Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0ba7c95b-32b6-4997-be62-2b1530a313c6.roa
File: 0ba7c95b-32b6-4997-be62-2b1530a313c6.roa (raw, json)
Hash identifier: oP77Du83QMKb2zz0VAEgKKr/0gvDDyJIhYQzHFx0S/c=
Subject key identifier: 59:85:0E:F6:11:F3:0C:C4:F0:22:C7:AE:E4:07:F9:36:8B:36:AB:8E
Certificate issuer: /CN=df759b5af3da6c9df033b0de998970a4e79655d0
Certificate serial: 4E2078EA0C30833B9B234B5758B0ECC9DAC5EC37
Authority key identifier: DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0ba7c95b-32b6-4997-be62-2b1530a313c6.roa
Signing time: Fri 07 Nov 2025 20:23:19 +0000
ROA not before: Fri 07 Nov 2025 20:23:19 +0000
ROA not after: Fri 12 Dec 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2001:3fc0:800::/40 maxlen: 40
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.mft
rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 12 Nov 2025 09:00:37 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
4e:20:78:ea:0c:30:83:3b:9b:23:4b:57:58:b0:ec:c9:da:c5:ec:37
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=df759b5af3da6c9df033b0de998970a4e79655d0
Validity
Not Before: Nov 7 20:23:19 2025 GMT
Not After : Dec 12 23:59:59 2025 GMT
Subject: serialNumber=de3373fc5452887785c52a0f2bfc4dc9eefd1a5fcbbe07a987c35509c18c68b3, CN=98d67deb-bb75-4e77-b1a0-36016b2d6350
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bd:1a:e2:99:a8:c4:7a:b6:b3:57:9d:8c:07:0b:
80:aa:1d:6f:da:b8:7f:65:ab:49:8f:96:9f:73:44:
c9:0e:b3:1f:f7:0b:11:12:a3:3d:27:76:6a:ee:18:
7b:fb:e7:c0:23:c1:dc:a6:5c:81:38:3a:ac:fd:f3:
08:e6:85:e6:0a:58:67:21:e2:61:65:f1:b4:c5:2f:
f8:58:50:30:7b:b8:c8:18:e2:2d:18:4a:8b:f1:6a:
e2:0f:66:20:91:fc:ed:b2:fa:70:f1:01:46:80:03:
eb:e2:fb:05:c9:fb:dc:c3:4b:7f:9e:ed:0a:30:84:
c4:76:2e:ff:27:d6:7c:24:85:70:ad:06:a2:97:fd:
e0:7d:20:a5:39:81:c1:90:bb:a4:fe:42:41:a0:ab:
ac:2d:61:76:a6:1b:cf:89:c4:f8:19:0a:1c:13:53:
b1:04:1b:31:0d:6e:a6:a7:0c:75:d3:0b:95:d3:a3:
33:db:89:42:c8:96:d9:fa:db:01:6e:b6:8b:a4:61:
62:fa:06:99:87:d6:b2:38:b5:a5:50:60:94:78:db:
0d:5d:2a:69:7a:e7:a2:b4:77:36:57:f4:b8:0b:06:
c7:b0:29:61:f1:ac:e0:ab:14:0b:dd:bf:8a:a7:92:
bd:43:5b:4e:b3:57:12:5f:08:62:e1:79:7f:bd:c1:
cc:bd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
59:85:0E:F6:11:F3:0C:C4:F0:22:C7:AE:E4:07:F9:36:8B:36:AB:8E
X509v3 Authority Key Identifier:
keyid:DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0ba7c95b-32b6-4997-be62-2b1530a313c6.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:3fc0:800::/40
Signature Algorithm: sha256WithRSAEncryption
5a:91:3a:d7:55:95:91:54:6f:7c:5c:df:4f:d8:46:0a:96:86:
83:41:38:17:98:8c:34:5c:b4:3a:61:dc:ce:00:09:74:d8:7d:
94:3c:9c:a5:32:55:46:22:af:76:4f:74:cd:c6:1c:ff:d1:44:
97:27:6d:64:5b:7c:f8:95:c5:11:f2:5f:9c:74:39:1a:44:2b:
7c:23:4b:7d:dd:be:83:b3:f1:7e:d4:d0:0f:e8:9c:c6:04:a8:
a6:80:01:3f:f0:bb:0d:0b:eb:4e:5e:e5:56:ec:0f:c2:e8:8f:
45:ae:3d:20:73:1f:42:8f:35:bc:e4:57:75:97:8d:11:63:f6:
b3:6b:fa:21:ad:6c:34:cf:01:df:ed:47:7b:31:f6:5a:c7:36:
8d:4e:4b:c0:e3:32:1e:18:69:2a:b1:32:9a:0c:bf:95:ec:41:
c9:fd:2b:91:30:1d:64:73:e6:e5:7d:95:66:86:0f:ae:99:23:
cb:ef:fb:79:03:03:28:26:70:a5:60:35:32:a7:41:81:0d:51:
7e:27:51:51:98:d0:5a:45:5f:ef:00:64:1f:ce:83:36:8d:b4:
22:8c:97:d0:28:6f:08:d2:a9:1c:23:50:62:f6:5a:40:a0:8d:
1b:0a:df:36:21:fa:26:79:0d:a4:7b:a6:b5:b9:02:42:05:e3:
91:65:99:4f
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUTiB46gwwgzubI0tXWLDsydrF7DcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGY3NTliNWFmM2RhNmM5ZGYwMzNiMGRlOTk4OTcwYTRl
Nzk2NTVkMDAeFw0yNTExMDcyMDIzMTlaFw0yNTEyMTIyMzU5NTlaMHoxSTBHBgNV
BAUTQGRlMzM3M2ZjNTQ1Mjg4Nzc4NWM1MmEwZjJiZmM0ZGM5ZWVmZDFhNWZjYmJl
MDdhOTg3YzM1NTA5YzE4YzY4YjMxLTArBgNVBAMTJDk4ZDY3ZGViLWJiNzUtNGU3
Ny1iMWEwLTM2MDE2YjJkNjM1MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAL0a4pmoxHq2s1edjAcLgKodb9q4f2WrSY+Wn3NEyQ6zH/cLERKjPSd2au4Y
e/vnwCPB3KZcgTg6rP3zCOaF5gpYZyHiYWXxtMUv+FhQMHu4yBjiLRhKi/Fq4g9m
IJH87bL6cPEBRoAD6+L7Bcn73MNLf57tCjCExHYu/yfWfCSFcK0Gopf94H0gpTmB
wZC7pP5CQaCrrC1hdqYbz4nE+BkKHBNTsQQbMQ1upqcMddMLldOjM9uJQsiW2frb
AW62i6RhYvoGmYfWsji1pVBglHjbDV0qaXrnorR3Nlf0uAsGx7ApYfGs4KsUC92/
iqeSvUNbTrNXEl8IYuF5f73BzL0CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBRZhQ72
EfMMxPAix67kB/k2izarjjAfBgNVHSMEGDAWgBTfdZta89psnfAzsN6ZiXCk55ZV
0DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzMzV2JXdlBh
Ykozd003RGVtWWx3cE9lV1ZkQS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9mZTM3MzdmYi0wOTVkLTQ0NGMtOTJmNC0zZjcyMjFmYjU0NGMv
MGJhN2M5NWItMzJiNi00OTk3LWJlNjItMmIxNTMwYTMxM2M2LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZmUzNzM3ZmItMDk1ZC00NDRjLTkyZjQtM2Y3MjIxZmI1
NDRjLzBYRTV0WlZ5dUdlYUFfaDctMXFCcDdhWTRTby5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACABP8AI
MA0GCSqGSIb3DQEBCwUAA4IBAQBakTrXVZWRVG98XN9P2EYKloaDQTgXmIw0XLQ6
YdzOAAl02H2UPJylMlVGIq92T3TNxhz/0USXJ21kW3z4lcUR8l+cdDkaRCt8I0t9
3b6Ds/F+1NAP6JzGBKimgAE/8LsNC+tOXuVW7A/C6I9Frj0gcx9CjzW85Fd1l40R
Y/aza/ohrWw0zwHf7Ud7MfZaxzaNTkvA4zIeGGkqsTKaDL+V7EHJ/SuRMB1kc+bl
fZVmhg+umSPL7/t5AwMoJnClYDUyp0GBDVF+J1FRmNBaRV/vAGQfzoM2jbQijJfQ
KG8I0qkcI1Bi9lpAoI0bCt82IfomeQ2ke6a1uQJCBeORZZlP
-----END CERTIFICATE-----
Generated at Tue Nov 11 13:55:04 2025 by rpki-client