Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/4ce5b31b-8d42-403f-b519-f240e7958f0e.roa
File: 4ce5b31b-8d42-403f-b519-f240e7958f0e.roa (raw, json)
Hash identifier: ywO3zcv8m4mX3iyint3gWEZja98p8rVTaUb5cuFspZs=
Subject key identifier: 67:2D:1D:AC:91:9D:56:F2:95:7B:04:4F:71:60:04:16:CA:AF:4A:5D
Certificate issuer: /CN=df759b5af3da6c9df033b0de998970a4e79655d0
Certificate serial: 7A55BC9DD22E0779DD0E81FCE1376BA9F41E9B6A
Authority key identifier: DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/4ce5b31b-8d42-403f-b519-f240e7958f0e.roa
Signing time: Fri 07 Nov 2025 20:36:52 +0000
ROA not before: Fri 07 Nov 2025 20:36:52 +0000
ROA not after: Fri 12 Dec 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2001:3fc7:1800::/40 maxlen: 40
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.mft
rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 12 Nov 2025 09:00:37 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
7a:55:bc:9d:d2:2e:07:79:dd:0e:81:fc:e1:37:6b:a9:f4:1e:9b:6a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=df759b5af3da6c9df033b0de998970a4e79655d0
Validity
Not Before: Nov 7 20:36:52 2025 GMT
Not After : Dec 12 23:59:59 2025 GMT
Subject: serialNumber=8b5f4f636c376828102ba9f45d1228432c97642345418ee4955ec18f5bdc602a, CN=98d67deb-bb75-4e77-b1a0-36016b2d6350
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c0:ed:52:ed:14:0b:9b:47:75:69:db:fb:cd:71:
db:d9:e7:57:fc:c1:a6:c4:f1:32:08:12:cd:21:01:
e6:8e:10:66:00:d8:c0:0b:b2:43:b8:2f:67:ba:c6:
cb:44:35:36:41:ae:80:28:d4:b5:ef:5a:71:2f:2d:
73:ab:93:a2:51:ec:6c:4e:94:2f:63:45:a8:9d:6e:
c6:84:1c:cf:b9:6d:6a:93:0a:cc:c0:05:59:3b:e7:
72:5d:61:c2:b0:8c:58:48:c1:53:fa:7e:76:c1:90:
6e:17:42:04:b1:d3:e5:79:e3:f8:bc:25:d8:22:c1:
53:32:94:20:e1:17:d5:97:13:9a:cd:1c:b2:09:c9:
a2:ed:22:75:31:8e:9e:47:c7:e0:1f:7b:b3:d7:17:
21:d8:54:bd:68:d6:01:8b:e2:f6:7c:19:4f:73:76:
94:fe:d0:82:62:40:f6:7b:26:d4:f6:e5:19:41:a3:
ad:c3:7d:a8:c7:76:25:5a:40:34:41:c1:0d:3e:2b:
65:2c:ba:aa:86:cc:27:7e:cf:1f:6d:40:7a:6e:6b:
fd:54:9d:9b:d0:d0:c6:32:b3:b8:0a:19:fc:38:72:
9f:c8:dc:19:7f:fb:fb:37:a9:9c:ab:ac:e1:6a:d4:
ec:eb:78:76:3d:22:21:fa:6f:97:29:85:51:e9:06:
07:55
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
67:2D:1D:AC:91:9D:56:F2:95:7B:04:4F:71:60:04:16:CA:AF:4A:5D
X509v3 Authority Key Identifier:
keyid:DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/4ce5b31b-8d42-403f-b519-f240e7958f0e.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:3fc7:1800::/40
Signature Algorithm: sha256WithRSAEncryption
8b:02:3d:db:0e:4d:84:95:03:84:cc:ac:60:62:16:43:51:d6:
