Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/20a0941e-97e6-476c-adec-4755830b9511.roa
File: 20a0941e-97e6-476c-adec-4755830b9511.roa (raw, json)
Hash identifier: EMiq2qXwVcGNqvhaZaetvRTUtmAj9554SUIYbwwhVDk=
Subject key identifier: 3E:F1:66:5D:AC:37:C9:BB:9C:F2:73:57:12:99:9A:BC:0C:A2:F5:53
Certificate issuer: /CN=df759b5af3da6c9df033b0de998970a4e79655d0
Certificate serial: 3C8B4757CDB2085BF9E28151A71BC0F755BE2DB1
Authority key identifier: DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/20a0941e-97e6-476c-adec-4755830b9511.roa
Signing time: Fri 07 Nov 2025 20:21:55 +0000
ROA not before: Fri 07 Nov 2025 20:21:55 +0000
ROA not after: Fri 12 Dec 2025 23:59:59 +0000
asID: 14618
IP address blocks: 2001:3fc7:4800::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.mft
rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 12 Nov 2025 09:00:37 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
3c:8b:47:57:cd:b2:08:5b:f9:e2:81:51:a7:1b:c0:f7:55:be:2d:b1
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=df759b5af3da6c9df033b0de998970a4e79655d0
Validity
Not Before: Nov 7 20:21:55 2025 GMT
Not After : Dec 12 23:59:59 2025 GMT
Subject: serialNumber=452284ffa23f94abcd2d4610fda0fb53422a9441bf1b1196344ec6bf4a05b4ad, CN=98d67deb-bb75-4e77-b1a0-36016b2d6350
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d0:e3:5d:35:a9:8e:ca:67:f6:a5:81:fa:a8:ba:
7b:51:3f:d5:e1:e0:9f:32:7f:3a:be:f4:9f:63:52:
dd:da:2e:16:ba:1d:ce:f2:46:c9:80:1e:6f:62:00:
e8:70:d0:e1:c4:44:19:92:d7:00:5f:c4:30:cb:7c:
e8:11:fe:25:7c:54:b9:5b:19:a9:34:75:91:6f:0e:
90:38:7c:33:ca:4d:95:b8:56:cc:09:85:6e:13:b1:
de:96:bb:98:35:15:25:88:1b:84:8d:25:be:b4:2a:
6d:63:89:fe:9f:ca:d3:0a:38:57:e0:ea:56:e5:ed:
47:87:81:8b:f2:68:f4:53:2a:fe:e9:b6:dd:8c:fa:
00:f4:33:a5:09:d4:9d:35:ce:31:55:44:85:15:b8:
8d:89:9f:82:b8:2d:14:1f:d9:38:5a:bd:75:84:96:
ee:af:12:7f:2f:11:65:99:dd:99:9d:6e:8e:be:e4:
91:e8:46:a6:35:af:a0:95:17:24:73:28:11:92:02:
2c:40:8e:ca:38:f6:5d:e8:b6:e3:35:21:be:e0:11:
ce:5c:98:d2:45:1d:8b:27:a5:d6:1a:a6:8d:07:46:
99:ef:50:66:d2:27:46:c7:b9:c4:3e:88:58:70:d9:
9e:84:76:4c:6d:19:d0:aa:13:ed:3e:b7:d4:09:20:
fe:ff
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3E:F1:66:5D:AC:37:C9:BB:9C:F2:73:57:12:99:9A:BC:0C:A2:F5:53
X509v3 Authority Key Identifier:
keyid:DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/20a0941e-97e6-476c-adec-4755830b9511.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:3fc7:4800::/40
Signature Algorithm: sha256WithRSAEncryption
02:c9:5f:06:59:2a:28:c9:09:d5:e0:49:05:42:db:14:fb:e7:
26:cc:68:6c:73:83:5a:a6:60:9d:ef:82:df:c3:3b:a6:26:46:
a7:5d:3c:cf:08:c0:62:13:2f:d4:39:f0:35:79:fc:e8:15:cf:
c9:3c:52:d7:f6:fc:49:3b:94:11:8c:af:cc:99:5b:8a:d4:f4:
39:e6:80:e1:fa:16:f4:70:4b:2e:cd:70:e8:7e:6f:02:7e:f5:
da:ba:3c:d8:a7:48:9f:45:54:22:9a:28:8a:08:d7:b1:2f:1d:
62:48:b0:1d:c9:86:45:29:d2:a5:3e:a1:53:c8:09:91:bf:1d:
6b:42:58:a0:53:07:ec:9e:e9:3a:fa:41:ad:e2:d2:59:a1:3b:
68:b9:f5:ff:5e:60:6a:36:fd:77:89:ca:2c:64:7f:0b:88:86:
36:21:40:14:a0:33:3b:25:30:84:54:c6:50:bd:76:88:9e:b1:
a7:8e:f3:80:8e:da:84:c3:c5:fa:68:04:60:c1:59:3a:a9:aa:
9e:c6:a0:21:6a:20:0f:ce:68:06:70:b1:36:b0:1f:eb:4e:0a:
61:2f:ac:02:f0:d4:bb:7d:63:55:db:c2:25:3b:d7:16:b1:93:
e8:d8:c3:4f:e7:23:7e:8f:3f:05:d3:c3:57:3e:7b:6b:4e:a9:
14:8a:54:14
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUPItHV82yCFv54oFRpxvA91W+LbEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGY3NTliNWFmM2RhNmM5ZGYwMzNiMGRlOTk4OTcwYTRl
Nzk2NTVkMDAeFw0yNTExMDcyMDIxNTVaFw0yNTEyMTIyMzU5NTlaMHoxSTBHBgNV
BAUTQDQ1MjI4NGZmYTIzZjk0YWJjZDJkNDYxMGZkYTBmYjUzNDIyYTk0NDFiZjFi
MTE5NjM0NGVjNmJmNGEwNWI0YWQxLTArBgNVBAMTJDk4ZDY3ZGViLWJiNzUtNGU3
Ny1iMWEwLTM2MDE2YjJkNjM1MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANDjXTWpjspn9qWB+qi6e1E/1eHgnzJ/Or70n2NS3douFrodzvJGyYAeb2IA
6HDQ4cREGZLXAF/EMMt86BH+JXxUuVsZqTR1kW8OkDh8M8pNlbhWzAmFbhOx3pa7
mDUVJYgbhI0lvrQqbWOJ/p/K0wo4V+DqVuXtR4eBi/Jo9FMq/um23Yz6APQzpQnU
nTXOMVVEhRW4jYmfgrgtFB/ZOFq9dYSW7q8Sfy8RZZndmZ1ujr7kkehGpjWvoJUX
JHMoEZICLECOyjj2Xei24zUhvuARzlyY0kUdiyel1hqmjQdGme9QZtInRse5xD6I
WHDZnoR2TG0Z0KoT7T631Akg/v8CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBQ+8WZd
rDfJu5zyc1cSmZq8DKL1UzAfBgNVHSMEGDAWgBTfdZta89psnfAzsN6ZiXCk55ZV
0DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzMzV2JXdlBh
Ykozd003RGVtWWx3cE9lV1ZkQS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9mZTM3MzdmYi0wOTVkLTQ0NGMtOTJmNC0zZjcyMjFmYjU0NGMv
MjBhMDk0MWUtOTdlNi00NzZjLWFkZWMtNDc1NTgzMGI5NTExLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZmUzNzM3ZmItMDk1ZC00NDRjLTkyZjQtM2Y3MjIxZmI1
NDRjLzBYRTV0WlZ5dUdlYUFfaDctMXFCcDdhWTRTby5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACABP8dI
MA0GCSqGSIb3DQEBCwUAA4IBAQACyV8GWSooyQnV4EkFQtsU++cmzGhsc4NapmCd
74LfwzumJkanXTzPCMBiEy/UOfA1efzoFc/JPFLX9vxJO5QRjK/MmVuK1PQ55oDh
+hb0cEsuzXDofm8CfvXaujzYp0ifRVQimiiKCNexLx1iSLAdyYZFKdKlPqFTyAmR
vx1rQligUwfsnuk6+kGt4tJZoTtoufX/XmBqNv13icosZH8LiIY2IUAUoDM7JTCE
VMZQvXaInrGnjvOAjtqEw8X6aARgwVk6qaqexqAhaiAPzmgGcLE2sB/rTgphL6wC
8NS7fWNV28IlO9cWsZPo2MNP5yN+jz8F08NXPntrTqkUilQU
-----END CERTIFICATE-----
Generated at Tue Nov 11 13:55:07 2025 by rpki-client