Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/3fe8d737-6af0-4f49-813a-04581455d703.roa
File: 3fe8d737-6af0-4f49-813a-04581455d703.roa (raw, json)
Hash identifier: m6s4nTd7dUidByQC22C+XUkzXiX1fqnD+IYeXCUH0Gw=
Subject key identifier: 0E:F6:E9:28:A5:BC:15:94:77:77:40:8E:F0:6D:20:B7:54:73:EF:1B
Certificate issuer: /CN=df759b5af3da6c9df033b0de998970a4e79655d0
Certificate serial: 65E89305DCC44145AE86CE689E98C0979121EC43
Authority key identifier: DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/3fe8d737-6af0-4f49-813a-04581455d703.roa
Signing time: Fri 07 Nov 2025 20:36:51 +0000
ROA not before: Fri 07 Nov 2025 20:36:51 +0000
ROA not after: Fri 12 Dec 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2001:3fc5:8800::/40 maxlen: 40
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.mft
rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 12 Nov 2025 09:00:37 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
65:e8:93:05:dc:c4:41:45:ae:86:ce:68:9e:98:c0:97:91:21:ec:43
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=df759b5af3da6c9df033b0de998970a4e79655d0
Validity
Not Before: Nov 7 20:36:51 2025 GMT
Not After : Dec 12 23:59:59 2025 GMT
Subject: serialNumber=d1c37ae3f36fe6e10045c0e42681212cb5055b53ba879016a41f905815951323, CN=98d67deb-bb75-4e77-b1a0-36016b2d6350
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ac:20:b7:88:e6:ab:95:62:03:69:0d:32:91:91:
89:61:4d:3b:7f:66:7a:76:81:f2:ab:aa:3f:50:dd:
2f:e2:9a:c1:00:22:30:95:14:3c:7a:b9:2b:3c:3a:
ac:94:1d:55:ae:c3:fe:dd:85:f1:73:88:f4:97:6f:
bd:ba:70:b8:17:6e:1b:b5:d8:c4:b2:af:4b:1c:d6:
f5:ad:a4:95:ef:32:2d:e5:1c:2e:2e:92:36:04:b2:
9d:ed:97:2d:0a:1c:a3:d2:3a:45:9d:da:92:06:cb:
59:3e:96:5e:f2:64:67:55:13:f7:f0:39:01:30:57:
0b:ae:c6:e4:d6:39:21:9a:a2:f5:0e:8a:6d:cf:e7:
37:00:76:35:c9:c2:45:8b:a4:0d:bd:06:d9:e3:06:
7f:c5:42:42:47:fe:0b:0d:45:91:dc:d1:cf:7a:45:
5b:c3:93:d5:94:a0:a7:79:f7:1c:aa:0f:07:30:f3:
8b:a9:f7:dd:dc:85:64:80:f1:b3:c7:90:b7:d5:57:
0f:f9:46:16:5d:2c:e0:8d:27:21:ba:61:06:69:43:
b5:e1:7d:65:4f:f2:34:83:fb:e8:59:f3:c3:e6:53:
96:0e:8f:1f:1c:aa:00:29:ad:70:3f:14:42:65:6c:
db:78:30:7c:16:68:25:11:df:1c:25:01:0e:6a:f3:
1b:f9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0E:F6:E9:28:A5:BC:15:94:77:77:40:8E:F0:6D:20:B7:54:73:EF:1B
X509v3 Authority Key Identifier:
keyid:DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/3fe8d737-6af0-4f49-813a-04581455d703.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:3fc5:8800::/40
Signature Algorithm: sha256WithRSAEncryption
8e:4d:ca:87:57:dc:55:0d:d9:ea:4b:59:7b:49:27:4f:df:bf:
45:a7:28:db:2f:ba:6f:23:e8:51:77:d4:28:cb:87:27:e3:b4:
46:9e:cb:eb:0d:50:5a:e1:04:15:80:34:2b:54:c2:63:24:21:
60:9d:24:05:42:41:5b:48:08:c4:88:a6:e3:51:9f:ba:bc:df:
20:89:63:65:39:bf:1e:bb:2c:49:6b:d9:89:a0:3c:1c:51:11:
9c:17:22:9c:9c:39:21:34:6d:98:b8:31:8b:26:d7:fe:af:ea:
3a:20:ad:a1:b9:93:8b:0c:24:d9:71:c1:f0:d8:49:bd:52:1b:
6d:d3:15:99:3d:18:8a:e7:e1:ff:a6:0e:a0:80:04:c1:5c:a1:
b0:12:58:8d:c3:bc:53:47:b6:69:cb:91:1c:8c:2a:95:e8:3f:
75:ce:6e:c4:83:ff:87:77:d2:b3:71:ca:64:95:7d:2c:85:0c:
b7:02:6d:3d:49:2a:1e:fe:bf:db:1d:f5:f1:9b:bb:81:ed:64:
11:9f:58:3f:d8:f7:b6:e4:28:20:1f:6a:85:26:db:b4:a2:74:
39:95:f8:f2:bd:cf:6f:61:2c:93:f1:b1:63:ff:2a:05:ed:67:
fc:7b:f8:0f:7d:bd:1e:a4:39:56:61:7e:d4:e5:aa:99:e2:42:
ae:8e:d6:61
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUZeiTBdzEQUWuhs5onpjAl5Eh7EMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGY3NTliNWFmM2RhNmM5ZGYwMzNiMGRlOTk4OTcwYTRl
Nzk2NTVkMDAeFw0yNTExMDcyMDM2NTFaFw0yNTEyMTIyMzU5NTlaMHoxSTBHBgNV
BAUTQGQxYzM3YWUzZjM2ZmU2ZTEwMDQ1YzBlNDI2ODEyMTJjYjUwNTViNTNiYTg3
OTAxNmE0MWY5MDU4MTU5NTEzMjMxLTArBgNVBAMTJDk4ZDY3ZGViLWJiNzUtNGU3
Ny1iMWEwLTM2MDE2YjJkNjM1MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKwgt4jmq5ViA2kNMpGRiWFNO39menaB8quqP1DdL+KawQAiMJUUPHq5Kzw6
rJQdVa7D/t2F8XOI9JdvvbpwuBduG7XYxLKvSxzW9a2kle8yLeUcLi6SNgSyne2X
LQoco9I6RZ3akgbLWT6WXvJkZ1UT9/A5ATBXC67G5NY5IZqi9Q6Kbc/nNwB2NcnC
RYukDb0G2eMGf8VCQkf+Cw1FkdzRz3pFW8OT1ZSgp3n3HKoPBzDzi6n33dyFZIDx
s8eQt9VXD/lGFl0s4I0nIbphBmlDteF9ZU/yNIP76Fnzw+ZTlg6PHxyqACmtcD8U
QmVs23gwfBZoJRHfHCUBDmrzG/kCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBQO9uko
pbwVlHd3QI7wbSC3VHPvGzAfBgNVHSMEGDAWgBTfdZta89psnfAzsN6ZiXCk55ZV
0DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzMzV2JXdlBh
Ykozd003RGVtWWx3cE9lV1ZkQS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9mZTM3MzdmYi0wOTVkLTQ0NGMtOTJmNC0zZjcyMjFmYjU0NGMv
M2ZlOGQ3MzctNmFmMC00ZjQ5LTgxM2EtMDQ1ODE0NTVkNzAzLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZmUzNzM3ZmItMDk1ZC00NDRjLTkyZjQtM2Y3MjIxZmI1
NDRjLzBYRTV0WlZ5dUdlYUFfaDctMXFCcDdhWTRTby5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACABP8WI
MA0GCSqGSIb3DQEBCwUAA4IBAQCOTcqHV9xVDdnqS1l7SSdP379FpyjbL7pvI+hR
d9Qoy4cn47RGnsvrDVBa4QQVgDQrVMJjJCFgnSQFQkFbSAjEiKbjUZ+6vN8giWNl
Ob8euyxJa9mJoDwcURGcFyKcnDkhNG2YuDGLJtf+r+o6IK2huZOLDCTZccHw2Em9
Uhtt0xWZPRiK5+H/pg6ggATBXKGwEliNw7xTR7Zpy5EcjCqV6D91zm7Eg/+Hd9Kz
ccpklX0shQy3Am09SSoe/r/bHfXxm7uB7WQRn1g/2Pe25CggH2qFJtu0onQ5lfjy
vc9vYSyT8bFj/yoF7Wf8e/gPfb0epDlWYX7U5aqZ4kKujtZh
-----END CERTIFICATE-----
Generated at Tue Nov 11 13:54:55 2025 by rpki-client