Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/4f80fda1-9681-4549-9269-31023c00bc49.roa
File: 4f80fda1-9681-4549-9269-31023c00bc49.roa (raw, json)
Hash identifier: yT6THyzEtpt1OwYy0dxS04V782w1Qe4RW69z1do2mfo=
Subject key identifier: 30:71:0C:1C:9F:17:ED:6E:95:F9:6F:8E:A8:25:2E:D7:AC:0A:AE:0C
Certificate issuer: /CN=df759b5af3da6c9df033b0de998970a4e79655d0
Certificate serial: 358FDA86CCFB4D6CDD6D6F9F93BF485EAD80275A
Authority key identifier: DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/4f80fda1-9681-4549-9269-31023c00bc49.roa
Signing time: Fri 07 Nov 2025 20:21:53 +0000
ROA not before: Fri 07 Nov 2025 20:21:53 +0000
ROA not after: Fri 12 Dec 2025 23:59:59 +0000
asID: 14618
IP address blocks: 2001:3fc3:800::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.mft
rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 12 Nov 2025 09:00:37 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
35:8f:da:86:cc:fb:4d:6c:dd:6d:6f:9f:93:bf:48:5e:ad:80:27:5a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=df759b5af3da6c9df033b0de998970a4e79655d0
Validity
Not Before: Nov 7 20:21:53 2025 GMT
Not After : Dec 12 23:59:59 2025 GMT
Subject: serialNumber=2e1ab4e0776621be01557f71ac02b2f4a493cb727282c5e79e633acf2acc0469, CN=98d67deb-bb75-4e77-b1a0-36016b2d6350
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a2:b7:14:5b:c7:8f:64:cf:b2:1c:cf:e5:0e:96:
36:ea:71:9e:b7:7a:f6:52:76:b1:0b:d6:bd:ec:8e:
df:01:a1:34:a7:d5:39:c9:a6:df:0b:58:0b:e4:3b:
f4:06:be:ca:de:4e:25:8f:6c:da:d3:45:9e:cf:03:
b1:75:41:49:86:32:ee:36:49:3f:32:7c:4d:15:66:
ed:af:77:0e:b7:a4:ba:1f:16:7f:12:ad:1c:78:b6:
6d:62:61:2a:27:f1:84:9c:f6:d0:46:ec:34:38:cc:
dc:9d:ed:13:2d:74:92:41:aa:7b:de:92:bc:70:3a:
0e:5d:6f:dc:9b:13:3e:26:28:6b:be:32:ef:20:5e:
ef:9e:3d:5e:4c:98:09:70:26:5b:15:13:7d:06:5f:
60:99:01:7e:60:f1:7a:4d:06:a4:2a:87:6a:17:27:
e1:1f:f5:e9:92:ab:b6:48:47:c6:61:36:5f:44:18:
8e:6d:4e:c1:0d:74:da:3e:01:d4:4c:eb:40:48:51:
47:53:fb:96:16:5f:e6:04:11:3d:22:ec:f6:9f:bb:
a2:e1:d7:93:d0:0c:09:8a:84:37:b7:50:da:4b:7c:
01:81:1f:62:e9:50:7d:e3:8c:7c:a6:8b:10:94:d2:
d6:a5:76:68:91:1c:f4:fc:51:5a:99:b8:d3:cd:ef:
2e:57
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
30:71:0C:1C:9F:17:ED:6E:95:F9:6F:8E:A8:25:2E:D7:AC:0A:AE:0C
X509v3 Authority Key Identifier:
keyid:DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/4f80fda1-9681-4549-9269-31023c00bc49.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:3fc3:800::/40
Signature Algorithm: sha256WithRSAEncryption
97:b3:ec:52:61:75:2e:e2:e0:6a:8f:1a:d8:10:b2:a7:0d:23:
