Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/7cf0ad47-8bb3-480b-be13-5f3302af8307.roa
File: 7cf0ad47-8bb3-480b-be13-5f3302af8307.roa (raw, json)
Hash identifier: YUTWwZRkpIbxW5kwOYMa9Kk9JWSDqNPvhJNmW0JL3Cc=
Subject key identifier: 1B:EF:06:C2:AC:BD:9A:67:6A:10:B0:59:19:63:9F:76:CE:8B:BC:C0
Certificate issuer: /CN=df759b5af3da6c9df033b0de998970a4e79655d0
Certificate serial: 6666F4EC08FF4561125798491139CF5A6401F3EA
Authority key identifier: DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/7cf0ad47-8bb3-480b-be13-5f3302af8307.roa
Signing time: Fri 07 Nov 2025 20:21:53 +0000
ROA not before: Fri 07 Nov 2025 20:21:53 +0000
ROA not after: Fri 12 Dec 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2001:3fc7:e000::/36 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.mft
rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 12 Nov 2025 09:00:37 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
66:66:f4:ec:08:ff:45:61:12:57:98:49:11:39:cf:5a:64:01:f3:ea
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=df759b5af3da6c9df033b0de998970a4e79655d0
Validity
Not Before: Nov 7 20:21:53 2025 GMT
Not After : Dec 12 23:59:59 2025 GMT
Subject: serialNumber=a17ca9d7cb6b5e3226199e48c10e419712edf59b87a8410087d4249b8bb305d9, CN=98d67deb-bb75-4e77-b1a0-36016b2d6350
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bf:49:cb:fe:be:f9:7d:44:68:86:a8:ed:b3:53:
59:94:af:49:0a:fe:58:31:d9:4d:c6:e4:cd:04:b5:
22:5b:ea:d5:76:89:e1:7a:8f:41:dc:b0:bd:e9:98:
fe:d8:ae:3b:76:ba:6e:e7:7c:fa:78:ad:19:9f:f2:
a9:07:68:26:a8:6c:d9:e1:ac:35:1a:ee:da:4f:af:
52:b3:26:cf:00:81:5f:19:1f:a2:b1:fc:b8:b0:d7:
b8:0e:ca:bf:21:32:f7:ac:fe:8a:35:64:45:aa:70:
cf:69:70:79:5d:a8:dd:73:86:0c:12:1b:cf:b0:0c:
43:dc:b3:63:53:54:a4:63:96:7b:0b:c0:98:c8:91:
3e:09:ae:94:f6:4a:cb:0e:85:c9:23:bc:3a:f8:f6:
8f:6e:90:38:90:73:ad:66:af:d3:62:8b:ef:8a:29:
11:a2:ce:2e:e5:ea:69:2c:d4:18:9f:31:e0:22:68:
e4:7f:af:84:c5:59:51:d9:db:ac:65:00:a2:aa:83:
a7:0e:c9:76:65:0d:d7:d4:01:2a:85:3a:4c:85:3c:
73:d0:92:27:93:20:3c:c0:db:6e:43:5c:fe:32:22:
97:91:e3:b2:d9:4d:4d:d6:5b:52:32:7d:80:73:3d:
7e:c7:97:3c:3c:5f:37:54:04:b9:8e:15:83:6b:3b:
e3:4b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1B:EF:06:C2:AC:BD:9A:67:6A:10:B0:59:19:63:9F:76:CE:8B:BC:C0
X509v3 Authority Key Identifier:
keyid:DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/7cf0ad47-8bb3-480b-be13-5f3302af8307.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:3fc7:e000::/36
Signature Algorithm: sha256WithRSAEncryption
0c:b6:1b:35:dc:f0:a2:c1:9c:0d:d3:9b:63:e4:01:95:5c:03:
1c:02:99:33:f4:34:f0:24:cf:c9:50:f2:4a:a4:82:18:fb:b0:
7d:a6:0c:0a:33:17:2a:9e:b8:a6:87:ff:59:fa:89:47:f8:b6:
16:69:d1:1d:16:cd:42:b2:23:14:99:8b:40:4b:dc:55:3b:53:
5a:9e:d6:ff:44:40:57:fb:d6:7c:7e:d2:a4:57:28:c0:2c:3e:
f7:08:63:ea:5a:ee:ae:4b:54:e1:12:a4:80:ea:fc:25:e3:67:
6b:32:3b:ba:ce:d0:8a:16:e4:4c:e9:c8:71:e7:71:86:e5:da:
b7:d8:93:b2:43:ee:36:dc:47:bb:b2:6a:13:96:32:98:a9:99:
a0:cc:81:91:ed:66:cf:0f:77:24:a9:02:4f:61:61:4e:f3:bb:
29:5b:90:79:39:1b:c1:1c:f1:c3:ac:77:c8:57:2b:63:af:82:
a8:37:20:af:5c:ec:d1:82:9a:3b:29:23:a3:91:ed:ed:b9:50:
04:7b:89:f3:cc:0c:9b:3e:41:ff:90:d6:f4:8b:bb:80:9f:36:
3b:78:dc:27:63:78:f1:93:41:2e:62:7e:75:95:96:4c:d3:44:
0d:9d:5b:8a:a4:20:b2:f0:a4:40:30:4f:1d:a0:b5:71:28:6f:
1e:b7:42:53
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUZmb07Aj/RWESV5hJETnPWmQB8+owDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGY3NTliNWFmM2RhNmM5ZGYwMzNiMGRlOTk4OTcwYTRl
Nzk2NTVkMDAeFw0yNTExMDcyMDIxNTNaFw0yNTEyMTIyMzU5NTlaMHoxSTBHBgNV
BAUTQGExN2NhOWQ3Y2I2YjVlMzIyNjE5OWU0OGMxMGU0MTk3MTJlZGY1OWI4N2E4
NDEwMDg3ZDQyNDliOGJiMzA1ZDkxLTArBgNVBAMTJDk4ZDY3ZGViLWJiNzUtNGU3
Ny1iMWEwLTM2MDE2YjJkNjM1MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAL9Jy/6++X1EaIao7bNTWZSvSQr+WDHZTcbkzQS1Ilvq1XaJ4XqPQdywvemY
/tiuO3a6bud8+nitGZ/yqQdoJqhs2eGsNRru2k+vUrMmzwCBXxkforH8uLDXuA7K
vyEy96z+ijVkRapwz2lweV2o3XOGDBIbz7AMQ9yzY1NUpGOWewvAmMiRPgmulPZK
yw6FySO8Ovj2j26QOJBzrWav02KL74opEaLOLuXqaSzUGJ8x4CJo5H+vhMVZUdnb
rGUAoqqDpw7JdmUN19QBKoU6TIU8c9CSJ5MgPMDbbkNc/jIil5HjstlNTdZbUjJ9
gHM9fseXPDxfN1QEuY4Vg2s740sCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBQb7wbC
rL2aZ2oQsFkZY592zou8wDAfBgNVHSMEGDAWgBTfdZta89psnfAzsN6ZiXCk55ZV
0DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzMzV2JXdlBh
Ykozd003RGVtWWx3cE9lV1ZkQS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9mZTM3MzdmYi0wOTVkLTQ0NGMtOTJmNC0zZjcyMjFmYjU0NGMv
N2NmMGFkNDctOGJiMy00ODBiLWJlMTMtNWYzMzAyYWY4MzA3LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZmUzNzM3ZmItMDk1ZC00NDRjLTkyZjQtM2Y3MjIxZmI1
NDRjLzBYRTV0WlZ5dUdlYUFfaDctMXFCcDdhWTRTby5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGBCABP8fg
MA0GCSqGSIb3DQEBCwUAA4IBAQAMths13PCiwZwN05tj5AGVXAMcApkz9DTwJM/J
UPJKpIIY+7B9pgwKMxcqnrimh/9Z+olH+LYWadEdFs1CsiMUmYtAS9xVO1Nantb/
REBX+9Z8ftKkVyjALD73CGPqWu6uS1ThEqSA6vwl42drMju6ztCKFuRM6chx53GG
5dq32JOyQ+423Ee7smoTljKYqZmgzIGR7WbPD3ckqQJPYWFO87spW5B5ORvBHPHD
rHfIVytjr4KoNyCvXOzRgpo7KSOjke3tuVAEe4nzzAybPkH/kNb0i7uAnzY7eNwn
Y3jxk0EuYn51lZZM00QNnVuKpCCy8KRAME8doLVxKG8et0JT
-----END CERTIFICATE-----
Generated at Tue Nov 11 15:16:13 2025 by rpki-client