Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/751d5a0a-c925-4787-ac94-98c23675f1ba.roa
File: 751d5a0a-c925-4787-ac94-98c23675f1ba.roa (raw, json)
Hash identifier: iwQEKBLv/0Mw2h9kjNhh8+i7bwrq9BfrUtbqdGHUEp0=
Subject key identifier: CC:71:17:60:DD:76:BF:6D:38:56:7A:46:32:E2:0C:47:C3:FF:2C:AF
Certificate issuer: /CN=df759b5af3da6c9df033b0de998970a4e79655d0
Certificate serial: 4DC5EECEB4855404D37ED7472AF5463574E64CE5
Authority key identifier: DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/751d5a0a-c925-4787-ac94-98c23675f1ba.roa
Signing time: Fri 07 Nov 2025 20:23:16 +0000
ROA not before: Fri 07 Nov 2025 20:23:16 +0000
ROA not after: Fri 12 Dec 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2001:3fc7:f840::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.mft
rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 12 Nov 2025 09:00:37 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
4d:c5:ee:ce:b4:85:54:04:d3:7e:d7:47:2a:f5:46:35:74:e6:4c:e5
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=df759b5af3da6c9df033b0de998970a4e79655d0
Validity
Not Before: Nov 7 20:23:16 2025 GMT
Not After : Dec 12 23:59:59 2025 GMT
Subject: serialNumber=7e4b26ebe8026868e6fce2bfb7cd957d66140073d7a26b506fa4553824ea8cd3, CN=98d67deb-bb75-4e77-b1a0-36016b2d6350
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:87:f8:38:b9:42:3b:91:b3:d3:55:a3:da:b7:21:
be:19:9f:6e:c5:05:cb:0c:8c:a8:9d:3a:ea:35:75:
fe:49:a5:d9:33:36:44:46:c4:fd:eb:3d:86:e0:6e:
be:d8:67:c7:d9:5f:bd:44:d1:05:1d:a1:f8:85:b9:
42:7f:a3:4f:b3:b3:29:d1:10:e1:f1:fa:a7:49:a2:
ec:fc:be:e7:81:73:7f:38:84:bd:ec:3b:b8:bf:8d:
1f:d5:24:71:52:4e:44:fc:e2:bd:b8:fc:a8:5e:39:
66:0c:58:71:a8:0a:9d:85:7d:e8:84:be:2b:54:7c:
47:d7:ce:1c:55:34:e2:d1:91:90:2d:1f:41:aa:7b:
b2:e4:ce:1a:fd:a2:bb:9a:99:38:3f:f1:8a:d7:34:
59:b1:98:af:a6:27:3a:be:99:c5:15:ef:29:6f:04:
c4:98:0d:a6:e8:63:01:79:9c:95:f5:7d:be:9e:37:
93:03:b2:03:cf:26:35:cd:81:a2:35:ba:be:9a:4f:
2b:01:d1:ae:16:fc:95:65:cd:8f:c1:78:9b:87:46:
b3:3c:f8:56:8c:74:30:e8:c8:90:54:7d:ed:c6:8e:
c1:d6:46:b6:2d:b9:0e:01:46:b8:98:14:d3:4d:c2:
e2:2d:3b:c1:ba:73:94:ea:cd:bd:e8:73:40:51:b3:
cf:2f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CC:71:17:60:DD:76:BF:6D:38:56:7A:46:32:E2:0C:47:C3:FF:2C:AF
X509v3 Authority Key Identifier:
keyid:DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/751d5a0a-c925-4787-ac94-98c23675f1ba.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:3fc7:f840::/48
Signature Algorithm: sha256WithRSAEncryption
18:a9:54:8a:bd:3f:56:5b:3e:15:83:e9:fc:02:03:13:8d:a9:
