Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/19e6d59b-798d-488a-9fdb-94bb0d14ceb6.roa
File: 19e6d59b-798d-488a-9fdb-94bb0d14ceb6.roa (raw, json)
Hash identifier: O7N/CFczaP1yTivPw2PjsL3dtZsha2ZpKc8my7a87Cg=
Subject key identifier: DF:0C:75:CA:CF:3C:10:80:A3:95:DB:0A:89:D7:CF:0A:F7:DC:81:AB
Certificate issuer: /CN=df759b5af3da6c9df033b0de998970a4e79655d0
Certificate serial: 752D15A86DF1BE38F35DC83295691F2571602253
Authority key identifier: DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/19e6d59b-798d-488a-9fdb-94bb0d14ceb6.roa
Signing time: Fri 07 Nov 2025 20:36:52 +0000
ROA not before: Fri 07 Nov 2025 20:36:52 +0000
ROA not after: Fri 12 Dec 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2001:3fc7:2800::/40 maxlen: 40
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.mft
rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 12 Nov 2025 09:00:37 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
75:2d:15:a8:6d:f1:be:38:f3:5d:c8:32:95:69:1f:25:71:60:22:53
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=df759b5af3da6c9df033b0de998970a4e79655d0
Validity
Not Before: Nov 7 20:36:52 2025 GMT
Not After : Dec 12 23:59:59 2025 GMT
Subject: serialNumber=eed96eb6dd605bc951f07bd56ac07cafa22e7e25eb5ba3ea4991b927850a9747, CN=98d67deb-bb75-4e77-b1a0-36016b2d6350
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a9:b7:ed:f8:80:e5:66:82:c4:c1:4a:c5:81:41:
28:6c:72:be:b9:f5:29:63:02:81:85:f5:00:c2:30:
36:a1:5a:6d:66:5f:bf:2b:ef:64:be:a4:04:05:81:
66:7c:32:a5:98:f0:c8:68:34:b7:a8:de:d5:d8:22:
ac:b9:09:ba:e5:bc:a5:55:b4:fe:cf:7d:00:a1:d9:
a3:46:9c:81:6e:55:52:38:fd:a9:02:9b:32:ab:15:
54:41:26:bf:63:fe:a4:af:ed:ff:55:e1:81:15:31:
1b:b2:0f:f1:36:fc:27:a8:75:25:da:4f:d9:bc:75:
9e:fc:7e:3a:43:ef:48:12:e9:83:41:cf:79:e0:91:
e6:af:43:39:48:92:45:66:eb:5b:4b:e1:d2:f6:48:
16:07:6e:a5:d3:3c:e3:03:d2:2c:3e:7f:ce:2d:22:
f9:4b:e8:a1:ce:82:26:a0:c9:20:07:b4:f6:47:44:
0d:05:d1:cf:5d:a8:67:43:a4:49:9c:fd:4e:35:18:
af:f1:2e:ec:1c:af:19:30:18:bd:f0:2d:58:c5:86:
df:19:62:d0:42:56:ac:97:b2:d2:27:ae:ac:b7:1e:
ec:a3:f5:3b:00:3b:fe:74:51:59:ce:1a:13:6a:5a:
43:dc:6e:88:eb:70:b9:65:58:dc:54:2a:a4:de:aa:
1f:79
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DF:0C:75:CA:CF:3C:10:80:A3:95:DB:0A:89:D7:CF:0A:F7:DC:81:AB
X509v3 Authority Key Identifier:
keyid:DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/19e6d59b-798d-488a-9fdb-94bb0d14ceb6.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:3fc7:2800::/40
Signature Algorithm: sha256WithRSAEncryption
24:8b:a7:1d:1e:7a:66:d7:1b:54:1b:7c:8f:ce:60:f3:7e:b7:
