Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/a0285121-a068-4bba-9eaa-0bf4b963158a.roa
File: a0285121-a068-4bba-9eaa-0bf4b963158a.roa (raw, json)
Hash identifier: /HdzunhwPJnJw5nk0jyB+78b8zTxXxPnoD4FJEh2a9Y=
Subject key identifier: FD:2F:40:00:03:E9:95:25:5A:31:22:23:F0:56:DF:7D:B9:B6:4F:8C
Certificate issuer: /CN=df759b5af3da6c9df033b0de998970a4e79655d0
Certificate serial: 426DD3082D574BC90D67044FBCEDDADA461F9BC2
Authority key identifier: DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/a0285121-a068-4bba-9eaa-0bf4b963158a.roa
Signing time: Fri 07 Nov 2025 20:23:18 +0000
ROA not before: Fri 07 Nov 2025 20:23:18 +0000
ROA not after: Fri 12 Dec 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2001:3fc6:100::/44 maxlen: 44
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.mft
rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 12 Nov 2025 09:00:37 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
42:6d:d3:08:2d:57:4b:c9:0d:67:04:4f:bc:ed:da:da:46:1f:9b:c2
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=df759b5af3da6c9df033b0de998970a4e79655d0
Validity
Not Before: Nov 7 20:23:18 2025 GMT
Not After : Dec 12 23:59:59 2025 GMT
Subject: serialNumber=f7256d58583a64cd2880f6bfdcc3f148bbf761e2e020970174100b2f27697c7c, CN=98d67deb-bb75-4e77-b1a0-36016b2d6350
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e0:dc:15:0d:3a:0a:c7:68:86:9d:21:3e:66:9b:
37:8e:43:d9:9c:e0:50:4b:16:55:7f:c8:d7:05:ad:
f3:00:66:6f:37:e9:f7:43:30:d6:e0:30:6a:bc:39:
ee:ea:73:14:da:3e:f6:cb:a6:34:5f:36:8c:87:01:
27:48:36:f5:5a:06:b9:08:90:c9:a9:12:0c:4d:ed:
41:5e:b9:7a:75:cd:d8:2d:e2:55:11:32:fe:26:61:
c4:95:c6:69:32:0f:62:3d:67:a7:99:d3:0c:21:94:
c0:b5:8e:48:d2:47:0a:ae:f9:f4:ad:08:7d:59:29:
b9:14:6b:b9:ca:06:93:36:06:ad:7a:20:97:ea:a4:
4d:3a:71:1c:4e:a8:a9:cc:fe:60:d7:f2:79:84:31:
4c:20:74:53:11:4c:ab:88:6a:66:15:1a:36:11:9a:
ee:cb:06:c5:21:d8:11:28:6b:35:e8:9c:ab:8a:35:
99:ce:90:dd:19:16:c7:dd:28:2f:60:25:44:6f:d2:
69:e5:44:7b:7d:49:18:bb:b1:d1:df:17:52:a1:40:
64:34:dd:fa:86:7e:f4:d8:52:00:32:9d:e5:65:85:
ce:0d:a7:eb:57:2c:c9:4f:d1:30:01:2e:2a:9b:7f:
a8:40:de:c5:1c:7d:ac:47:e9:95:4b:b4:93:e1:b7:
f5:87
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FD:2F:40:00:03:E9:95:25:5A:31:22:23:F0:56:DF:7D:B9:B6:4F:8C
X509v3 Authority Key Identifier:
keyid:DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/a0285121-a068-4bba-9eaa-0bf4b963158a.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:3fc6:100::/44
Signature Algorithm: sha256WithRSAEncryption
27:cb:94:70:5d:c5:18:c1:b0:e6:52:92:24:bb:fd:98:6b:31:
98:8a:69:22:11:de:49:73:ec:41:47:f4:e0:d3:99:46:7a:bc:
f4:32:16:ff:10:e3:18:7a:9e:db:d4:76:68:54:09:81:33:07:
c8:c4:9c:23:df:a9:a1:bc:cb:34:70:7f:06:78:4c:39:bb:15:
5c:ff:3f:e8:9e:cf:0e:02:11:19:06:a1:2a:85:7b:fa:bf:f9:
57:5c:b0:34:20:30:2f:fa:e3:d6:74:5c:ac:d0:ed:72:fd:82:
04:19:49:93:a9:68:14:39:95:94:6e:53:7a:bc:5d:7c:27:5a:
a8:81:57:c0:71:3a:fa:d1:b3:55:a8:82:86:a1:c3:02:8c:4e:
4a:16:67:66:ef:47:45:49:5e:58:63:43:3e:08:23:d0:87:ab:
20:9a:b3:1d:04:0e:cf:7a:a8:e0:0a:d4:5c:47:76:4e:db:a4:
87:7d:9c:a8:47:6b:5f:26:fb:a7:42:ab:c6:40:ef:7f:73:66:
0d:6c:81:03:c2:7b:ae:46:a7:73:87:dd:1a:c4:b8:b0:85:75:
26:a8:91:ab:2e:68:d1:d4:7e:1e:dc:31:ea:fd:32:dd:c0:e0:
35:af:a4:3b:d0:23:7c:36:1b:91:e1:ef:5e:8f:b3:eb:e3:ae:
1d:f6:b8:68
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUQm3TCC1XS8kNZwRPvO3a2kYfm8IwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGY3NTliNWFmM2RhNmM5ZGYwMzNiMGRlOTk4OTcwYTRl
Nzk2NTVkMDAeFw0yNTExMDcyMDIzMThaFw0yNTEyMTIyMzU5NTlaMHoxSTBHBgNV
BAUTQGY3MjU2ZDU4NTgzYTY0Y2QyODgwZjZiZmRjYzNmMTQ4YmJmNzYxZTJlMDIw
OTcwMTc0MTAwYjJmMjc2OTdjN2MxLTArBgNVBAMTJDk4ZDY3ZGViLWJiNzUtNGU3
Ny1iMWEwLTM2MDE2YjJkNjM1MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAODcFQ06Csdohp0hPmabN45D2ZzgUEsWVX/I1wWt8wBmbzfp90Mw1uAwarw5
7upzFNo+9sumNF82jIcBJ0g29VoGuQiQyakSDE3tQV65enXN2C3iVREy/iZhxJXG
aTIPYj1np5nTDCGUwLWOSNJHCq759K0IfVkpuRRrucoGkzYGrXogl+qkTTpxHE6o
qcz+YNfyeYQxTCB0UxFMq4hqZhUaNhGa7ssGxSHYEShrNeicq4o1mc6Q3RkWx90o
L2AlRG/SaeVEe31JGLux0d8XUqFAZDTd+oZ+9NhSADKd5WWFzg2n61csyU/RMAEu
Kpt/qEDexRx9rEfplUu0k+G39YcCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBT9L0AA
A+mVJVoxIiPwVt99ubZPjDAfBgNVHSMEGDAWgBTfdZta89psnfAzsN6ZiXCk55ZV
0DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzMzV2JXdlBh
Ykozd003RGVtWWx3cE9lV1ZkQS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9mZTM3MzdmYi0wOTVkLTQ0NGMtOTJmNC0zZjcyMjFmYjU0NGMv
YTAyODUxMjEtYTA2OC00YmJhLTllYWEtMGJmNGI5NjMxNThhLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZmUzNzM3ZmItMDk1ZC00NDRjLTkyZjQtM2Y3MjIxZmI1
NDRjLzBYRTV0WlZ5dUdlYUFfaDctMXFCcDdhWTRTby5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHBCABP8YB
ADANBgkqhkiG9w0BAQsFAAOCAQEAJ8uUcF3FGMGw5lKSJLv9mGsxmIppIhHeSXPs
QUf04NOZRnq89DIW/xDjGHqe29R2aFQJgTMHyMScI9+pobzLNHB/BnhMObsVXP8/
6J7PDgIRGQahKoV7+r/5V1ywNCAwL/rj1nRcrNDtcv2CBBlJk6loFDmVlG5Terxd
fCdaqIFXwHE6+tGzVaiChqHDAoxOShZnZu9HRUleWGNDPggj0IerIJqzHQQOz3qo
4ArUXEd2Ttukh32cqEdrXyb7p0KrxkDvf3NmDWyBA8J7rkanc4fdGsS4sIV1JqiR
qy5o0dR+Htwx6v0y3cDgNa+kO9AjfDYbkeHvXo+z6+OuHfa4aA==
-----END CERTIFICATE-----
Generated at Tue Nov 11 13:54:56 2025 by rpki-client