Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/7ce56587-daa1-4400-bed4-6204cfafd220.roa
File: 7ce56587-daa1-4400-bed4-6204cfafd220.roa (raw, json)
Hash identifier: XoO2PmkwOnGYLog6OdySglNyw/b+KF2CBYoGaa8FJJ8=
Subject key identifier: BD:6E:98:39:11:62:02:60:CC:C2:08:EE:43:74:48:36:AB:A1:19:96
Certificate issuer: /CN=df759b5af3da6c9df033b0de998970a4e79655d0
Certificate serial: 5DEEAB273321C6E3436083A61DF9DD5BEAE941D6
Authority key identifier: DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/7ce56587-daa1-4400-bed4-6204cfafd220.roa
Signing time: Fri 07 Nov 2025 20:36:58 +0000
ROA not before: Fri 07 Nov 2025 20:36:58 +0000
ROA not after: Fri 12 Dec 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2001:3fc3:2000::/36 maxlen: 36
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.mft
rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 12 Nov 2025 09:00:37 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
5d:ee:ab:27:33:21:c6:e3:43:60:83:a6:1d:f9:dd:5b:ea:e9:41:d6
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=df759b5af3da6c9df033b0de998970a4e79655d0
Validity
Not Before: Nov 7 20:36:58 2025 GMT
Not After : Dec 12 23:59:59 2025 GMT
Subject: serialNumber=4c6de21d69562e530f88bd10cf148a0d5b36080f58e1783967c1420ffceab439, CN=98d67deb-bb75-4e77-b1a0-36016b2d6350
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e8:f1:cc:e0:e5:17:a9:02:4b:a2:24:ca:9d:56:
af:ca:38:25:c6:c1:1c:c2:7f:c9:4d:19:25:f0:be:
28:af:b0:d5:c8:9a:65:96:64:4b:11:b8:28:cc:53:
b9:8a:50:d4:75:57:0f:bc:83:cb:ff:79:06:53:f2:
32:30:13:b1:5f:f1:20:fd:2a:1f:21:20:95:3f:24:
a5:a8:b5:07:be:96:01:ef:d9:9c:61:dc:72:c4:ea:
80:52:dc:5f:33:f4:a1:50:8f:fc:65:cb:cd:ac:78:
98:6b:df:95:b1:a8:1c:2a:09:57:c5:f0:8d:38:f4:
2a:a0:c6:60:e9:e0:dd:c2:fd:34:47:28:c2:4e:51:
c1:93:b8:7b:db:a9:01:83:01:37:d3:9c:d3:6e:e7:
7f:66:e1:3d:34:87:85:af:58:46:74:d3:c5:fc:e1:
ed:ee:b3:30:40:aa:0d:19:c8:86:33:46:73:fe:e3:
b5:ba:2e:9e:39:7a:c3:b8:ba:1d:d8:25:c1:88:15:
d8:23:09:2e:9f:a0:44:87:cd:37:ec:50:c9:3b:de:
15:cf:bb:81:f8:5a:df:5d:69:fe:34:b8:43:33:40:
01:53:9d:e0:97:5f:83:ce:8c:14:cd:b9:57:9a:73:
86:4a:01:c1:ed:ef:ea:1e:1f:9a:25:74:cb:06:9f:
5a:47
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BD:6E:98:39:11:62:02:60:CC:C2:08:EE:43:74:48:36:AB:A1:19:96
X509v3 Authority Key Identifier:
keyid:DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/7ce56587-daa1-4400-bed4-6204cfafd220.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:3fc3:2000::/36
Signature Algorithm: sha256WithRSAEncryption
1d:2c:89:a0:b2:a5:3d:2a:8f:d8:70:81:a0:45:22:a9:e0:e6:
3a:b5:45:8f:59:50:4b:ad:7b:31:a2:cb:25:54:82:79:b4:9a:
92:86:d8:af:0b:59:c9:2c:cf:2c:6c:cc:df:98:01:9d:9d:68:
7e:0a:90:a9:12:2e:7e:60:d6:81:ab:72:62:86:70:b0:4a:3b:
1b:eb:cf:17:9a:e8:3c:63:03:db:5e:1d:28:29:0e:0b:66:05:
d1:85:08:62:3f:a5:37:ce:2a:b1:26:06:bb:52:7b:6a:85:4b:
e1:33:f1:a3:32:8e:ca:e1:30:84:9f:45:59:72:3d:c1:9f:28:
50:a0:e8:ba:8a:4c:a1:b0:af:19:12:87:58:b6:da:35:9f:8f:
59:3d:fd:e8:bb:37:82:a9:17:b5:ab:0d:3d:b1:41:b1:00:ac:
11:a0:39:8f:73:2b:53:b4:0d:4f:13:f2:1f:b5:49:b1:83:58:
ba:28:3f:e1:ca:e1:b7:26:b8:eb:16:07:85:b5:25:58:8c:38:
55:4c:a0:ae:8e:2d:a6:b3:3b:44:aa:ec:b3:f2:9d:c6:26:0d:
a8:26:25:c7:a5:90:1c:23:fb:76:4f:95:60:d2:6f:21:c3:45:
19:8e:0e:65:d7:ab:73:d9:32:ae:3c:02:cf:17:a0:6b:ce:6a:
e4:8b:9b:a4
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUXe6rJzMhxuNDYIOmHfndW+rpQdYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGY3NTliNWFmM2RhNmM5ZGYwMzNiMGRlOTk4OTcwYTRl
Nzk2NTVkMDAeFw0yNTExMDcyMDM2NThaFw0yNTEyMTIyMzU5NTlaMHoxSTBHBgNV
BAUTQDRjNmRlMjFkNjk1NjJlNTMwZjg4YmQxMGNmMTQ4YTBkNWIzNjA4MGY1OGUx
NzgzOTY3YzE0MjBmZmNlYWI0MzkxLTArBgNVBAMTJDk4ZDY3ZGViLWJiNzUtNGU3
Ny1iMWEwLTM2MDE2YjJkNjM1MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAOjxzODlF6kCS6Ikyp1Wr8o4JcbBHMJ/yU0ZJfC+KK+w1ciaZZZkSxG4KMxT
uYpQ1HVXD7yDy/95BlPyMjATsV/xIP0qHyEglT8kpai1B76WAe/ZnGHccsTqgFLc
XzP0oVCP/GXLzax4mGvflbGoHCoJV8XwjTj0KqDGYOng3cL9NEcowk5RwZO4e9up
AYMBN9Oc027nf2bhPTSHha9YRnTTxfzh7e6zMECqDRnIhjNGc/7jtbounjl6w7i6
HdglwYgV2CMJLp+gRIfNN+xQyTveFc+7gfha311p/jS4QzNAAVOd4Jdfg86MFM25
V5pzhkoBwe3v6h4fmiV0ywafWkcCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBS9bpg5
EWICYMzCCO5DdEg2q6EZljAfBgNVHSMEGDAWgBTfdZta89psnfAzsN6ZiXCk55ZV
0DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzMzV2JXdlBh
Ykozd003RGVtWWx3cE9lV1ZkQS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9mZTM3MzdmYi0wOTVkLTQ0NGMtOTJmNC0zZjcyMjFmYjU0NGMv
N2NlNTY1ODctZGFhMS00NDAwLWJlZDQtNjIwNGNmYWZkMjIwLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZmUzNzM3ZmItMDk1ZC00NDRjLTkyZjQtM2Y3MjIxZmI1
NDRjLzBYRTV0WlZ5dUdlYUFfaDctMXFCcDdhWTRTby5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGBCABP8Mg
MA0GCSqGSIb3DQEBCwUAA4IBAQAdLImgsqU9Ko/YcIGgRSKp4OY6tUWPWVBLrXsx
osslVIJ5tJqShtivC1nJLM8sbMzfmAGdnWh+CpCpEi5+YNaBq3JihnCwSjsb688X
mug8YwPbXh0oKQ4LZgXRhQhiP6U3ziqxJga7UntqhUvhM/GjMo7K4TCEn0VZcj3B
nyhQoOi6ikyhsK8ZEodYtto1n49ZPf3ouzeCqRe1qw09sUGxAKwRoDmPcytTtA1P
E/IftUmxg1i6KD/hyuG3JrjrFgeFtSVYjDhVTKCuji2msztEquyz8p3GJg2oJiXH
pZAcI/t2T5Vg0m8hw0UZjg5l16tz2TKuPALPF6Brzmrki5uk
-----END CERTIFICATE-----
Generated at Tue Nov 11 15:16:01 2025 by rpki-client