Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/54519fcd-4655-4148-9d7d-913b0c0cfe03.roa
File: 54519fcd-4655-4148-9d7d-913b0c0cfe03.roa (raw, json)
Hash identifier: kF2gAI6X+0efcttXLH5KRZBa7krYp/vUVMYc7VtbntU=
Subject key identifier: 1E:29:F6:C4:ED:08:C8:8C:62:FD:CE:4F:79:93:49:51:1C:E7:0A:95
Certificate issuer: /CN=df759b5af3da6c9df033b0de998970a4e79655d0
Certificate serial: 01FA9624872EDD9C59C8AEFCFDA642A2E677F563
Authority key identifier: DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/54519fcd-4655-4148-9d7d-913b0c0cfe03.roa
Signing time: Fri 07 Nov 2025 20:21:50 +0000
ROA not before: Fri 07 Nov 2025 20:21:50 +0000
ROA not after: Fri 12 Dec 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2001:3fc7:9000::/36 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.mft
rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 12 Nov 2025 09:00:37 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:fa:96:24:87:2e:dd:9c:59:c8:ae:fc:fd:a6:42:a2:e6:77:f5:63
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=df759b5af3da6c9df033b0de998970a4e79655d0
Validity
Not Before: Nov 7 20:21:50 2025 GMT
Not After : Dec 12 23:59:59 2025 GMT
Subject: serialNumber=52f8aba346de8e3c87a1fc5724b73704f9689a12676893212aa67c6e7bca0e77, CN=98d67deb-bb75-4e77-b1a0-36016b2d6350
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9e:5d:c4:2a:19:5e:d5:b3:24:5b:fc:d9:5b:f6:
0c:d4:9c:b2:2c:c5:98:ea:4b:76:25:24:22:73:e1:
b5:dc:c3:99:5f:a0:80:f4:2e:80:fa:9a:29:da:11:
85:a1:df:39:5f:5e:6b:19:94:f4:e6:29:47:dd:05:
f4:29:2a:34:8a:ef:ba:1f:bc:08:0b:d0:0a:9e:d6:
9b:3c:49:cc:3e:58:83:ce:9e:f5:9f:00:ae:ee:a6:
5e:e0:3b:ea:5a:32:a8:52:94:56:be:58:74:5c:9f:
45:7c:4a:6a:ff:1b:a5:e5:c6:37:71:ae:fd:09:23:
52:05:12:39:dd:82:9a:b0:71:06:a9:b4:e9:8e:71:
90:6e:83:fc:86:81:f2:38:a9:64:00:35:12:7b:73:
a6:a6:e4:36:89:0c:1c:cd:ed:04:da:35:d6:1a:9f:
7b:9e:a5:84:bd:18:c2:1b:0a:fb:68:ea:ca:93:f2:
36:8b:b5:8e:ae:37:45:8b:29:01:a6:0f:33:df:c5:
9d:50:cf:93:77:4b:b1:06:6c:63:cc:ca:0d:73:25:
58:90:a4:e2:0a:80:7a:d9:c7:8f:1f:ac:35:56:46:
4f:48:6c:1d:8a:cf:be:8e:1d:8a:17:69:eb:82:96:
30:6f:4a:b8:fd:f9:6d:92:22:0c:6c:81:27:26:1e:
69:cd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1E:29:F6:C4:ED:08:C8:8C:62:FD:CE:4F:79:93:49:51:1C:E7:0A:95
X509v3 Authority Key Identifier:
keyid:DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/54519fcd-4655-4148-9d7d-913b0c0cfe03.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:3fc7:9000::/36
Signature Algorithm: sha256WithRSAEncryption
66:da:11:ed:1d:66:f3:4f:78:80:1c:cc:0b:fc:9c:3f:ca:32:
b6:cb:0b:10:25:65:60:35:13:56:91:ee:8e:fe:58:01:5b:9b:
58:a1:eb:24:ab:f8:18:0a:25:c6:87:fd:0d:45:66:a9:99:26:
aa:98:cb:ee:8e:c7:eb:6f:95:d5:4b:7e:ba:e8:8b:a5:4a:dc:
8d:e1:15:1c:be:17:c5:ce:5f:bc:36:27:84:1c:22:08:f9:3b:
c1:7a:9e:1c:85:22:d7:ad:af:29:12:e5:be:b0:95:99:45:c6:
66:3b:3d:bb:d9:5b:30:bc:18:b4:b9:87:b1:ee:50:54:9f:01:
b3:22:bb:68:86:3b:bf:7f:87:9c:34:6d:d7:e6:16:5c:cc:ea:
a1:00:8f:5a:89:02:7b:37:1c:d7:22:60:fc:e8:28:a8:63:34:
56:45:db:11:f3:9b:1f:81:81:ac:fe:eb:a7:f7:ca:3a:d2:62:
f1:60:47:dd:3d:a2:7f:3b:c9:33:80:86:a5:5c:5d:99:c4:ff:
90:12:15:66:12:25:b5:a4:1e:96:ab:8d:1e:52:3a:8d:09:37:
1a:ca:74:96:a5:63:04:f9:a5:0c:6a:9c:cc:bc:e0:9b:24:b1:
91:5b:bb:e1:10:3c:56:85:6c:36:a4:90:21:76:10:8b:b4:26:
f4:53:8f:40
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUAfqWJIcu3ZxZyK78/aZCouZ39WMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGY3NTliNWFmM2RhNmM5ZGYwMzNiMGRlOTk4OTcwYTRl
Nzk2NTVkMDAeFw0yNTExMDcyMDIxNTBaFw0yNTEyMTIyMzU5NTlaMHoxSTBHBgNV
BAUTQDUyZjhhYmEzNDZkZThlM2M4N2ExZmM1NzI0YjczNzA0Zjk2ODlhMTI2NzY4
OTMyMTJhYTY3YzZlN2JjYTBlNzcxLTArBgNVBAMTJDk4ZDY3ZGViLWJiNzUtNGU3
Ny1iMWEwLTM2MDE2YjJkNjM1MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJ5dxCoZXtWzJFv82Vv2DNScsizFmOpLdiUkInPhtdzDmV+ggPQugPqaKdoR
haHfOV9eaxmU9OYpR90F9CkqNIrvuh+8CAvQCp7WmzxJzD5Yg86e9Z8Aru6mXuA7
6loyqFKUVr5YdFyfRXxKav8bpeXGN3Gu/QkjUgUSOd2CmrBxBqm06Y5xkG6D/IaB
8jipZAA1EntzpqbkNokMHM3tBNo11hqfe56lhL0YwhsK+2jqypPyNou1jq43RYsp
AaYPM9/FnVDPk3dLsQZsY8zKDXMlWJCk4gqAetnHjx+sNVZGT0hsHYrPvo4dihdp
64KWMG9KuP35bZIiDGyBJyYeac0CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBQeKfbE
7QjIjGL9zk95k0lRHOcKlTAfBgNVHSMEGDAWgBTfdZta89psnfAzsN6ZiXCk55ZV
0DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzMzV2JXdlBh
Ykozd003RGVtWWx3cE9lV1ZkQS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9mZTM3MzdmYi0wOTVkLTQ0NGMtOTJmNC0zZjcyMjFmYjU0NGMv
NTQ1MTlmY2QtNDY1NS00MTQ4LTlkN2QtOTEzYjBjMGNmZTAzLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZmUzNzM3ZmItMDk1ZC00NDRjLTkyZjQtM2Y3MjIxZmI1
NDRjLzBYRTV0WlZ5dUdlYUFfaDctMXFCcDdhWTRTby5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGBCABP8eQ
MA0GCSqGSIb3DQEBCwUAA4IBAQBm2hHtHWbzT3iAHMwL/Jw/yjK2ywsQJWVgNRNW
ke6O/lgBW5tYoeskq/gYCiXGh/0NRWapmSaqmMvujsfrb5XVS3666IulStyN4RUc
vhfFzl+8NieEHCII+TvBep4chSLXra8pEuW+sJWZRcZmOz272VswvBi0uYex7lBU
nwGzIrtohju/f4ecNG3X5hZczOqhAI9aiQJ7NxzXImD86CioYzRWRdsR85sfgYGs
/uun98o60mLxYEfdPaJ/O8kzgIalXF2ZxP+QEhVmEiW1pB6Wq40eUjqNCTcaynSW
pWME+aUMapzMvOCbJLGRW7vhEDxWhWw2pJAhdhCLtCb0U49A
-----END CERTIFICATE-----
Generated at Tue Nov 11 13:54:56 2025 by rpki-client