Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/346959dd-64e1-47f4-a247-4a19fe4282cf.roa
File: 346959dd-64e1-47f4-a247-4a19fe4282cf.roa (raw, json)
Hash identifier: yb9xPFfiWGlkldzfmskWT4/drdfTSmyYXkkXcEd/I5s=
Subject key identifier: C5:1F:9F:F9:E7:14:86:D2:02:EA:6B:A7:26:81:66:37:01:BB:87:C9
Certificate issuer: /CN=df759b5af3da6c9df033b0de998970a4e79655d0
Certificate serial: 5967765303160C206C310E52114809DC8A9DEAE8
Authority key identifier: DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/346959dd-64e1-47f4-a247-4a19fe4282cf.roa
Signing time: Fri 07 Nov 2025 20:38:19 +0000
ROA not before: Fri 07 Nov 2025 20:38:19 +0000
ROA not after: Fri 12 Dec 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2001:3fc1::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.mft
rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 12 Nov 2025 09:00:37 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
59:67:76:53:03:16:0c:20:6c:31:0e:52:11:48:09:dc:8a:9d:ea:e8
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=df759b5af3da6c9df033b0de998970a4e79655d0
Validity
Not Before: Nov 7 20:38:19 2025 GMT
Not After : Dec 12 23:59:59 2025 GMT
Subject: serialNumber=e592ed1c9815d845b1a2e8c5a009c8607e521895fc673c5dfe530cfa63e6c437, CN=98d67deb-bb75-4e77-b1a0-36016b2d6350
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b8:a2:f2:9e:af:1d:12:13:71:f5:15:7e:6f:af:
67:32:23:4f:bc:46:c8:e3:51:07:d7:b2:16:26:aa:
d8:16:54:a6:b0:2d:1a:40:33:a3:4b:67:16:30:a0:
82:98:8b:b9:ea:0c:11:13:89:59:96:0d:eb:44:df:
94:f5:8c:49:fc:bc:19:33:37:34:76:fb:22:6b:24:
ed:dd:c1:fc:be:04:bd:84:98:c3:35:6c:24:7b:88:
63:aa:0e:53:07:f7:19:ac:b8:aa:28:c1:c6:7b:4d:
d7:0f:7e:1a:4e:7e:4b:9e:60:ab:15:0f:68:4f:29:
a4:60:b0:aa:ae:1b:e0:b2:91:f2:5e:07:80:d8:a5:
f7:01:55:a0:ab:8c:03:81:ce:ed:74:a5:c2:99:72:
3f:22:63:ab:91:2a:9c:2b:67:9d:0c:30:e2:a6:e1:
76:55:aa:cc:7d:8a:e9:ef:00:e6:3d:8f:04:89:07:
91:e2:be:80:36:37:44:cb:6f:91:bb:f9:69:2e:56:
41:83:eb:9a:f3:2b:c4:4a:b8:20:b4:24:89:0f:07:
4e:00:11:91:18:73:71:df:59:6d:c7:f2:86:fe:e3:
1e:2d:aa:62:e6:f8:4c:06:19:cb:9b:bd:43:aa:7f:
73:d7:27:43:10:6c:3a:82:88:13:f4:11:81:c8:7b:
eb:57
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C5:1F:9F:F9:E7:14:86:D2:02:EA:6B:A7:26:81:66:37:01:BB:87:C9
X509v3 Authority Key Identifier:
keyid:DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/346959dd-64e1-47f4-a247-4a19fe4282cf.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:3fc1::/32
Signature Algorithm: sha256WithRSAEncryption
2f:4f:8b:d4:6f:47:4b:44:99:6b:35:3a:ae:0d:ce:d2:7c:db:
6f:d0:8b:cb:87:64:04:9a:d7:ff:90:de:9d:55:cb:22:a1:6b:
7d:1d:38:da:d9:e3:7e:2f:5f:df:05:e5:da:fd:26:4f:23:bc:
81:bc:c3:44:eb:e7:26:ac:2a:04:1d:04:99:72:07:c8:d5:66:
97:b2:b4:0c:7d:76:77:68:70:6b:c1:95:51:8b:6d:93:3a:61:
e2:1c:a4:e7:3e:1e:6d:5b:04:9f:d7:9c:6c:f3:f3:ba:37:a3:
46:f6:03:ba:73:3d:5c:27:e6:a8:3c:78:4c:94:70:d9:7a:f8:
21:81:34:ac:d3:91:0b:87:de:30:6c:ab:4e:08:96:ed:f8:bd:
11:fd:1d:fb:c9:0e:b9:8f:cf:26:fb:a5:07:70:88:05:d7:c2:
1c:ce:a0:e6:76:3f:2f:99:4d:28:a8:87:09:a7:3a:18:1c:bb:
cb:47:2e:ab:8d:48:41:e7:4f:0f:dd:13:80:6c:c4:63:fe:dc:
c7:d5:23:39:f1:fe:ea:4c:ea:3d:4e:b9:c7:d6:03:5d:e3:85:
24:8a:51:d7:be:fd:a4:e4:16:b0:03:5c:7f:5f:79:26:26:21:
7e:48:38:2d:97:22:a7:84:d3:a2:ad:2f:97:45:d4:63:4d:c8:
7d:c3:ab:87
-----BEGIN CERTIFICATE-----
MIIFXzCCBEegAwIBAgIUWWd2UwMWDCBsMQ5SEUgJ3Iqd6ugwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGY3NTliNWFmM2RhNmM5ZGYwMzNiMGRlOTk4OTcwYTRl
Nzk2NTVkMDAeFw0yNTExMDcyMDM4MTlaFw0yNTEyMTIyMzU5NTlaMHoxSTBHBgNV
BAUTQGU1OTJlZDFjOTgxNWQ4NDViMWEyZThjNWEwMDljODYwN2U1MjE4OTVmYzY3
M2M1ZGZlNTMwY2ZhNjNlNmM0MzcxLTArBgNVBAMTJDk4ZDY3ZGViLWJiNzUtNGU3
Ny1iMWEwLTM2MDE2YjJkNjM1MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALii8p6vHRITcfUVfm+vZzIjT7xGyONRB9eyFiaq2BZUprAtGkAzo0tnFjCg
gpiLueoMEROJWZYN60TflPWMSfy8GTM3NHb7Imsk7d3B/L4EvYSYwzVsJHuIY6oO
Uwf3Gay4qijBxntN1w9+Gk5+S55gqxUPaE8ppGCwqq4b4LKR8l4HgNil9wFVoKuM
A4HO7XSlwplyPyJjq5EqnCtnnQww4qbhdlWqzH2K6e8A5j2PBIkHkeK+gDY3RMtv
kbv5aS5WQYPrmvMrxEq4ILQkiQ8HTgARkRhzcd9Zbcfyhv7jHi2qYub4TAYZy5u9
Q6p/c9cnQxBsOoKIE/QRgch761cCAwEAAaOCAiIwggIeMB0GA1UdDgQWBBTFH5/5
5xSG0gLqa6cmgWY3AbuHyTAfBgNVHSMEGDAWgBTfdZta89psnfAzsN6ZiXCk55ZV
0DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzMzV2JXdlBh
Ykozd003RGVtWWx3cE9lV1ZkQS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9mZTM3MzdmYi0wOTVkLTQ0NGMtOTJmNC0zZjcyMjFmYjU0NGMv
MzQ2OTU5ZGQtNjRlMS00N2Y0LWEyNDctNGExOWZlNDI4MmNmLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZmUzNzM3ZmItMDk1ZC00NDRjLTkyZjQtM2Y3MjIxZmI1
NDRjLzBYRTV0WlZ5dUdlYUFfaDctMXFCcDdhWTRTby5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACABP8Ew
DQYJKoZIhvcNAQELBQADggEBAC9Pi9RvR0tEmWs1Oq4NztJ822/Qi8uHZASa1/+Q
3p1VyyKha30dONrZ434vX98F5dr9Jk8jvIG8w0Tr5yasKgQdBJlyB8jVZpeytAx9
dndocGvBlVGLbZM6YeIcpOc+Hm1bBJ/XnGzz87o3o0b2A7pzPVwn5qg8eEyUcNl6
+CGBNKzTkQuH3jBsq04Ilu34vRH9HfvJDrmPzyb7pQdwiAXXwhzOoOZ2Py+ZTSio
hwmnOhgcu8tHLquNSEHnTw/dE4BsxGP+3MfVIznx/upM6j1OucfWA13jhSSKUde+
/aTkFrADXH9feSYmIX5IOC2XIqeE06KtL5dF1GNNyH3Dq4c=
-----END CERTIFICATE-----
Generated at Tue Nov 11 13:54:58 2025 by rpki-client