Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/a03743d5-cfd6-4197-b45f-ad742e8f2a99.roa
File: a03743d5-cfd6-4197-b45f-ad742e8f2a99.roa (raw, json)
Hash identifier: +cJJIl1U41M/OoF7a3uxdjRkekiu+rrqjtcQplkm1hg=
Subject key identifier: B8:BC:4A:34:A8:23:1B:8E:0B:18:1E:02:F6:86:1F:26:52:0E:DC:BB
Certificate issuer: /CN=df759b5af3da6c9df033b0de998970a4e79655d0
Certificate serial: 445E09BDDD0B2BF20509DC1F35D35FA5F1A420B1
Authority key identifier: DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/a03743d5-cfd6-4197-b45f-ad742e8f2a99.roa
Signing time: Thu 13 Nov 2025 16:36:39 +0000
ROA not before: Thu 13 Nov 2025 16:36:39 +0000
ROA not after: Thu 18 Dec 2025 23:59:59 +0000
asID: 16509
IP address blocks: 51.72.0.0/15 maxlen: 15
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.mft
rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 18 Nov 2025 23:00:37 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
44:5e:09:bd:dd:0b:2b:f2:05:09:dc:1f:35:d3:5f:a5:f1:a4:20:b1
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=df759b5af3da6c9df033b0de998970a4e79655d0
Validity
Not Before: Nov 13 16:36:39 2025 GMT
Not After : Dec 18 23:59:59 2025 GMT
Subject: serialNumber=b535041f0e2b02e4d2f7d523a00890ed78b90850378f2d876aa0998d138f7a19, CN=98d67deb-bb75-4e77-b1a0-36016b2d6350
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e8:ab:31:22:dd:2b:1b:38:30:86:1f:1f:24:0b:
7c:f2:05:da:80:90:ee:cb:b8:e2:a9:6e:c2:77:94:
85:5a:3c:9d:56:01:f1:69:f2:24:19:70:8e:95:cc:
6b:42:c7:f5:e1:1b:7f:cc:1c:dd:e7:a6:24:a8:06:
d0:a1:09:59:ed:55:03:6f:77:6d:3b:d0:a2:64:e6:
73:49:f2:16:50:c3:22:94:17:0f:70:d1:d3:d7:4c:
ac:7f:0b:a6:7e:88:7e:03:7b:7c:6c:c9:df:b0:f8:
aa:49:b5:45:e5:b5:88:cd:ac:72:64:76:2f:18:ab:
40:4e:c9:39:18:30:f3:2f:92:cb:02:33:05:09:46:
69:3c:97:dd:6b:5a:63:35:37:08:98:f7:77:62:59:
c6:d7:d1:f2:08:67:13:77:a5:0b:bc:de:0b:89:36:
2f:ad:2e:c5:2d:7f:d6:ba:39:74:41:28:07:c7:5e:
99:22:de:82:f3:b2:75:76:1b:f4:c7:90:02:0c:d6:
d6:4a:87:f4:12:1f:dc:4d:a5:65:e2:b6:4a:d7:f4:
3e:3e:f5:b9:d2:95:b2:01:dc:8d:10:7c:0d:40:55:
e7:5e:aa:e2:65:14:79:dc:ea:7d:c5:40:43:f1:0f:
36:8d:b7:1f:ab:8b:b6:a1:aa:c2:a1:2c:5f:32:dd:
4d:47
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B8:BC:4A:34:A8:23:1B:8E:0B:18:1E:02:F6:86:1F:26:52:0E:DC:BB
X509v3 Authority Key Identifier:
keyid:DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/a03743d5-cfd6-4197-b45f-ad742e8f2a99.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
51.72.0.0/15
Signature Algorithm: sha256WithRSAEncryption
54:b6:1b:58:c7:e0:ae:a3:5c:44:64:42:ec:f5:ae:5c:a7:2f:
41:54:90:5f:be:17:10:68:1b:48:ae:33:a3:ea:d9:15:b8:d1:
85:11:29:ac:ca:4b:88:6c:c6:7d:cb:2b:c9:ac:51:3b:32:9d:
8a:ca:b0:96:93:8f:72:da:6f:76:8c:b4:a1:50:f1:9b:68:d9:
31:88:61:f4:ba:95:72:d4:31:66:ce:80:01:88:a6:c0:e3:a2:
7d:f1:ba:a2:06:b4:43:b4:9d:04:8f:f4:ea:cf:4a:99:ba:0a:
c0:2b:e7:3a:83:84:e4:8e:53:be:d8:d9:24:1b:2c:58:89:f9:
76:a5:e0:72:f0:d2:71:54:ae:38:5a:56:60:8a:2b:60:d6:f7:
ff:cc:11:dd:dd:91:ef:65:dd:06:3d:31:da:c1:89:48:ad:d2:
c8:1d:eb:8c:f2:a1:f7:69:ee:d8:d2:69:cf:18:11:78:2f:56:
3e:3a:97:f4:9e:df:17:ad:cd:89:24:df:ff:a9:9c:43:f7:3c:
4e:b6:4a:7d:09:d0:0d:29:80:d9:3f:55:b3:30:80:ae:d2:cb:
d8:f5:ad:3f:55:c9:3f:46:f1:ab:63:8d:c1:ae:30:e9:53:aa:
16:82:a5:7b:09:6e:87:55:d1:40:0a:b6:49:9f:51:26:12:34:
3b:9d:e4:61
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIURF4Jvd0LK/IFCdwfNdNfpfGkILEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGY3NTliNWFmM2RhNmM5ZGYwMzNiMGRlOTk4OTcwYTRl
Nzk2NTVkMDAeFw0yNTExMTMxNjM2MzlaFw0yNTEyMTgyMzU5NTlaMHoxSTBHBgNV
BAUTQGI1MzUwNDFmMGUyYjAyZTRkMmY3ZDUyM2EwMDg5MGVkNzhiOTA4NTAzNzhm
MmQ4NzZhYTA5OThkMTM4ZjdhMTkxLTArBgNVBAMTJDk4ZDY3ZGViLWJiNzUtNGU3
Ny1iMWEwLTM2MDE2YjJkNjM1MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAOirMSLdKxs4MIYfHyQLfPIF2oCQ7su44qluwneUhVo8nVYB8WnyJBlwjpXM
a0LH9eEbf8wc3eemJKgG0KEJWe1VA293bTvQomTmc0nyFlDDIpQXD3DR09dMrH8L
pn6IfgN7fGzJ37D4qkm1ReW1iM2scmR2LxirQE7JORgw8y+SywIzBQlGaTyX3Wta
YzU3CJj3d2JZxtfR8ghnE3elC7zeC4k2L60uxS1/1ro5dEEoB8demSLegvOydXYb
9MeQAgzW1kqH9BIf3E2lZeK2Stf0Pj71udKVsgHcjRB8DUBV516q4mUUedzqfcVA
Q/EPNo23H6uLtqGqwqEsXzLdTUcCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBS4vEo0
qCMbjgsYHgL2hh8mUg7cuzAfBgNVHSMEGDAWgBTfdZta89psnfAzsN6ZiXCk55ZV
0DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzMzV2JXdlBh
Ykozd003RGVtWWx3cE9lV1ZkQS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9mZTM3MzdmYi0wOTVkLTQ0NGMtOTJmNC0zZjcyMjFmYjU0NGMv
YTAzNzQzZDUtY2ZkNi00MTk3LWI0NWYtYWQ3NDJlOGYyYTk5LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZmUzNzM3ZmItMDk1ZC00NDRjLTkyZjQtM2Y3MjIxZmI1
NDRjLzBYRTV0WlZ5dUdlYUFfaDctMXFCcDdhWTRTby5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDATNIMA0G
CSqGSIb3DQEBCwUAA4IBAQBUthtYx+Cuo1xEZELs9a5cpy9BVJBfvhcQaBtIrjOj
6tkVuNGFESmsykuIbMZ9yyvJrFE7Mp2KyrCWk49y2m92jLShUPGbaNkxiGH0upVy
1DFmzoABiKbA46J98bqiBrRDtJ0Ej/Tqz0qZugrAK+c6g4TkjlO+2NkkGyxYifl2
peBy8NJxVK44WlZgiitg1vf/zBHd3ZHvZd0GPTHawYlIrdLIHeuM8qH3ae7Y0mnP
GBF4L1Y+Opf0nt8Xrc2JJN//qZxD9zxOtkp9CdANKYDZP1WzMICu0svY9a0/Vck/
RvGrY43BrjDpU6oWgqV7CW6HVdFACrZJn1EmEjQ7neRh
-----END CERTIFICATE-----
Generated at Tue Nov 18 07:59:11 2025 by rpki-client