Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/14c89f5a-e81a-409d-bc58-42bed3a3217e.roa
File: 14c89f5a-e81a-409d-bc58-42bed3a3217e.roa (raw, json)
Hash identifier: 7wip2Wb8i4aScVr6vwPpLefg/A9uVXWGf1gWaoXIY8s=
Subject key identifier: 62:A7:6D:85:E6:FB:65:CA:63:23:2C:58:9C:7A:60:55:93:C4:AD:ED
Certificate issuer: /CN=df759b5af3da6c9df033b0de998970a4e79655d0
Certificate serial: 6E290F96D2FE4596C940377EA019E260083FDD3A
Authority key identifier: DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/14c89f5a-e81a-409d-bc58-42bed3a3217e.roa
Signing time: Fri 07 Nov 2025 20:23:19 +0000
ROA not before: Fri 07 Nov 2025 20:23:19 +0000
ROA not after: Fri 12 Dec 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2001:3fc3:6800::/40 maxlen: 40
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.mft
rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 12 Nov 2025 09:00:37 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
6e:29:0f:96:d2:fe:45:96:c9:40:37:7e:a0:19:e2:60:08:3f:dd:3a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=df759b5af3da6c9df033b0de998970a4e79655d0
Validity
Not Before: Nov 7 20:23:19 2025 GMT
Not After : Dec 12 23:59:59 2025 GMT
Subject: serialNumber=f93ad5d0d4e6fc5dec831db97fff52ee02d2842811fa453bdf62ead3495ba0d9, CN=98d67deb-bb75-4e77-b1a0-36016b2d6350
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d4:7d:42:43:11:8b:ba:1c:fc:c1:fc:45:35:49:
ff:b2:9c:e9:21:c3:7a:29:32:c8:62:1a:8a:aa:98:
42:af:33:0f:3c:16:4a:bf:91:8c:db:54:97:20:c0:
40:d2:b5:d6:26:63:a2:5d:6e:2e:8f:04:3c:5b:15:
9e:31:af:d2:33:5e:27:85:37:7d:a3:78:c2:52:20:
85:18:78:5c:4a:50:6c:8d:41:80:46:d2:5f:3a:47:
1c:e0:b5:44:c9:75:21:de:dd:c0:ea:f5:fb:88:0d:
fa:0c:58:57:27:1d:49:37:d0:ee:b4:2a:2d:6d:ef:
3c:ca:1f:e2:a3:6e:55:10:27:6b:54:cf:c7:14:13:
e5:ee:6d:1c:db:5a:c5:b3:03:34:b6:08:08:37:37:
c7:fd:45:8e:c0:92:f8:6a:68:71:05:8e:5f:50:57:
e9:4e:b0:32:f3:a5:1e:28:2f:e4:eb:9f:de:7b:67:
8d:d0:f6:c1:b9:e6:70:04:1e:9d:a4:fa:4f:06:05:
0b:1c:ca:d1:33:8a:33:8d:0e:91:4c:79:6e:4e:68:
f3:ac:89:34:ed:31:66:00:bd:4f:bf:cb:e3:3f:de:
7f:3c:1f:b3:b4:a3:72:73:3c:a8:28:86:fe:74:05:
02:c9:9b:28:b7:3e:d8:f0:75:60:b3:0c:9f:0e:8a:
b6:43
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
62:A7:6D:85:E6:FB:65:CA:63:23:2C:58:9C:7A:60:55:93:C4:AD:ED
X509v3 Authority Key Identifier:
keyid:DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/14c89f5a-e81a-409d-bc58-42bed3a3217e.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:3fc3:6800::/40
Signature Algorithm: sha256WithRSAEncryption
98:dc:e0:a1:c6:e4:9e:a3:bf:68:89:7e:cb:31:25:b7:84:2f:
88:f8:88:a3:ec:56:42:8e:41:f9:d3:66:2a:d4:a1:a2:ca:52:
a1:9a:29:0c:34:30:19:66:8c:72:07:cf:86:49:0c:d6:c3:ce:
b3:61:e5:ea:0d:e4:8b:d5:aa:2a:ae:09:73:e9:89:f7:3b:77:
eb:93:97:24:d4:e7:42:da:de:67:62:3a:1f:8c:3a:a7:af:a3:
e7:b7:ff:de:75:1e:23:5d:6b:14:be:f1:e3:df:da:3a:54:c0:
d2:b3:39:e9:34:d7:93:a8:2c:4b:d7:73:52:23:17:21:3c:cf:
73:83:92:e8:91:75:32:dd:b3:53:85:48:cf:0e:94:1f:d2:40:
c7:96:63:2f:a9:25:34:2a:05:54:97:2c:db:e2:f1:f5:7c:5f:
a7:34:53:fc:ce:e0:9c:a4:34:3d:9f:a7:b4:7b:37:07:7a:14:
79:11:63:6f:88:9a:c9:07:fb:87:80:5d:48:dc:68:e6:81:db:
6f:fd:72:2b:cf:ee:e7:67:04:6d:82:6a:41:d6:89:1c:58:d8:
3f:cf:55:1c:e6:6d:aa:00:25:57:95:50:e1:73:33:48:c1:5f:
66:65:72:a1:ef:a5:28:0b:2d:52:14:b7:30:70:9b:c1:38:6a:
31:52:6d:97
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUbikPltL+RZbJQDd+oBniYAg/3TowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGY3NTliNWFmM2RhNmM5ZGYwMzNiMGRlOTk4OTcwYTRl
Nzk2NTVkMDAeFw0yNTExMDcyMDIzMTlaFw0yNTEyMTIyMzU5NTlaMHoxSTBHBgNV
BAUTQGY5M2FkNWQwZDRlNmZjNWRlYzgzMWRiOTdmZmY1MmVlMDJkMjg0MjgxMWZh
NDUzYmRmNjJlYWQzNDk1YmEwZDkxLTArBgNVBAMTJDk4ZDY3ZGViLWJiNzUtNGU3
Ny1iMWEwLTM2MDE2YjJkNjM1MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANR9QkMRi7oc/MH8RTVJ/7Kc6SHDeikyyGIaiqqYQq8zDzwWSr+RjNtUlyDA
QNK11iZjol1uLo8EPFsVnjGv0jNeJ4U3faN4wlIghRh4XEpQbI1BgEbSXzpHHOC1
RMl1Id7dwOr1+4gN+gxYVycdSTfQ7rQqLW3vPMof4qNuVRAna1TPxxQT5e5tHNta
xbMDNLYICDc3x/1FjsCS+GpocQWOX1BX6U6wMvOlHigv5Ouf3ntnjdD2wbnmcAQe
naT6TwYFCxzK0TOKM40OkUx5bk5o86yJNO0xZgC9T7/L4z/efzwfs7SjcnM8qCiG
/nQFAsmbKLc+2PB1YLMMnw6KtkMCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBRip22F
5vtlymMjLFicemBVk8St7TAfBgNVHSMEGDAWgBTfdZta89psnfAzsN6ZiXCk55ZV
0DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzMzV2JXdlBh
Ykozd003RGVtWWx3cE9lV1ZkQS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9mZTM3MzdmYi0wOTVkLTQ0NGMtOTJmNC0zZjcyMjFmYjU0NGMv
MTRjODlmNWEtZTgxYS00MDlkLWJjNTgtNDJiZWQzYTMyMTdlLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZmUzNzM3ZmItMDk1ZC00NDRjLTkyZjQtM2Y3MjIxZmI1
NDRjLzBYRTV0WlZ5dUdlYUFfaDctMXFCcDdhWTRTby5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACABP8No
MA0GCSqGSIb3DQEBCwUAA4IBAQCY3OChxuSeo79oiX7LMSW3hC+I+Iij7FZCjkH5
02Yq1KGiylKhmikMNDAZZoxyB8+GSQzWw86zYeXqDeSL1aoqrglz6Yn3O3frk5ck
1OdC2t5nYjofjDqnr6Pnt//edR4jXWsUvvHj39o6VMDSsznpNNeTqCxL13NSIxch
PM9zg5LokXUy3bNThUjPDpQf0kDHlmMvqSU0KgVUlyzb4vH1fF+nNFP8zuCcpDQ9
n6e0ezcHehR5EWNviJrJB/uHgF1I3Gjmgdtv/XIrz+7nZwRtgmpB1okcWNg/z1Uc
5m2qACVXlVDhczNIwV9mZXKh76UoCy1SFLcwcJvBOGoxUm2X
-----END CERTIFICATE-----
Generated at Tue Nov 11 13:55:06 2025 by rpki-client