Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/efb99c18-4a45-4f07-9c1c-080a66f77889.roa
File: efb99c18-4a45-4f07-9c1c-080a66f77889.roa (raw, json)
Hash identifier: OnYCiGfS6x9Utt6irNE7mxLnEfeciU+h5fk6X9lo8iU=
Subject key identifier: C5:C4:2B:80:7D:63:BA:EC:D4:57:04:51:CF:1B:A0:6F:70:0F:07:8C
Certificate issuer: /CN=df759b5af3da6c9df033b0de998970a4e79655d0
Certificate serial: 1911AAE44AF179E78606EA584D0C599B60C36E6C
Authority key identifier: DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/efb99c18-4a45-4f07-9c1c-080a66f77889.roa
Signing time: Thu 13 Nov 2025 16:21:49 +0000
ROA not before: Thu 13 Nov 2025 16:21:49 +0000
ROA not after: Thu 18 Dec 2025 23:59:59 +0000
asID: 16509
IP address blocks: 51.0.24.0/22 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.mft
rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 18 Nov 2025 23:00:37 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
19:11:aa:e4:4a:f1:79:e7:86:06:ea:58:4d:0c:59:9b:60:c3:6e:6c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=df759b5af3da6c9df033b0de998970a4e79655d0
Validity
Not Before: Nov 13 16:21:49 2025 GMT
Not After : Dec 18 23:59:59 2025 GMT
Subject: serialNumber=4ff44e5778af78ba5c4238deb1c19f4e7e559650c30926e64d851accf23a1a6a, CN=98d67deb-bb75-4e77-b1a0-36016b2d6350
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b3:71:60:a5:6e:dd:f6:ea:7e:5e:fa:56:4c:bf:
c1:6c:f6:29:d2:c6:34:8f:a6:a6:16:77:04:14:b6:
ab:90:ab:1e:6d:87:26:fa:68:e9:02:45:f6:24:3c:
02:e5:d0:b1:c9:51:4a:7b:19:78:d2:59:dc:f3:f7:
76:a4:40:fa:f0:59:5e:09:b1:e5:9c:53:08:d0:a5:
cf:15:fe:2e:23:54:d4:48:bd:97:71:06:36:29:ec:
2c:4f:35:29:0a:a1:16:44:2d:21:90:64:44:b9:ae:
f8:f5:2b:a0:13:d3:20:d3:b4:26:8a:82:f9:dc:ed:
ed:1c:2b:9a:04:8b:60:e1:a6:92:fa:ce:1f:7b:2a:
d2:c3:9e:05:f9:b2:30:1d:12:f0:a5:a3:c1:4d:f5:
44:67:0b:a1:2a:e7:d2:9c:34:7b:c8:0b:3b:8f:c8:
e0:27:52:c4:c4:03:50:a7:12:46:07:00:37:16:29:
ee:17:5f:6e:e7:a6:ff:07:8b:6c:e5:d4:c7:23:c1:
c6:e6:03:f5:3a:69:1d:1d:46:05:26:77:d4:fc:65:
5c:45:1b:95:7d:62:02:9f:2d:8e:67:d0:d0:f4:d8:
b8:cc:88:4c:92:cf:c5:56:26:42:7f:69:a8:6b:6c:
a4:de:ff:9a:69:46:e9:6e:cf:c7:ed:9d:62:f8:b5:
af:61
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C5:C4:2B:80:7D:63:BA:EC:D4:57:04:51:CF:1B:A0:6F:70:0F:07:8C
X509v3 Authority Key Identifier:
keyid:DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/efb99c18-4a45-4f07-9c1c-080a66f77889.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
51.0.24.0/22
Signature Algorithm: sha256WithRSAEncryption
66:80:6a:f9:a2:97:68:29:b7:a3:46:6b:35:ad:b2:19:20:04:
12:53:81:cf:32:d5:65:75:c3:a9:d4:2d:b0:24:65:69:5f:cc:
7f:c1:85:6b:2e:4f:01:51:4e:87:6b:3c:19:f6:7c:46:79:21:
38:74:34:b7:79:19:51:7f:c4:44:89:7d:b1:00:b5:25:2f:4f:
b2:3c:f2:fb:9b:28:a3:fb:4f:20:7b:9e:dc:08:ed:52:33:2b:
64:a2:3c:f1:3a:23:3e:8a:1e:0d:15:ce:40:d1:42:6b:7c:14:
67:b3:bf:55:08:44:85:29:b6:31:44:c6:12:06:8f:46:d7:fe:
d6:8e:03:98:e3:32:5d:86:e4:2b:5b:75:47:54:19:13:78:07:
19:b7:a1:0c:88:be:51:9b:10:92:0f:25:d7:b6:a7:46:38:02:
35:45:49:c4:ac:09:9b:91:d1:14:fd:10:88:98:19:9f:44:e5:
5b:2e:d2:63:eb:ea:64:ea:60:80:8b:b0:6a:8c:ad:0a:01:39:
5f:5d:08:f1:9d:6e:43:d9:96:1d:0e:06:74:d9:be:75:d9:5c:
84:82:0f:9e:33:ff:e5:b0:af:b4:0e:53:b8:44:88:ac:e0:ff:
23:1c:db:5b:27:06:0e:03:fe:27:a9:a6:e0:8f:e0:ee:bf:55:
93:f4:ff:9a
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUGRGq5ErxeeeGBupYTQxZm2DDbmwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGY3NTliNWFmM2RhNmM5ZGYwMzNiMGRlOTk4OTcwYTRl
Nzk2NTVkMDAeFw0yNTExMTMxNjIxNDlaFw0yNTEyMTgyMzU5NTlaMHoxSTBHBgNV
BAUTQDRmZjQ0ZTU3NzhhZjc4YmE1YzQyMzhkZWIxYzE5ZjRlN2U1NTk2NTBjMzA5
MjZlNjRkODUxYWNjZjIzYTFhNmExLTArBgNVBAMTJDk4ZDY3ZGViLWJiNzUtNGU3
Ny1iMWEwLTM2MDE2YjJkNjM1MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALNxYKVu3fbqfl76Vky/wWz2KdLGNI+mphZ3BBS2q5CrHm2HJvpo6QJF9iQ8
AuXQsclRSnsZeNJZ3PP3dqRA+vBZXgmx5ZxTCNClzxX+LiNU1Ei9l3EGNinsLE81
KQqhFkQtIZBkRLmu+PUroBPTINO0JoqC+dzt7RwrmgSLYOGmkvrOH3sq0sOeBfmy
MB0S8KWjwU31RGcLoSrn0pw0e8gLO4/I4CdSxMQDUKcSRgcANxYp7hdfbuem/weL
bOXUxyPBxuYD9TppHR1GBSZ31PxlXEUblX1iAp8tjmfQ0PTYuMyITJLPxVYmQn9p
qGtspN7/mmlG6W7Px+2dYvi1r2ECAwEAAaOCAiEwggIdMB0GA1UdDgQWBBTFxCuA
fWO67NRXBFHPG6BvcA8HjDAfBgNVHSMEGDAWgBTfdZta89psnfAzsN6ZiXCk55ZV
0DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzMzV2JXdlBh
Ykozd003RGVtWWx3cE9lV1ZkQS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9mZTM3MzdmYi0wOTVkLTQ0NGMtOTJmNC0zZjcyMjFmYjU0NGMv
ZWZiOTljMTgtNGE0NS00ZjA3LTljMWMtMDgwYTY2Zjc3ODg5LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZmUzNzM3ZmItMDk1ZC00NDRjLTkyZjQtM2Y3MjIxZmI1
NDRjLzBYRTV0WlZ5dUdlYUFfaDctMXFCcDdhWTRTby5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAjMAGDAN
BgkqhkiG9w0BAQsFAAOCAQEAZoBq+aKXaCm3o0ZrNa2yGSAEElOBzzLVZXXDqdQt
sCRlaV/Mf8GFay5PAVFOh2s8GfZ8RnkhOHQ0t3kZUX/ERIl9sQC1JS9Psjzy+5so
o/tPIHue3AjtUjMrZKI88TojPooeDRXOQNFCa3wUZ7O/VQhEhSm2MUTGEgaPRtf+
1o4DmOMyXYbkK1t1R1QZE3gHGbehDIi+UZsQkg8l17anRjgCNUVJxKwJm5HRFP0Q
iJgZn0TlWy7SY+vqZOpggIuwaoytCgE5X10I8Z1uQ9mWHQ4GdNm+ddlchIIPnjP/
5bCvtA5TuESIrOD/IxzbWycGDgP+J6mm4I/g7r9Vk/T/mg==
-----END CERTIFICATE-----
Generated at Tue Nov 18 07:59:05 2025 by rpki-client