Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/63b5c934-2f43-477b-85d8-563b35f97cf3.roa
File: 63b5c934-2f43-477b-85d8-563b35f97cf3.roa (raw, json)
Hash identifier: IphWdy+s0j674YiB2/aP07yfrmKYIMh/ooJiEBr5cok=
Subject key identifier: 17:99:F4:CF:30:2D:EB:A1:D2:0B:84:2F:62:86:93:DB:84:38:D2:50
Certificate issuer: /CN=df759b5af3da6c9df033b0de998970a4e79655d0
Certificate serial: 117BCD068D9880C5807519BF4978721A2A0CF216
Authority key identifier: DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/63b5c934-2f43-477b-85d8-563b35f97cf3.roa
Signing time: Fri 07 Nov 2025 20:21:46 +0000
ROA not before: Fri 07 Nov 2025 20:21:46 +0000
ROA not after: Fri 12 Dec 2025 23:59:59 +0000
asID: 8987
IP address blocks: 2001:3fc4::/36 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.mft
rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 12 Nov 2025 09:00:37 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
11:7b:cd:06:8d:98:80:c5:80:75:19:bf:49:78:72:1a:2a:0c:f2:16
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=df759b5af3da6c9df033b0de998970a4e79655d0
Validity
Not Before: Nov 7 20:21:46 2025 GMT
Not After : Dec 12 23:59:59 2025 GMT
Subject: serialNumber=c1170272796f8d1ce99ff17002e6a4dc03554cbdfffe1085f496cfb9f9d6516d, CN=98d67deb-bb75-4e77-b1a0-36016b2d6350
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ae:99:01:01:13:10:f1:68:b4:38:50:ad:55:b6:
5c:9d:3f:6d:f5:5d:f5:6c:46:d1:3e:30:12:f1:71:
06:42:e1:04:59:70:bb:65:0c:b6:61:fc:8b:ec:df:
91:30:19:31:77:b0:93:5b:1f:39:ca:91:24:16:9b:
79:64:7b:a4:a0:48:43:fa:89:18:a3:a9:89:f3:8e:
f9:79:76:43:05:88:3b:1f:0f:f9:f9:bf:6e:3e:ef:
37:6d:d3:0b:e0:d4:5a:e8:b1:d8:74:8b:4f:40:25:
20:9a:68:19:94:cc:a4:45:5b:3e:c9:bf:17:19:9c:
db:c8:be:a7:56:c9:30:70:04:b3:cf:7f:42:5e:2e:
62:1d:29:e5:fb:af:a3:78:0e:e6:31:9f:eb:0b:2f:
82:02:93:89:45:fe:4d:31:68:c0:7c:ae:be:ab:e4:
0a:70:91:45:77:a4:0c:b4:7a:85:0a:94:2d:33:64:
c2:9b:d7:b4:e3:21:39:34:6b:df:bc:66:71:47:0d:
be:51:b8:c7:fc:07:64:48:84:70:a7:c5:bc:7a:b3:
1c:ab:b3:b9:73:9b:16:6f:aa:13:80:cd:b2:e5:fb:
7f:a6:f8:ae:a9:57:0e:e3:0a:bd:59:2b:54:66:a0:
be:ff:a1:6d:c7:68:43:90:b2:eb:40:15:64:65:af:
9e:21
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
17:99:F4:CF:30:2D:EB:A1:D2:0B:84:2F:62:86:93:DB:84:38:D2:50
X509v3 Authority Key Identifier:
keyid:DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/63b5c934-2f43-477b-85d8-563b35f97cf3.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:3fc4::/36
Signature Algorithm: sha256WithRSAEncryption
ba:e1:36:8e:f7:ab:6f:06:3c:6a:62:00:ee:e0:0e:bc:33:e0:
34:70:42:b9:c0:87:8b:ec:a6:96:01:cd:6e:7f:ea:46:32:c3:
d9:3f:0d:ea:e9:46:8b:2c:5b:45:f9:a7:ab:a0:bf:44:bc:4e:
f1:50:f0:e3:b8:95:24:33:6a:2f:c0:1f:5f:11:0a:12:d0:08:
e3:a1:85:3b:05:55:8f:59:d0:c5:2f:fe:e1:39:4d:74:e8:ed:
62:a5:d3:9b:33:18:8f:23:0f:95:5b:1d:7f:f1:8a:15:ec:a8:
99:1d:09:23:60:f1:9c:61:43:fa:7f:e6:8e:6b:55:d3:bc:3d:
41:2e:f2:e7:47:1d:88:b9:16:58:f1:0f:18:0d:a1:7b:d7:9f:
b7:5f:39:41:dd:13:2a:40:87:69:dc:d0:60:99:36:aa:c5:6b:
19:c3:3c:67:b5:67:6a:a4:56:86:8f:3d:1a:ad:b3:70:84:09:
c6:4c:3f:11:36:55:9c:af:80:88:d3:c5:98:d2:f3:19:8a:ca:
c1:e0:52:9a:b2:14:98:cf:65:15:85:7d:b7:9b:64:09:ae:6a:
52:91:de:bb:01:20:bc:c0:6a:20:22:52:a1:19:08:72:55:0e:
84:97:16:00:c6:10:d0:a6:7b:63:e4:33:75:ca:65:5a:8b:25:
51:e9:44:e1
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUEXvNBo2YgMWAdRm/SXhyGioM8hYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGY3NTliNWFmM2RhNmM5ZGYwMzNiMGRlOTk4OTcwYTRl
Nzk2NTVkMDAeFw0yNTExMDcyMDIxNDZaFw0yNTEyMTIyMzU5NTlaMHoxSTBHBgNV
BAUTQGMxMTcwMjcyNzk2ZjhkMWNlOTlmZjE3MDAyZTZhNGRjMDM1NTRjYmRmZmZl
MTA4NWY0OTZjZmI5ZjlkNjUxNmQxLTArBgNVBAMTJDk4ZDY3ZGViLWJiNzUtNGU3
Ny1iMWEwLTM2MDE2YjJkNjM1MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAK6ZAQETEPFotDhQrVW2XJ0/bfVd9WxG0T4wEvFxBkLhBFlwu2UMtmH8i+zf
kTAZMXewk1sfOcqRJBabeWR7pKBIQ/qJGKOpifOO+Xl2QwWIOx8P+fm/bj7vN23T
C+DUWuix2HSLT0AlIJpoGZTMpEVbPsm/Fxmc28i+p1bJMHAEs89/Ql4uYh0p5fuv
o3gO5jGf6wsvggKTiUX+TTFowHyuvqvkCnCRRXekDLR6hQqULTNkwpvXtOMhOTRr
37xmcUcNvlG4x/wHZEiEcKfFvHqzHKuzuXObFm+qE4DNsuX7f6b4rqlXDuMKvVkr
VGagvv+hbcdoQ5Cy60AVZGWvniECAwEAAaOCAiMwggIfMB0GA1UdDgQWBBQXmfTP
MC3rodILhC9ihpPbhDjSUDAfBgNVHSMEGDAWgBTfdZta89psnfAzsN6ZiXCk55ZV
0DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzMzV2JXdlBh
Ykozd003RGVtWWx3cE9lV1ZkQS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9mZTM3MzdmYi0wOTVkLTQ0NGMtOTJmNC0zZjcyMjFmYjU0NGMv
NjNiNWM5MzQtMmY0My00NzdiLTg1ZDgtNTYzYjM1Zjk3Y2YzLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZmUzNzM3ZmItMDk1ZC00NDRjLTkyZjQtM2Y3MjIxZmI1
NDRjLzBYRTV0WlZ5dUdlYUFfaDctMXFCcDdhWTRTby5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGBCABP8QA
MA0GCSqGSIb3DQEBCwUAA4IBAQC64TaO96tvBjxqYgDu4A68M+A0cEK5wIeL7KaW
Ac1uf+pGMsPZPw3q6UaLLFtF+aeroL9EvE7xUPDjuJUkM2ovwB9fEQoS0AjjoYU7
BVWPWdDFL/7hOU106O1ipdObMxiPIw+VWx1/8YoV7KiZHQkjYPGcYUP6f+aOa1XT
vD1BLvLnRx2IuRZY8Q8YDaF715+3XzlB3RMqQIdp3NBgmTaqxWsZwzxntWdqpFaG
jz0arbNwhAnGTD8RNlWcr4CI08WY0vMZisrB4FKashSYz2UVhX23m2QJrmpSkd67
ASC8wGogIlKhGQhyVQ6ElxYAxhDQpntj5DN1ymVaiyVR6UTh
-----END CERTIFICATE-----
Generated at Tue Nov 11 13:55:02 2025 by rpki-client