Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0582d0d5-4d6b-43e7-869e-df722bf70a81.roa
File: 0582d0d5-4d6b-43e7-869e-df722bf70a81.roa (raw, json)
Hash identifier: JOAzjzxLDeHQfXcHvG11EdRxn12ekdfQnxYAjv0UBzg=
Subject key identifier: 7A:81:52:F2:5F:84:A6:DD:B4:61:81:A1:68:BF:22:7D:08:17:6A:D6
Certificate issuer: /CN=df759b5af3da6c9df033b0de998970a4e79655d0
Certificate serial: 656F65D17D53EC2B4C797BBF1BE3C9744A6B56A0
Authority key identifier: DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0582d0d5-4d6b-43e7-869e-df722bf70a81.roa
Signing time: Fri 07 Nov 2025 20:23:14 +0000
ROA not before: Fri 07 Nov 2025 20:23:14 +0000
ROA not after: Fri 12 Dec 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2001:3fc7:2880::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.mft
rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 12 Nov 2025 09:00:37 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
65:6f:65:d1:7d:53:ec:2b:4c:79:7b:bf:1b:e3:c9:74:4a:6b:56:a0
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=df759b5af3da6c9df033b0de998970a4e79655d0
Validity
Not Before: Nov 7 20:23:14 2025 GMT
Not After : Dec 12 23:59:59 2025 GMT
Subject: serialNumber=6646d5e50f34aa12ede3bcf8c98ad9ea971e005b29e9a0ef2c9171e6c6e95784, CN=98d67deb-bb75-4e77-b1a0-36016b2d6350
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8f:5d:c8:c1:49:9e:e8:5f:5e:70:f6:95:13:31:
e5:72:33:b1:e9:25:ea:f6:01:fc:e4:c6:c6:41:6a:
41:43:e2:88:65:1f:04:a8:fe:f8:b2:0f:b1:6f:c6:
0d:87:79:46:84:c6:0e:c3:c8:30:c1:e6:aa:2d:3a:
df:5d:c7:35:57:74:5b:69:4a:b9:55:48:48:99:a8:
b9:c8:1a:af:2d:f9:70:86:83:b3:4a:cf:f9:56:85:
33:11:92:fb:df:3e:eb:e4:a2:eb:ac:b1:01:98:61:
e8:d8:ea:47:a9:50:85:15:80:4b:7c:6e:02:3f:fe:
3a:a3:b9:4b:ea:0b:94:3e:be:f3:79:ea:69:dd:95:
65:84:97:02:34:09:2e:54:b6:40:b3:71:e3:b8:22:
91:20:aa:ba:eb:9e:d4:62:8b:ee:26:45:b8:7d:c3:
f3:f7:b9:53:04:27:9c:c2:d6:aa:64:a5:3d:5b:2a:
4d:f9:84:84:f1:56:99:10:59:54:12:a1:7d:11:e0:
c0:b0:50:29:c8:48:dc:07:b1:6e:f7:26:e6:3b:ce:
52:8f:46:8a:20:a3:a7:36:f8:01:ed:cc:ee:17:41:
6e:90:56:45:25:64:3d:5d:58:26:17:0d:ca:6a:40:
71:95:f3:37:58:9f:0e:59:d8:f5:d4:87:31:69:31:
c2:21
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7A:81:52:F2:5F:84:A6:DD:B4:61:81:A1:68:BF:22:7D:08:17:6A:D6
X509v3 Authority Key Identifier:
keyid:DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0582d0d5-4d6b-43e7-869e-df722bf70a81.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:3fc7:2880::/48
Signature Algorithm: sha256WithRSAEncryption
c9:fe:e7:c6:d8:0d:e4:ca:56:7b:7b:16:a3:e9:d5:25:ae:cf:
7b:50:35:d6:fb:01:3f:08:a5:72:14:fb:13:af:a2:04:3e:95:
31:f1:82:be:50:b4:54:74:23:09:0c:7b:37:5a:8c:50:5b:14:
fc:f9:d7:c4:04:3e:5b:37:df:31:24:a3:6c:bd:79:3d:fe:2c:
76:65:21:70:78:f5:43:03:ae:55:78:71:4f:aa:2a:1a:87:8d:
5c:f3:b1:f2:94:57:8c:ad:16:e7:49:2e:d5:e9:87:c2:40:0d:
30:1d:d7:41:75:72:65:21:3e:35:8b:e8:ba:c2:2a:38:48:d1:
30:66:00:07:0f:35:4c:f5:70:b8:8b:a6:f9:44:f8:c4:b3:68:
0f:ad:c8:ba:21:f3:3b:14:df:54:96:59:2d:dd:b9:75:bb:10:
f8:34:74:a1:a8:ed:1e:d6:ef:20:a7:a1:47:97:06:cc:c7:4f:
15:99:89:2c:0a:f9:46:94:88:d0:3a:a0:1a:01:f7:46:e3:56:
ea:db:ad:a9:78:74:b5:a5:16:c1:67:ea:38:5a:08:6b:c3:7c:
ba:8e:6e:9e:44:a3:d2:6a:9e:77:a4:29:9e:8a:57:dc:2a:92:
a1:1c:5b:57:35:7a:55:00:10:4e:63:2b:48:62:9a:df:fc:7d:
df:53:34:0a
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUZW9l0X1T7CtMeXu/G+PJdEprVqAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGY3NTliNWFmM2RhNmM5ZGYwMzNiMGRlOTk4OTcwYTRl
Nzk2NTVkMDAeFw0yNTExMDcyMDIzMTRaFw0yNTEyMTIyMzU5NTlaMHoxSTBHBgNV
BAUTQDY2NDZkNWU1MGYzNGFhMTJlZGUzYmNmOGM5OGFkOWVhOTcxZTAwNWIyOWU5
YTBlZjJjOTE3MWU2YzZlOTU3ODQxLTArBgNVBAMTJDk4ZDY3ZGViLWJiNzUtNGU3
Ny1iMWEwLTM2MDE2YjJkNjM1MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAI9dyMFJnuhfXnD2lRMx5XIzsekl6vYB/OTGxkFqQUPiiGUfBKj++LIPsW/G
DYd5RoTGDsPIMMHmqi06313HNVd0W2lKuVVISJmoucgary35cIaDs0rP+VaFMxGS
+98+6+Si66yxAZhh6NjqR6lQhRWAS3xuAj/+OqO5S+oLlD6+83nqad2VZYSXAjQJ
LlS2QLNx47gikSCquuue1GKL7iZFuH3D8/e5UwQnnMLWqmSlPVsqTfmEhPFWmRBZ
VBKhfRHgwLBQKchI3Aexbvcm5jvOUo9GiiCjpzb4Ae3M7hdBbpBWRSVkPV1YJhcN
ympAcZXzN1ifDlnY9dSHMWkxwiECAwEAAaOCAiQwggIgMB0GA1UdDgQWBBR6gVLy
X4Sm3bRhgaFovyJ9CBdq1jAfBgNVHSMEGDAWgBTfdZta89psnfAzsN6ZiXCk55ZV
0DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzMzV2JXdlBh
Ykozd003RGVtWWx3cE9lV1ZkQS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9mZTM3MzdmYi0wOTVkLTQ0NGMtOTJmNC0zZjcyMjFmYjU0NGMv
MDU4MmQwZDUtNGQ2Yi00M2U3LTg2OWUtZGY3MjJiZjcwYTgxLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZmUzNzM3ZmItMDk1ZC00NDRjLTkyZjQtM2Y3MjIxZmI1
NDRjLzBYRTV0WlZ5dUdlYUFfaDctMXFCcDdhWTRTby5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACABP8co
gDANBgkqhkiG9w0BAQsFAAOCAQEAyf7nxtgN5MpWe3sWo+nVJa7Pe1A11vsBPwil
chT7E6+iBD6VMfGCvlC0VHQjCQx7N1qMUFsU/PnXxAQ+WzffMSSjbL15Pf4sdmUh
cHj1QwOuVXhxT6oqGoeNXPOx8pRXjK0W50ku1emHwkANMB3XQXVyZSE+NYvousIq
OEjRMGYABw81TPVwuIum+UT4xLNoD63IuiHzOxTfVJZZLd25dbsQ+DR0oajtHtbv
IKehR5cGzMdPFZmJLAr5RpSI0DqgGgH3RuNW6tutqXh0taUWwWfqOFoIa8N8uo5u
nkSj0mqed6QpnopX3CqSoRxbVzV6VQAQTmMrSGKa3/x931M0Cg==
-----END CERTIFICATE-----
Generated at Tue Nov 11 13:55:08 2025 by rpki-client