Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/4251c6ee-a4b0-4746-967f-94d2557ebf12.roa
File: 4251c6ee-a4b0-4746-967f-94d2557ebf12.roa (raw, json)
Hash identifier: rAUnmwsGBV6WI7phzv4Q+fmqxkDHP5YcjHVflRFutCM=
Subject key identifier: 1B:26:95:D8:05:26:AF:41:48:54:6D:A6:86:A5:DA:2E:9F:A7:B6:9C
Certificate issuer: /CN=df759b5af3da6c9df033b0de998970a4e79655d0
Certificate serial: 1F08E77D3A9D809E84B1C27C5C70C39B96937210
Authority key identifier: DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/4251c6ee-a4b0-4746-967f-94d2557ebf12.roa
Signing time: Fri 07 Nov 2025 20:23:12 +0000
ROA not before: Fri 07 Nov 2025 20:23:12 +0000
ROA not after: Fri 12 Dec 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2001:3fc0:880::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.mft
rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 12 Nov 2025 09:00:37 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
1f:08:e7:7d:3a:9d:80:9e:84:b1:c2:7c:5c:70:c3:9b:96:93:72:10
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=df759b5af3da6c9df033b0de998970a4e79655d0
Validity
Not Before: Nov 7 20:23:12 2025 GMT
Not After : Dec 12 23:59:59 2025 GMT
Subject: serialNumber=06d5d762bbb42e3129b4968ede4561f8ea2508c334f8fc8c03f304d4f84ed8da, CN=98d67deb-bb75-4e77-b1a0-36016b2d6350
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d6:18:28:2b:7f:9c:ae:87:e0:af:a1:01:f5:47:
ae:e3:e3:a8:77:87:5a:e3:36:a1:1b:37:c0:80:e9:
dc:00:83:13:89:42:58:6e:b3:0f:63:e7:a2:7a:be:
ba:a7:fe:f2:f9:ba:62:1b:1c:2a:e0:6d:2d:64:da:
60:f9:6a:2f:fd:b4:cc:ee:58:df:29:fc:59:2b:fe:
75:02:bc:70:aa:3f:e2:60:cd:6c:32:ee:a6:b0:89:
16:47:51:af:0b:7d:5d:32:a7:87:0c:b2:0c:d6:2d:
19:c1:ab:2e:2e:d8:8c:a6:27:34:db:de:80:6f:4f:
84:44:a7:30:b8:3c:ec:53:30:ca:3f:f5:21:3a:41:
20:56:e3:6b:bc:ec:09:bb:cc:75:e1:60:4b:57:c3:
bb:c1:a5:01:bc:a6:d4:23:cc:f7:a5:38:16:1e:15:
45:87:4f:55:d2:c3:d8:f2:69:cd:8a:6f:93:1c:9a:
93:24:20:78:cd:3c:78:6e:6f:c6:14:18:94:bc:4c:
8d:65:04:e9:3e:1f:d7:3c:f5:88:7b:0d:f4:62:2c:
d1:7a:c3:e1:1f:34:27:f0:2b:e3:72:5e:71:5f:01:
01:9a:45:bf:aa:a0:07:ec:83:97:00:8b:df:d7:10:
7d:01:4b:7a:9c:9a:9b:88:37:47:dd:1b:21:8b:09:
6d:51
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1B:26:95:D8:05:26:AF:41:48:54:6D:A6:86:A5:DA:2E:9F:A7:B6:9C
X509v3 Authority Key Identifier:
keyid:DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/4251c6ee-a4b0-4746-967f-94d2557ebf12.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:3fc0:880::/48
Signature Algorithm: sha256WithRSAEncryption
b9:11:53:70:91:08:3e:9a:e4:47:73:ea:42:14:71:60:ef:c6:
