Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/222bf775-2bba-4790-943c-82c7a38f7efd.roa
File: 222bf775-2bba-4790-943c-82c7a38f7efd.roa (raw, json)
Hash identifier: zcKMQIdapBDbBxyuwVdO+3+DMwiE+dUE9YGl6Mbdig8=
Subject key identifier: BB:BE:40:B3:71:4E:DF:EC:BF:65:3F:25:A8:D0:DC:8A:D2:B7:0E:84
Certificate issuer: /CN=df759b5af3da6c9df033b0de998970a4e79655d0
Certificate serial: 30CC77E8A66002B9353E28E5AC6638DB91B21AF9
Authority key identifier: DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/222bf775-2bba-4790-943c-82c7a38f7efd.roa
Signing time: Fri 07 Nov 2025 20:21:47 +0000
ROA not before: Fri 07 Nov 2025 20:21:47 +0000
ROA not after: Fri 12 Dec 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2001:3fc4::/36 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.mft
rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 12 Nov 2025 09:00:37 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
30:cc:77:e8:a6:60:02:b9:35:3e:28:e5:ac:66:38:db:91:b2:1a:f9
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=df759b5af3da6c9df033b0de998970a4e79655d0
Validity
Not Before: Nov 7 20:21:47 2025 GMT
Not After : Dec 12 23:59:59 2025 GMT
Subject: serialNumber=2600b2f43ba587c3fc1feff0c25cfb68883f13e339fbfc2639afa4049759e19f, CN=98d67deb-bb75-4e77-b1a0-36016b2d6350
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c6:77:a2:e9:30:60:e4:12:6a:40:46:fd:e8:50:
39:be:69:c4:77:eb:39:56:17:07:f2:a3:76:fb:35:
e7:32:a3:fb:32:7a:a4:c0:03:03:c6:3e:6f:ac:fd:
83:a1:25:8d:ed:f5:1c:e4:be:7d:d8:32:91:ba:af:
2a:3e:78:20:fc:a2:04:11:69:1e:f3:0a:2e:24:62:
af:14:57:74:e7:97:67:24:98:70:e7:ee:7f:65:68:
c2:18:cb:35:8f:08:9c:6a:11:7e:2d:e8:4f:0d:8c:
e4:f8:40:1f:1c:98:4c:f8:78:dd:74:08:f2:e0:e3:
e0:e3:9d:aa:42:52:a1:1e:16:15:25:4a:8f:34:30:
40:20:04:15:50:91:0d:da:bf:26:a6:44:4e:4e:08:
13:ac:85:8f:7a:a7:e4:7a:76:c5:b3:a6:0c:99:30:
e8:c9:ab:76:eb:72:48:38:da:dc:d4:17:e8:35:36:
3a:ab:b1:8a:3f:e9:13:df:0a:92:d2:80:90:45:c7:
7c:3f:2f:54:d3:f0:23:44:44:66:29:16:76:09:18:
0f:a6:28:a0:89:69:6a:b8:1f:de:08:34:3a:88:b1:
a8:6e:19:ea:82:70:5f:0e:16:74:5d:fb:2f:b9:b8:
37:26:01:c5:d9:ec:d7:92:0f:16:cf:45:72:3f:59:
25:c9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BB:BE:40:B3:71:4E:DF:EC:BF:65:3F:25:A8:D0:DC:8A:D2:B7:0E:84
X509v3 Authority Key Identifier:
keyid:DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/222bf775-2bba-4790-943c-82c7a38f7efd.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:3fc4::/36
Signature Algorithm: sha256WithRSAEncryption
3e:b7:b3:6c:52:d5:92:a1:31:1b:26:91:5e:29:46:06:e0:16:
fa:a0:81:94:6c:33:59:0d:da:29:ca:df:23:36:49:bb:4c:d1:
80:76:67:bf:b1:c4:02:ad:86:3b:cf:95:ca:6b:0e:5a:62:6c:
fd:b6:08:15:c0:c8:90:03:e8:06:7f:ba:5f:3e:ab:44:9a:91:
f4:85:f0:c5:47:35:d0:7c:76:50:db:19:a0:31:19:d5:a4:22:
f2:fd:1c:99:7d:c0:2a:dd:c6:01:63:1e:57:11:80:a0:b1:33:
cd:a5:27:7c:d3:7d:4f:f4:67:1c:bd:eb:6c:ee:9e:7b:b8:7c:
45:91:35:49:a7:47:8f:b4:a1:82:d9:bd:dc:d8:37:db:ee:d4:
d4:ae:5e:aa:e5:f0:5d:23:3a:5b:1e:b7:86:93:71:ce:b9:ae:
fc:f7:4c:be:e1:40:cb:f3:2e:c6:83:d4:75:00:2e:36:27:54:
ae:1e:f9:f0:3f:1e:56:dc:fc:9d:7c:38:cb:61:a2:1c:61:15:
fb:5d:bb:75:02:5b:4c:c6:07:68:6d:57:2c:3c:4a:2c:67:eb:
c1:1f:ec:73:d5:ff:2b:46:3a:50:9a:46:65:c4:de:5a:4a:6c:
15:4b:1e:c6:a6:0e:22:65:2f:91:b7:08:89:bf:68:00:b2:b0:
ae:1d:4e:a7
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUMMx36KZgArk1PijlrGY425GyGvkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGY3NTliNWFmM2RhNmM5ZGYwMzNiMGRlOTk4OTcwYTRl
Nzk2NTVkMDAeFw0yNTExMDcyMDIxNDdaFw0yNTEyMTIyMzU5NTlaMHoxSTBHBgNV
BAUTQDI2MDBiMmY0M2JhNTg3YzNmYzFmZWZmMGMyNWNmYjY4ODgzZjEzZTMzOWZi
ZmMyNjM5YWZhNDA0OTc1OWUxOWYxLTArBgNVBAMTJDk4ZDY3ZGViLWJiNzUtNGU3
Ny1iMWEwLTM2MDE2YjJkNjM1MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMZ3oukwYOQSakBG/ehQOb5pxHfrOVYXB/Kjdvs15zKj+zJ6pMADA8Y+b6z9
g6Elje31HOS+fdgykbqvKj54IPyiBBFpHvMKLiRirxRXdOeXZySYcOfuf2VowhjL
NY8InGoRfi3oTw2M5PhAHxyYTPh43XQI8uDj4OOdqkJSoR4WFSVKjzQwQCAEFVCR
Ddq/JqZETk4IE6yFj3qn5Hp2xbOmDJkw6MmrdutySDja3NQX6DU2Oquxij/pE98K
ktKAkEXHfD8vVNPwI0REZikWdgkYD6YooIlpargf3gg0OoixqG4Z6oJwXw4WdF37
L7m4NyYBxdns15IPFs9Fcj9ZJckCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBS7vkCz
cU7f7L9lPyWo0NyK0rcOhDAfBgNVHSMEGDAWgBTfdZta89psnfAzsN6ZiXCk55ZV
0DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzMzV2JXdlBh
Ykozd003RGVtWWx3cE9lV1ZkQS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9mZTM3MzdmYi0wOTVkLTQ0NGMtOTJmNC0zZjcyMjFmYjU0NGMv
MjIyYmY3NzUtMmJiYS00NzkwLTk0M2MtODJjN2EzOGY3ZWZkLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZmUzNzM3ZmItMDk1ZC00NDRjLTkyZjQtM2Y3MjIxZmI1
NDRjLzBYRTV0WlZ5dUdlYUFfaDctMXFCcDdhWTRTby5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGBCABP8QA
MA0GCSqGSIb3DQEBCwUAA4IBAQA+t7NsUtWSoTEbJpFeKUYG4Bb6oIGUbDNZDdop
yt8jNkm7TNGAdme/scQCrYY7z5XKaw5aYmz9tggVwMiQA+gGf7pfPqtEmpH0hfDF
RzXQfHZQ2xmgMRnVpCLy/RyZfcAq3cYBYx5XEYCgsTPNpSd8031P9Gccvets7p57
uHxFkTVJp0ePtKGC2b3c2Dfb7tTUrl6q5fBdIzpbHreGk3HOua7890y+4UDL8y7G
g9R1AC42J1SuHvnwPx5W3PydfDjLYaIcYRX7Xbt1AltMxgdobVcsPEosZ+vBH+xz
1f8rRjpQmkZlxN5aSmwVSx7Gpg4iZS+RtwiJv2gAsrCuHU6n
-----END CERTIFICATE-----
Generated at Tue Nov 11 13:55:03 2025 by rpki-client