d4:2a:f7:ff:d6:97:34:bf:e7:98:f6:1e:83:9b:b7:03:a6:c0:
fd:68:37:ff:a7:c5:8d:cf:d5:de:58:ad:66:a5:ec:48:c0:b1:
7b:4c:97:c2:ee:c3:58:99:ef:98:d6:d4:bc:3e:d4:34:44:eb:
a2:93:99:c4:6e:c6:2c:e8:86:20:5d:57:15:6e:1a:ca:0c:4c:
93:e7:3b:f4:a9:4c:dc:f2:c3:48:97:89:49:88:b4:15:cf:47:
2c:9b:71:33:6f:2e:b1:90:6a:df:ae:01:5e:30:3c:1d:f7:45:
2a:de:22:f0:10:a7:fc:7d:14:65:7f:9e:d9:d2:32:aa:93:bf:
e3:68:04:93:19:6b:3d:46:b7:6f:d0:ec:62:7d:b3:9e:b3:57:
81:50:69:8a:dd:c3:e4:59:d7:87:07:db:bb:dd:1e:08:37:ea:
12:9a:d3:f3:d0:e8:5c:91:09:fe:78:9a:38:9b:ff:51:36:1b:
9e:46:8c:53:8f:02:51:bb:9e:ab:e3:fc:59:42:b8:fe:e2:f6:
0d:e3:8a:7a:73:77:68:8d:41:74:d5:98:68:a1:3e:55:ad:5a:
19:f2:53:f3:a9:5f:33:7d:16:5d:e0:b2:15:9b:be:f1:5b:6e:
9c:b9:fb:5e
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUdS0VqG3xvjjzXcgylWkfJXFgIlMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGY3NTliNWFmM2RhNmM5ZGYwMzNiMGRlOTk4OTcwYTRl
Nzk2NTVkMDAeFw0yNTExMDcyMDM2NTJaFw0yNTEyMTIyMzU5NTlaMHoxSTBHBgNV
BAUTQGVlZDk2ZWI2ZGQ2MDViYzk1MWYwN2JkNTZhYzA3Y2FmYTIyZTdlMjVlYjVi
YTNlYTQ5OTFiOTI3ODUwYTk3NDcxLTArBgNVBAMTJDk4ZDY3ZGViLWJiNzUtNGU3
Ny1iMWEwLTM2MDE2YjJkNjM1MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKm37fiA5WaCxMFKxYFBKGxyvrn1KWMCgYX1AMIwNqFabWZfvyvvZL6kBAWB
ZnwypZjwyGg0t6je1dgirLkJuuW8pVW0/s99AKHZo0acgW5VUjj9qQKbMqsVVEEm
v2P+pK/t/1XhgRUxG7IP8Tb8J6h1JdpP2bx1nvx+OkPvSBLpg0HPeeCR5q9DOUiS
RWbrW0vh0vZIFgdupdM84wPSLD5/zi0i+Uvooc6CJqDJIAe09kdEDQXRz12oZ0Ok
SZz9TjUYr/Eu7ByvGTAYvfAtWMWG3xli0EJWrJey0ieurLce7KP1OwA7/nRRWc4a
E2paQ9xuiOtwuWVY3FQqpN6qH3kCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBTfDHXK
zzwQgKOV2wqJ188K99yBqzAfBgNVHSMEGDAWgBTfdZta89psnfAzsN6ZiXCk55ZV
0DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzMzV2JXdlBh
Ykozd003RGVtWWx3cE9lV1ZkQS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9mZTM3MzdmYi0wOTVkLTQ0NGMtOTJmNC0zZjcyMjFmYjU0NGMv
MTllNmQ1OWItNzk4ZC00ODhhLTlmZGItOTRiYjBkMTRjZWI2LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZmUzNzM3ZmItMDk1ZC00NDRjLTkyZjQtM2Y3MjIxZmI1
NDRjLzBYRTV0WlZ5dUdlYUFfaDctMXFCcDdhWTRTby5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACABP8co
MA0GCSqGSIb3DQEBCwUAA4IBAQAki6cdHnpm1xtUG3yPzmDzfrfUKvf/1pc0v+eY
9h6Dm7cDpsD9aDf/p8WNz9XeWK1mpexIwLF7TJfC7sNYme+Y1tS8PtQ0ROuik5nE
bsYs6IYgXVcVbhrKDEyT5zv0qUzc8sNIl4lJiLQVz0csm3Ezby6xkGrfrgFeMDwd
90Uq3iLwEKf8fRRlf57Z0jKqk7/jaASTGWs9Rrdv0OxifbOes1eBUGmK3cPkWdeH
B9u73R4IN+oSmtPz0OhckQn+eJo4m/9RNhueRoxTjwJRu56r4/xZQrj+4vYN44p6
c3dojUF01ZhooT5VrVoZ8lPzqV8zfRZd4LIVm77xW26cufte
-----END CERTIFICATE-----
Generated at Tue Nov 11 13:55:08 2025 by rpki-client