Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/92b566f4-9c90-4070-b5bd-f89c7da23c8a.roa
File: 92b566f4-9c90-4070-b5bd-f89c7da23c8a.roa (raw, json)
Hash identifier: P4gcllI5YD9RYxZXj/0Zdo9IknPBA873umK4PGglA+Y=
Subject key identifier: 54:D1:DD:6B:FF:8E:C2:30:20:48:8B:BB:26:94:5D:5A:42:F7:12:56
Certificate issuer: /CN=df759b5af3da6c9df033b0de998970a4e79655d0
Certificate serial: 59287B57F42120EB3A742AEF28EF4217891AC2E1
Authority key identifier: DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/92b566f4-9c90-4070-b5bd-f89c7da23c8a.roa
Signing time: Fri 07 Nov 2025 20:21:45 +0000
ROA not before: Fri 07 Nov 2025 20:21:45 +0000
ROA not after: Fri 12 Dec 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2001:3fc3:4000::/36 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.mft
rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 12 Nov 2025 09:00:37 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
59:28:7b:57:f4:21:20:eb:3a:74:2a:ef:28:ef:42:17:89:1a:c2:e1
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=df759b5af3da6c9df033b0de998970a4e79655d0
Validity
Not Before: Nov 7 20:21:45 2025 GMT
Not After : Dec 12 23:59:59 2025 GMT
Subject: serialNumber=0a9db8bb342277ace095c0fe62aeeb825636a776c7ff2cb05d11552c3dc53bdc, CN=98d67deb-bb75-4e77-b1a0-36016b2d6350
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e2:2c:ed:77:9a:60:30:51:69:e6:e8:22:25:46:
0d:39:0c:cb:8a:c9:f3:86:07:8a:d8:93:5f:fe:c9:
80:40:92:8b:67:4c:61:a8:20:7f:35:ce:eb:53:26:
85:8c:ac:1c:0a:ce:7c:08:c3:61:11:0a:ba:9d:f6:
4a:11:b3:c6:37:cc:ec:b7:db:9d:af:aa:b3:49:7d:
c8:34:51:17:90:9f:42:e8:f5:9e:c8:54:27:73:8d:
d7:62:36:d4:54:da:2f:31:6a:f2:e8:70:ad:46:20:
36:7f:a3:4e:36:3b:13:68:f1:36:73:c6:61:86:0d:
61:17:60:22:79:65:b2:ad:47:59:ab:32:14:6c:4e:
f1:f2:36:ad:35:97:cf:3d:f4:bd:89:7a:a0:af:37:
62:50:72:68:d0:36:62:4c:8a:a7:19:5e:f9:fd:e3:
77:e9:b1:3a:54:e0:9c:10:d1:a8:70:c7:53:ad:93:
91:ad:2a:70:e5:35:6f:f2:d6:0f:a9:8f:39:6a:95:
d4:4c:a2:ca:ce:41:2d:5a:a6:68:a7:da:86:56:39:
f9:36:52:58:75:89:0b:01:a8:a7:b9:36:90:5a:a2:
da:8a:29:48:cd:a4:70:af:1c:a4:39:cc:f8:2d:26:
b9:00:dd:27:af:79:df:49:ca:2f:ec:54:74:d0:b3:
b5:ef
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
54:D1:DD:6B:FF:8E:C2:30:20:48:8B:BB:26:94:5D:5A:42:F7:12:56
X509v3 Authority Key Identifier:
keyid:DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/92b566f4-9c90-4070-b5bd-f89c7da23c8a.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:3fc3:4000::/36
Signature Algorithm: sha256WithRSAEncryption
19:0c:43:00:1f:0d:de:3f:0b:c7:a5:3b:d6:1f:fd:51:e9:81:
64:c2:4c:34:c4:12:72:f4:0e:c3:f5:ff:15:65:cc:e2:9c:76:
ff:6e:36:1e:f3:3f:5e:a1:50:d6:2f:00:1c:e1:1b:e6:66:a7:
16:13:c4:8c:0b:c9:eb:36:bc:6a:01:68:7f:53:16:bb:05:c0:
cc:e9:3b:e2:33:a7:2a:70:37:7b:3c:3e:c1:32:04:85:4b:61:
df:9d:a8:d8:b5:b5:70:10:93:20:af:4e:5f:eb:01:04:af:9d:
05:d3:37:d4:b8:72:9c:20:5b:b8:e1:73:65:a2:c4:1f:40:c6:
de:14:b9:20:17:7b:3e:3e:d4:14:63:f8:79:80:54:f9:d3:ef:
f4:f6:e5:1f:b1:a9:ca:b6:b9:41:fd:67:b2:79:a8:26:5e:fb:
00:c0:eb:7b:fd:ed:d7:c2:fd:c4:32:5b:e5:d4:68:9d:1b:e0:
c8:af:38:4f:be:a1:e7:7d:74:08:e4:d3:07:3e:f8:34:f8:e6:
18:86:c4:19:61:ea:1e:c7:23:62:0e:9d:df:0c:57:0b:27:3b:
e4:09:ff:04:ea:b9:39:a5:a7:68:ea:90:7c:59:eb:78:0d:30:
62:0f:a7:e4:81:d0:03:8f:83:a2:ab:5d:61:a0:6e:ae:2b:56:
da:48:21:4a
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUWSh7V/QhIOs6dCrvKO9CF4kawuEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGY3NTliNWFmM2RhNmM5ZGYwMzNiMGRlOTk4OTcwYTRl
Nzk2NTVkMDAeFw0yNTExMDcyMDIxNDVaFw0yNTEyMTIyMzU5NTlaMHoxSTBHBgNV
BAUTQDBhOWRiOGJiMzQyMjc3YWNlMDk1YzBmZTYyYWVlYjgyNTYzNmE3NzZjN2Zm
MmNiMDVkMTE1NTJjM2RjNTNiZGMxLTArBgNVBAMTJDk4ZDY3ZGViLWJiNzUtNGU3
Ny1iMWEwLTM2MDE2YjJkNjM1MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAOIs7XeaYDBRaeboIiVGDTkMy4rJ84YHitiTX/7JgECSi2dMYaggfzXO61Mm
hYysHArOfAjDYREKup32ShGzxjfM7Lfbna+qs0l9yDRRF5CfQuj1nshUJ3ON12I2
1FTaLzFq8uhwrUYgNn+jTjY7E2jxNnPGYYYNYRdgInllsq1HWasyFGxO8fI2rTWX
zz30vYl6oK83YlByaNA2YkyKpxle+f3jd+mxOlTgnBDRqHDHU62Tka0qcOU1b/LW
D6mPOWqV1Eyiys5BLVqmaKfahlY5+TZSWHWJCwGop7k2kFqi2oopSM2kcK8cpDnM
+C0muQDdJ69530nKL+xUdNCzte8CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBRU0d1r
/47CMCBIi7smlF1aQvcSVjAfBgNVHSMEGDAWgBTfdZta89psnfAzsN6ZiXCk55ZV
0DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzMzV2JXdlBh
Ykozd003RGVtWWx3cE9lV1ZkQS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9mZTM3MzdmYi0wOTVkLTQ0NGMtOTJmNC0zZjcyMjFmYjU0NGMv
OTJiNTY2ZjQtOWM5MC00MDcwLWI1YmQtZjg5YzdkYTIzYzhhLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZmUzNzM3ZmItMDk1ZC00NDRjLTkyZjQtM2Y3MjIxZmI1
NDRjLzBYRTV0WlZ5dUdlYUFfaDctMXFCcDdhWTRTby5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGBCABP8NA
MA0GCSqGSIb3DQEBCwUAA4IBAQAZDEMAHw3ePwvHpTvWH/1R6YFkwkw0xBJy9A7D
9f8VZczinHb/bjYe8z9eoVDWLwAc4RvmZqcWE8SMC8nrNrxqAWh/Uxa7BcDM6Tvi
M6cqcDd7PD7BMgSFS2HfnajYtbVwEJMgr05f6wEEr50F0zfUuHKcIFu44XNlosQf
QMbeFLkgF3s+PtQUY/h5gFT50+/09uUfsanKtrlB/WeyeagmXvsAwOt7/e3Xwv3E
Mlvl1GidG+DIrzhPvqHnfXQI5NMHPvg0+OYYhsQZYeoexyNiDp3fDFcLJzvkCf8E
6rk5pado6pB8Wet4DTBiD6fkgdADj4Oiq11hoG6uK1baSCFK
-----END CERTIFICATE-----
Generated at Tue Nov 11 13:55:07 2025 by rpki-client