Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/695b2c0d-a8e0-45bc-878b-176c66a934f6.roa
File: 695b2c0d-a8e0-45bc-878b-176c66a934f6.roa (raw, json)
Hash identifier: /o+VfgeoS+eXOLorPaJ0ybxTgLngMXKiRxT8hkfXXtk=
Subject key identifier: 3C:14:C9:B4:66:04:33:0B:AB:8D:A0:EF:88:A8:EF:13:15:20:73:9D
Certificate issuer: /CN=df759b5af3da6c9df033b0de998970a4e79655d0
Certificate serial: 2D818C1B883E8DBA587F697EA97E4C055E05592F
Authority key identifier: DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/695b2c0d-a8e0-45bc-878b-176c66a934f6.roa
Signing time: Fri 07 Nov 2025 20:23:15 +0000
ROA not before: Fri 07 Nov 2025 20:23:15 +0000
ROA not after: Fri 12 Dec 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2001:3fc7:28c0::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.mft
rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 12 Nov 2025 09:00:37 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
2d:81:8c:1b:88:3e:8d:ba:58:7f:69:7e:a9:7e:4c:05:5e:05:59:2f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=df759b5af3da6c9df033b0de998970a4e79655d0
Validity
Not Before: Nov 7 20:23:15 2025 GMT
Not After : Dec 12 23:59:59 2025 GMT
Subject: serialNumber=d539c8019b0e9eb4786fb665432611208a8aaf5594002447f6b97b6ae0f56e7a, CN=98d67deb-bb75-4e77-b1a0-36016b2d6350
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:dc:8b:85:a4:c1:32:6d:20:32:e7:79:66:8b:dc:
9a:db:76:55:76:24:dd:61:35:40:86:7f:28:2b:59:
68:c2:00:34:ee:41:5e:ce:b6:55:b7:8c:af:84:fd:
d5:dd:6a:aa:2b:ed:95:e0:7b:d2:2c:06:59:8a:79:
fa:41:b7:71:71:e1:e4:87:fa:1b:15:c8:d1:ac:82:
b9:c7:9f:0e:06:0f:39:44:02:bd:15:83:58:ea:d2:
db:54:08:62:bc:ab:b0:80:c7:e7:c3:72:bc:19:1c:
30:79:18:6b:db:d6:5d:54:6c:06:3d:5d:57:07:4f:
54:36:5f:4f:f8:92:10:a5:76:f4:7d:11:f9:53:e9:
4c:54:b7:b4:74:e6:31:08:81:d1:2c:47:8f:e0:f6:
6c:d0:da:e6:bb:06:4a:74:5c:08:f3:6f:37:4f:5d:
2f:cc:00:05:7c:09:0e:ab:8d:a2:c7:0b:28:8f:d2:
15:6e:04:33:73:7d:42:56:2e:99:c9:58:4b:44:e6:
36:05:c5:1c:af:78:b2:88:69:d0:73:66:bf:fd:ec:
6f:a9:2a:91:0a:21:f3:8f:c7:5d:27:1b:21:70:f9:
d8:19:1d:6f:ba:51:3c:a9:de:73:a0:77:48:65:41:
4a:9a:2e:c0:7d:b2:6b:1e:e7:60:a9:d9:44:71:7b:
39:45
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3C:14:C9:B4:66:04:33:0B:AB:8D:A0:EF:88:A8:EF:13:15:20:73:9D
X509v3 Authority Key Identifier:
keyid:DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/695b2c0d-a8e0-45bc-878b-176c66a934f6.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:3fc7:28c0::/48
Signature Algorithm: sha256WithRSAEncryption
5a:00:6b:54:69:98:0f:51:31:e5:33:7a:40:ff:2f:53:51:18:
fe:cd:3f:1a:3d:f2:05:20:67:13:a3:40:4b:fd:9f:16:f0:de:
03:c5:b2:50:a7:3e:4d:49:49:14:02:ba:c9:b7:db:3c:28:1e:
eb:57:c4:66:c1:88:45:0a:6d:41:8f:81:8e:96:6e:61:8a:cd:
79:1e:d8:ab:35:75:6c:fe:65:d0:14:06:4e:b0:6a:6c:98:73:
bf:1e:33:ee:33:7e:ee:22:82:c2:ce:79:c1:bc:06:02:ea:c8:
b9:cb:2c:86:5a:00:76:e0:7e:c9:86:e8:7e:f1:b9:1a:ba:15:
b0:8c:f6:19:73:33:87:29:e0:64:4f:79:51:ef:37:81:94:de:
8f:b6:0e:eb:e2:c2:df:f8:9a:0c:a8:d7:e8:78:1a:3b:62:33:
33:58:8f:cb:b6:30:a4:8d:57:9b:3f:29:2c:b0:00:b8:cb:b1:
ac:5f:cb:49:82:e0:ed:78:98:6b:60:43:71:13:3b:76:4c:e1:
8c:7c:f5:3c:18:97:aa:de:54:70:87:5b:cf:6a:0f:7d:72:13:
fc:81:4f:6a:ff:2c:98:ec:94:7a:f5:6f:9d:20:23:de:2b:4b:
d4:dc:08:92:2c:5f:e5:71:70:79:ee:53:49:69:a1:32:4c:a1:
36:15:45:58
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIULYGMG4g+jbpYf2l+qX5MBV4FWS8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGY3NTliNWFmM2RhNmM5ZGYwMzNiMGRlOTk4OTcwYTRl
Nzk2NTVkMDAeFw0yNTExMDcyMDIzMTVaFw0yNTEyMTIyMzU5NTlaMHoxSTBHBgNV
BAUTQGQ1MzljODAxOWIwZTllYjQ3ODZmYjY2NTQzMjYxMTIwOGE4YWFmNTU5NDAw
MjQ0N2Y2Yjk3YjZhZTBmNTZlN2ExLTArBgNVBAMTJDk4ZDY3ZGViLWJiNzUtNGU3
Ny1iMWEwLTM2MDE2YjJkNjM1MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANyLhaTBMm0gMud5Zovcmtt2VXYk3WE1QIZ/KCtZaMIANO5BXs62VbeMr4T9
1d1qqivtleB70iwGWYp5+kG3cXHh5If6GxXI0ayCucefDgYPOUQCvRWDWOrS21QI
YryrsIDH58NyvBkcMHkYa9vWXVRsBj1dVwdPVDZfT/iSEKV29H0R+VPpTFS3tHTm
MQiB0SxHj+D2bNDa5rsGSnRcCPNvN09dL8wABXwJDquNoscLKI/SFW4EM3N9QlYu
mclYS0TmNgXFHK94sohp0HNmv/3sb6kqkQoh84/HXScbIXD52Bkdb7pRPKnec6B3
SGVBSpouwH2yax7nYKnZRHF7OUUCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBQ8FMm0
ZgQzC6uNoO+IqO8TFSBznTAfBgNVHSMEGDAWgBTfdZta89psnfAzsN6ZiXCk55ZV
0DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzMzV2JXdlBh
Ykozd003RGVtWWx3cE9lV1ZkQS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9mZTM3MzdmYi0wOTVkLTQ0NGMtOTJmNC0zZjcyMjFmYjU0NGMv
Njk1YjJjMGQtYThlMC00NWJjLTg3OGItMTc2YzY2YTkzNGY2LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZmUzNzM3ZmItMDk1ZC00NDRjLTkyZjQtM2Y3MjIxZmI1
NDRjLzBYRTV0WlZ5dUdlYUFfaDctMXFCcDdhWTRTby5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACABP8co
wDANBgkqhkiG9w0BAQsFAAOCAQEAWgBrVGmYD1Ex5TN6QP8vU1EY/s0/Gj3yBSBn
E6NAS/2fFvDeA8WyUKc+TUlJFAK6ybfbPCge61fEZsGIRQptQY+BjpZuYYrNeR7Y
qzV1bP5l0BQGTrBqbJhzvx4z7jN+7iKCws55wbwGAurIucsshloAduB+yYbofvG5
GroVsIz2GXMzhyngZE95Ue83gZTej7YO6+LC3/iaDKjX6HgaO2IzM1iPy7YwpI1X
mz8pLLAAuMuxrF/LSYLg7XiYa2BDcRM7dkzhjHz1PBiXqt5UcIdbz2oPfXIT/IFP
av8smOyUevVvnSAj3itL1NwIkixf5XFwee5TSWmhMkyhNhVFWA==
-----END CERTIFICATE-----
Generated at Tue Nov 11 13:54:59 2025 by rpki-client