Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/6b161c7d-a2d5-44f9-95b6-bbf915698d48.roa
File: 6b161c7d-a2d5-44f9-95b6-bbf915698d48.roa (raw, json)
Hash identifier: I3p7M38NJaxgaJEWnT8QbBO0rWa87ak1gPnKBIdPPco=
Subject key identifier: 26:FE:57:F2:3F:59:50:9F:FA:06:79:4B:86:89:3C:7B:E9:36:16:92
Certificate issuer: /CN=df759b5af3da6c9df033b0de998970a4e79655d0
Certificate serial: 3202A421EEC0D432DB3C38519DED19D121C93BB9
Authority key identifier: DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/6b161c7d-a2d5-44f9-95b6-bbf915698d48.roa
Signing time: Fri 07 Nov 2025 20:38:18 +0000
ROA not before: Fri 07 Nov 2025 20:38:18 +0000
ROA not after: Fri 12 Dec 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2001:3fc7:f000::/36 maxlen: 36
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.mft
rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 12 Nov 2025 09:00:37 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
32:02:a4:21:ee:c0:d4:32:db:3c:38:51:9d:ed:19:d1:21:c9:3b:b9
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=df759b5af3da6c9df033b0de998970a4e79655d0
Validity
Not Before: Nov 7 20:38:18 2025 GMT
Not After : Dec 12 23:59:59 2025 GMT
Subject: serialNumber=6bff2f60fb8fafc690871b165738b1a166bdc199c844609ee267083514064bae, CN=98d67deb-bb75-4e77-b1a0-36016b2d6350
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ab:7d:15:c9:c7:bc:22:fe:41:7e:22:65:26:d1:
68:db:94:ac:ed:28:1f:69:0a:c9:2c:d4:a5:bd:cc:
66:b3:22:86:b5:46:d5:9e:a3:f4:f1:1d:8d:12:bd:
7c:b7:98:d8:55:64:ab:fc:fc:cb:b1:85:2c:90:82:
8f:70:fb:1a:e1:0c:7a:ce:47:ab:74:c6:ff:37:06:
91:92:a5:6e:52:84:62:a5:2e:03:5f:da:e5:b9:e9:
d0:33:4e:bb:5e:1c:80:97:83:64:18:2b:47:fa:51:
8e:44:1b:db:e8:53:3d:0f:fb:22:ab:a8:d2:9a:41:
78:df:99:2e:dc:e8:8e:ab:03:0f:7e:18:a8:5e:86:
aa:18:60:10:47:2a:6f:3c:0d:ae:f1:05:69:4b:a4:
66:cc:dd:2c:77:c9:bb:ef:ce:ed:e2:1e:62:51:7e:
2d:90:31:55:8d:f2:0a:f5:32:a4:2f:5d:d9:d2:15:
ef:bc:0e:e4:25:98:a5:50:67:5b:88:51:1e:4a:b7:
bd:65:f4:f9:5c:df:79:df:44:48:9d:37:4e:82:c9:
e2:f3:37:4d:b3:68:a1:f0:cb:ba:0f:2d:31:fb:09:
4c:17:09:53:e5:b2:4f:4a:3b:38:1e:4c:4a:a5:74:
d3:7b:f8:a1:60:17:e3:bf:25:3e:ac:c9:4a:8d:4f:
58:07
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
26:FE:57:F2:3F:59:50:9F:FA:06:79:4B:86:89:3C:7B:E9:36:16:92
X509v3 Authority Key Identifier:
keyid:DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/6b161c7d-a2d5-44f9-95b6-bbf915698d48.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:3fc7:f000::/36
Signature Algorithm: sha256WithRSAEncryption
95:ba:c0:53:25:91:4b:ec:c6:0a:3c:55:f7:3e:12:e4:a6:1e:
9e:b6:6e:fc:66:c1:06:1e:9c:d1:93:81:e9:21:ef:90:ae:4a:
d0:40:b6:2f:66:9d:08:08:fb:06:be:7e:18:c7:c1:f3:f9:e8:
11:79:4d:0c:c8:3b:ab:e1:2d:8b:34:5f:e7:e6:c4:69:07:cd:
3e:93:7a:a1:17:1a:29:b3:84:21:e6:71:f3:e4:eb:85:3f:64:
d5:11:19:4f:dd:18:8b:59:55:d4:a7:1a:5d:68:33:79:49:b6:
64:b1:ac:49:cc:40:7a:83:48:f0:e4:56:58:e4:54:eb:c9:5a:
ef:95:7c:65:2a:f2:5b:b2:5c:98:e6:8e:19:ce:0a:6d:05:06:
78:91:fd:a0:4e:29:67:9e:18:6a:dc:14:09:d7:83:6d:f6:3e:
bd:6f:d3:22:1f:86:a9:09:10:5c:07:99:01:65:ba:69:a0:66:
50:5b:e7:2a:1d:2d:de:f2:dc:5b:c1:c2:93:47:33:04:8b:e2:
07:e5:5b:0e:2d:dc:c4:ed:da:7e:2f:b1:46:2b:5d:13:52:a3:
a7:0c:59:8b:10:ec:a6:40:3c:1a:5c:eb:5f:3a:b7:fc:15:89:
d4:85:88:ee:6a:2d:1d:dc:cd:9b:9b:bd:d9:d7:7e:34:e6:3a:
5a:16:be:61
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUMgKkIe7A1DLbPDhRne0Z0SHJO7kwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGY3NTliNWFmM2RhNmM5ZGYwMzNiMGRlOTk4OTcwYTRl
Nzk2NTVkMDAeFw0yNTExMDcyMDM4MThaFw0yNTEyMTIyMzU5NTlaMHoxSTBHBgNV
BAUTQDZiZmYyZjYwZmI4ZmFmYzY5MDg3MWIxNjU3MzhiMWExNjZiZGMxOTljODQ0
NjA5ZWUyNjcwODM1MTQwNjRiYWUxLTArBgNVBAMTJDk4ZDY3ZGViLWJiNzUtNGU3
Ny1iMWEwLTM2MDE2YjJkNjM1MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKt9FcnHvCL+QX4iZSbRaNuUrO0oH2kKySzUpb3MZrMihrVG1Z6j9PEdjRK9
fLeY2FVkq/z8y7GFLJCCj3D7GuEMes5Hq3TG/zcGkZKlblKEYqUuA1/a5bnp0DNO
u14cgJeDZBgrR/pRjkQb2+hTPQ/7Iquo0ppBeN+ZLtzojqsDD34YqF6GqhhgEEcq
bzwNrvEFaUukZszdLHfJu+/O7eIeYlF+LZAxVY3yCvUypC9d2dIV77wO5CWYpVBn
W4hRHkq3vWX0+Vzfed9ESJ03ToLJ4vM3TbNoofDLug8tMfsJTBcJU+WyT0o7OB5M
SqV003v4oWAX478lPqzJSo1PWAcCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBQm/lfy
P1lQn/oGeUuGiTx76TYWkjAfBgNVHSMEGDAWgBTfdZta89psnfAzsN6ZiXCk55ZV
0DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzMzV2JXdlBh
Ykozd003RGVtWWx3cE9lV1ZkQS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9mZTM3MzdmYi0wOTVkLTQ0NGMtOTJmNC0zZjcyMjFmYjU0NGMv
NmIxNjFjN2QtYTJkNS00NGY5LTk1YjYtYmJmOTE1Njk4ZDQ4LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZmUzNzM3ZmItMDk1ZC00NDRjLTkyZjQtM2Y3MjIxZmI1
NDRjLzBYRTV0WlZ5dUdlYUFfaDctMXFCcDdhWTRTby5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGBCABP8fw
MA0GCSqGSIb3DQEBCwUAA4IBAQCVusBTJZFL7MYKPFX3PhLkph6etm78ZsEGHpzR
k4HpIe+QrkrQQLYvZp0ICPsGvn4Yx8Hz+egReU0MyDur4S2LNF/n5sRpB80+k3qh
Fxops4Qh5nHz5OuFP2TVERlP3RiLWVXUpxpdaDN5SbZksaxJzEB6g0jw5FZY5FTr
yVrvlXxlKvJbslyY5o4ZzgptBQZ4kf2gTilnnhhq3BQJ14Nt9j69b9MiH4apCRBc
B5kBZbppoGZQW+cqHS3e8txbwcKTRzMEi+IH5VsOLdzE7dp+L7FGK10TUqOnDFmL
EOymQDwaXOtfOrf8FYnUhYjuai0d3M2bm73Z13405jpaFr5h
-----END CERTIFICATE-----
Generated at Tue Nov 11 13:55:01 2025 by rpki-client