Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/9a1e6435-6342-4b18-94d7-27beb2ce0519.roa
File: 9a1e6435-6342-4b18-94d7-27beb2ce0519.roa (raw, json)
Hash identifier: a81vuPndrrdb1YLKpr2MSEoK/lx6uisF04xaBGGusLw=
Subject key identifier: 14:E3:C9:2A:CD:54:65:9B:91:3C:4A:F1:54:43:90:67:3D:FE:77:5F
Certificate issuer: /CN=df759b5af3da6c9df033b0de998970a4e79655d0
Certificate serial: 1E397A253F5D483084CD37A0FB5B28A107084107
Authority key identifier: DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/9a1e6435-6342-4b18-94d7-27beb2ce0519.roa
Signing time: Fri 07 Nov 2025 20:21:51 +0000
ROA not before: Fri 07 Nov 2025 20:21:51 +0000
ROA not after: Fri 12 Dec 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2001:3fc7:a000::/36 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.mft
rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 12 Nov 2025 09:00:37 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
1e:39:7a:25:3f:5d:48:30:84:cd:37:a0:fb:5b:28:a1:07:08:41:07
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=df759b5af3da6c9df033b0de998970a4e79655d0
Validity
Not Before: Nov 7 20:21:51 2025 GMT
Not After : Dec 12 23:59:59 2025 GMT
Subject: serialNumber=5f0d58d963cbc7e3b33b94799db89243c2a7a4446fa2a08da5766b53154fcce0, CN=98d67deb-bb75-4e77-b1a0-36016b2d6350
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a4:cc:c0:6c:c7:e7:05:ae:c8:53:4a:59:fd:97:
93:6d:a3:c5:71:ef:bc:79:aa:26:80:dc:cf:b3:41:
78:ee:a8:6e:ce:2d:f3:18:27:81:85:fa:a9:b3:c9:
1a:86:b0:bb:ff:28:2b:90:38:73:c1:22:d1:0d:b0:
b2:d8:e1:3c:f6:b0:f4:3b:5d:97:70:86:37:e0:cb:
52:7f:23:98:8f:e1:91:d4:c1:af:be:90:b3:e8:40:
4d:b5:21:76:77:6e:92:69:b2:8f:24:fd:45:09:32:
35:09:6f:8a:e0:c9:38:9d:60:ab:d7:a6:f5:7f:be:
dd:54:19:25:43:77:0b:97:95:d0:5b:dc:a2:5f:88:
51:b1:8f:28:d6:09:1c:11:de:72:fc:97:6b:76:0f:
5a:5d:59:74:24:04:d2:4c:13:6d:15:bd:65:58:41:
a2:5e:ec:54:fb:19:e4:11:8e:17:08:50:e0:85:19:
53:1a:52:38:59:36:13:0a:61:40:ad:37:1e:3e:12:
bd:25:a9:fd:3d:f2:87:6d:0a:ed:85:f1:ff:e3:ae:
1b:1e:07:2a:da:fd:52:72:77:f6:c7:ac:11:eb:b9:
e6:00:05:30:5a:5b:39:51:64:93:84:db:b9:47:09:
a9:d4:93:27:93:e8:3c:af:75:5b:81:38:f5:64:de:
02:ef
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
14:E3:C9:2A:CD:54:65:9B:91:3C:4A:F1:54:43:90:67:3D:FE:77:5F
X509v3 Authority Key Identifier:
keyid:DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/9a1e6435-6342-4b18-94d7-27beb2ce0519.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:3fc7:a000::/36
Signature Algorithm: sha256WithRSAEncryption
2a:db:31:67:4a:0c:4a:2b:cd:9c:bb:03:e9:80:11:d0:bd:04:
