Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/03d664ef-00cb-439a-9c30-e8eedca3e7fb.roa
File: 03d664ef-00cb-439a-9c30-e8eedca3e7fb.roa (raw, json)
Hash identifier: SZzinjzpRlQliFv76dkW4PFoWRP0JG+0sr6A3ICHk5Y=
Subject key identifier: 64:69:42:D9:4C:85:BB:C7:84:9D:62:E9:79:E9:82:E5:81:12:90:77
Certificate issuer: /CN=df759b5af3da6c9df033b0de998970a4e79655d0
Certificate serial: 506C6E62E29FD41641F1B61F705A48544D5C0A22
Authority key identifier: DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/03d664ef-00cb-439a-9c30-e8eedca3e7fb.roa
Signing time: Fri 07 Nov 2025 20:21:55 +0000
ROA not before: Fri 07 Nov 2025 20:21:55 +0000
ROA not after: Fri 12 Dec 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2001:3fc5:9800::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.mft
rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 12 Nov 2025 09:00:37 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
50:6c:6e:62:e2:9f:d4:16:41:f1:b6:1f:70:5a:48:54:4d:5c:0a:22
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=df759b5af3da6c9df033b0de998970a4e79655d0
Validity
Not Before: Nov 7 20:21:55 2025 GMT
Not After : Dec 12 23:59:59 2025 GMT
Subject: serialNumber=cd157680ac543f43b7c21f882d73bd998bb93735436f2c6c8519afb1bffac8f6, CN=98d67deb-bb75-4e77-b1a0-36016b2d6350
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ae:b7:0c:2f:fa:50:df:10:e1:77:22:80:09:54:
7b:87:35:5a:73:bb:f7:0c:76:08:17:cb:af:18:49:
d6:94:76:6b:8b:f1:cc:5a:f0:22:23:d6:01:4f:96:
79:94:69:5e:82:4d:74:f6:5f:35:ba:ce:6d:44:31:
b9:43:74:ea:e6:ac:a4:b6:f7:2f:f7:be:d9:76:be:
7c:49:96:2a:fb:5e:17:60:bd:c5:b3:46:3d:16:c0:
1f:75:9f:9b:89:41:46:8f:6d:15:ec:7a:ab:22:eb:
17:d8:ee:74:67:fa:d5:ef:7c:39:c3:f6:fe:f3:e0:
52:64:a7:cf:27:eb:f9:2c:50:8f:84:21:9d:8f:bd:
49:b7:e8:df:43:7c:02:51:ce:03:61:0d:c7:48:5f:
26:4f:0c:52:10:31:4a:2c:42:2e:e4:c4:a5:2d:48:
c7:f9:24:fd:37:14:88:0f:8c:78:f2:1e:93:38:6d:
6c:3a:49:c0:a4:f0:fd:8f:c6:5d:f7:83:c3:72:33:
41:c3:fb:d1:6c:e0:67:c3:b8:51:df:62:51:9a:da:
20:51:d8:60:27:73:bc:b7:38:a2:25:ec:e4:51:c8:
22:19:c1:06:70:67:83:97:4f:58:9a:5c:ef:c4:a1:
e8:10:42:cf:21:0b:bc:ea:4c:35:aa:82:47:60:2f:
42:81
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
64:69:42:D9:4C:85:BB:C7:84:9D:62:E9:79:E9:82:E5:81:12:90:77
X509v3 Authority Key Identifier:
keyid:DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/03d664ef-00cb-439a-9c30-e8eedca3e7fb.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:3fc5:9800::/40
Signature Algorithm: sha256WithRSAEncryption
3b:60:25:55:ad:c9:40:ae:45:5b:3b:c3:63:15:39:6a:54:2b:
43:55:03:3a:bc:cf:61:a7:da:b6:af:74:ce:9c:70:7f:48:f6:
a8:fb:88:a2:cc:fc:83:f3:42:84:3a:75:55:59:a5:3d:ca:74:
85:18:2a:04:df:95:d1:aa:1d:2f:6c:d5:3d:cf:37:bb:ae:31:
ce:40:cf:a2:ee:e3:ba:1b:62:60:9c:8d:9d:dd:e1:97:a1:96:
bb:81:81:ef:95:a6:de:7d:d9:62:2b:c3:d4:d2:15:50:0a:d6:
80:4c:33:ed:48:74:d4:26:44:27:29:69:6b:7b:91:b3:c5:4b:
ea:4b:8d:1c:0e:a5:dd:2a:bb:0e:96:06:7a:c9:f3:4e:06:08:
94:e6:83:6b:97:d5:6b:8b:cf:32:c8:48:d5:08:ff:4b:b0:49:
11:4c:2a:05:04:d7:3d:3e:b4:ca:62:22:09:e4:25:2f:f0:8f:
02:5f:69:00:61:55:98:b8:83:11:30:df:b5:f3:ed:71:68:4c:
6f:ca:6f:82:e3:6e:22:19:0e:34:9c:b9:29:d4:32:70:8b:16:
0f:2c:e0:ae:ed:23:bb:48:38:c6:cf:6f:dc:22:15:45:9a:6a:
80:a8:8a:8a:34:84:52:41:c0:3d:e9:8a:b2:15:12:52:94:75:
31:c9:56:d1
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUUGxuYuKf1BZB8bYfcFpIVE1cCiIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGY3NTliNWFmM2RhNmM5ZGYwMzNiMGRlOTk4OTcwYTRl
Nzk2NTVkMDAeFw0yNTExMDcyMDIxNTVaFw0yNTEyMTIyMzU5NTlaMHoxSTBHBgNV
BAUTQGNkMTU3NjgwYWM1NDNmNDNiN2MyMWY4ODJkNzNiZDk5OGJiOTM3MzU0MzZm
MmM2Yzg1MTlhZmIxYmZmYWM4ZjYxLTArBgNVBAMTJDk4ZDY3ZGViLWJiNzUtNGU3
Ny1iMWEwLTM2MDE2YjJkNjM1MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAK63DC/6UN8Q4XcigAlUe4c1WnO79wx2CBfLrxhJ1pR2a4vxzFrwIiPWAU+W
eZRpXoJNdPZfNbrObUQxuUN06uaspLb3L/e+2Xa+fEmWKvteF2C9xbNGPRbAH3Wf
m4lBRo9tFex6qyLrF9judGf61e98OcP2/vPgUmSnzyfr+SxQj4QhnY+9Sbfo30N8
AlHOA2ENx0hfJk8MUhAxSixCLuTEpS1Ix/kk/TcUiA+MePIekzhtbDpJwKTw/Y/G
XfeDw3IzQcP70WzgZ8O4Ud9iUZraIFHYYCdzvLc4oiXs5FHIIhnBBnBng5dPWJpc
78Sh6BBCzyELvOpMNaqCR2AvQoECAwEAAaOCAiMwggIfMB0GA1UdDgQWBBRkaULZ
TIW7x4SdYul56YLlgRKQdzAfBgNVHSMEGDAWgBTfdZta89psnfAzsN6ZiXCk55ZV
0DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzMzV2JXdlBh
Ykozd003RGVtWWx3cE9lV1ZkQS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9mZTM3MzdmYi0wOTVkLTQ0NGMtOTJmNC0zZjcyMjFmYjU0NGMv
MDNkNjY0ZWYtMDBjYi00MzlhLTljMzAtZThlZWRjYTNlN2ZiLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZmUzNzM3ZmItMDk1ZC00NDRjLTkyZjQtM2Y3MjIxZmI1
NDRjLzBYRTV0WlZ5dUdlYUFfaDctMXFCcDdhWTRTby5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACABP8WY
MA0GCSqGSIb3DQEBCwUAA4IBAQA7YCVVrclArkVbO8NjFTlqVCtDVQM6vM9hp9q2
r3TOnHB/SPao+4iizPyD80KEOnVVWaU9ynSFGCoE35XRqh0vbNU9zze7rjHOQM+i
7uO6G2JgnI2d3eGXoZa7gYHvlabefdliK8PU0hVQCtaATDPtSHTUJkQnKWlre5Gz
xUvqS40cDqXdKrsOlgZ6yfNOBgiU5oNrl9Vri88yyEjVCP9LsEkRTCoFBNc9PrTK
YiIJ5CUv8I8CX2kAYVWYuIMRMN+18+1xaExvym+C424iGQ40nLkp1DJwixYPLOCu
7SO7SDjGz2/cIhVFmmqAqIqKNIRSQcA96YqyFRJSlHUxyVbR
-----END CERTIFICATE-----
Generated at Tue Nov 11 13:55:04 2025 by rpki-client