Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/caf04ce0-0dbd-43ea-843a-a139a615d156.roa
File: caf04ce0-0dbd-43ea-843a-a139a615d156.roa (raw, json)
Hash identifier: aAon/nRR4fRsA93ntKgNKoADz5OOiLIaykuvdvzjmNI=
Subject key identifier: 03:FB:A7:AE:22:F0:E7:DA:A2:94:44:80:99:78:C0:59:BC:2E:7D:99
Certificate issuer: /CN=df759b5af3da6c9df033b0de998970a4e79655d0
Certificate serial: 1A80AB6FB68B910114298662A75F833B54D7D461
Authority key identifier: DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/caf04ce0-0dbd-43ea-843a-a139a615d156.roa
Signing time: Thu 13 Nov 2025 16:21:50 +0000
ROA not before: Thu 13 Nov 2025 16:21:50 +0000
ROA not after: Thu 18 Dec 2025 23:59:59 +0000
asID: 16509
IP address blocks: 51.0.28.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.mft
rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 18 Nov 2025 23:00:37 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
1a:80:ab:6f:b6:8b:91:01:14:29:86:62:a7:5f:83:3b:54:d7:d4:61
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=df759b5af3da6c9df033b0de998970a4e79655d0
Validity
Not Before: Nov 13 16:21:50 2025 GMT
Not After : Dec 18 23:59:59 2025 GMT
Subject: serialNumber=319eb0c2f5d2bdf0525ee8e7f43d71768369d300fca85e1785c43de2001651ca, CN=98d67deb-bb75-4e77-b1a0-36016b2d6350
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ba:4c:65:78:8b:69:c8:3d:a6:c9:e4:86:e3:bd:
ba:85:33:9d:9e:56:da:80:bd:ea:42:6a:bb:bb:1f:
f6:9e:2f:84:dc:5d:57:91:e2:f6:23:3d:61:59:dc:
d8:f9:71:97:40:8d:d3:bd:89:ee:ee:47:b5:bd:c6:
82:bf:eb:f5:4f:9e:3c:f8:5a:54:5a:35:b7:54:43:
bf:f2:ad:6b:b5:cb:c6:dc:8c:c8:df:13:0e:78:93:
52:c6:7b:a5:6e:bf:c3:1a:43:c9:d7:8f:2f:0c:c0:
0f:c9:a8:80:7a:c1:c3:a7:18:fc:ec:fc:22:f1:ce:
1e:5b:2d:44:93:c0:6d:0e:3a:13:a2:8a:1a:87:7a:
9e:37:90:60:43:52:9c:e5:d0:9e:73:4d:c2:bf:86:
ba:75:98:da:df:6f:bd:88:e5:42:fd:90:66:48:0b:
63:d2:54:23:9c:0f:df:a8:ae:92:c9:d4:6a:50:38:
32:5d:86:e4:e5:65:86:14:ce:f8:36:1b:4b:8e:91:
3a:5b:6e:d0:4d:56:a7:c8:c4:4f:af:30:33:ea:94:
7b:3c:fe:2e:19:cc:dd:50:55:e3:2c:f4:0c:d7:49:
0d:79:b3:13:46:c0:fa:ab:70:a1:22:99:53:ff:6c:
8f:8c:a6:e4:75:67:e8:fc:6a:be:f3:80:12:b0:97:
f3:6b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
03:FB:A7:AE:22:F0:E7:DA:A2:94:44:80:99:78:C0:59:BC:2E:7D:99
X509v3 Authority Key Identifier:
keyid:DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/caf04ce0-0dbd-43ea-843a-a139a615d156.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
51.0.28.0/24
Signature Algorithm: sha256WithRSAEncryption
02:b2:5a:9e:d1:56:2c:2c:b0:28:b4:dd:6d:56:00:97:f6:8a:
f0:3d:54:31:b1:4c:7f:e9:86:4a:45:30:3d:fc:60:83:bb:99:
33:cd:0d:2b:be:8c:5e:8b:c6:af:40:e2:cc:00:7e:65:cf:4c:
6e:e6:1e:86:0b:d0:49:1c:c5:5b:d3:66:5f:d2:cc:ec:d7:68:
e1:19:c2:6d:71:29:b3:be:73:5d:46:7d:9b:84:9e:41:53:c4:
15:6c:35:b8:be:5f:b3:bc:17:30:24:3b:ff:d7:a1:0e:5c:12:
f4:ec:63:90:8b:5b:cd:8d:fd:a5:cc:e3:c8:2d:29:13:e4:b1:
50:3d:ee:b7:2d:bd:c1:97:e2:c8:c3:85:fa:47:db:fb:d1:4e:
55:5f:e6:1b:28:69:bb:3e:d1:be:f3:99:c0:5d:ac:d4:8a:bd:
8f:78:de:26:e7:63:25:34:65:24:80:82:eb:72:ba:c7:7d:13:
a6:9c:8d:c4:57:91:fc:1e:6b:be:92:59:89:b0:e3:48:49:58:
97:0b:05:9f:ae:a1:e5:af:70:b9:6d:3b:ef:b6:32:e3:41:61:
56:26:84:5e:f5:e5:b3:53:d6:40:17:73:18:4d:55:c8:c9:34:
73:e0:5c:92:d5:64:39:6f:ac:5e:d8:74:63:58:63:1e:cb:65:
49:12:dd:64
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUGoCrb7aLkQEUKYZip1+DO1TX1GEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGY3NTliNWFmM2RhNmM5ZGYwMzNiMGRlOTk4OTcwYTRl
Nzk2NTVkMDAeFw0yNTExMTMxNjIxNTBaFw0yNTEyMTgyMzU5NTlaMHoxSTBHBgNV
BAUTQDMxOWViMGMyZjVkMmJkZjA1MjVlZThlN2Y0M2Q3MTc2ODM2OWQzMDBmY2E4
NWUxNzg1YzQzZGUyMDAxNjUxY2ExLTArBgNVBAMTJDk4ZDY3ZGViLWJiNzUtNGU3
Ny1iMWEwLTM2MDE2YjJkNjM1MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALpMZXiLacg9psnkhuO9uoUznZ5W2oC96kJqu7sf9p4vhNxdV5Hi9iM9YVnc
2Plxl0CN072J7u5Htb3Ggr/r9U+ePPhaVFo1t1RDv/Kta7XLxtyMyN8TDniTUsZ7
pW6/wxpDydePLwzAD8mogHrBw6cY/Oz8IvHOHlstRJPAbQ46E6KKGod6njeQYENS
nOXQnnNNwr+GunWY2t9vvYjlQv2QZkgLY9JUI5wP36iuksnUalA4Ml2G5OVlhhTO
+DYbS46ROltu0E1Wp8jET68wM+qUezz+LhnM3VBV4yz0DNdJDXmzE0bA+qtwoSKZ
U/9sj4ym5HVn6PxqvvOAErCX82sCAwEAAaOCAiEwggIdMB0GA1UdDgQWBBQD+6eu
IvDn2qKURICZeMBZvC59mTAfBgNVHSMEGDAWgBTfdZta89psnfAzsN6ZiXCk55ZV
0DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzMzV2JXdlBh
Ykozd003RGVtWWx3cE9lV1ZkQS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9mZTM3MzdmYi0wOTVkLTQ0NGMtOTJmNC0zZjcyMjFmYjU0NGMv
Y2FmMDRjZTAtMGRiZC00M2VhLTg0M2EtYTEzOWE2MTVkMTU2LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZmUzNzM3ZmItMDk1ZC00NDRjLTkyZjQtM2Y3MjIxZmI1
NDRjLzBYRTV0WlZ5dUdlYUFfaDctMXFCcDdhWTRTby5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEADMAHDAN
BgkqhkiG9w0BAQsFAAOCAQEAArJantFWLCywKLTdbVYAl/aK8D1UMbFMf+mGSkUw
Pfxgg7uZM80NK76MXovGr0DizAB+Zc9MbuYehgvQSRzFW9NmX9LM7Ndo4RnCbXEp
s75zXUZ9m4SeQVPEFWw1uL5fs7wXMCQ7/9ehDlwS9OxjkItbzY39pczjyC0pE+Sx
UD3uty29wZfiyMOF+kfb+9FOVV/mGyhpuz7RvvOZwF2s1Iq9j3jeJudjJTRlJICC
63K6x30TppyNxFeR/B5rvpJZibDjSElYlwsFn66h5a9wuW0777Yy40FhViaEXvXl
s1PWQBdzGE1VyMk0c+BcktVkOW+sXth0Y1hjHstlSRLdZA==
-----END CERTIFICATE-----
Generated at Tue Nov 18 06:48:11 2025 by rpki-client