Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/80c8537f-f518-4230-9f14-470ee4d649e2.roa
File: 80c8537f-f518-4230-9f14-470ee4d649e2.roa (raw, json)
Hash identifier: zzn53IT3o6ZheGn2CnUbUF7LcmCvRZBYEbrVopK1Qag=
Subject key identifier: 21:C9:4B:16:D1:8D:49:F4:FC:C7:B9:B0:E0:B1:EA:E3:C0:7B:7A:AD
Certificate issuer: /CN=df759b5af3da6c9df033b0de998970a4e79655d0
Certificate serial: 42071BA2C48C59968D6E2C17E22F57CC369B4018
Authority key identifier: DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/80c8537f-f518-4230-9f14-470ee4d649e2.roa
Signing time: Thu 13 Nov 2025 16:23:04 +0000
ROA not before: Thu 13 Nov 2025 16:23:04 +0000
ROA not after: Thu 18 Dec 2025 23:59:59 +0000
asID: 16509
IP address blocks: 51.0.136.0/23 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.mft
rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 18 Nov 2025 23:00:37 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
42:07:1b:a2:c4:8c:59:96:8d:6e:2c:17:e2:2f:57:cc:36:9b:40:18
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=df759b5af3da6c9df033b0de998970a4e79655d0
Validity
Not Before: Nov 13 16:23:04 2025 GMT
Not After : Dec 18 23:59:59 2025 GMT
Subject: serialNumber=6152eb20b83232a67a9173fb0cf882cd06d3e522e510ec14cf58632b18092164, CN=98d67deb-bb75-4e77-b1a0-36016b2d6350
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:94:9c:06:57:e9:2c:3c:57:30:21:2a:cf:20:2e:
b7:12:cd:c9:ba:ab:26:b7:c0:ea:2c:9c:dc:4c:d3:
cb:3b:a3:48:ea:90:fe:eb:7a:92:f9:ad:76:13:a9:
6a:e6:79:9a:58:8b:27:4b:c1:e9:e7:e0:88:79:6e:
8d:fc:62:7c:58:32:49:36:f9:1b:2f:1a:c9:ce:25:
32:30:b7:e7:dc:cd:74:e2:bd:99:10:81:8b:e9:31:
ed:c2:84:f5:45:d4:7c:db:e8:be:91:45:6e:23:cf:
b2:84:6c:de:71:63:d5:fc:45:4d:a6:e8:d7:c0:07:
f6:e1:63:98:03:75:2e:70:d3:aa:79:2b:19:4c:74:
8b:e4:8f:52:94:37:42:52:a3:15:db:f5:c6:86:14:
dc:60:e6:10:71:c8:bd:2e:88:83:8f:5e:68:1f:90:
45:20:ee:58:c8:c4:42:7b:3b:e5:50:77:3f:1c:5b:
e8:3b:50:6a:a1:33:3d:d8:9e:b3:85:65:3c:eb:c9:
35:ce:f4:7f:a2:c6:90:7e:73:2c:a1:47:0f:2f:a1:
ea:eb:c0:50:04:63:89:05:3b:65:ca:7c:a3:fa:5a:
fe:69:3b:7e:3e:92:25:df:89:0c:5c:86:72:25:73:
6d:9e:45:a6:bc:78:ac:84:7a:95:6a:48:d5:de:1b:
aa:03
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
21:C9:4B:16:D1:8D:49:F4:FC:C7:B9:B0:E0:B1:EA:E3:C0:7B:7A:AD
X509v3 Authority Key Identifier:
keyid:DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/80c8537f-f518-4230-9f14-470ee4d649e2.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
51.0.136.0/23
Signature Algorithm: sha256WithRSAEncryption
29:01:21:81:53:c4:48:66:18:87:96:5b:b1:2d:51:e4:c8:13:
00:e4:46:64:58:7c:f9:76:66:90:b9:97:9b:bf:b1:bb:0d:5e:
96:63:20:29:17:f0:0b:f2:82:d4:31:44:83:89:34:9c:34:7a:
5a:a6:fe:6f:6b:f4:17:6a:ad:01:7e:89:76:d2:8d:ca:17:52:
ef:29:13:dd:45:4c:c3:3b:d3:34:8e:33:66:e9:88:57:7d:ef:
7a:3a:cb:70:fd:da:d4:9d:56:b8:15:1d:62:7e:07:be:7e:6f:
ea:54:3e:51:81:4a:83:ff:59:1c:98:83:44:02:37:ef:bb:bf:
98:31:83:31:02:f9:e2:e2:8a:5c:e0:83:f0:a7:bf:ad:43:87:
09:d2:1a:43:ed:4b:43:6e:ea:e3:5c:c8:ea:ee:34:31:a6:e9:
25:a3:3e:5e:18:2e:70:7d:9d:fc:da:90:72:7d:0c:c9:d6:dd:
56:4d:59:78:bb:fa:7d:14:eb:50:b2:72:25:b9:cc:03:2a:08:
ae:c1:3b:74:91:37:7d:37:24:98:87:07:4f:57:90:58:44:9d:
ee:ea:03:c1:df:16:0f:dc:0d:a9:ae:34:9f:85:fb:58:68:e8:
3b:b6:c4:6c:df:b0:79:9b:2a:3a:7d:b6:62:7d:31:95:48:29:
db:84:1c:f2
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUQgcbosSMWZaNbiwX4i9XzDabQBgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGY3NTliNWFmM2RhNmM5ZGYwMzNiMGRlOTk4OTcwYTRl
Nzk2NTVkMDAeFw0yNTExMTMxNjIzMDRaFw0yNTEyMTgyMzU5NTlaMHoxSTBHBgNV
BAUTQDYxNTJlYjIwYjgzMjMyYTY3YTkxNzNmYjBjZjg4MmNkMDZkM2U1MjJlNTEw
ZWMxNGNmNTg2MzJiMTgwOTIxNjQxLTArBgNVBAMTJDk4ZDY3ZGViLWJiNzUtNGU3
Ny1iMWEwLTM2MDE2YjJkNjM1MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJScBlfpLDxXMCEqzyAutxLNybqrJrfA6iyc3EzTyzujSOqQ/ut6kvmtdhOp
auZ5mliLJ0vB6efgiHlujfxifFgySTb5Gy8ayc4lMjC359zNdOK9mRCBi+kx7cKE
9UXUfNvovpFFbiPPsoRs3nFj1fxFTabo18AH9uFjmAN1LnDTqnkrGUx0i+SPUpQ3
QlKjFdv1xoYU3GDmEHHIvS6Ig49eaB+QRSDuWMjEQns75VB3Pxxb6DtQaqEzPdie
s4VlPOvJNc70f6LGkH5zLKFHDy+h6uvAUARjiQU7Zcp8o/pa/mk7fj6SJd+JDFyG
ciVzbZ5Fprx4rIR6lWpI1d4bqgMCAwEAAaOCAiEwggIdMB0GA1UdDgQWBBQhyUsW
0Y1J9PzHubDgserjwHt6rTAfBgNVHSMEGDAWgBTfdZta89psnfAzsN6ZiXCk55ZV
0DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzMzV2JXdlBh
Ykozd003RGVtWWx3cE9lV1ZkQS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9mZTM3MzdmYi0wOTVkLTQ0NGMtOTJmNC0zZjcyMjFmYjU0NGMv
ODBjODUzN2YtZjUxOC00MjMwLTlmMTQtNDcwZWU0ZDY0OWUyLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZmUzNzM3ZmItMDk1ZC00NDRjLTkyZjQtM2Y3MjIxZmI1
NDRjLzBYRTV0WlZ5dUdlYUFfaDctMXFCcDdhWTRTby5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEATMAiDAN
BgkqhkiG9w0BAQsFAAOCAQEAKQEhgVPESGYYh5ZbsS1R5MgTAORGZFh8+XZmkLmX
m7+xuw1elmMgKRfwC/KC1DFEg4k0nDR6Wqb+b2v0F2qtAX6JdtKNyhdS7ykT3UVM
wzvTNI4zZumIV33vejrLcP3a1J1WuBUdYn4Hvn5v6lQ+UYFKg/9ZHJiDRAI377u/
mDGDMQL54uKKXOCD8Ke/rUOHCdIaQ+1LQ27q41zI6u40MabpJaM+XhgucH2d/NqQ
cn0MydbdVk1ZeLv6fRTrULJyJbnMAyoIrsE7dJE3fTckmIcHT1eQWESd7uoDwd8W
D9wNqa40n4X7WGjoO7bEbN+weZsqOn22Yn0xlUgp24Qc8g==
-----END CERTIFICATE-----
Generated at Tue Nov 18 06:47:42 2025 by rpki-client