Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/d5f28959-e053-4dd5-9cd7-d519d57c2a0e.roa
File: d5f28959-e053-4dd5-9cd7-d519d57c2a0e.roa (raw, json)
Hash identifier: oa6yLPp96v1oVuaFeeHQsnER6m5lUnpm19Hj2C+qkXo=
Subject key identifier: 05:8E:60:E4:3A:64:C9:32:AF:27:5F:3E:8F:93:0E:0E:90:4C:76:A4
Certificate issuer: /CN=df759b5af3da6c9df033b0de998970a4e79655d0
Certificate serial: 579596D837B15EE9EA1AAB7E9ED76D780A4CD86E
Authority key identifier: DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/d5f28959-e053-4dd5-9cd7-d519d57c2a0e.roa
Signing time: Thu 13 Nov 2025 16:23:08 +0000
ROA not before: Thu 13 Nov 2025 16:23:08 +0000
ROA not after: Thu 18 Dec 2025 23:59:59 +0000
asID: 16509
IP address blocks: 51.0.136.0/21 maxlen: 21
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.mft
rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 18 Nov 2025 23:00:37 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
57:95:96:d8:37:b1:5e:e9:ea:1a:ab:7e:9e:d7:6d:78:0a:4c:d8:6e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=df759b5af3da6c9df033b0de998970a4e79655d0
Validity
Not Before: Nov 13 16:23:08 2025 GMT
Not After : Dec 18 23:59:59 2025 GMT
Subject: serialNumber=3c1d399193f4fa174ace0a3e6c203a500eab846f48a99c1d4af12dc71b35c459, CN=98d67deb-bb75-4e77-b1a0-36016b2d6350
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:92:e0:13:5d:48:4a:fc:a4:c1:a4:e9:7c:a7:aa:
c6:cf:d3:4c:e2:24:a4:8e:4f:c2:87:15:0b:3a:a3:
ea:f2:17:61:c7:5e:e5:8b:56:ff:20:fb:4e:f6:7b:
c2:26:b0:59:c3:32:0b:8a:79:03:a0:b8:38:cf:f8:
db:aa:4f:03:56:19:2e:7a:fa:dc:bb:fd:21:b4:bf:
2e:4e:17:1d:47:ea:83:d5:98:71:9c:bf:67:5d:be:
12:1c:f7:ee:9f:30:72:9e:11:05:ed:b7:a1:4f:da:
54:09:f0:80:d9:f1:01:52:b1:81:ab:f7:96:0f:cf:
61:0c:d0:a6:c9:00:e8:66:37:33:7c:3b:d1:9c:40:
53:2b:26:d7:6c:86:32:f8:04:c8:7e:6e:15:a1:90:
cb:70:d8:9b:45:aa:61:1e:2e:08:3e:19:d0:78:0a:
dc:55:8d:d3:15:65:e8:2d:22:e0:ae:b2:bf:92:a8:
bd:b4:62:89:cd:e5:ff:56:59:28:bb:48:77:58:79:
62:08:e6:37:d5:81:d0:dc:9e:50:c7:ec:77:70:65:
3d:53:7b:b5:d7:00:23:15:f5:fc:7b:d8:78:20:8c:
c7:65:05:45:d5:34:23:93:39:31:ae:6e:f9:ee:14:
47:f1:34:86:60:8d:08:db:37:57:8f:51:1f:3e:9a:
1d:4b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
05:8E:60:E4:3A:64:C9:32:AF:27:5F:3E:8F:93:0E:0E:90:4C:76:A4
X509v3 Authority Key Identifier:
keyid:DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/d5f28959-e053-4dd5-9cd7-d519d57c2a0e.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
51.0.136.0/21
Signature Algorithm: sha256WithRSAEncryption
9a:bd:ea:36:aa:40:02:cd:a3:86:e6:10:41:06:f3:5a:f0:57:
