Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/e46fa6c1-9fa9-45b2-a661-fa14136ac407.roa
File: e46fa6c1-9fa9-45b2-a661-fa14136ac407.roa (raw, json)
Hash identifier: zRSrBlS+fVqIxV8YF5chj19OllEWm8awT9XTLvlbVo0=
Subject key identifier: 7E:DE:5C:C0:BB:C0:5A:AF:D1:4C:B4:9D:96:15:52:EA:DF:CA:A0:72
Certificate issuer: /CN=df759b5af3da6c9df033b0de998970a4e79655d0
Certificate serial: 5C2B6BE90A8CF1B5F2EB33E1D0E2DB63910195EF
Authority key identifier: DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/e46fa6c1-9fa9-45b2-a661-fa14136ac407.roa
Signing time: Thu 13 Nov 2025 16:23:08 +0000
ROA not before: Thu 13 Nov 2025 16:23:08 +0000
ROA not after: Thu 18 Dec 2025 23:59:59 +0000
asID: 16509
IP address blocks: 51.0.252.0/22 maxlen: 22
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.mft
rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 18 Nov 2025 23:00:37 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
5c:2b:6b:e9:0a:8c:f1:b5:f2:eb:33:e1:d0:e2:db:63:91:01:95:ef
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=df759b5af3da6c9df033b0de998970a4e79655d0
Validity
Not Before: Nov 13 16:23:08 2025 GMT
Not After : Dec 18 23:59:59 2025 GMT
Subject: serialNumber=5521c64f9fd370b63220d90e8e60cc29b26988240661aff4814ecc7eae670eaf, CN=98d67deb-bb75-4e77-b1a0-36016b2d6350
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bf:53:d7:8b:43:e9:15:6d:15:4f:7e:6f:64:ef:
a4:b2:2b:12:51:76:99:b5:e9:bc:e5:37:22:56:3d:
59:75:6d:89:55:1a:55:c0:27:e9:18:f4:12:39:9f:
e5:f2:95:27:8c:ef:c5:b1:01:ea:53:87:a0:a5:ba:
96:74:5a:fd:89:f9:cc:c7:74:10:2a:ba:85:77:c5:
6d:69:84:6f:fb:9a:f5:91:6c:6e:41:d9:48:6d:52:
fc:b3:cd:3a:c7:ca:10:fe:b2:14:27:99:77:24:85:
1c:7c:97:bc:ef:17:b7:62:bb:17:91:4f:a9:d8:29:
6b:80:87:23:b8:bc:17:96:e9:09:27:2d:59:b7:f6:
ff:d7:14:f1:8e:a8:64:f6:13:94:2d:df:a6:b7:26:
53:d3:cc:00:96:42:6a:14:c4:87:8a:71:a5:71:20:
f7:84:6c:e1:9e:c8:bb:68:b1:47:f7:8d:0f:1e:94:
d5:e2:08:ee:e4:93:d3:e9:8b:e0:6a:b2:5e:8e:75:
66:d7:7b:11:bb:55:6f:85:30:bf:ea:51:c7:17:9a:
79:7d:55:50:b5:74:e6:a9:73:8f:61:e3:98:81:a7:
20:f3:f4:fc:ab:85:f5:44:9f:44:03:1a:16:62:a3:
e0:99:ea:a4:dc:2a:ce:e4:3b:86:79:4e:e7:25:24:
e4:05
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7E:DE:5C:C0:BB:C0:5A:AF:D1:4C:B4:9D:96:15:52:EA:DF:CA:A0:72
X509v3 Authority Key Identifier:
keyid:DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/e46fa6c1-9fa9-45b2-a661-fa14136ac407.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
51.0.252.0/22
Signature Algorithm: sha256WithRSAEncryption
25:45:a6:0c:45:6d:05:db:d0:b5:fd:9b:44:18:81:78:5c:f1:
b6:05:6b:c0:0a:e4:fd:e5:89:9c:8e:ab:c0:c5:8a:20:0c:c9:
14:6e:21:9f:8d:f0:65:e2:83:e2:85:80:f9:bf:74:92:4f:f2:
5a:43:df:98:8d:e8:e7:18:5d:ec:f7:88:c8:76:7b:ac:ca:15:
3a:be:2c:97:b1:35:be:b1:4c:5d:87:4a:9b:9c:87:1b:18:37:
23:57:18:a9:64:ab:63:08:23:82:b8:ea:9a:1e:27:d3:07:cf:
94:4b:a2:27:d6:31:d6:c7:2b:40:d9:74:7a:f1:d3:39:78:94:
3c:00:55:c5:91:8e:47:20:5f:7e:d6:1f:ca:9f:af:f3:4b:74:
0f:09:29:e4:38:ed:3d:5c:ae:cf:af:d1:af:1c:15:37:96:fb:
07:5c:9c:dd:b7:93:37:76:68:97:ef:00:f7:20:f8:3a:ac:e1:
e9:2b:4d:66:93:9d:f2:cd:be:94:da:3d:95:eb:4f:20:6c:d5:
31:36:fd:e4:fc:f3:c7:37:e7:c5:55:c7:0f:9e:36:5c:bc:73:
4b:63:0b:73:49:6f:15:d2:88:5e:d8:86:83:99:a7:fe:29:d6:
2c:3d:ff:46:84:2e:b1:27:82:04:f1:00:7d:93:b0:9b:73:54:
3c:74:1b:40
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUXCtr6QqM8bXy6zPh0OLbY5EBle8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGY3NTliNWFmM2RhNmM5ZGYwMzNiMGRlOTk4OTcwYTRl
Nzk2NTVkMDAeFw0yNTExMTMxNjIzMDhaFw0yNTEyMTgyMzU5NTlaMHoxSTBHBgNV
BAUTQDU1MjFjNjRmOWZkMzcwYjYzMjIwZDkwZThlNjBjYzI5YjI2OTg4MjQwNjYx
YWZmNDgxNGVjYzdlYWU2NzBlYWYxLTArBgNVBAMTJDk4ZDY3ZGViLWJiNzUtNGU3
Ny1iMWEwLTM2MDE2YjJkNjM1MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAL9T14tD6RVtFU9+b2TvpLIrElF2mbXpvOU3IlY9WXVtiVUaVcAn6Rj0Ejmf
5fKVJ4zvxbEB6lOHoKW6lnRa/Yn5zMd0ECq6hXfFbWmEb/ua9ZFsbkHZSG1S/LPN
OsfKEP6yFCeZdySFHHyXvO8Xt2K7F5FPqdgpa4CHI7i8F5bpCSctWbf2/9cU8Y6o
ZPYTlC3fprcmU9PMAJZCahTEh4pxpXEg94Rs4Z7Iu2ixR/eNDx6U1eII7uST0+mL
4GqyXo51Ztd7EbtVb4Uwv+pRxxeaeX1VULV05qlzj2HjmIGnIPP0/KuF9USfRAMa
FmKj4JnqpNwqzuQ7hnlO5yUk5AUCAwEAAaOCAiEwggIdMB0GA1UdDgQWBBR+3lzA
u8Bar9FMtJ2WFVLq38qgcjAfBgNVHSMEGDAWgBTfdZta89psnfAzsN6ZiXCk55ZV
0DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzMzV2JXdlBh
Ykozd003RGVtWWx3cE9lV1ZkQS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9mZTM3MzdmYi0wOTVkLTQ0NGMtOTJmNC0zZjcyMjFmYjU0NGMv
ZTQ2ZmE2YzEtOWZhOS00NWIyLWE2NjEtZmExNDEzNmFjNDA3LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZmUzNzM3ZmItMDk1ZC00NDRjLTkyZjQtM2Y3MjIxZmI1
NDRjLzBYRTV0WlZ5dUdlYUFfaDctMXFCcDdhWTRTby5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAjMA/DAN
BgkqhkiG9w0BAQsFAAOCAQEAJUWmDEVtBdvQtf2bRBiBeFzxtgVrwArk/eWJnI6r
wMWKIAzJFG4hn43wZeKD4oWA+b90kk/yWkPfmI3o5xhd7PeIyHZ7rMoVOr4sl7E1
vrFMXYdKm5yHGxg3I1cYqWSrYwgjgrjqmh4n0wfPlEuiJ9Yx1scrQNl0evHTOXiU
PABVxZGORyBfftYfyp+v80t0Dwkp5DjtPVyuz6/RrxwVN5b7B1yc3beTN3Zol+8A
9yD4Oqzh6StNZpOd8s2+lNo9letPIGzVMTb95PzzxzfnxVXHD542XLxzS2MLc0lv
FdKIXtiGg5mn/inWLD3/RoQusSeCBPEAfZOwm3NUPHQbQA==
-----END CERTIFICATE-----
Generated at Tue Nov 18 05:44:45 2025 by rpki-client