Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/713a22fc-9451-4d48-9d05-5cdf9c1aa161.roa
File: 713a22fc-9451-4d48-9d05-5cdf9c1aa161.roa (raw, json)
Hash identifier: LSJQJJU1lJcDZCIOmxMTL/vEHDTiNjpNud6ZgsyQUIQ=
Subject key identifier: DB:1C:3C:FF:F6:88:3D:E6:36:D8:A5:EB:96:0D:CF:63:F3:21:66:13
Certificate issuer: /CN=df759b5af3da6c9df033b0de998970a4e79655d0
Certificate serial: 23CD892CD350D12D3FF74C4350DF2FB6CE7907
Authority key identifier: DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/713a22fc-9451-4d48-9d05-5cdf9c1aa161.roa
Signing time: Fri 07 Nov 2025 20:21:49 +0000
ROA not before: Fri 07 Nov 2025 20:21:49 +0000
ROA not after: Fri 12 Dec 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2001:3fc7:8000::/36 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.mft
rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 12 Nov 2025 09:00:37 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
23:cd:89:2c:d3:50:d1:2d:3f:f7:4c:43:50:df:2f:b6:ce:79:07
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=df759b5af3da6c9df033b0de998970a4e79655d0
Validity
Not Before: Nov 7 20:21:49 2025 GMT
Not After : Dec 12 23:59:59 2025 GMT
Subject: serialNumber=c478705ebbdb0ffaa41b301849761270e1a7abadb5bba5ed1b71bdaa263bb3d5, CN=98d67deb-bb75-4e77-b1a0-36016b2d6350
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d7:73:ad:5c:86:a6:d5:09:42:84:d8:b0:23:dc:
5c:0e:6d:f5:79:85:5d:51:48:13:bc:c2:20:5b:34:
bf:49:3e:08:c4:12:9a:c2:59:a7:2a:0e:81:6f:de:
6b:aa:12:7f:e1:4a:59:28:df:13:36:de:95:48:eb:
47:b9:7f:28:0a:20:2b:5f:d2:7e:56:9b:eb:c7:b5:
18:33:f7:75:fe:01:de:02:cb:e0:82:3e:cf:75:fe:
62:d4:28:f1:3e:1e:2c:8c:0f:74:73:ed:02:24:3d:
69:b7:02:6b:b9:5b:d4:be:17:90:03:9e:78:9e:7e:
31:7c:bc:60:82:dc:75:df:da:5b:62:e3:14:2e:8b:
2c:4d:81:16:68:22:eb:14:90:49:9d:1d:f5:bc:e3:
83:ab:fd:21:0e:04:76:a4:b6:1c:76:d9:83:fa:29:
1e:08:30:5d:33:94:9e:1f:5b:5b:6c:d9:1e:14:86:
d8:79:e5:9a:32:a8:59:cd:86:48:fb:eb:1a:14:17:
4a:eb:5a:a2:44:56:5f:a7:ab:1c:dc:a9:4c:ff:a0:
fa:aa:90:7e:c0:68:1c:b2:60:c1:51:ff:9b:ce:fa:
f1:54:7f:13:a1:e2:c8:a0:2b:d0:04:1d:02:a4:93:
d0:a6:72:45:ae:9e:f7:10:ca:c6:da:44:43:10:0b:
eb:27
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DB:1C:3C:FF:F6:88:3D:E6:36:D8:A5:EB:96:0D:CF:63:F3:21:66:13
X509v3 Authority Key Identifier:
keyid:DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/713a22fc-9451-4d48-9d05-5cdf9c1aa161.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:3fc7:8000::/36
Signature Algorithm: sha256WithRSAEncryption
62:b0:4f:ac:f3:88:05:b6:89:98:c5:df:aa:d0:aa:64:db:7e:
27:9a:23:fa:6c:5c:29:b9:64:c4:4d:42:ea:d0:fb:76:bf:07:
39:ae:de:d1:11:54:71:5c:ca:2c:eb:8b:78:18:38:b2:45:74:
04:ca:d4:8a:5f:ac:8f:c9:78:40:b2:f9:9f:53:89:02:a0:70:
de:b5:e7:3c:54:dd:d2:c1:e7:7b:85:f3:55:ce:fd:b1:a1:5e:
a6:94:97:c5:55:b8:e4:56:6d:04:07:15:9f:05:46:d4:d7:d9:
13:9e:ce:ba:2a:84:49:63:86:1b:cf:ef:ad:ed:df:17:4d:ed:
fb:04:d7:74:06:80:43:74:dc:98:1b:53:75:85:84:f9:d4:b3:
a2:11:a5:58:f0:27:7b:74:9c:5e:c9:f4:15:a9:e2:89:09:bb:
d4:17:37:9a:35:91:2f:5d:75:a7:cc:f8:f2:75:4e:8f:a0:43:
81:5f:7f:32:0e:9b:f6:17:43:5b:c0:e1:16:5d:0a:20:99:12:
60:3e:b4:a5:c9:64:51:2a:87:f4:13:c4:fd:d2:35:e6:0f:fe:
ee:48:cb:8d:81:83:27:b3:e9:de:a4:fe:29:7c:6f:06:a3:d7:
77:79:38:c7:23:c8:aa:ae:32:2b:6c:73:ff:ed:16:33:1c:44:
21:81:3a:b5
-----BEGIN CERTIFICATE-----
MIIFXzCCBEegAwIBAgITI82JLNNQ0S0/90xDUN8vts55BzANBgkqhkiG9w0BAQsF
ADAzMTEwLwYDVQQDEyhkZjc1OWI1YWYzZGE2YzlkZjAzM2IwZGU5OTg5NzBhNGU3
OTY1NWQwMB4XDTI1MTEwNzIwMjE0OVoXDTI1MTIxMjIzNTk1OVowejFJMEcGA1UE
BRNAYzQ3ODcwNWViYmRiMGZmYWE0MWIzMDE4NDk3NjEyNzBlMWE3YWJhZGI1YmJh
NWVkMWI3MWJkYWEyNjNiYjNkNTEtMCsGA1UEAxMkOThkNjdkZWItYmI3NS00ZTc3
LWIxYTAtMzYwMTZiMmQ2MzUwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA13OtXIam1QlChNiwI9xcDm31eYVdUUgTvMIgWzS/ST4IxBKawlmnKg6Bb95r
qhJ/4UpZKN8TNt6VSOtHuX8oCiArX9J+Vpvrx7UYM/d1/gHeAsvggj7Pdf5i1Cjx
Ph4sjA90c+0CJD1ptwJruVvUvheQA554nn4xfLxggtx139pbYuMULossTYEWaCLr
FJBJnR31vOODq/0hDgR2pLYcdtmD+ikeCDBdM5SeH1tbbNkeFIbYeeWaMqhZzYZI
++saFBdK61qiRFZfp6sc3KlM/6D6qpB+wGgcsmDBUf+bzvrxVH8ToeLIoCvQBB0C
pJPQpnJFrp73EMrG2kRDEAvrJwIDAQABo4ICIzCCAh8wHQYDVR0OBBYEFNscPP/2
iD3mNtil65YNz2PzIWYTMB8GA1UdIwQYMBaAFN91m1rz2myd8DOw3pmJcKTnllXQ
MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEFBQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMzNXYld2UGFi
SjN3TTdEZW1ZbHdwT2VXVmRBLmNlcjCBngYIKwYBBQUHAQsEgZEwgY4wgYsGCCsG
AQUFBzALhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFzdC0yLmFtYXpvbmF3cy5j
b20vdm9sdW1lL2ZlMzczN2ZiLTA5NWQtNDQ0Yy05MmY0LTNmNzIyMWZiNTQ0Yy83
MTNhMjJmYy05NDUxLTRkNDgtOWQwNS01Y2RmOWMxYWExNjEucm9hMIGIBgNVHR8E
gYAwfjB8oHqgeIZ2cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25h
d3MuY29tL3ZvbHVtZS9mZTM3MzdmYi0wOTVkLTQ0NGMtOTJmNC0zZjcyMjFmYjU0
NGMvMFhFNXRaVnl1R2VhQV9oNy0xcUJwN2FZNFNvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYEIAE/x4Aw
DQYJKoZIhvcNAQELBQADggEBAGKwT6zziAW2iZjF36rQqmTbfieaI/psXCm5ZMRN
QurQ+3a/Bzmu3tERVHFcyizri3gYOLJFdATK1IpfrI/JeECy+Z9TiQKgcN615zxU
3dLB53uF81XO/bGhXqaUl8VVuORWbQQHFZ8FRtTX2ROezroqhEljhhvP763t3xdN
7fsE13QGgEN03JgbU3WFhPnUs6IRpVjwJ3t0nF7J9BWp4okJu9QXN5o1kS9ddafM
+PJ1To+gQ4FffzIOm/YXQ1vA4RZdCiCZEmA+tKXJZFEqh/QTxP3SNeYP/u5Iy42B
gyez6d6k/il8bwaj13d5OMcjyKquMitsc//tFjMcRCGBOrU=
-----END CERTIFICATE-----
Generated at Tue Nov 11 13:55:04 2025 by rpki-client