8PGopdwx/s4kvLobOnQpslvwwPcttf8HAcAky4WY
M6Pzm1+5EBRat7+YMphwGkb1ausvRX7UEtxgXlLBLpDsuT8+ZtaVaZ1KX9uqJDSF
aHJMIBr+6sHPgYfVK44uFz8zd3eW2cLeYsS3uip1S2hpAIDCsi8Eh5vbKqyEAWQO
+G/tmoOZQoWjS3ASAIWuqcBAfyiA8T61ffhS/GGFcxTVklUvupOcvK4L8a9oSEZI
ODVmxU26BTVuydDF1xVbtzkQlnNOTa4zgKPEdk9mEkSbfgxGE+jaDFFa2PLkwS8y
lCOoxpE6TXsePuY7nR5r1GQmF96OBJkGT+bO7SQdL5r6
-----END CERTIFICATE-----
Generated at Wed Nov 5 14:06:33 2025 by rpki-client