Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/3a33d844-426b-41b8-aa8c-f4ab26a66ff2.roa
File: 3a33d844-426b-41b8-aa8c-f4ab26a66ff2.roa (raw, json)
Hash identifier: nmEzEx+dCME7II94YaohB7wkse7s7TJQbFVaEJdYJ1c=
Subject key identifier: 1A:56:A4:B6:78:AF:57:6C:96:72:88:CC:DC:64:A2:96:C8:3C:32:59
Certificate issuer: /CN=df759b5af3da6c9df033b0de998970a4e79655d0
Certificate serial: 23ECF27B5A16A389E43EAF6815D4BC759B9256CF
Authority key identifier: DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/3a33d844-426b-41b8-aa8c-f4ab26a66ff2.roa
Signing time: Fri 07 Nov 2025 20:37:00 +0000
ROA not before: Fri 07 Nov 2025 20:37:00 +0000
ROA not after: Fri 12 Dec 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2001:3fc5:8000::/36 maxlen: 36
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.mft
rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 12 Nov 2025 09:00:37 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
23:ec:f2:7b:5a:16:a3:89:e4:3e:af:68:15:d4:bc:75:9b:92:56:cf
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=df759b5af3da6c9df033b0de998970a4e79655d0
Validity
Not Before: Nov 7 20:37:00 2025 GMT
Not After : Dec 12 23:59:59 2025 GMT
Subject: serialNumber=525fffd140487eec338e99c536cffa138ce2af06a9a823a157bc44c85e891027, CN=98d67deb-bb75-4e77-b1a0-36016b2d6350
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a7:57:1e:b8:4d:69:79:e6:04:9d:d5:98:cc:22:
1b:60:fd:da:2f:18:97:90:3b:da:d6:b5:83:84:b5:
c6:8f:94:19:1c:66:b1:97:82:94:e7:d0:ef:25:bf:
e5:a7:f8:13:88:5d:be:b3:a7:8e:e6:ad:5d:d8:e0:
e4:33:45:32:ea:88:a8:81:93:63:15:d0:38:bb:63:
c9:c5:79:66:59:cf:ff:3e:b8:1a:44:a3:8b:27:5a:
e5:55:8d:af:cd:6d:2d:6d:fd:4a:08:73:61:38:03:
57:9d:2c:08:d7:9d:04:55:7b:f3:6e:1c:7b:25:29:
1c:6d:b1:fe:34:e4:50:75:1b:f2:d0:56:a3:4c:ac:
17:b3:c9:a2:52:d7:29:07:20:49:66:53:68:08:5a:
0a:06:d5:1b:31:7b:14:60:8b:13:8a:f9:d5:29:80:
ed:82:7b:f5:0d:9e:43:32:e6:13:57:83:85:13:84:
5d:4a:bd:1f:90:28:16:af:bc:52:40:3e:cf:95:7e:
63:1e:96:bb:50:00:2a:52:ba:08:0b:b5:15:06:66:
65:87:fe:bd:c2:2b:72:5b:5d:94:b4:7e:6e:2c:2d:
19:d2:94:ce:85:7b:65:1f:eb:88:5a:d0:33:13:c9:
f1:a1:fc:6a:35:ea:a9:9d:84:66:9e:86:54:82:ef:
45:bf
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1A:56:A4:B6:78:AF:57:6C:96:72:88:CC:DC:64:A2:96:C8:3C:32:59
X509v3 Authority Key Identifier:
keyid:DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/3a33d844-426b-41b8-aa8c-f4ab26a66ff2.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:3fc5:8000::/36
Signature Algorithm: sha256WithRSAEncryption
cf:25:cc:1b:e2:4a:a5:cc:24:4a:08:ff:54:89:52:e5:7c:2d:
c7:8d:8e:e0:0f:8a:04:41:90:13:75:44:39:d3:23:fb:ed:45:
e9:8d:ac:70:3c:a3:53:d5:8c:06:c8:bf:32:50:f5:4e:4f:64:
6b:e8:bf:0a:c6:bd:21:bb:ae:30:76:8a:b1:98:e0:45:e9:bf:
4b:ea:41:66:19:78:7f:ce:cd:d1:8b:38:3b:06:ec:93:29:99:
a7:68:6e:4e:a8:a8:5f:8b:9c:73:e3:3c:7b:6a:44:94:7a:b3:
73:f6:66:61:4a:db:68:0c:c5:b5:4a:bc:01:b1:1f:ec:51:82:
9b:f9:5e:45:74:a0:d8:83:a3:f2:16:64:95:ee:a6:1e:27:c7:
3d:51:98:2a:6e:6c:c0:75:74:19:25:a5:64:3c:19:ac:e8:79:
ee:0a:06:e6:27:a3:e5:30:dd:13:63:79:b0:56:b4:52:95:2f:
df:10:78:b9:bb:66:d9:33:d6:8d:a9:82:9f:27:aa:46:7c:60:
2e:f0:ce:24:93:63:31:6b:fc:88:4d:1d:47:fe:09:4a:9a:56:
b7:1d:1a:d1:03:0a:ad:4d:11:85:95:b9:ca:6a:9c:ba:76:37:
e4:61:da:9a:4a:90:3d:35:ba:73:42:d7:0a:fc:37:61:ae:f6:
ad:52:b3:d8
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUI+zye1oWo4nkPq9oFdS8dZuSVs8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGY3NTliNWFmM2RhNmM5ZGYwMzNiMGRlOTk4OTcwYTRl
Nzk2NTVkMDAeFw0yNTExMDcyMDM3MDBaFw0yNTEyMTIyMzU5NTlaMHoxSTBHBgNV
BAUTQDUyNWZmZmQxNDA0ODdlZWMzMzhlOTljNTM2Y2ZmYTEzOGNlMmFmMDZhOWE4
MjNhMTU3YmM0NGM4NWU4OTEwMjcxLTArBgNVBAMTJDk4ZDY3ZGViLWJiNzUtNGU3
Ny1iMWEwLTM2MDE2YjJkNjM1MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKdXHrhNaXnmBJ3VmMwiG2D92i8Yl5A72ta1g4S1xo+UGRxmsZeClOfQ7yW/
5af4E4hdvrOnjuatXdjg5DNFMuqIqIGTYxXQOLtjycV5ZlnP/z64GkSjiyda5VWN
r81tLW39SghzYTgDV50sCNedBFV7824ceyUpHG2x/jTkUHUb8tBWo0ysF7PJolLX
KQcgSWZTaAhaCgbVGzF7FGCLE4r51SmA7YJ79Q2eQzLmE1eDhROEXUq9H5AoFq+8
UkA+z5V+Yx6Wu1AAKlK6CAu1FQZmZYf+vcIrcltdlLR+biwtGdKUzoV7ZR/riFrQ
MxPJ8aH8ajXqqZ2EZp6GVILvRb8CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBQaVqS2
eK9XbJZyiMzcZKKWyDwyWTAfBgNVHSMEGDAWgBTfdZta89psnfAzsN6ZiXCk55ZV
0DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzMzV2JXdlBh
Ykozd003RGVtWWx3cE9lV1ZkQS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9mZTM3MzdmYi0wOTVkLTQ0NGMtOTJmNC0zZjcyMjFmYjU0NGMv
M2EzM2Q4NDQtNDI2Yi00MWI4LWFhOGMtZjRhYjI2YTY2ZmYyLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZmUzNzM3ZmItMDk1ZC00NDRjLTkyZjQtM2Y3MjIxZmI1
NDRjLzBYRTV0WlZ5dUdlYUFfaDctMXFCcDdhWTRTby5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGBCABP8WA
MA0GCSqGSIb3DQEBCwUAA4IBAQDPJcwb4kqlzCRKCP9UiVLlfC3HjY7gD4oEQZAT
dUQ50yP77UXpjaxwPKNT1YwGyL8yUPVOT2Rr6L8Kxr0hu64wdoqxmOBF6b9L6kFm
GXh/zs3Rizg7BuyTKZmnaG5OqKhfi5xz4zx7akSUerNz9mZhSttoDMW1SrwBsR/s
UYKb+V5FdKDYg6PyFmSV7qYeJ8c9UZgqbmzAdXQZJaVkPBms6HnuCgbmJ6PlMN0T
Y3mwVrRSlS/fEHi5u2bZM9aNqYKfJ6pGfGAu8M4kk2Mxa/yITR1H/glKmla3HRrR
AwqtTRGFlbnKapy6djfkYdqaSpA9NbpzQtcK/DdhrvatUrPY
-----END CERTIFICATE-----
Generated at Tue Nov 11 13:55:06 2025 by rpki-client