Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/541ffd81-df5c-4971-9769-a37d113c922b.roa
File: 541ffd81-df5c-4971-9769-a37d113c922b.roa (raw, json)
Hash identifier: sSHGnB5/KGgI63ic049WVNkln/jM493eEC7+DuGBSXA=
Subject key identifier: 6D:1A:14:C0:DB:60:60:34:15:69:22:3E:40:08:29:34:58:72:7D:EB
Certificate issuer: /CN=df759b5af3da6c9df033b0de998970a4e79655d0
Certificate serial: 01BEF35B513B616655645F34CF04B3103081669D
Authority key identifier: DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/541ffd81-df5c-4971-9769-a37d113c922b.roa
Signing time: Fri 07 Nov 2025 20:23:12 +0000
ROA not before: Fri 07 Nov 2025 20:23:12 +0000
ROA not after: Fri 12 Dec 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2001:3fc6:e::/47 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.mft
rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 12 Nov 2025 09:00:37 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:be:f3:5b:51:3b:61:66:55:64:5f:34:cf:04:b3:10:30:81:66:9d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=df759b5af3da6c9df033b0de998970a4e79655d0
Validity
Not Before: Nov 7 20:23:12 2025 GMT
Not After : Dec 12 23:59:59 2025 GMT
Subject: serialNumber=1e12c5f4e4573197003a3a77428f1ef3294d50f0f4adaf3ddab672502bb88ca4, CN=98d67deb-bb75-4e77-b1a0-36016b2d6350
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e1:3f:70:c4:67:58:28:e3:b1:de:76:d0:a4:e3:
26:7f:36:af:17:b2:a3:ae:bb:7a:58:3c:a6:a1:cb:
b1:50:79:d7:e1:78:00:8e:9e:7a:43:50:d7:9a:6f:
d0:a1:5f:06:a1:9e:b9:dd:2e:db:f4:a4:81:0a:3e:
26:42:15:ca:15:6d:5e:0b:aa:24:fa:b4:be:8d:4f:
f8:04:2e:0d:d1:77:14:c6:9e:4e:1b:b1:8c:2b:51:
18:48:30:36:90:b4:24:1b:17:12:1b:17:c4:b0:38:
4b:72:ac:65:12:28:ae:76:1b:68:fb:da:e2:44:8c:
68:d7:44:63:9d:98:7d:ce:20:4f:12:92:f1:29:e7:
79:e3:b1:53:bc:ef:3a:e3:54:f6:7f:c1:69:db:a7:
64:09:76:5f:ae:16:40:20:46:13:95:6f:c1:74:e4:
d3:50:0c:5b:5c:d3:3e:50:b6:8f:81:65:94:e9:f5:
86:94:87:d0:30:8d:6f:b4:e8:d6:0e:32:14:e3:17:
b8:e1:27:a4:5b:9f:cf:2d:19:fc:2b:50:f1:ce:98:
b9:1f:2d:77:8d:6e:c4:40:d4:c1:15:71:1d:e8:76:
35:08:75:b8:ad:f5:71:5b:dc:32:d8:5b:3c:0c:b8:
b4:0b:96:8c:e5:57:6c:61:2c:a0:4f:22:e5:91:ea:
21:41
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6D:1A:14:C0:DB:60:60:34:15:69:22:3E:40:08:29:34:58:72:7D:EB
X509v3 Authority Key Identifier:
keyid:DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/541ffd81-df5c-4971-9769-a37d113c922b.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:3fc6:e::/47
Signature Algorithm: sha256WithRSAEncryption
2d:e2:07:61:0c:d6:0f:7b:48:93:ee:1e:67:5f:1b:61:5a:9f:
e7:48:46:28:b1:20:b7:d8:b3:f2:30:e5:4b:33:e7:48:6d:3f:
ab:26:f4:af:0f:0d:59:c4:1e:79:15:3c:74:50:8d:41:06:e3:
5c:d6:3c:f0:a7:06:68:e2:a4:63:cb:df:af:ce:39:3b:bf:5d:
4a:65:e4:45:cb:42:f4:ae:42:7f:9d:99:34:6b:78:a4:d4:20:
3a:1c:4d:b2:63:89:ca:af:af:61:d0:64:cb:03:ab:04:1e:fa:
b0:2f:8e:dd:3c:1c:dc:25:2d:de:07:c0:68:9c:4a:95:e2:1a:
4b:f0:e1:10:ff:c5:cb:4c:eb:7f:96:e3:39:31:f3:a6:d4:82:
a0:b7:ad:4d:e5:5d:26:45:ce:2e:76:3c:ae:4e:d2:75:a8:2f:
6e:8f:cc:6d:8d:f3:75:91:20:2d:48:d4:e8:39:3e:41:31:76:
27:8e:08:0b:f3:d0:0a:76:3b:5d:c7:fb:2c:0c:40:9a:d9:60:
7f:fb:49:63:a9:01:f6:e3:fa:5e:ea:d4:e3:82:c4:55:06:13:
bb:68:e4:e5:93:f0:f3:a0:14:32:8a:c8:a1:4d:27:80:ee:16:
80:40:72:bb:3a:c7:07:eb:25:fa:3e:38:58:2f:9a:a6:ad:5b:
2f:26:6b:d3
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUAb7zW1E7YWZVZF80zwSzEDCBZp0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGY3NTliNWFmM2RhNmM5ZGYwMzNiMGRlOTk4OTcwYTRl
Nzk2NTVkMDAeFw0yNTExMDcyMDIzMTJaFw0yNTEyMTIyMzU5NTlaMHoxSTBHBgNV
BAUTQDFlMTJjNWY0ZTQ1NzMxOTcwMDNhM2E3NzQyOGYxZWYzMjk0ZDUwZjBmNGFk
YWYzZGRhYjY3MjUwMmJiODhjYTQxLTArBgNVBAMTJDk4ZDY3ZGViLWJiNzUtNGU3
Ny1iMWEwLTM2MDE2YjJkNjM1MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAOE/cMRnWCjjsd520KTjJn82rxeyo667elg8pqHLsVB51+F4AI6eekNQ15pv
0KFfBqGeud0u2/SkgQo+JkIVyhVtXguqJPq0vo1P+AQuDdF3FMaeThuxjCtRGEgw
NpC0JBsXEhsXxLA4S3KsZRIornYbaPva4kSMaNdEY52Yfc4gTxKS8SnneeOxU7zv
OuNU9n/BadunZAl2X64WQCBGE5VvwXTk01AMW1zTPlC2j4FllOn1hpSH0DCNb7To
1g4yFOMXuOEnpFufzy0Z/CtQ8c6YuR8td41uxEDUwRVxHeh2NQh1uK31cVvcMthb
PAy4tAuWjOVXbGEsoE8i5ZHqIUECAwEAAaOCAiQwggIgMB0GA1UdDgQWBBRtGhTA
22BgNBVpIj5ACCk0WHJ96zAfBgNVHSMEGDAWgBTfdZta89psnfAzsN6ZiXCk55ZV
0DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzMzV2JXdlBh
Ykozd003RGVtWWx3cE9lV1ZkQS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9mZTM3MzdmYi0wOTVkLTQ0NGMtOTJmNC0zZjcyMjFmYjU0NGMv
NTQxZmZkODEtZGY1Yy00OTcxLTk3NjktYTM3ZDExM2M5MjJiLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZmUzNzM3ZmItMDk1ZC00NDRjLTkyZjQtM2Y3MjIxZmI1
NDRjLzBYRTV0WlZ5dUdlYUFfaDctMXFCcDdhWTRTby5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHASABP8YA
DjANBgkqhkiG9w0BAQsFAAOCAQEALeIHYQzWD3tIk+4eZ18bYVqf50hGKLEgt9iz
8jDlSzPnSG0/qyb0rw8NWcQeeRU8dFCNQQbjXNY88KcGaOKkY8vfr845O79dSmXk
RctC9K5Cf52ZNGt4pNQgOhxNsmOJyq+vYdBkywOrBB76sC+O3Twc3CUt3gfAaJxK
leIaS/DhEP/Fy0zrf5bjOTHzptSCoLetTeVdJkXOLnY8rk7Sdagvbo/MbY3zdZEg
LUjU6Dk+QTF2J44IC/PQCnY7Xcf7LAxAmtlgf/tJY6kB9uP6XurU44LEVQYTu2jk
5ZPw86AUMorIoU0ngO4WgEByuzrHB+sl+j44WC+apq1bLyZr0w==
-----END CERTIFICATE-----
Generated at Tue Nov 11 13:55:06 2025 by rpki-client