23:dd:f9:ad:84:cb:13:01:c5:74:2d:ca:39:45:e2:62:05:10:
d0:c5:70:1b:b5:74:ab:46:57:80:31:a9:fd:ec:93:3d:ca:32:
a9:dc:49:d2:f9:ff:4b:6f:f5:e1:96:c2:fb:28:c7:d1:69:c0:
d3:e3:79:b0:60:88:98:f7:7c:c9:da:4c:59:d8:d4:01:5c:29:
86:e1:14:8a:08:fe:1b:dc:b0:49:34:76:08:ae:ac:82:a3:64:
37:36:92:7f:45:de:d6:40:cc:65:e0:7f:ed:a0:c5:f0:5d:68:
fa:be:0c:60:15:b2:10:5f:80:52:d5:2e:9b:4d:58:6d:4c:ea:
0f:eb:b4:8a:81:15:ee:e0:6d:94:75:48:0c:52:37:04:c6:0a:
b6:39:cd:c0:04:af:ba:23:39:f1:1a:76:65:fe:33:66:a9:2b:
74:06:15:40:e3:63:00:ba:5d:6b:e3:3f:60:95:6c:72:45:43:
67:88:de:b2:78:00:24:f9:46:be:1f:d4:76:9c:b4:85:8a:6a:
e1:0b:f7:c5:c5:52:cf:0d:1c:98:ef:c7:98:0a:ac:70:83:61:
b3:de:bb:da:e1:6d:35:4d:7b:e1:ad:52:9c:d7:9f:9e:6f:aa:
c0:76:0d:a7
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUHwjnfTqdgJ6EscJ8XHDDm5aTchAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGY3NTliNWFmM2RhNmM5ZGYwMzNiMGRlOTk4OTcwYTRl
Nzk2NTVkMDAeFw0yNTExMDcyMDIzMTJaFw0yNTEyMTIyMzU5NTlaMHoxSTBHBgNV
BAUTQDA2ZDVkNzYyYmJiNDJlMzEyOWI0OTY4ZWRlNDU2MWY4ZWEyNTA4YzMzNGY4
ZmM4YzAzZjMwNGQ0Zjg0ZWQ4ZGExLTArBgNVBAMTJDk4ZDY3ZGViLWJiNzUtNGU3
Ny1iMWEwLTM2MDE2YjJkNjM1MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANYYKCt/nK6H4K+hAfVHruPjqHeHWuM2oRs3wIDp3ACDE4lCWG6zD2Pnonq+
uqf+8vm6YhscKuBtLWTaYPlqL/20zO5Y3yn8WSv+dQK8cKo/4mDNbDLuprCJFkdR
rwt9XTKnhwyyDNYtGcGrLi7YjKYnNNvegG9PhESnMLg87FMwyj/1ITpBIFbja7zs
CbvMdeFgS1fDu8GlAbym1CPM96U4Fh4VRYdPVdLD2PJpzYpvkxyakyQgeM08eG5v
xhQYlLxMjWUE6T4f1zz1iHsN9GIs0XrD4R80J/Ar43JecV8BAZpFv6qgB+yDlwCL
39cQfQFLepyam4g3R90bIYsJbVECAwEAAaOCAiQwggIgMB0GA1UdDgQWBBQbJpXY
BSavQUhUbaaGpdoun6e2nDAfBgNVHSMEGDAWgBTfdZta89psnfAzsN6ZiXCk55ZV
0DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzMzV2JXdlBh
Ykozd003RGVtWWx3cE9lV1ZkQS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9mZTM3MzdmYi0wOTVkLTQ0NGMtOTJmNC0zZjcyMjFmYjU0NGMv
NDI1MWM2ZWUtYTRiMC00NzQ2LTk2N2YtOTRkMjU1N2ViZjEyLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZmUzNzM3ZmItMDk1ZC00NDRjLTkyZjQtM2Y3MjIxZmI1
NDRjLzBYRTV0WlZ5dUdlYUFfaDctMXFCcDdhWTRTby5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACABP8AI
gDANBgkqhkiG9w0BAQsFAAOCAQEAuRFTcJEIPprkR3PqQhRxYO/GI935rYTLEwHF
dC3KOUXiYgUQ0MVwG7V0q0ZXgDGp/eyTPcoyqdxJ0vn/S2/14ZbC+yjH0WnA0+N5
sGCImPd8ydpMWdjUAVwphuEUigj+G9ywSTR2CK6sgqNkNzaSf0Xe1kDMZeB/7aDF
8F1o+r4MYBWyEF+AUtUum01YbUzqD+u0ioEV7uBtlHVIDFI3BMYKtjnNwASvuiM5
8Rp2Zf4zZqkrdAYVQONjALpda+M/YJVsckVDZ4jesngAJPlGvh/Udpy0hYpq4Qv3
xcVSzw0cmO/HmAqscINhs9672uFtNU174a1SnNefnm+qwHYNpw==
-----END CERTIFICATE-----
Generated at Tue Nov 11 13:55:04 2025 by rpki-client