65:37:05:99:e9:33:eb:dc:de:ec:b4:af:3a:7c:25:37:1f:33:
91:29:85:08:83:47:83:4e:0f:d0:dc:3c:59:ca:01:80:77:b3:
65:ef:55:ad:1a:2f:79:6d:75:db:a1:02:10:a9:97:2e:b5:dd:
47:56:c2:6b:58:ab:d3:59:84:05:01:4a:34:73:32:16:74:1f:
c2:91:fe:66:df:0b:2f:1f:7a:a3:25:85:08:25:86:98:c0:48:
da:ed:2c:95:03:b2:ce:80:43:50:82:dc:92:c9:33:9c:7d:f1:
a4:9d:6e:ed:60:bf:7d:3c:d6:d7:e0:64:8c:f1:9a:fa:6c:c3:
e8:2c:bb:b2:a6:1a:dc:e6:81:24:c3:38:9f:8d:72:4b:0d:8b:
f2:18:6f:5c:86:f3:21:df:76:99:13:c9:23:f4:e3:36:ec:ec:
f0:3c:ca:33:d5:6a:3c:63:f7:c6:ca:37:5d:00:ac:4a:e5:e4:
e0:32:b3:7a:9f:b4:2e:a7:15:d0:53:48:cd:92:34:ec:20:c7:
d9:35:d7:c6:14:51:3f:a9:2f:d0:b6:25:d8:55:25:cb:ab:4a:
bd:a7:19:c3:34:b2:0b:9f:bb:21:be:34:6f:54:a3:38:fd:4e:
21:b8:e9:cd
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUTcXuzrSFVATTftdHKvVGNXTmTOUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGY3NTliNWFmM2RhNmM5ZGYwMzNiMGRlOTk4OTcwYTRl
Nzk2NTVkMDAeFw0yNTExMDcyMDIzMTZaFw0yNTEyMTIyMzU5NTlaMHoxSTBHBgNV
BAUTQDdlNGIyNmViZTgwMjY4NjhlNmZjZTJiZmI3Y2Q5NTdkNjYxNDAwNzNkN2Ey
NmI1MDZmYTQ1NTM4MjRlYThjZDMxLTArBgNVBAMTJDk4ZDY3ZGViLWJiNzUtNGU3
Ny1iMWEwLTM2MDE2YjJkNjM1MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAIf4OLlCO5Gz01Wj2rchvhmfbsUFywyMqJ066jV1/kml2TM2REbE/es9huBu
vthnx9lfvUTRBR2h+IW5Qn+jT7OzKdEQ4fH6p0mi7Py+54FzfziEvew7uL+NH9Uk
cVJORPzivbj8qF45ZgxYcagKnYV96IS+K1R8R9fOHFU04tGRkC0fQap7suTOGv2i
u5qZOD/xitc0WbGYr6YnOr6ZxRXvKW8ExJgNpuhjAXmclfV9vp43kwOyA88mNc2B
ojW6vppPKwHRrhb8lWXNj8F4m4dGszz4Vox0MOjIkFR97caOwdZGti25DgFGuJgU
003C4i07wbpzlOrNvehzQFGzzy8CAwEAAaOCAiQwggIgMB0GA1UdDgQWBBTMcRdg
3Xa/bThWekYy4gxHw/8srzAfBgNVHSMEGDAWgBTfdZta89psnfAzsN6ZiXCk55ZV
0DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzMzV2JXdlBh
Ykozd003RGVtWWx3cE9lV1ZkQS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9mZTM3MzdmYi0wOTVkLTQ0NGMtOTJmNC0zZjcyMjFmYjU0NGMv
NzUxZDVhMGEtYzkyNS00Nzg3LWFjOTQtOThjMjM2NzVmMWJhLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZmUzNzM3ZmItMDk1ZC00NDRjLTkyZjQtM2Y3MjIxZmI1
NDRjLzBYRTV0WlZ5dUdlYUFfaDctMXFCcDdhWTRTby5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACABP8f4
QDANBgkqhkiG9w0BAQsFAAOCAQEAGKlUir0/Vls+FYPp/AIDE42pZTcFmekz69ze
7LSvOnwlNx8zkSmFCINHg04P0Nw8WcoBgHezZe9VrRoveW1126ECEKmXLrXdR1bC
a1ir01mEBQFKNHMyFnQfwpH+Zt8LLx96oyWFCCWGmMBI2u0slQOyzoBDUILckskz
nH3xpJ1u7WC/fTzW1+BkjPGa+mzD6Cy7sqYa3OaBJMM4n41ySw2L8hhvXIbzId92
mRPJI/TjNuzs8DzKM9VqPGP3xso3XQCsSuXk4DKzep+0LqcV0FNIzZI07CDH2TXX
xhRRP6kv0LYl2FUly6tKvacZwzSyC5+7Ib40b1SjOP1OIbjpzQ==
-----END CERTIFICATE-----
Generated at Tue Nov 11 13:54:45 2025 by rpki-client