Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/9fc884bc-2b9f-4180-a386-f94e759f70bf.roa
File: 9fc884bc-2b9f-4180-a386-f94e759f70bf.roa (raw, json)
Hash identifier: BnspwZZ6AjQR09AB7Dd8fDNOLJ2INNfmzwV8/Le8FBc=
Subject key identifier: 93:0B:10:DA:D1:06:2F:D8:D8:FB:8F:48:59:8A:DC:BF:A3:22:44:9B
Certificate issuer: /CN=df759b5af3da6c9df033b0de998970a4e79655d0
Certificate serial: 73C83FA2A3EF82FBE826D937CCC477B6E4A72F4F
Authority key identifier: DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/9fc884bc-2b9f-4180-a386-f94e759f70bf.roa
Signing time: Thu 13 Nov 2025 16:21:50 +0000
ROA not before: Thu 13 Nov 2025 16:21:50 +0000
ROA not after: Thu 18 Dec 2025 23:59:59 +0000
asID: 16509
IP address blocks: 51.0.31.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.mft
rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 18 Nov 2025 23:00:37 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
73:c8:3f:a2:a3:ef:82:fb:e8:26:d9:37:cc:c4:77:b6:e4:a7:2f:4f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=df759b5af3da6c9df033b0de998970a4e79655d0
Validity
Not Before: Nov 13 16:21:50 2025 GMT
Not After : Dec 18 23:59:59 2025 GMT
Subject: serialNumber=25de378fef3be29a3f285518e72da09c96ccf8915a54e93d5508972e1befd0cf, CN=98d67deb-bb75-4e77-b1a0-36016b2d6350
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c3:57:62:9f:8a:31:f0:e6:e2:86:52:80:10:90:
49:47:0f:38:ed:b5:1c:19:54:ad:b3:1d:fb:80:f3:
14:1c:a1:45:a4:eb:36:75:0c:a7:8e:34:41:36:b1:
6a:97:7b:5a:d1:21:e1:a8:df:79:55:1a:1c:7c:1e:
73:b4:8c:91:0b:d4:0c:ca:4a:e3:50:2a:fa:7e:ab:
00:c1:b1:aa:84:4a:0a:e8:32:3e:d9:8a:6f:0f:e6:
c1:e6:2d:29:4f:78:3a:17:b1:4c:08:1b:5f:b7:ba:
e8:e5:4c:af:0c:ca:2e:42:8b:6c:af:cf:bb:31:8d:
dc:db:02:95:57:db:af:18:cd:d6:66:c8:ff:88:4b:
d1:30:fa:9a:34:cf:41:46:12:76:cc:9a:df:e6:c5:
ed:26:1e:97:37:62:c7:3d:9c:09:09:c3:75:6e:48:
13:da:bb:47:c8:88:fa:ba:05:81:a5:3f:fc:da:38:
d5:82:67:56:fc:30:79:49:06:8f:20:fc:8b:59:8f:
bf:cd:b5:fa:a4:40:7a:9e:9b:ab:da:07:ed:a9:db:
b4:12:af:b8:f7:3b:a2:60:de:b3:45:4e:89:01:f9:
60:95:bf:59:fa:82:7b:24:00:f4:d4:98:71:cd:c4:
70:89:d6:bf:50:d4:e4:04:f4:7d:01:2e:7d:1a:ab:
4c:f9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
93:0B:10:DA:D1:06:2F:D8:D8:FB:8F:48:59:8A:DC:BF:A3:22:44:9B
X509v3 Authority Key Identifier:
keyid:DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/9fc884bc-2b9f-4180-a386-f94e759f70bf.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
51.0.31.0/24
Signature Algorithm: sha256WithRSAEncryption
91:00:52:e5:ba:2f:40:9f:c1:e1:69:68:c8:d3:74:05:a6:72:
a8:fc:6b:e6:be:5e:ec:93:25:ee:08:17:1b:13:e9:a7:a6:80:
ef:e4:4a:e7:31:e2:c8:c1:ce:27:e6:33:22:cd:7a:23:53:c4:
03:6a:78:e4:65:5b:b9:76:5e:65:e2:64:d7:a5:8d:89:e0:39:
5f:71:1a:b7:d6:8e:56:55:7e:4d:05:2b:d4:c2:c4:67:f7:9d:
a1:e7:a6:4d:08:f6:b2:48:36:ab:ad:f2:bc:8a:b1:ed:dc:b3:
81:0c:eb:54:98:e2:ac:3c:ed:cd:2a:e7:46:91:3e:26:64:49:
92:14:29:a6:71:81:24:42:b4:05:eb:29:ff:02:eb:a8:00:e3:
70:c2:c8:de:3b:fb:d8:f0:8e:3d:c3:15:7d:29:e4:78:a5:09:
86:40:98:47:cc:d2:79:9a:54:40:10:03:b1:e6:c1:7b:73:e1:
fa:2f:e4:61:2f:f5:98:28:11:40:67:89:b0:0c:97:0f:76:52:
b1:02:38:e9:f3:ce:5d:55:6b:bb:1f:a2:b4:0b:ea:ff:e4:da:
07:a3:1b:4d:7b:91:7d:85:51:9b:8c:34:52:07:e2:62:b7:01:
e0:f2:3a:d4:9a:59:fd:e4:01:fd:c7:da:4f:ed:c2:6f:40:e8:
4c:75:dd:f5
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUc8g/oqPvgvvoJtk3zMR3tuSnL08wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGY3NTliNWFmM2RhNmM5ZGYwMzNiMGRlOTk4OTcwYTRl
Nzk2NTVkMDAeFw0yNTExMTMxNjIxNTBaFw0yNTEyMTgyMzU5NTlaMHoxSTBHBgNV
BAUTQDI1ZGUzNzhmZWYzYmUyOWEzZjI4NTUxOGU3MmRhMDljOTZjY2Y4OTE1YTU0
ZTkzZDU1MDg5NzJlMWJlZmQwY2YxLTArBgNVBAMTJDk4ZDY3ZGViLWJiNzUtNGU3
Ny1iMWEwLTM2MDE2YjJkNjM1MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMNXYp+KMfDm4oZSgBCQSUcPOO21HBlUrbMd+4DzFByhRaTrNnUMp440QTax
apd7WtEh4ajfeVUaHHwec7SMkQvUDMpK41Aq+n6rAMGxqoRKCugyPtmKbw/mweYt
KU94OhexTAgbX7e66OVMrwzKLkKLbK/PuzGN3NsClVfbrxjN1mbI/4hL0TD6mjTP
QUYSdsya3+bF7SYelzdixz2cCQnDdW5IE9q7R8iI+roFgaU//No41YJnVvwweUkG
jyD8i1mPv821+qRAep6bq9oH7anbtBKvuPc7omDes0VOiQH5YJW/WfqCeyQA9NSY
cc3EcInWv1DU5AT0fQEufRqrTPkCAwEAAaOCAiEwggIdMB0GA1UdDgQWBBSTCxDa
0QYv2Nj7j0hZity/oyJEmzAfBgNVHSMEGDAWgBTfdZta89psnfAzsN6ZiXCk55ZV
0DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzMzV2JXdlBh
Ykozd003RGVtWWx3cE9lV1ZkQS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9mZTM3MzdmYi0wOTVkLTQ0NGMtOTJmNC0zZjcyMjFmYjU0NGMv
OWZjODg0YmMtMmI5Zi00MTgwLWEzODYtZjk0ZTc1OWY3MGJmLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZmUzNzM3ZmItMDk1ZC00NDRjLTkyZjQtM2Y3MjIxZmI1
NDRjLzBYRTV0WlZ5dUdlYUFfaDctMXFCcDdhWTRTby5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEADMAHzAN
BgkqhkiG9w0BAQsFAAOCAQEAkQBS5bovQJ/B4WloyNN0BaZyqPxr5r5e7JMl7ggX
GxPpp6aA7+RK5zHiyMHOJ+YzIs16I1PEA2p45GVbuXZeZeJk16WNieA5X3Eat9aO
VlV+TQUr1MLEZ/edoeemTQj2skg2q63yvIqx7dyzgQzrVJjirDztzSrnRpE+JmRJ
khQppnGBJEK0Besp/wLrqADjcMLI3jv72PCOPcMVfSnkeKUJhkCYR8zSeZpUQBAD
sebBe3Ph+i/kYS/1mCgRQGeJsAyXD3ZSsQI46fPOXVVrux+itAvq/+TaB6MbTXuR
fYVRm4w0UgfiYrcB4PI61JpZ/eQB/cfaT+3Cb0DoTHXd9Q==
-----END CERTIFICATE-----
Generated at Tue Nov 18 07:59:06 2025 by rpki-client