3b:dd:1e:5c:77:a7:bb:ca:57:69:16:e9:6e:b8:c4:99:25:e6:
8a:c7:0f:8d:15:88:fc:4c:15:5a:f5:ce:0f:d9:1a:01:c9:62:
b6:ab:09:b2:b7:9d:47:76:b4:83:e9:c6:71:be:86:f3:8b:d0:
53:4b:7c:98:63:a8:06:8b:c2:a9:4e:2f:5a:80:f8:82:0b:f1:
c2:30:c2:f7:13:7c:78:f6:5f:2f:5f:ec:e8:14:d7:a7:6f:55:
35:db:72:c8:30:9c:f6:82:59:02:ca:1d:52:a4:48:1d:79:19:
bb:a0:54:7b:9e:48:c5:d7:d4:83:c2:09:78:cb:b4:4d:00:c5:
06:ff:cb:b3:93:81:e1:ff:29:46:1c:d4:47:b5:b4:54:74:86:
ed:54:a0:f5:f4:07:f7:6e:d7:26:79:dc:5c:07:59:90:0b:7a:
a7:36:56:9f:20:d3:fd:5c:90:c1:a4:c8:f9:74:c8:5d:d1:27:
54:7c:4f:46:26:6b:c6:70:94:1a:ad:5d:b9:01:30:a3:65:59:
b8:23:b7:cc:0c:6f:ee:a6:ab:c9:6e:81:25:aa:60:fe:f6:67:
8d:d7:ce:58:84:33:d9:f5:ac:18:a0:bd:b7:69:b2:8d:31:17:
0c:ee:b9:01
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUNY/ahsz7TWzdbW+fk79IXq2AJ1owDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGY3NTliNWFmM2RhNmM5ZGYwMzNiMGRlOTk4OTcwYTRl
Nzk2NTVkMDAeFw0yNTExMDcyMDIxNTNaFw0yNTEyMTIyMzU5NTlaMHoxSTBHBgNV
BAUTQDJlMWFiNGUwNzc2NjIxYmUwMTU1N2Y3MWFjMDJiMmY0YTQ5M2NiNzI3Mjgy
YzVlNzllNjMzYWNmMmFjYzA0NjkxLTArBgNVBAMTJDk4ZDY3ZGViLWJiNzUtNGU3
Ny1iMWEwLTM2MDE2YjJkNjM1MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKK3FFvHj2TPshzP5Q6WNupxnrd69lJ2sQvWveyO3wGhNKfVOcmm3wtYC+Q7
9Aa+yt5OJY9s2tNFns8DsXVBSYYy7jZJPzJ8TRVm7a93Drekuh8WfxKtHHi2bWJh
KifxhJz20EbsNDjM3J3tEy10kkGqe96SvHA6Dl1v3JsTPiYoa74y7yBe7549XkyY
CXAmWxUTfQZfYJkBfmDxek0GpCqHahcn4R/16ZKrtkhHxmE2X0QYjm1OwQ102j4B
1EzrQEhRR1P7lhZf5gQRPSLs9p+7ouHXk9AMCYqEN7dQ2kt8AYEfYulQfeOMfKaL
EJTS1qV2aJEc9PxRWpm4083vLlcCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBQwcQwc
nxftbpX5b46oJS7XrAquDDAfBgNVHSMEGDAWgBTfdZta89psnfAzsN6ZiXCk55ZV
0DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzMzV2JXdlBh
Ykozd003RGVtWWx3cE9lV1ZkQS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9mZTM3MzdmYi0wOTVkLTQ0NGMtOTJmNC0zZjcyMjFmYjU0NGMv
NGY4MGZkYTEtOTY4MS00NTQ5LTkyNjktMzEwMjNjMDBiYzQ5LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZmUzNzM3ZmItMDk1ZC00NDRjLTkyZjQtM2Y3MjIxZmI1
NDRjLzBYRTV0WlZ5dUdlYUFfaDctMXFCcDdhWTRTby5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACABP8MI
MA0GCSqGSIb3DQEBCwUAA4IBAQCXs+xSYXUu4uBqjxrYELKnDSM73R5cd6e7yldp
FuluuMSZJeaKxw+NFYj8TBVa9c4P2RoByWK2qwmyt51HdrSD6cZxvobzi9BTS3yY
Y6gGi8KpTi9agPiCC/HCMML3E3x49l8vX+zoFNenb1U123LIMJz2glkCyh1SpEgd
eRm7oFR7nkjF19SDwgl4y7RNAMUG/8uzk4Hh/ylGHNRHtbRUdIbtVKD19Af3btcm
edxcB1mQC3qnNlafINP9XJDBpMj5dMhd0SdUfE9GJmvGcJQarV25ATCjZVm4I7fM
DG/upqvJboElqmD+9meN185YhDPZ9awYoL23abKNMRcM7rkB
-----END CERTIFICATE-----
Generated at Tue Nov 11 13:54:57 2025 by rpki-client