Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/6b104617-be96-4130-b1b4-dbe8facd0109.roa
File: 6b104617-be96-4130-b1b4-dbe8facd0109.roa (raw, json)
Hash identifier: pgcz+okKKaIfB5gzyM8PkzK5jcA0ANcvq+UeP8MGYco=
Subject key identifier: 8D:98:B0:17:8D:08:83:90:D3:5C:01:AD:8F:B1:84:D7:C9:09:E0:26
Certificate issuer: /CN=df759b5af3da6c9df033b0de998970a4e79655d0
Certificate serial: 10419C60F6D71AD5CEFBB778E6F1259BE93EF631
Authority key identifier: DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/6b104617-be96-4130-b1b4-dbe8facd0109.roa
Signing time: Fri 07 Nov 2025 20:21:52 +0000
ROA not before: Fri 07 Nov 2025 20:21:52 +0000
ROA not after: Fri 12 Dec 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2001:3fc7:c000::/36 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.mft
rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 12 Nov 2025 09:00:37 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
10:41:9c:60:f6:d7:1a:d5:ce:fb:b7:78:e6:f1:25:9b:e9:3e:f6:31
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=df759b5af3da6c9df033b0de998970a4e79655d0
Validity
Not Before: Nov 7 20:21:52 2025 GMT
Not After : Dec 12 23:59:59 2025 GMT
Subject: serialNumber=04f50cdf7955a9addbf2afc736dfe19c153b462b0205267def37745762a7db24, CN=98d67deb-bb75-4e77-b1a0-36016b2d6350
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d2:4e:f6:5b:ee:71:9b:f5:a6:ff:72:43:38:56:
47:24:dd:01:17:96:c2:89:f0:72:16:e6:89:10:e2:
a0:58:04:68:5d:25:d9:2a:cb:ed:87:1c:d8:ad:dd:
d4:b0:15:ac:f7:c4:20:4e:29:99:7e:06:29:a3:ec:
94:88:1e:81:2e:bc:40:15:90:a9:7f:5e:74:1f:31:
05:07:30:a0:f8:e5:0e:c6:2c:29:22:26:79:e0:66:
c2:33:cd:c0:5d:1a:1c:fb:99:b8:95:5f:bf:c8:b2:
15:66:54:18:6c:62:fb:87:05:f3:7b:e4:33:1e:52:
ad:23:ff:6a:6b:29:ed:0d:fe:7f:46:88:94:a5:04:
d1:4b:cc:b1:c7:63:0b:f6:72:4a:23:62:a3:b2:13:
24:d7:8b:53:9a:3b:de:9a:a6:91:09:d2:d3:01:f9:
56:47:ca:d4:69:19:6a:da:85:e2:ec:6e:82:cc:e3:
9d:1b:af:4f:70:6a:e4:fa:af:f9:7f:0c:1a:7a:8c:
cf:27:f3:9f:9d:2c:77:97:4c:d1:16:77:b9:b2:e3:
13:d5:a7:a0:86:4e:f8:0b:58:20:44:0c:7c:47:5f:
0d:24:47:fb:0a:fb:41:63:02:32:a8:e3:51:6f:42:
7c:ad:b0:ee:fb:c8:c3:ce:1e:04:39:09:53:b0:83:
e5:a7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8D:98:B0:17:8D:08:83:90:D3:5C:01:AD:8F:B1:84:D7:C9:09:E0:26
X509v3 Authority Key Identifier:
keyid:DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/6b104617-be96-4130-b1b4-dbe8facd0109.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:3fc7:c000::/36
Signature Algorithm: sha256WithRSAEncryption
a0:ce:7f:16:44:5b:2e:8a:76:ed:9f:1a:b5:2a:44:38:e0:81:
aa:89:27:1b:83:b8:a5:83:1b:27:6c:ca:1d:0c:0a:ab:65:88:
3b:e5:7e:06:96:cf:ea:fc:69:ae:3e:87:7d:69:5b:5d:ab:29:
4e:5e:0c:ab:18:5a:73:9c:cb:b3:23:69:43:5f:d0:0b:9e:48:
55:69:19:9d:ff:24:6c:54:5a:ff:79:28:fc:a5:e9:d2:19:98:
62:67:17:75:dc:bf:60:e9:eb:7e:c9:d2:43:c5:6b:5f:1d:bf:
e2:6f:06:7c:3a:b6:0e:54:2b:01:63:ce:be:f6:a7:51:3c:29:
8d:74:48:46:df:42:31:25:78:86:50:5b:19:f0:a2:95:09:e8:
2a:c6:63:fe:e5:8d:6c:a8:0c:3b:0a:0b:ce:16:8c:0f:46:a4:
ad:ec:2f:98:c3:94:a5:67:76:49:1d:ae:13:1e:42:d6:2f:e0:
04:aa:a3:f0:22:8e:e8:82:18:92:9e:dc:a2:20:cf:53:15:48:
96:b6:0b:1b:a3:59:d9:31:75:67:21:07:9f:61:16:f2:27:0c:
fd:34:2a:3c:bf:b0:dd:a8:ec:3a:34:e1:51:42:cf:2f:ab:26:
a4:4e:b9:9e:00:82:6a:aa:6b:af:8b:24:02:3f:47:42:2f:1b:
84:05:db:de
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUEEGcYPbXGtXO+7d45vElm+k+9jEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGY3NTliNWFmM2RhNmM5ZGYwMzNiMGRlOTk4OTcwYTRl
Nzk2NTVkMDAeFw0yNTExMDcyMDIxNTJaFw0yNTEyMTIyMzU5NTlaMHoxSTBHBgNV
BAUTQDA0ZjUwY2RmNzk1NWE5YWRkYmYyYWZjNzM2ZGZlMTljMTUzYjQ2MmIwMjA1
MjY3ZGVmMzc3NDU3NjJhN2RiMjQxLTArBgNVBAMTJDk4ZDY3ZGViLWJiNzUtNGU3
Ny1iMWEwLTM2MDE2YjJkNjM1MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANJO9lvucZv1pv9yQzhWRyTdAReWwonwchbmiRDioFgEaF0l2SrL7Ycc2K3d
1LAVrPfEIE4pmX4GKaPslIgegS68QBWQqX9edB8xBQcwoPjlDsYsKSImeeBmwjPN
wF0aHPuZuJVfv8iyFWZUGGxi+4cF83vkMx5SrSP/amsp7Q3+f0aIlKUE0UvMscdj
C/ZySiNio7ITJNeLU5o73pqmkQnS0wH5VkfK1GkZatqF4uxugszjnRuvT3Bq5Pqv
+X8MGnqMzyfzn50sd5dM0RZ3ubLjE9WnoIZO+AtYIEQMfEdfDSRH+wr7QWMCMqjj
UW9CfK2w7vvIw84eBDkJU7CD5acCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBSNmLAX
jQiDkNNcAa2PsYTXyQngJjAfBgNVHSMEGDAWgBTfdZta89psnfAzsN6ZiXCk55ZV
0DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzMzV2JXdlBh
Ykozd003RGVtWWx3cE9lV1ZkQS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9mZTM3MzdmYi0wOTVkLTQ0NGMtOTJmNC0zZjcyMjFmYjU0NGMv
NmIxMDQ2MTctYmU5Ni00MTMwLWIxYjQtZGJlOGZhY2QwMTA5LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZmUzNzM3ZmItMDk1ZC00NDRjLTkyZjQtM2Y3MjIxZmI1
NDRjLzBYRTV0WlZ5dUdlYUFfaDctMXFCcDdhWTRTby5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGBCABP8fA
MA0GCSqGSIb3DQEBCwUAA4IBAQCgzn8WRFsuinbtnxq1KkQ44IGqiScbg7ilgxsn
bModDAqrZYg75X4Gls/q/GmuPod9aVtdqylOXgyrGFpznMuzI2lDX9ALnkhVaRmd
/yRsVFr/eSj8penSGZhiZxd13L9g6et+ydJDxWtfHb/ibwZ8OrYOVCsBY86+9qdR
PCmNdEhG30IxJXiGUFsZ8KKVCegqxmP+5Y1sqAw7CgvOFowPRqSt7C+Yw5SlZ3ZJ
Ha4THkLWL+AEqqPwIo7oghiSntyiIM9TFUiWtgsbo1nZMXVnIQefYRbyJwz9NCo8
v7DdqOw6NOFRQs8vqyakTrmeAIJqqmuviyQCP0dCLxuEBdve
-----END CERTIFICATE-----
Generated at Tue Nov 11 13:55:03 2025 by rpki-client