13:3f:0a:85:62:17:7b:89:05:2a:b1:64:b3:5b:43:a7:f4:58:
2b:7a:6b:1d:65:68:50:ae:6b:0f:d9:3a:72:46:bc:12:a0:5a:
e3:7e:ef:93:0e:2b:c6:b4:26:c8:2b:02:04:b8:09:27:88:7a:
4e:6e:93:8d:6b:4d:b4:a3:0c:45:ed:36:98:de:4f:86:fb:87:
dd:1a:b9:29:2f:09:ca:22:21:49:21:f7:62:ce:51:29:fb:58:
60:74:1d:19:f1:8d:d4:1e:01:d6:99:b5:c1:92:ed:f8:79:ad:
7e:dc:7e:00:33:56:b3:72:dc:31:62:24:a2:8a:40:58:59:3f:
f8:18:26:e9:ea:2e:d1:7c:4a:33:fb:d5:3a:bc:af:a3:70:62:
14:ee:7f:93:ca:8b:93:8d:10:48:1e:f4:94:9b:bf:fe:53:4c:
9a:08:2e:ee:2a:d0:3a:47:3e:54:0e:8e:4f:5b:f7:da:57:d5:
4d:31:8a:e5:92:a2:86:42:40:db:45:7f:79:0c:4f:54:03:bc:
08:81:95:fc:e1:fc:b3:85:fc:ec:b4:f0:64:26:c7:f5:58:7a:
47:70:8b:93:e2:6a:92:5a:8b:3f:72:9f:53:fe:e8:3e:72:94:
6b:28:3d:fa
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUHjl6JT9dSDCEzTeg+1sooQcIQQcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGY3NTliNWFmM2RhNmM5ZGYwMzNiMGRlOTk4OTcwYTRl
Nzk2NTVkMDAeFw0yNTExMDcyMDIxNTFaFw0yNTEyMTIyMzU5NTlaMHoxSTBHBgNV
BAUTQDVmMGQ1OGQ5NjNjYmM3ZTNiMzNiOTQ3OTlkYjg5MjQzYzJhN2E0NDQ2ZmEy
YTA4ZGE1NzY2YjUzMTU0ZmNjZTAxLTArBgNVBAMTJDk4ZDY3ZGViLWJiNzUtNGU3
Ny1iMWEwLTM2MDE2YjJkNjM1MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKTMwGzH5wWuyFNKWf2Xk22jxXHvvHmqJoDcz7NBeO6obs4t8xgngYX6qbPJ
Goawu/8oK5A4c8Ei0Q2wstjhPPaw9Dtdl3CGN+DLUn8jmI/hkdTBr76Qs+hATbUh
dndukmmyjyT9RQkyNQlviuDJOJ1gq9em9X++3VQZJUN3C5eV0Fvcol+IUbGPKNYJ
HBHecvyXa3YPWl1ZdCQE0kwTbRW9ZVhBol7sVPsZ5BGOFwhQ4IUZUxpSOFk2Ewph
QK03Hj4SvSWp/T3yh20K7YXx/+OuGx4HKtr9UnJ39sesEeu55gAFMFpbOVFkk4Tb
uUcJqdSTJ5PoPK91W4E49WTeAu8CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBQU48kq
zVRlm5E8SvFUQ5BnPf53XzAfBgNVHSMEGDAWgBTfdZta89psnfAzsN6ZiXCk55ZV
0DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzMzV2JXdlBh
Ykozd003RGVtWWx3cE9lV1ZkQS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9mZTM3MzdmYi0wOTVkLTQ0NGMtOTJmNC0zZjcyMjFmYjU0NGMv
OWExZTY0MzUtNjM0Mi00YjE4LTk0ZDctMjdiZWIyY2UwNTE5LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZmUzNzM3ZmItMDk1ZC00NDRjLTkyZjQtM2Y3MjIxZmI1
NDRjLzBYRTV0WlZ5dUdlYUFfaDctMXFCcDdhWTRTby5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGBCABP8eg
MA0GCSqGSIb3DQEBCwUAA4IBAQAq2zFnSgxKK82cuwPpgBHQvQQTPwqFYhd7iQUq
sWSzW0On9FgremsdZWhQrmsP2TpyRrwSoFrjfu+TDivGtCbIKwIEuAkniHpObpON
a020owxF7TaY3k+G+4fdGrkpLwnKIiFJIfdizlEp+1hgdB0Z8Y3UHgHWmbXBku34
ea1+3H4AM1azctwxYiSiikBYWT/4GCbp6i7RfEoz+9U6vK+jcGIU7n+TyouTjRBI
HvSUm7/+U0yaCC7uKtA6Rz5UDo5PW/faV9VNMYrlkqKGQkDbRX95DE9UA7wIgZX8
4fyzhfzstPBkJsf1WHpHcIuT4mqSWos/cp9T/ug+cpRrKD36
-----END CERTIFICATE-----
Generated at Tue Nov 11 13:54:57 2025 by rpki-client