Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/71ecb785-83f2-49e3-899e-5a6d8098f651.roa
File: 71ecb785-83f2-49e3-899e-5a6d8098f651.roa (raw, json)
Hash identifier: j2LFbC6ywOuFj9Carc/3WwYvqxeBJ55Gnm+t1MHOx1Y=
Subject key identifier: A1:76:39:7A:A6:2A:C3:73:1A:04:42:33:F8:C7:12:E9:B0:6A:1F:38
Certificate issuer: /CN=df759b5af3da6c9df033b0de998970a4e79655d0
Certificate serial: 391DC7FC33944D769E72FECFDABDC470282A0DBB
Authority key identifier: DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/71ecb785-83f2-49e3-899e-5a6d8098f651.roa
Signing time: Fri 07 Nov 2025 20:21:45 +0000
ROA not before: Fri 07 Nov 2025 20:21:45 +0000
ROA not after: Fri 12 Dec 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2001:3fc3:5000::/36 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.mft
rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 12 Nov 2025 09:00:37 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
39:1d:c7:fc:33:94:4d:76:9e:72:fe:cf:da:bd:c4:70:28:2a:0d:bb
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=df759b5af3da6c9df033b0de998970a4e79655d0
Validity
Not Before: Nov 7 20:21:45 2025 GMT
Not After : Dec 12 23:59:59 2025 GMT
Subject: serialNumber=b13bead36cb660904edffd01e63b97de9c977c14b3ffcef5a810cf75a69ea814, CN=98d67deb-bb75-4e77-b1a0-36016b2d6350
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f1:c7:14:f3:05:bd:a7:48:c2:6c:21:30:52:72:
bb:b7:cb:2a:99:03:8b:b5:1e:0e:c1:ad:7e:24:49:
34:24:6c:dd:12:1b:7c:37:69:d2:19:51:37:81:f0:
99:67:4e:19:e6:e1:1f:5d:cf:8a:3c:c7:23:78:3f:
c3:21:b8:16:05:6f:c2:6d:1b:f5:ab:99:49:ff:b2:
af:61:63:d8:ae:1f:b2:f3:b2:68:e4:9d:31:79:bf:
48:3c:35:ba:ac:99:65:d6:9a:26:d2:a9:c3:f4:d4:
4b:fc:41:5c:e1:18:f8:ae:82:3a:6d:d8:35:57:6c:
e8:52:f5:50:49:0c:2c:52:8d:71:c2:20:ad:aa:e6:
ea:35:8c:2e:3d:08:0e:77:a3:77:df:76:15:15:03:
4e:59:69:e9:76:6f:2e:03:c1:4a:32:00:fd:19:f2:
7a:47:dc:04:63:c5:49:71:26:bd:0d:65:f8:e8:31:
13:5b:29:d6:29:a3:82:9d:2c:56:4a:8f:b3:24:80:
24:94:17:0f:a9:54:b0:39:fb:21:95:4c:2c:65:f4:
0d:73:5a:ce:eb:f9:5e:7e:5f:ec:00:fe:7d:fd:2f:
e8:4f:a2:58:8f:c5:03:24:5b:c9:b9:73:3b:41:50:
aa:6e:7b:63:2e:00:93:44:d3:c2:77:e3:d9:83:fe:
70:73
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A1:76:39:7A:A6:2A:C3:73:1A:04:42:33:F8:C7:12:E9:B0:6A:1F:38
X509v3 Authority Key Identifier:
keyid:DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/71ecb785-83f2-49e3-899e-5a6d8098f651.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:3fc3:5000::/36
Signature Algorithm: sha256WithRSAEncryption
9d:dd:f2:63:07:8c:1c:0b:11:0d:eb:23:03:92:f1:4f:21:81:
75:54:1a:0f:cf:d2:23:59:a0:d6:6d:22:fe:56:3e:04:06:12:
c5:27:63:c2:c5:8a:8a:37:1c:f3:ec:cb:6e:96:c7:0c:87:05:
26:9c:7c:bc:4d:6c:da:82:1a:0a:1b:e5:55:d7:2e:25:34:0c:
84:d1:a0:63:a2:f5:86:46:ca:23:e8:58:5b:ac:01:38:21:3f:
67:88:fc:de:ac:8f:7c:5b:26:69:40:61:70:75:2c:41:21:98:
4c:dd:48:23:ce:0a:48:36:9b:96:a7:53:c9:d0:ea:4f:3f:52:
09:98:01:c5:dd:1c:52:2c:e8:ac:b6:d1:00:fe:97:a4:33:f0:
24:75:cd:be:c7:f5:d0:b6:cf:d6:74:db:7a:3f:72:f3:c1:75:
29:a5:bb:27:b6:e7:60:35:f8:61:b9:e4:82:f1:c9:1a:77:92:
2a:6f:51:b5:9f:27:35:35:30:02:c0:06:1f:22:7b:2b:c7:d0:
d2:50:12:5c:42:51:7b:c6:af:4d:24:5e:25:b2:ff:f7:9f:79:
aa:05:57:7e:2a:0a:15:90:e0:46:ac:81:0c:b5:68:d5:b1:74:
73:07:cf:0d:52:bb:51:57:77:02:56:52:5d:03:61:be:99:ae:
98:a5:a1:18
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUOR3H/DOUTXaecv7P2r3EcCgqDbswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGY3NTliNWFmM2RhNmM5ZGYwMzNiMGRlOTk4OTcwYTRl
Nzk2NTVkMDAeFw0yNTExMDcyMDIxNDVaFw0yNTEyMTIyMzU5NTlaMHoxSTBHBgNV
BAUTQGIxM2JlYWQzNmNiNjYwOTA0ZWRmZmQwMWU2M2I5N2RlOWM5NzdjMTRiM2Zm
Y2VmNWE4MTBjZjc1YTY5ZWE4MTQxLTArBgNVBAMTJDk4ZDY3ZGViLWJiNzUtNGU3
Ny1iMWEwLTM2MDE2YjJkNjM1MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAPHHFPMFvadIwmwhMFJyu7fLKpkDi7UeDsGtfiRJNCRs3RIbfDdp0hlRN4Hw
mWdOGebhH13PijzHI3g/wyG4FgVvwm0b9auZSf+yr2Fj2K4fsvOyaOSdMXm/SDw1
uqyZZdaaJtKpw/TUS/xBXOEY+K6COm3YNVds6FL1UEkMLFKNccIgrarm6jWMLj0I
Dnejd992FRUDTllp6XZvLgPBSjIA/RnyekfcBGPFSXEmvQ1l+OgxE1sp1imjgp0s
VkqPsySAJJQXD6lUsDn7IZVMLGX0DXNazuv5Xn5f7AD+ff0v6E+iWI/FAyRbyblz
O0FQqm57Yy4Ak0TTwnfj2YP+cHMCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBShdjl6
pirDcxoEQjP4xxLpsGofODAfBgNVHSMEGDAWgBTfdZta89psnfAzsN6ZiXCk55ZV
0DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzMzV2JXdlBh
Ykozd003RGVtWWx3cE9lV1ZkQS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9mZTM3MzdmYi0wOTVkLTQ0NGMtOTJmNC0zZjcyMjFmYjU0NGMv
NzFlY2I3ODUtODNmMi00OWUzLTg5OWUtNWE2ZDgwOThmNjUxLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZmUzNzM3ZmItMDk1ZC00NDRjLTkyZjQtM2Y3MjIxZmI1
NDRjLzBYRTV0WlZ5dUdlYUFfaDctMXFCcDdhWTRTby5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGBCABP8NQ
MA0GCSqGSIb3DQEBCwUAA4IBAQCd3fJjB4wcCxEN6yMDkvFPIYF1VBoPz9IjWaDW
bSL+Vj4EBhLFJ2PCxYqKNxzz7MtulscMhwUmnHy8TWzaghoKG+VV1y4lNAyE0aBj
ovWGRsoj6FhbrAE4IT9niPzerI98WyZpQGFwdSxBIZhM3UgjzgpINpuWp1PJ0OpP
P1IJmAHF3RxSLOisttEA/pekM/Akdc2+x/XQts/WdNt6P3LzwXUppbsntudgNfhh
ueSC8ckad5Iqb1G1nyc1NTACwAYfInsrx9DSUBJcQlF7xq9NJF4lsv/3n3mqBVd+
KgoVkOBGrIEMtWjVsXRzB88NUrtRV3cCVlJdA2G+ma6YpaEY
-----END CERTIFICATE-----
Generated at Tue Nov 11 13:54:59 2025 by rpki-client