Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/8141b7c7-3722-47fb-a87c-13473348f317.roa
File: 8141b7c7-3722-47fb-a87c-13473348f317.roa (raw, json)
Hash identifier: aSkEQcLLdU3hbEBjCjg0M5vLAPG0gS0M3PWmTFaK+aQ=
Subject key identifier: 1D:07:2F:D0:1B:51:47:7E:A4:08:B5:68:A1:53:E0:7D:81:21:2F:9F
Certificate issuer: /CN=df759b5af3da6c9df033b0de998970a4e79655d0
Certificate serial: 2BC6F9617112202BD0755C39E5FE664360DD725B
Authority key identifier: DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/8141b7c7-3722-47fb-a87c-13473348f317.roa
Signing time: Fri 07 Nov 2025 20:36:55 +0000
ROA not before: Fri 07 Nov 2025 20:36:55 +0000
ROA not after: Fri 12 Dec 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2001:3fc1:8800::/38 maxlen: 38
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.mft
rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 12 Nov 2025 09:00:37 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
2b:c6:f9:61:71:12:20:2b:d0:75:5c:39:e5:fe:66:43:60:dd:72:5b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=df759b5af3da6c9df033b0de998970a4e79655d0
Validity
Not Before: Nov 7 20:36:55 2025 GMT
Not After : Dec 12 23:59:59 2025 GMT
Subject: serialNumber=7c0b3d934de77baaf66718e3879ab377a67e038e6950d68058b733ef3cbccbcd, CN=98d67deb-bb75-4e77-b1a0-36016b2d6350
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:96:6b:29:81:00:fc:d4:20:b8:e9:4a:1a:08:70:
99:8e:c4:11:7a:9f:ef:5f:fe:78:2e:88:cb:b8:ed:
9a:52:52:32:3b:2d:bb:06:0b:54:08:71:17:17:03:
61:4b:25:19:b5:92:1d:7d:dc:5f:27:52:52:64:66:
b7:ac:e0:9a:09:03:a9:23:66:a2:b0:f9:04:81:a8:
b2:a9:23:ba:3e:f0:78:e5:13:77:e7:e9:f2:cb:7b:
0b:ff:d8:d4:6d:7d:14:12:18:d3:a0:a9:51:38:95:
6a:11:4e:52:1c:7c:d7:20:60:44:a4:ce:e6:5d:21:
98:77:dc:21:19:72:55:6b:a5:2e:3b:e8:bb:32:4d:
23:02:7a:30:1e:12:88:0f:23:21:bb:44:b6:55:bc:
89:73:53:e9:a7:f0:b5:0d:0f:de:af:49:23:87:82:
98:9a:89:61:80:c8:4b:59:18:42:0e:cd:42:dc:f6:
8b:02:31:f1:7b:bc:4e:10:ec:56:9c:8b:69:5d:78:
43:4c:2b:c4:20:ac:7d:41:e4:45:a2:8f:79:50:25:
52:b9:37:14:b4:90:58:9c:14:00:33:f5:ac:a7:77:
08:44:a7:12:9d:e7:33:3c:f6:bd:79:bd:f8:13:60:
88:67:35:eb:25:1f:3a:38:ba:5d:bc:97:72:d0:a2:
26:b1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1D:07:2F:D0:1B:51:47:7E:A4:08:B5:68:A1:53:E0:7D:81:21:2F:9F
X509v3 Authority Key Identifier:
keyid:DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/8141b7c7-3722-47fb-a87c-13473348f317.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:3fc1:8800::/38
Signature Algorithm: sha256WithRSAEncryption
c7:b4:ee:09:e0:93:11:f4:c4:72:26:3f:80:8e:2c:b2:f2:94:
94:52:93:ad:5a:bf:c0:d6:b9:87:e1:8c:7b:1e:07:f6:38:1e:
ca:2b:18:d0:43:c9:1f:46:14:2c:a9:b8:2f:c0:3a:da:33:e0:
3d:33:12:13:1a:23:d4:20:d1:11:e9:7f:8a:58:7d:18:01:2a:
5a:ff:bd:53:43:35:67:d0:1f:e8:fe:06:bf:ab:99:90:d0:0c:
79:8a:64:32:ff:32:3f:1d:41:d2:7a:8c:0c:e4:67:b4:f8:bd:
aa:dc:36:ff:05:59:0b:45:1c:62:b9:f1:d7:dd:1d:33:38:88:
4b:ea:17:e4:16:c3:b2:5b:c9:34:34:f9:5f:b8:28:ab:04:c7:
b4:ce:f0:d7:ca:63:98:51:83:c9:22:1e:e5:1a:31:b9:df:f9:
30:47:14:31:a0:45:2a:08:ed:dc:ae:0a:30:05:be:3a:00:f9:
73:23:e2:bf:e3:f6:20:18:0f:cd:0e:22:5f:92:69:14:14:01:
fe:2e:9f:35:3c:71:7a:af:68:73:2f:b2:ce:60:fc:1e:00:aa:
c5:5e:d2:56:ff:06:81:8f:15:ec:6b:57:e0:a4:f7:f2:f8:56:
e9:5f:13:e2:a9:cd:d5:60:aa:d7:f6:7a:59:b7:af:57:e7:07:
62:d1:54:0e
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUK8b5YXESICvQdVw55f5mQ2DdclswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGY3NTliNWFmM2RhNmM5ZGYwMzNiMGRlOTk4OTcwYTRl
Nzk2NTVkMDAeFw0yNTExMDcyMDM2NTVaFw0yNTEyMTIyMzU5NTlaMHoxSTBHBgNV
BAUTQDdjMGIzZDkzNGRlNzdiYWFmNjY3MThlMzg3OWFiMzc3YTY3ZTAzOGU2OTUw
ZDY4MDU4YjczM2VmM2NiY2NiY2QxLTArBgNVBAMTJDk4ZDY3ZGViLWJiNzUtNGU3
Ny1iMWEwLTM2MDE2YjJkNjM1MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJZrKYEA/NQguOlKGghwmY7EEXqf71/+eC6Iy7jtmlJSMjstuwYLVAhxFxcD
YUslGbWSHX3cXydSUmRmt6zgmgkDqSNmorD5BIGosqkjuj7weOUTd+fp8st7C//Y
1G19FBIY06CpUTiVahFOUhx81yBgRKTO5l0hmHfcIRlyVWulLjvouzJNIwJ6MB4S
iA8jIbtEtlW8iXNT6afwtQ0P3q9JI4eCmJqJYYDIS1kYQg7NQtz2iwIx8Xu8ThDs
VpyLaV14Q0wrxCCsfUHkRaKPeVAlUrk3FLSQWJwUADP1rKd3CESnEp3nMzz2vXm9
+BNgiGc16yUfOji6XbyXctCiJrECAwEAAaOCAiMwggIfMB0GA1UdDgQWBBQdBy/Q
G1FHfqQItWihU+B9gSEvnzAfBgNVHSMEGDAWgBTfdZta89psnfAzsN6ZiXCk55ZV
0DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzMzV2JXdlBh
Ykozd003RGVtWWx3cE9lV1ZkQS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9mZTM3MzdmYi0wOTVkLTQ0NGMtOTJmNC0zZjcyMjFmYjU0NGMv
ODE0MWI3YzctMzcyMi00N2ZiLWE4N2MtMTM0NzMzNDhmMzE3LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZmUzNzM3ZmItMDk1ZC00NDRjLTkyZjQtM2Y3MjIxZmI1
NDRjLzBYRTV0WlZ5dUdlYUFfaDctMXFCcDdhWTRTby5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGAiABP8GI
MA0GCSqGSIb3DQEBCwUAA4IBAQDHtO4J4JMR9MRyJj+Ajiyy8pSUUpOtWr/A1rmH
4Yx7Hgf2OB7KKxjQQ8kfRhQsqbgvwDraM+A9MxITGiPUINER6X+KWH0YASpa/71T
QzVn0B/o/ga/q5mQ0Ax5imQy/zI/HUHSeowM5Ge0+L2q3Db/BVkLRRxiufHX3R0z
OIhL6hfkFsOyW8k0NPlfuCirBMe0zvDXymOYUYPJIh7lGjG53/kwRxQxoEUqCO3c
rgowBb46APlzI+K/4/YgGA/NDiJfkmkUFAH+Lp81PHF6r2hzL7LOYPweAKrFXtJW
/waBjxXsa1fgpPfy+FbpXxPiqc3VYKrX9npZt69X5wdi0VQO
-----END CERTIFICATE-----
Generated at Tue Nov 11 13:55:08 2025 by rpki-client