cc:33:bc:03:53:b9:da:b2:64:04:7a:95:71:d6:7c:e2:14:a9:
33:50:2f:0f:37:10:35:7f:7a:ae:b8:f9:fa:fc:be:7e:8c:5b:
d1:04:a5:2a:b5:92:e2:8b:d7:bb:fb:a3:97:dc:9f:57:9b:73:
92:af:7e:0a:47:8f:42:c3:ad:68:be:01:c7:03:11:9d:21:d4:
59:64:75:4c:1e:de:b2:5c:9f:fd:e4:99:9c:35:01:89:9c:ad:
17:7c:6a:fb:98:aa:b9:c6:fb:0e:1c:1c:28:be:80:b7:cb:ca:
34:01:7f:b1:51:ac:46:4b:c9:92:e6:d2:70:d4:2b:6c:41:34:
62:e5:26:69:bd:26:2e:bb:96:31:7a:00:3b:48:56:2a:9f:56:
3a:44:0c:6a:23:e7:11:f8:8b:61:58:96:bd:96:13:58:5a:c1:
52:39:2c:f4:e7:eb:e0:00:3c:a8:15:99:84:71:4e:2e:1c:81:
88:0e:bc:a4:49:15:b6:2c:82:8a:4c:f8:fd:88:0e:ea:02:55:
f6:56:a8:30:9f:55:12:19:44:61:b2:08:59:e6:43:84:bd:1d:
60:5f:fd:92:60:dd:c3:1c:68:63:7b:c8:df:99:bd:56:a9:28:
97:db:b4:f4
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUelW8ndIuB3ndDoH84TdrqfQem2owDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGY3NTliNWFmM2RhNmM5ZGYwMzNiMGRlOTk4OTcwYTRl
Nzk2NTVkMDAeFw0yNTExMDcyMDM2NTJaFw0yNTEyMTIyMzU5NTlaMHoxSTBHBgNV
BAUTQDhiNWY0ZjYzNmMzNzY4MjgxMDJiYTlmNDVkMTIyODQzMmM5NzY0MjM0NTQx
OGVlNDk1NWVjMThmNWJkYzYwMmExLTArBgNVBAMTJDk4ZDY3ZGViLWJiNzUtNGU3
Ny1iMWEwLTM2MDE2YjJkNjM1MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMDtUu0UC5tHdWnb+81x29nnV/zBpsTxMggSzSEB5o4QZgDYwAuyQ7gvZ7rG
y0Q1NkGugCjUte9acS8tc6uTolHsbE6UL2NFqJ1uxoQcz7ltapMKzMAFWTvncl1h
wrCMWEjBU/p+dsGQbhdCBLHT5Xnj+Lwl2CLBUzKUIOEX1ZcTms0csgnJou0idTGO
nkfH4B97s9cXIdhUvWjWAYvi9nwZT3N2lP7QgmJA9nsm1PblGUGjrcN9qMd2JVpA
NEHBDT4rZSy6qobMJ37PH21Aem5r/VSdm9DQxjKzuAoZ/Dhyn8jcGX/7+zepnKus
4WrU7Ot4dj0iIfpvlymFUekGB1UCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBRnLR2s
kZ1W8pV7BE9xYAQWyq9KXTAfBgNVHSMEGDAWgBTfdZta89psnfAzsN6ZiXCk55ZV
0DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzMzV2JXdlBh
Ykozd003RGVtWWx3cE9lV1ZkQS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9mZTM3MzdmYi0wOTVkLTQ0NGMtOTJmNC0zZjcyMjFmYjU0NGMv
NGNlNWIzMWItOGQ0Mi00MDNmLWI1MTktZjI0MGU3OTU4ZjBlLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZmUzNzM3ZmItMDk1ZC00NDRjLTkyZjQtM2Y3MjIxZmI1
NDRjLzBYRTV0WlZ5dUdlYUFfaDctMXFCcDdhWTRTby5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACABP8cY
MA0GCSqGSIb3DQEBCwUAA4IBAQCLAj3bDk2ElQOEzKxgYhZDUdbMM7wDU7nasmQE
epVx1nziFKkzUC8PNxA1f3quuPn6/L5+jFvRBKUqtZLii9e7+6OX3J9Xm3OSr34K
R49Cw61ovgHHAxGdIdRZZHVMHt6yXJ/95JmcNQGJnK0XfGr7mKq5xvsOHBwovoC3
y8o0AX+xUaxGS8mS5tJw1CtsQTRi5SZpvSYuu5YxegA7SFYqn1Y6RAxqI+cR+Ith
WJa9lhNYWsFSOSz05+vgADyoFZmEcU4uHIGIDrykSRW2LIKKTPj9iA7qAlX2Vqgw
n1USGURhsghZ5kOEvR1gX/2SYN3DHGhje8jfmb1WqSiX27T0
-----END CERTIFICATE-----
Generated at Tue Nov 11 13:55:00 2025 by rpki-client