Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/76596d4d-5093-4468-a590-5fe51a279b6f.roa
File: 76596d4d-5093-4468-a590-5fe51a279b6f.roa (raw, json)
Hash identifier: t/YXBiNyM/6hC/p/EXu7rEDdbA9cI8mdtN/Y1bny00Y=
Subject key identifier: E7:DC:19:96:45:A4:81:4F:0C:77:7C:7C:C0:25:FB:10:80:B4:64:08
Certificate issuer: /CN=df759b5af3da6c9df033b0de998970a4e79655d0
Certificate serial: 36D74F8412FB0239D9ACD463D0BAE04E42A19EED
Authority key identifier: DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/76596d4d-5093-4468-a590-5fe51a279b6f.roa
Signing time: Fri 07 Nov 2025 20:23:20 +0000
ROA not before: Fri 07 Nov 2025 20:23:20 +0000
ROA not after: Fri 12 Dec 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2001:3fc3:8800::/40 maxlen: 40
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.mft
rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 12 Nov 2025 09:00:37 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
36:d7:4f:84:12:fb:02:39:d9:ac:d4:63:d0:ba:e0:4e:42:a1:9e:ed
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=df759b5af3da6c9df033b0de998970a4e79655d0
Validity
Not Before: Nov 7 20:23:20 2025 GMT
Not After : Dec 12 23:59:59 2025 GMT
Subject: serialNumber=62bd81b6e0e449102c7bedfd67107a50233f08d68a80192a5a031b72cc8a0012, CN=98d67deb-bb75-4e77-b1a0-36016b2d6350
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d3:5e:3a:d9:02:8f:b6:01:de:99:66:24:41:1d:
90:f0:34:b6:a6:f7:2d:3c:7a:1a:de:b1:d1:ef:25:
29:92:da:6f:51:4d:ca:b7:2b:f7:96:69:bb:18:57:
6f:f5:5f:3d:c1:89:c7:61:90:19:97:f0:1a:9c:9e:
d2:aa:71:09:3e:0a:9d:0c:13:a2:f9:dd:dd:7f:fa:
bd:1a:17:14:b4:c7:d1:c7:29:23:02:fb:f0:86:70:
50:e3:eb:d2:c2:39:f9:1b:45:fe:70:13:93:ac:05:
ff:73:16:a1:65:3a:c0:19:c9:98:72:15:f3:ff:d1:
4b:3a:c8:1e:db:eb:b0:a0:03:f0:77:31:9b:a3:a3:
eb:47:2c:e0:a9:47:e3:05:e0:d5:4d:d7:e1:81:d4:
14:7b:8b:e4:fe:0c:9d:72:60:d1:af:e6:d2:47:61:
70:bf:87:fb:ee:a6:f4:16:07:c2:33:3b:0b:fe:33:
7e:b1:b2:01:7e:8a:ef:28:94:66:05:c9:5c:13:8f:
0d:f0:e8:22:b3:85:03:48:34:c0:02:2c:8b:22:38:
eb:e7:84:4a:46:9f:18:e8:17:2e:cc:fa:25:2d:97:
3a:bd:f4:ed:4f:9c:24:10:d5:55:a1:f4:11:4c:df:
e6:91:33:46:c0:3a:39:e9:46:81:6d:51:05:70:d4:
5d:9d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E7:DC:19:96:45:A4:81:4F:0C:77:7C:7C:C0:25:FB:10:80:B4:64:08
X509v3 Authority Key Identifier:
keyid:DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/76596d4d-5093-4468-a590-5fe51a279b6f.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:3fc3:8800::/40
Signature Algorithm: sha256WithRSAEncryption
2f:bc:9d:f9:8c:67:41:9a:10:97:2f:1c:5e:97:5a:7e:50:eb:
88:64:d2:d8:94:ae:ab:a1:41:2f:dd:8a:6c:81:01:4f:a2:d4:
ec:42:16:e0:1d:7c:9e:47:4e:0a:b7:c7:d8:12:9b:32:62:15:
fb:56:af:31:7f:d7:95:be:02:e5:d0:d0:22:30:5b:bd:40:43:
73:c3:b6:11:56:c7:83:01:48:81:7a:99:e0:9e:64:a7:2c:f5:
58:b6:3d:75:57:89:fc:cd:1f:52:7b:76:59:cf:61:a4:86:eb:
1d:82:71:f6:24:99:81:53:de:73:66:f7:37:b6:30:58:02:02:
f6:da:e3:99:b4:63:d3:2f:bd:4c:ab:de:c9:3c:ef:0d:85:11:
59:11:7f:f7:da:26:a1:b8:19:07:6b:33:17:e1:7b:73:e0:84:
72:73:42:c1:db:b1:e2:1e:0b:dc:5a:5f:85:0e:1d:72:88:ba:
96:e2:54:81:5c:69:95:9a:34:ba:eb:8c:01:24:9e:0d:f7:63:
32:35:4b:be:9e:45:ab:1b:c9:ad:c0:b4:0a:f8:ef:da:e3:1b:
08:cb:b5:ca:6d:ab:a9:f4:a0:48:14:cb:75:3b:2e:a8:5c:98:
d4:04:fc:3a:f1:36:d2:30:57:ef:c3:cf:5f:7a:3b:42:3a:53:
58:33:b1:f0
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUNtdPhBL7AjnZrNRj0LrgTkKhnu0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGY3NTliNWFmM2RhNmM5ZGYwMzNiMGRlOTk4OTcwYTRl
Nzk2NTVkMDAeFw0yNTExMDcyMDIzMjBaFw0yNTEyMTIyMzU5NTlaMHoxSTBHBgNV
BAUTQDYyYmQ4MWI2ZTBlNDQ5MTAyYzdiZWRmZDY3MTA3YTUwMjMzZjA4ZDY4YTgw
MTkyYTVhMDMxYjcyY2M4YTAwMTIxLTArBgNVBAMTJDk4ZDY3ZGViLWJiNzUtNGU3
Ny1iMWEwLTM2MDE2YjJkNjM1MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANNeOtkCj7YB3plmJEEdkPA0tqb3LTx6Gt6x0e8lKZLab1FNyrcr95ZpuxhX
b/VfPcGJx2GQGZfwGpye0qpxCT4KnQwTovnd3X/6vRoXFLTH0ccpIwL78IZwUOPr
0sI5+RtF/nATk6wF/3MWoWU6wBnJmHIV8//RSzrIHtvrsKAD8Hcxm6Oj60cs4KlH
4wXg1U3X4YHUFHuL5P4MnXJg0a/m0kdhcL+H++6m9BYHwjM7C/4zfrGyAX6K7yiU
ZgXJXBOPDfDoIrOFA0g0wAIsiyI46+eESkafGOgXLsz6JS2XOr307U+cJBDVVaH0
EUzf5pEzRsA6OelGgW1RBXDUXZ0CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBTn3BmW
RaSBTwx3fHzAJfsQgLRkCDAfBgNVHSMEGDAWgBTfdZta89psnfAzsN6ZiXCk55ZV
0DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzMzV2JXdlBh
Ykozd003RGVtWWx3cE9lV1ZkQS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9mZTM3MzdmYi0wOTVkLTQ0NGMtOTJmNC0zZjcyMjFmYjU0NGMv
NzY1OTZkNGQtNTA5My00NDY4LWE1OTAtNWZlNTFhMjc5YjZmLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZmUzNzM3ZmItMDk1ZC00NDRjLTkyZjQtM2Y3MjIxZmI1
NDRjLzBYRTV0WlZ5dUdlYUFfaDctMXFCcDdhWTRTby5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACABP8OI
MA0GCSqGSIb3DQEBCwUAA4IBAQAvvJ35jGdBmhCXLxxel1p+UOuIZNLYlK6roUEv
3YpsgQFPotTsQhbgHXyeR04Kt8fYEpsyYhX7Vq8xf9eVvgLl0NAiMFu9QENzw7YR
VseDAUiBepngnmSnLPVYtj11V4n8zR9Se3ZZz2GkhusdgnH2JJmBU95zZvc3tjBY
AgL22uOZtGPTL71Mq97JPO8NhRFZEX/32iahuBkHazMX4Xtz4IRyc0LB27HiHgvc
Wl+FDh1yiLqW4lSBXGmVmjS664wBJJ4N92MyNUu+nkWrG8mtwLQK+O/a4xsIy7XK
baup9KBIFMt1Oy6oXJjUBPw68TbSMFfvw89fejtCOlNYM7Hw
-----END CERTIFICATE-----
Generated at Tue Nov 11 13:54:56 2025 by rpki-client