Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/970baa53-c4dc-4c2a-96d5-cb4107d1d8ab.roa
File: 970baa53-c4dc-4c2a-96d5-cb4107d1d8ab.roa (raw, json)
Hash identifier: t+4qzZOQO9cjqg3RiuyiQj4jLkm/A59woWY87FVJW0M=
Subject key identifier: 81:B4:E2:30:69:66:08:CE:B4:6D:D5:1B:21:46:1C:E5:5A:24:8E:14
Certificate issuer: /CN=df759b5af3da6c9df033b0de998970a4e79655d0
Certificate serial: 1CFD9066CF158BCF6B54C6C54CCA99DD68AF0E14
Authority key identifier: DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/970baa53-c4dc-4c2a-96d5-cb4107d1d8ab.roa
Signing time: Thu 13 Nov 2025 16:21:49 +0000
ROA not before: Thu 13 Nov 2025 16:21:49 +0000
ROA not after: Thu 18 Dec 2025 23:59:59 +0000
asID: 16509
IP address blocks: 51.0.16.0/21 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.mft
rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 18 Nov 2025 23:00:37 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
1c:fd:90:66:cf:15:8b:cf:6b:54:c6:c5:4c:ca:99:dd:68:af:0e:14
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=df759b5af3da6c9df033b0de998970a4e79655d0
Validity
Not Before: Nov 13 16:21:49 2025 GMT
Not After : Dec 18 23:59:59 2025 GMT
Subject: serialNumber=07db97c3d08ebceab925f4a970e4f06aa16f424a5164cc69b800753d55c6bb32, CN=98d67deb-bb75-4e77-b1a0-36016b2d6350
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b4:08:2c:10:c3:a2:9b:23:85:eb:14:a6:32:40:
76:ed:c9:80:e9:c4:7a:db:97:b7:c6:50:d7:23:f4:
6e:fa:3f:6f:54:99:f8:42:1b:04:cf:e3:f9:22:49:
8e:46:23:b0:1f:4c:4b:66:a3:ec:36:b7:89:92:cc:
c4:bc:7c:a9:48:96:7b:2a:01:a0:93:45:a1:c0:08:
51:c6:af:ef:b7:b2:38:24:a7:82:4f:80:e1:47:54:
8b:f4:7d:c5:db:81:20:84:f7:5c:c0:b1:12:e4:2a:
bc:c4:b8:36:e4:e4:70:99:ce:1f:c1:3a:79:54:b2:
b5:74:2a:99:dd:f2:d1:52:bd:11:00:53:33:67:97:
f4:16:7a:03:37:47:de:33:21:8e:31:e4:51:a8:39:
75:4e:4a:7c:9d:8e:be:de:96:70:97:e3:eb:f5:88:
8a:e5:9a:0b:a3:32:75:b0:ec:c7:2d:d0:cc:b2:c6:
78:a5:07:f8:f5:2a:de:65:d4:72:de:a5:07:cb:db:
69:bb:e1:37:36:80:e2:21:93:88:d9:49:28:a2:4c:
02:cb:f6:b0:e2:19:63:2d:6f:fe:fb:ac:18:9d:80:
96:3b:30:a7:7f:95:94:af:09:17:4e:cb:7a:6c:73:
d8:df:51:f2:83:2d:e9:61:bc:d4:47:a5:8d:1b:08:
3e:b5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
81:B4:E2:30:69:66:08:CE:B4:6D:D5:1B:21:46:1C:E5:5A:24:8E:14
X509v3 Authority Key Identifier:
keyid:DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/970baa53-c4dc-4c2a-96d5-cb4107d1d8ab.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
51.0.16.0/21
Signature Algorithm: sha256WithRSAEncryption
91:6d:d6:89:1c:29:cb:70:d6:d0:5d:8d:7a:e5:55:68:9d:69:
1d:c2:50:b7:47:24:eb:02:f6:4a:48:f1:75:22:24:9b:99:e7:
71:94:21:37:e8:5f:78:3c:7e:7a:e1:50:e9:7b:4e:39:a4:71:
5c:20:2f:3d:25:4e:15:70:b1:f1:1f:e6:8f:f3:e6:88:a2:23:
ff:ee:a2:45:6a:b9:b5:9b:bd:c3:ce:3a:06:c5:ef:06:0c:64:
86:5a:68:5f:32:85:66:1a:da:e2:dc:43:b2:2e:9e:cc:91:d9:
df:9d:07:ba:0f:86:a8:45:fe:57:12:62:96:30:69:1f:ef:7f:
83:1b:03:a8:57:85:1f:e8:78:31:5b:d3:e7:06:f9:95:57:cf:
b4:55:d2:e2:33:15:6c:0a:cc:4e:b7:2c:12:87:c1:ab:21:a2:
f7:9c:3a:53:84:d3:78:11:b6:3b:8e:34:0f:f2:95:05:5e:8a:
ee:a2:8e:63:8d:8a:ef:d8:c7:ae:43:24:5e:0b:51:be:33:2a:
51:66:25:86:3d:a5:32:01:82:fe:2d:1c:bc:dd:47:e2:3a:00:
ac:35:a9:1c:07:31:a4:2a:36:78:74:08:76:5d:19:68:53:83:
15:d9:fb:94:5a:fb:96:86:89:26:b8:3b:87:ee:53:90:c3:c3:
56:05:ba:06
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUHP2QZs8Vi89rVMbFTMqZ3WivDhQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGY3NTliNWFmM2RhNmM5ZGYwMzNiMGRlOTk4OTcwYTRl
Nzk2NTVkMDAeFw0yNTExMTMxNjIxNDlaFw0yNTEyMTgyMzU5NTlaMHoxSTBHBgNV
BAUTQDA3ZGI5N2MzZDA4ZWJjZWFiOTI1ZjRhOTcwZTRmMDZhYTE2ZjQyNGE1MTY0
Y2M2OWI4MDA3NTNkNTVjNmJiMzIxLTArBgNVBAMTJDk4ZDY3ZGViLWJiNzUtNGU3
Ny1iMWEwLTM2MDE2YjJkNjM1MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALQILBDDopsjhesUpjJAdu3JgOnEetuXt8ZQ1yP0bvo/b1SZ+EIbBM/j+SJJ
jkYjsB9MS2aj7Da3iZLMxLx8qUiWeyoBoJNFocAIUcav77eyOCSngk+A4UdUi/R9
xduBIIT3XMCxEuQqvMS4NuTkcJnOH8E6eVSytXQqmd3y0VK9EQBTM2eX9BZ6AzdH
3jMhjjHkUag5dU5KfJ2Ovt6WcJfj6/WIiuWaC6MydbDsxy3QzLLGeKUH+PUq3mXU
ct6lB8vbabvhNzaA4iGTiNlJKKJMAsv2sOIZYy1v/vusGJ2Aljswp3+VlK8JF07L
emxz2N9R8oMt6WG81EeljRsIPrUCAwEAAaOCAiEwggIdMB0GA1UdDgQWBBSBtOIw
aWYIzrRt1RshRhzlWiSOFDAfBgNVHSMEGDAWgBTfdZta89psnfAzsN6ZiXCk55ZV
0DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzMzV2JXdlBh
Ykozd003RGVtWWx3cE9lV1ZkQS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9mZTM3MzdmYi0wOTVkLTQ0NGMtOTJmNC0zZjcyMjFmYjU0NGMv
OTcwYmFhNTMtYzRkYy00YzJhLTk2ZDUtY2I0MTA3ZDFkOGFiLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZmUzNzM3ZmItMDk1ZC00NDRjLTkyZjQtM2Y3MjIxZmI1
NDRjLzBYRTV0WlZ5dUdlYUFfaDctMXFCcDdhWTRTby5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAzMAEDAN
BgkqhkiG9w0BAQsFAAOCAQEAkW3WiRwpy3DW0F2NeuVVaJ1pHcJQt0ck6wL2Skjx
dSIkm5nncZQhN+hfeDx+euFQ6XtOOaRxXCAvPSVOFXCx8R/mj/PmiKIj/+6iRWq5
tZu9w846BsXvBgxkhlpoXzKFZhra4txDsi6ezJHZ350Hug+GqEX+VxJiljBpH+9/
gxsDqFeFH+h4MVvT5wb5lVfPtFXS4jMVbArMTrcsEofBqyGi95w6U4TTeBG2O440
D/KVBV6K7qKOY42K79jHrkMkXgtRvjMqUWYlhj2lMgGC/i0cvN1H4joArDWpHAcx
pCo2eHQIdl0ZaFODFdn7lFr7loaJJrg7h+5TkMPDVgW6Bg==
-----END CERTIFICATE-----
Generated at Tue Nov 18 06:47:51 2025 by rpki-client