96:59:1f:b5:a5:a8:0a:09:9e:63:38:ba:60:dd:74:13:6b:5b:
39:52:6c:97:f1:0a:68:1f:ce:2d:b6:41:7f:59:f6:4a:9f:1f:
54:31:d9:37:4f:88:0b:0a:4c:b0:d6:c6:7c:3a:7f:39:1f:45:
f7:83:68:04:72:df:c0:fe:18:64:eb:7f:18:92:c6:ba:91:53:
dc:af:05:02:e2:23:ce:d9:5e:09:d2:82:81:ac:ce:66:c2:94:
20:44:eb:28:d1:0c:e1:cc:d2:b5:00:49:e1:d2:0a:e9:15:2a:
53:d0:61:12:91:b8:75:5b:99:a3:fb:48:c7:7b:4e:6c:be:1d:
0e:ab:9c:16:75:f2:b6:ca:f1:14:73:d2:a8:ff:45:26:41:9a:
25:30:4b:85:b2:28:ed:90:e5:a5:dd:a6:71:df:4e:23:9b:20:
38:9f:cf:f4:e3:ab:cd:cd:fc:7e:f7:7c:93:db:b0:88:17:68:
cc:56:ab:ad:8a:2f:fe:76:dd:7c:e6:f0:18:45:d3:bc:0a:d1:
33:66:fe:81:04:04:45:10:5a:47:b0:65:22:ad:5d:3c:0b:e6:
c1:f2:c0:54:be:b4:3e:30:b8:d9:db:69:e9:28:1e:5f:c4:93:
fa:40:78:25
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUV5WW2DexXunqGqt+ntdteApM2G4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGY3NTliNWFmM2RhNmM5ZGYwMzNiMGRlOTk4OTcwYTRl
Nzk2NTVkMDAeFw0yNTExMTMxNjIzMDhaFw0yNTEyMTgyMzU5NTlaMHoxSTBHBgNV
BAUTQDNjMWQzOTkxOTNmNGZhMTc0YWNlMGEzZTZjMjAzYTUwMGVhYjg0NmY0OGE5
OWMxZDRhZjEyZGM3MWIzNWM0NTkxLTArBgNVBAMTJDk4ZDY3ZGViLWJiNzUtNGU3
Ny1iMWEwLTM2MDE2YjJkNjM1MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJLgE11ISvykwaTpfKeqxs/TTOIkpI5PwocVCzqj6vIXYcde5YtW/yD7TvZ7
wiawWcMyC4p5A6C4OM/426pPA1YZLnr63Lv9IbS/Lk4XHUfqg9WYcZy/Z12+Ehz3
7p8wcp4RBe23oU/aVAnwgNnxAVKxgav3lg/PYQzQpskA6GY3M3w70ZxAUysm12yG
MvgEyH5uFaGQy3DYm0WqYR4uCD4Z0HgK3FWN0xVl6C0i4K6yv5KovbRiic3l/1ZZ
KLtId1h5YgjmN9WB0NyeUMfsd3BlPVN7tdcAIxX1/HvYeCCMx2UFRdU0I5M5Ma5u
+e4UR/E0hmCNCNs3V49RHz6aHUsCAwEAAaOCAiEwggIdMB0GA1UdDgQWBBQFjmDk
OmTJMq8nXz6Pkw4OkEx2pDAfBgNVHSMEGDAWgBTfdZta89psnfAzsN6ZiXCk55ZV
0DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzMzV2JXdlBh
Ykozd003RGVtWWx3cE9lV1ZkQS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9mZTM3MzdmYi0wOTVkLTQ0NGMtOTJmNC0zZjcyMjFmYjU0NGMv
ZDVmMjg5NTktZTA1My00ZGQ1LTljZDctZDUxOWQ1N2MyYTBlLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZmUzNzM3ZmItMDk1ZC00NDRjLTkyZjQtM2Y3MjIxZmI1
NDRjLzBYRTV0WlZ5dUdlYUFfaDctMXFCcDdhWTRTby5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAzMAiDAN
BgkqhkiG9w0BAQsFAAOCAQEAmr3qNqpAAs2jhuYQQQbzWvBXllkftaWoCgmeYzi6
YN10E2tbOVJsl/EKaB/OLbZBf1n2Sp8fVDHZN0+ICwpMsNbGfDp/OR9F94NoBHLf
wP4YZOt/GJLGupFT3K8FAuIjztleCdKCgazOZsKUIETrKNEM4czStQBJ4dIK6RUq
U9BhEpG4dVuZo/tIx3tObL4dDqucFnXytsrxFHPSqP9FJkGaJTBLhbIo7ZDlpd2m
cd9OI5sgOJ/P9OOrzc38fvd8k9uwiBdozFarrYov/nbdfObwGEXTvArRM2b+gQQE
RRBaR7BlIq1dPAvmwfLAVL60PjC42dtp6SgeX8ST+kB4JQ==
-----END CERTIFICATE-----
Generated at Tue Nov 18 06:47:17 2025 by rpki-client