Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/78f049e0-a9a9-4ac6-aeaf-9fde546d76b5.roa
File: 78f049e0-a9a9-4ac6-aeaf-9fde546d76b5.roa (raw, json)
Hash identifier: Uzdd4gR1R+G2rH1qrRGF1cvA1ZJvkzYqWkC7EkhxrGI=
Subject key identifier: C3:04:19:54:A9:D9:E7:47:24:1E:EE:DF:61:0B:9E:84:72:C1:00:8C
Certificate issuer: /CN=df759b5af3da6c9df033b0de998970a4e79655d0
Certificate serial: 218EE9348F0EE1A8ADD93B35C610B567D1B16595
Authority key identifier: DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/78f049e0-a9a9-4ac6-aeaf-9fde546d76b5.roa
Signing time: Thu 13 Nov 2025 16:23:05 +0000
ROA not before: Thu 13 Nov 2025 16:23:05 +0000
ROA not after: Thu 18 Dec 2025 23:59:59 +0000
asID: 16509
IP address blocks: 51.0.138.0/23 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.mft
rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 18 Nov 2025 23:00:37 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
21:8e:e9:34:8f:0e:e1:a8:ad:d9:3b:35:c6:10:b5:67:d1:b1:65:95
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=df759b5af3da6c9df033b0de998970a4e79655d0
Validity
Not Before: Nov 13 16:23:05 2025 GMT
Not After : Dec 18 23:59:59 2025 GMT
Subject: serialNumber=4942f700aa2f8b37ce49ce29c335a979584707a730e88ea445496cb0eb757cdb, CN=98d67deb-bb75-4e77-b1a0-36016b2d6350
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ba:59:8e:89:c0:11:f3:98:f7:3a:93:26:77:fc:
a6:b3:65:86:c2:a9:f3:02:80:c7:dc:93:5f:5b:15:
32:3d:1d:bc:02:3f:42:f9:8d:bd:f4:10:74:32:e7:
eb:5d:c5:a6:b9:51:f5:63:7e:40:58:e1:3f:71:aa:
ae:ad:ba:d3:21:2f:8b:66:54:42:cc:52:9f:01:8f:
81:8f:d2:f7:e1:c8:06:a5:40:fd:56:d6:49:7b:99:
a2:55:11:66:de:26:b0:84:7e:53:cc:d5:d6:64:e1:
5f:ce:07:d5:10:71:ee:13:ad:dd:71:7f:0b:de:f2:
81:64:af:c6:c5:68:d6:cc:5e:1f:ce:71:46:e8:35:
dd:12:5e:d9:7f:d9:2a:7c:c3:62:80:83:3c:18:d6:
79:b1:23:83:a3:5b:16:40:07:1f:6a:d2:67:4f:ff:
0e:02:3c:4b:1d:37:87:aa:7d:7a:f0:0a:44:ab:91:
2c:3a:27:d8:d5:a1:ec:68:c1:2f:1c:a6:db:69:d6:
7f:70:34:50:90:6e:32:c8:fa:f5:56:b8:d6:18:ec:
6b:c3:5a:18:18:71:47:e1:88:ea:46:0c:ad:71:74:
87:d2:28:ef:7e:6e:36:06:88:50:f0:90:70:18:f8:
76:12:57:b7:d0:51:e5:1c:f6:60:35:33:37:99:80:
74:55
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C3:04:19:54:A9:D9:E7:47:24:1E:EE:DF:61:0B:9E:84:72:C1:00:8C
X509v3 Authority Key Identifier:
keyid:DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/78f049e0-a9a9-4ac6-aeaf-9fde546d76b5.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
51.0.138.0/23
Signature Algorithm: sha256WithRSAEncryption
08:f0:3a:69:0f:00:d8:f7:ff:74:8a:11:8e:09:25:12:36:17:
34:ef:4b:1c:2f:1f:86:5d:c0:40:16:47:8e:14:9e:4e:5d:7e:
89:09:7f:8f:f4:5f:b6:e2:5f:85:9b:9e:3d:6b:3a:02:ad:ad:
2c:9a:7f:96:e0:9d:ac:30:1a:9b:da:06:f7:b7:0e:a8:e2:0f:
4d:25:0e:34:43:2a:e4:aa:e3:84:29:cc:2e:9d:60:1c:5e:fa:
b3:16:09:87:38:54:e4:d6:4c:6a:84:f8:76:74:de:a5:c2:1b:
37:96:25:1d:98:2c:c3:47:94:43:21:f1:34:47:55:b9:11:0e:
95:9f:01:63:79:9a:64:f1:75:88:be:6b:4c:f4:59:1a:4c:e7:
cb:ea:83:b1:8e:63:d5:ee:62:a0:b1:fb:7d:a3:f2:11:0c:2e:
32:2d:f6:fc:29:e1:c5:9d:57:90:b7:cb:6a:f6:05:f5:c3:ee:
9c:5d:6c:66:30:ff:6d:43:56:f0:00:d5:43:a7:11:20:0d:70:
48:39:e4:de:56:a3:d3:94:cd:c0:c9:ba:bd:21:98:7c:02:a2:
3f:28:f0:68:93:db:74:c3:3e:a1:f1:54:ad:71:3c:ac:8f:79:
af:8a:9f:54:dd:f3:bf:38:07:c1:a7:ad:c2:f6:e0:e2:0a:8c:
c0:b7:06:c4
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUIY7pNI8O4ait2Ts1xhC1Z9GxZZUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGY3NTliNWFmM2RhNmM5ZGYwMzNiMGRlOTk4OTcwYTRl
Nzk2NTVkMDAeFw0yNTExMTMxNjIzMDVaFw0yNTEyMTgyMzU5NTlaMHoxSTBHBgNV
BAUTQDQ5NDJmNzAwYWEyZjhiMzdjZTQ5Y2UyOWMzMzVhOTc5NTg0NzA3YTczMGU4
OGVhNDQ1NDk2Y2IwZWI3NTdjZGIxLTArBgNVBAMTJDk4ZDY3ZGViLWJiNzUtNGU3
Ny1iMWEwLTM2MDE2YjJkNjM1MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALpZjonAEfOY9zqTJnf8prNlhsKp8wKAx9yTX1sVMj0dvAI/QvmNvfQQdDLn
613FprlR9WN+QFjhP3Gqrq260yEvi2ZUQsxSnwGPgY/S9+HIBqVA/VbWSXuZolUR
Zt4msIR+U8zV1mThX84H1RBx7hOt3XF/C97ygWSvxsVo1sxeH85xRug13RJe2X/Z
KnzDYoCDPBjWebEjg6NbFkAHH2rSZ0//DgI8Sx03h6p9evAKRKuRLDon2NWh7GjB
Lxym22nWf3A0UJBuMsj69Va41hjsa8NaGBhxR+GI6kYMrXF0h9Io735uNgaIUPCQ
cBj4dhJXt9BR5Rz2YDUzN5mAdFUCAwEAAaOCAiEwggIdMB0GA1UdDgQWBBTDBBlU
qdnnRyQe7t9hC56EcsEAjDAfBgNVHSMEGDAWgBTfdZta89psnfAzsN6ZiXCk55ZV
0DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzMzV2JXdlBh
Ykozd003RGVtWWx3cE9lV1ZkQS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9mZTM3MzdmYi0wOTVkLTQ0NGMtOTJmNC0zZjcyMjFmYjU0NGMv
NzhmMDQ5ZTAtYTlhOS00YWM2LWFlYWYtOWZkZTU0NmQ3NmI1LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZmUzNzM3ZmItMDk1ZC00NDRjLTkyZjQtM2Y3MjIxZmI1
NDRjLzBYRTV0WlZ5dUdlYUFfaDctMXFCcDdhWTRTby5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEATMAijAN
BgkqhkiG9w0BAQsFAAOCAQEACPA6aQ8A2Pf/dIoRjgklEjYXNO9LHC8fhl3AQBZH
jhSeTl1+iQl/j/RftuJfhZuePWs6Aq2tLJp/luCdrDAam9oG97cOqOIPTSUONEMq
5KrjhCnMLp1gHF76sxYJhzhU5NZMaoT4dnTepcIbN5YlHZgsw0eUQyHxNEdVuREO
lZ8BY3maZPF1iL5rTPRZGkzny+qDsY5j1e5ioLH7faPyEQwuMi32/CnhxZ1XkLfL
avYF9cPunF1sZjD/bUNW8ADVQ6cRIA1wSDnk3laj05TNwMm6vSGYfAKiPyjwaJPb
dMM+ofFUrXE8rI95r4qfVN3zvzgHwaetwvbg4gqMwLcGxA==
-----END CERTIFICATE-----
Generated at Tue Nov 18 07:59:04 2025 by rpki-client