Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/77c679c8-2cc0-4e9b-b3da-c3315ea2711c.roa
File: 77c679c8-2cc0-4e9b-b3da-c3315ea2711c.roa (raw, json)
Hash identifier: JEpTOk9Wba2lZlZirHHajcANO2b2639XONigLMydCNs=
Subject key identifier: 6B:78:C2:DB:0D:2A:CB:A3:27:4E:7F:A8:86:D9:C7:E4:7E:9F:10:2B
Certificate issuer: /CN=df759b5af3da6c9df033b0de998970a4e79655d0
Certificate serial: 2C60862236B93CFB54197D373B6198F20715873D
Authority key identifier: DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/77c679c8-2cc0-4e9b-b3da-c3315ea2711c.roa
Signing time: Thu 13 Nov 2025 16:23:05 +0000
ROA not before: Thu 13 Nov 2025 16:23:05 +0000
ROA not after: Thu 18 Dec 2025 23:59:59 +0000
asID: 16509
IP address blocks: 51.0.140.0/23 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.mft
rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 18 Nov 2025 23:00:37 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
2c:60:86:22:36:b9:3c:fb:54:19:7d:37:3b:61:98:f2:07:15:87:3d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=df759b5af3da6c9df033b0de998970a4e79655d0
Validity
Not Before: Nov 13 16:23:05 2025 GMT
Not After : Dec 18 23:59:59 2025 GMT
Subject: serialNumber=b6988c66295f8d251c82077c104bb79eb640204894b9f18174b351602c88ac2f, CN=98d67deb-bb75-4e77-b1a0-36016b2d6350
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c9:8c:42:88:ea:27:45:aa:f4:1d:fc:a1:53:6d:
9c:98:5b:06:d0:39:e5:c9:62:4a:85:4d:16:34:b9:
73:40:51:49:6f:6d:68:2d:53:20:59:e5:30:c1:a3:
bc:0f:db:fc:e1:2e:90:8e:fd:21:dc:00:72:05:7a:
77:40:e6:5d:f4:9c:22:6e:37:cd:a5:b0:51:1c:3a:
22:63:ea:65:9d:37:a3:cd:07:ed:6e:94:a7:dd:86:
34:7a:3c:15:db:30:27:a1:a4:17:a9:e2:10:57:fc:
47:26:d2:38:b9:24:a4:7f:e9:3c:04:20:d5:a2:7d:
36:25:49:1d:a7:9b:33:a5:04:c9:4c:7e:c3:a9:6d:
21:b3:ec:63:57:7f:75:8d:bb:36:7a:a4:42:ea:07:
82:f4:1d:63:c6:81:95:bc:eb:c6:54:41:cd:ec:cc:
11:87:37:4d:13:78:d2:1a:df:c6:62:57:02:28:3d:
36:89:96:72:fc:2f:4a:de:70:31:b5:4a:40:7c:a1:
d5:62:ca:7b:f0:e3:ca:68:76:7f:b7:05:35:06:31:
56:d4:59:b5:f4:d0:01:11:04:6f:09:30:0e:d4:cd:
43:c6:01:8a:ec:0f:27:66:ff:1c:9a:db:ce:0b:a3:
2b:ac:a6:6b:11:53:59:69:a2:01:65:8f:93:9b:bf:
37:41
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6B:78:C2:DB:0D:2A:CB:A3:27:4E:7F:A8:86:D9:C7:E4:7E:9F:10:2B
X509v3 Authority Key Identifier:
keyid:DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/77c679c8-2cc0-4e9b-b3da-c3315ea2711c.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
51.0.140.0/23
Signature Algorithm: sha256WithRSAEncryption
1a:1e:c0:1e:e5:3d:bf:67:c8:1b:c5:26:4a:91:82:16:1e:99:
f0:0d:87:cf:e6:31:db:f4:4c:9e:15:2a:05:3b:88:7c:a9:61:
77:10:8b:06:8b:ad:a3:d4:c7:eb:bb:4e:e4:e9:0f:11:ea:ec:
df:70:e9:b5:ca:bd:30:1f:13:62:c3:2f:73:46:8b:48:af:ef:
22:05:12:c8:ac:ce:d6:f4:3d:08:21:2c:b7:b3:92:72:aa:0e:
38:3c:fc:89:47:20:33:11:82:c6:a0:be:99:dc:d9:4b:48:7c:
7c:03:9f:27:a9:e6:5c:a6:00:53:e6:cf:37:4f:3f:e4:b7:e4:
98:88:7c:d3:15:4d:25:c6:9c:89:49:61:2b:21:7e:8b:59:0e:
31:c3:1e:7f:09:f6:a7:d2:51:b5:18:a3:3f:ba:e3:ed:d6:01:
96:23:6b:4f:f1:fa:bf:0e:e5:e5:ad:55:09:08:eb:3f:2e:a9:
d8:ec:7c:8e:b0:bd:54:23:16:56:2e:ed:32:f3:d5:b1:48:82:
02:2e:a8:8a:d7:76:84:50:33:57:cc:4d:fe:e3:c7:24:dd:52:
77:ee:16:98:c4:e6:58:d1:9e:be:1c:4e:79:71:53:e4:a8:0b:
53:c3:84:3b:f8:b9:58:e8:0d:09:f3:87:46:dd:a9:63:b3:dd:
98:2a:10:76
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIULGCGIja5PPtUGX03O2GY8gcVhz0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGY3NTliNWFmM2RhNmM5ZGYwMzNiMGRlOTk4OTcwYTRl
Nzk2NTVkMDAeFw0yNTExMTMxNjIzMDVaFw0yNTEyMTgyMzU5NTlaMHoxSTBHBgNV
BAUTQGI2OTg4YzY2Mjk1ZjhkMjUxYzgyMDc3YzEwNGJiNzllYjY0MDIwNDg5NGI5
ZjE4MTc0YjM1MTYwMmM4OGFjMmYxLTArBgNVBAMTJDk4ZDY3ZGViLWJiNzUtNGU3
Ny1iMWEwLTM2MDE2YjJkNjM1MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMmMQojqJ0Wq9B38oVNtnJhbBtA55cliSoVNFjS5c0BRSW9taC1TIFnlMMGj
vA/b/OEukI79IdwAcgV6d0DmXfScIm43zaWwURw6ImPqZZ03o80H7W6Up92GNHo8
FdswJ6GkF6niEFf8RybSOLkkpH/pPAQg1aJ9NiVJHaebM6UEyUx+w6ltIbPsY1d/
dY27NnqkQuoHgvQdY8aBlbzrxlRBzezMEYc3TRN40hrfxmJXAig9NomWcvwvSt5w
MbVKQHyh1WLKe/Djymh2f7cFNQYxVtRZtfTQAREEbwkwDtTNQ8YBiuwPJ2b/HJrb
zgujK6ymaxFTWWmiAWWPk5u/N0ECAwEAAaOCAiEwggIdMB0GA1UdDgQWBBRreMLb
DSrLoydOf6iG2cfkfp8QKzAfBgNVHSMEGDAWgBTfdZta89psnfAzsN6ZiXCk55ZV
0DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzMzV2JXdlBh
Ykozd003RGVtWWx3cE9lV1ZkQS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9mZTM3MzdmYi0wOTVkLTQ0NGMtOTJmNC0zZjcyMjFmYjU0NGMv
NzdjNjc5YzgtMmNjMC00ZTliLWIzZGEtYzMzMTVlYTI3MTFjLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZmUzNzM3ZmItMDk1ZC00NDRjLTkyZjQtM2Y3MjIxZmI1
NDRjLzBYRTV0WlZ5dUdlYUFfaDctMXFCcDdhWTRTby5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEATMAjDAN
BgkqhkiG9w0BAQsFAAOCAQEAGh7AHuU9v2fIG8UmSpGCFh6Z8A2Hz+Yx2/RMnhUq
BTuIfKlhdxCLBouto9TH67tO5OkPEers33Dptcq9MB8TYsMvc0aLSK/vIgUSyKzO
1vQ9CCEst7OScqoOODz8iUcgMxGCxqC+mdzZS0h8fAOfJ6nmXKYAU+bPN08/5Lfk
mIh80xVNJcaciUlhKyF+i1kOMcMefwn2p9JRtRijP7rj7dYBliNrT/H6vw7l5a1V
CQjrPy6p2Ox8jrC9VCMWVi7tMvPVsUiCAi6oitd2hFAzV8xN/uPHJN1Sd+4WmMTm
WNGevhxOeXFT5KgLU8OEO/i5WOgNCfOHRt2pY7PdmCoQdg==
-----END CERTIFICATE-----
Generated at Tue Nov 18 07:59:07 2025 by rpki-client