Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/5b9ab97a-08fa-4cc6-888f-fb954293fc73.roa
File: 5b9ab97a-08fa-4cc6-888f-fb954293fc73.roa (raw, json)
Hash identifier: tt9TBAs7I21vIa1gb6iyxV/vA9wzzIAjOxWjTKRCNPY=
Subject key identifier: 65:FC:EE:45:B6:68:23:19:8E:C8:87:90:32:A2:89:AB:32:4F:8D:70
Certificate issuer: /CN=df759b5af3da6c9df033b0de998970a4e79655d0
Certificate serial: 572EC19BCC5A8828DC63A13FDE7C1F8389B49C27
Authority key identifier: DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/5b9ab97a-08fa-4cc6-888f-fb954293fc73.roa
Signing time: Fri 07 Nov 2025 20:36:50 +0000
ROA not before: Fri 07 Nov 2025 20:36:50 +0000
ROA not after: Fri 12 Dec 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2001:3fc3:a800::/40 maxlen: 40
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.mft
rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 12 Nov 2025 09:00:37 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
57:2e:c1:9b:cc:5a:88:28:dc:63:a1:3f:de:7c:1f:83:89:b4:9c:27
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=df759b5af3da6c9df033b0de998970a4e79655d0
Validity
Not Before: Nov 7 20:36:50 2025 GMT
Not After : Dec 12 23:59:59 2025 GMT
Subject: serialNumber=d4f3b50074597b5f455b865e53fd7fa5d982e530c6ed3eba9d451ece6823ea80, CN=98d67deb-bb75-4e77-b1a0-36016b2d6350
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ae:9b:d8:6a:96:42:4e:c4:32:e9:ee:7d:21:3f:
77:b7:e3:96:94:49:90:f5:90:6b:9e:d9:e5:7c:0c:
40:95:2c:3c:ad:6e:8b:fc:b7:b0:97:33:53:b3:5a:
fb:b7:e2:2c:d5:b9:3c:e5:0f:20:9e:98:ff:b0:8d:
07:38:2a:8e:c3:b8:06:f8:a0:7c:b0:4f:d3:c8:e8:
1a:9e:12:8b:b1:46:bd:a6:a4:73:9a:1a:58:ae:75:
04:f3:3a:c5:28:ad:0c:e2:7a:bd:76:99:43:08:59:
39:61:72:e8:90:6f:7b:f9:fc:1d:8c:47:13:66:ff:
ed:18:4b:b2:66:2f:f6:f9:12:33:ed:56:b9:31:d6:
f6:e6:e7:f7:c1:63:3c:9d:22:fc:d6:63:3d:a4:c4:
86:81:2b:ff:f3:56:c7:d0:a9:d7:b6:87:d6:fb:93:
30:1d:15:49:12:8c:d6:c3:65:90:ab:bf:d2:34:1c:
3d:4e:1b:9f:10:03:93:7c:66:0e:35:51:f9:89:20:
f1:b9:a5:b5:27:66:92:5a:56:5a:3a:5a:99:40:8e:
af:ef:09:2b:17:4a:53:63:4c:ff:27:bf:77:7f:ff:
30:60:0b:3b:f2:0f:7f:be:c4:73:3d:53:ef:e5:e9:
9b:6d:69:a7:86:b9:4c:cc:6f:98:46:1f:77:7a:21:
52:a1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
65:FC:EE:45:B6:68:23:19:8E:C8:87:90:32:A2:89:AB:32:4F:8D:70
X509v3 Authority Key Identifier:
keyid:DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/5b9ab97a-08fa-4cc6-888f-fb954293fc73.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:3fc3:a800::/40
Signature Algorithm: sha256WithRSAEncryption
77:b1:fd:61:45:f1:c3:67:f7:e8:e7:f2:9c:b5:a0:6e:36:6e:
70:d1:89:aa:ba:e7:15:6d:d5:1e:00:df:45:d7:06:52:69:3e:
bc:97:d9:2c:18:f9:32:52:fe:e8:4e:b6:27:32:ee:be:d2:73:
28:36:d0:a0:ed:5a:9b:f0:af:79:77:ed:9b:ed:54:c7:9d:36:
14:87:e5:b8:36:b3:b3:4a:00:b0:43:5e:e4:7f:78:02:92:36:
db:ef:e1:c1:e3:81:a9:b7:a0:99:71:38:83:58:bd:5f:0e:b7:
28:ce:44:0b:82:e0:07:4e:94:46:ba:e4:95:91:d3:fb:7d:af:
7c:df:70:13:0a:35:15:99:30:a8:40:d9:e0:bf:06:68:02:19:
2a:14:a5:a9:7c:bf:57:d7:ee:61:42:0e:9b:09:92:b2:16:5f:
1f:b1:9f:e7:a7:0a:62:9b:ac:da:f7:7b:6e:e8:a3:ca:76:ec:
6a:dd:c9:8b:cf:20:07:72:35:30:89:4a:7e:b2:6b:a7:0c:20:
2e:c9:e4:01:b8:f0:2b:07:01:13:4b:c9:36:70:cd:ba:ed:91:
d9:7f:27:b3:f3:05:e1:6d:49:d6:d0:06:e5:08:e3:f7:b5:f3:
71:be:0a:37:19:d0:b8:c6:04:a4:bc:8d:87:06:7b:4c:22:98:
b3:1c:21:2c
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUVy7Bm8xaiCjcY6E/3nwfg4m0nCcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGY3NTliNWFmM2RhNmM5ZGYwMzNiMGRlOTk4OTcwYTRl
Nzk2NTVkMDAeFw0yNTExMDcyMDM2NTBaFw0yNTEyMTIyMzU5NTlaMHoxSTBHBgNV
BAUTQGQ0ZjNiNTAwNzQ1OTdiNWY0NTViODY1ZTUzZmQ3ZmE1ZDk4MmU1MzBjNmVk
M2ViYTlkNDUxZWNlNjgyM2VhODAxLTArBgNVBAMTJDk4ZDY3ZGViLWJiNzUtNGU3
Ny1iMWEwLTM2MDE2YjJkNjM1MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAK6b2GqWQk7EMunufSE/d7fjlpRJkPWQa57Z5XwMQJUsPK1ui/y3sJczU7Na
+7fiLNW5POUPIJ6Y/7CNBzgqjsO4BvigfLBP08joGp4Si7FGvaakc5oaWK51BPM6
xSitDOJ6vXaZQwhZOWFy6JBve/n8HYxHE2b/7RhLsmYv9vkSM+1WuTHW9ubn98Fj
PJ0i/NZjPaTEhoEr//NWx9Cp17aH1vuTMB0VSRKM1sNlkKu/0jQcPU4bnxADk3xm
DjVR+Ykg8bmltSdmklpWWjpamUCOr+8JKxdKU2NM/ye/d3//MGALO/IPf77Ecz1T
7+Xpm21pp4a5TMxvmEYfd3ohUqECAwEAAaOCAiMwggIfMB0GA1UdDgQWBBRl/O5F
tmgjGY7Ih5AyoomrMk+NcDAfBgNVHSMEGDAWgBTfdZta89psnfAzsN6ZiXCk55ZV
0DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzMzV2JXdlBh
Ykozd003RGVtWWx3cE9lV1ZkQS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9mZTM3MzdmYi0wOTVkLTQ0NGMtOTJmNC0zZjcyMjFmYjU0NGMv
NWI5YWI5N2EtMDhmYS00Y2M2LTg4OGYtZmI5NTQyOTNmYzczLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZmUzNzM3ZmItMDk1ZC00NDRjLTkyZjQtM2Y3MjIxZmI1
NDRjLzBYRTV0WlZ5dUdlYUFfaDctMXFCcDdhWTRTby5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACABP8Oo
MA0GCSqGSIb3DQEBCwUAA4IBAQB3sf1hRfHDZ/fo5/KctaBuNm5w0YmquucVbdUe
AN9F1wZSaT68l9ksGPkyUv7oTrYnMu6+0nMoNtCg7Vqb8K95d+2b7VTHnTYUh+W4
NrOzSgCwQ17kf3gCkjbb7+HB44Gpt6CZcTiDWL1fDrcozkQLguAHTpRGuuSVkdP7
fa9833ATCjUVmTCoQNngvwZoAhkqFKWpfL9X1+5hQg6bCZKyFl8fsZ/npwpim6za
93tu6KPKduxq3cmLzyAHcjUwiUp+smunDCAuyeQBuPArBwETS8k2cM267ZHZfyez
8wXhbUnW0AblCOP3tfNxvgo3GdC4xgSkvI2HBntMIpizHCEs
-----END CERTIFICATE-----
Generated at Tue Nov 11 13:54:58 2025 by rpki-client