Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/a217acb6-25db-4f7f-bed2-0251978424c1.roa
File: a217acb6-25db-4f7f-bed2-0251978424c1.roa (raw, json)
Hash identifier: kbYoNI35j75SyGHno9aRQduFQPWqCeEfGEG+PshT5L0=
Subject key identifier: DD:91:F3:3C:40:CC:6A:BD:19:2A:88:7B:F5:CE:56:94:DE:D1:CD:32
Certificate issuer: /CN=df759b5af3da6c9df033b0de998970a4e79655d0
Certificate serial: 54FEF634B0088258CA944C10BE6E5DF69061DAFA
Authority key identifier: DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/a217acb6-25db-4f7f-bed2-0251978424c1.roa
Signing time: Fri 07 Nov 2025 20:23:12 +0000
ROA not before: Fri 07 Nov 2025 20:23:12 +0000
ROA not after: Fri 12 Dec 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2001:3fc0:840::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.mft
rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 12 Nov 2025 09:00:37 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
54:fe:f6:34:b0:08:82:58:ca:94:4c:10:be:6e:5d:f6:90:61:da:fa
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=df759b5af3da6c9df033b0de998970a4e79655d0
Validity
Not Before: Nov 7 20:23:12 2025 GMT
Not After : Dec 12 23:59:59 2025 GMT
Subject: serialNumber=afee7f5f03dfdfe336f5c5d5eab7d2b943e2cd1fb287317be55d664aeafe241c, CN=98d67deb-bb75-4e77-b1a0-36016b2d6350
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b0:df:6c:ab:cf:be:4e:3b:03:34:5b:b9:17:4b:
bf:6f:37:1b:51:f9:a6:25:48:ba:e7:f1:c3:67:d6:
f5:5f:b9:a0:8a:36:f4:a2:d4:90:bf:7a:74:7a:d4:
37:95:4f:8b:13:c3:9e:9e:f8:f5:39:72:85:c3:e4:
8a:bd:60:38:5a:f8:2d:3d:d1:d5:6b:a8:f9:8b:8b:
29:a0:b7:0e:e3:41:17:79:53:2c:8f:e7:4c:d2:0d:
bd:ef:6c:b5:5f:a8:3e:09:d0:7c:99:7c:fb:62:60:
bb:28:a1:e6:37:5e:e0:6f:56:1a:7d:59:89:ff:d6:
5b:43:6c:67:4d:d0:04:64:6b:68:4c:00:92:52:91:
65:2e:b0:87:36:fe:28:55:60:77:35:27:0a:3e:a8:
a9:19:90:f1:f2:bf:06:39:8d:5f:f3:cd:89:ed:b2:
22:ab:20:dc:da:04:66:40:d2:57:25:77:26:aa:f5:
4f:93:9d:1c:b7:8f:bd:a3:c8:62:84:ce:77:91:c4:
7b:16:57:b5:7f:b6:3b:7f:51:1c:f5:5a:a6:e6:35:
b9:e3:21:4a:b1:32:4a:0d:08:bf:7a:5a:f6:22:b0:
aa:68:d1:60:3e:85:15:3f:5f:c8:59:b3:51:19:a9:
4a:d3:ce:b0:37:90:42:d8:e7:e9:88:b7:5b:5c:68:
e8:99
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DD:91:F3:3C:40:CC:6A:BD:19:2A:88:7B:F5:CE:56:94:DE:D1:CD:32
X509v3 Authority Key Identifier:
keyid:DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/a217acb6-25db-4f7f-bed2-0251978424c1.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:3fc0:840::/48
Signature Algorithm: sha256WithRSAEncryption
77:a3:7b:96:86:1f:39:92:ee:15:48:b2:7b:de:bf:95:26:96:
38:b9:24:40:01:71:0f:08:ec:38:c1:66:ed:1c:fe:57:de:6a:
e2:bb:40:66:bd:e9:a7:7e:72:a1:65:36:87:42:ac:bd:51:b6:
fc:ac:8f:59:f1:bc:60:b8:88:cd:d3:f2:3d:63:42:d9:8b:af:
d3:d4:73:05:7c:ed:9b:2b:ee:71:5d:14:16:18:2a:4b:59:ea:
58:b5:95:86:5e:66:44:2e:1d:64:2b:3f:1c:42:11:34:07:5f:
88:ad:00:ed:b8:0e:9f:21:17:5b:f4:65:b2:a8:52:c6:8e:9d:
37:7f:27:f3:5f:c3:99:99:aa:76:6b:20:5e:58:1c:48:ec:9b:
db:e9:df:72:79:6a:60:0c:44:af:2d:6e:dd:59:6f:01:c6:95:
e7:45:fd:b1:76:9b:15:05:34:84:99:cd:8e:bb:6c:48:cd:f6:
62:ec:d7:18:4f:f8:49:b2:de:4d:53:38:58:fa:de:c7:df:8a:
01:a9:12:88:8b:e3:b8:f7:34:fa:82:ec:92:00:cd:97:3e:55:
89:de:19:4c:b1:18:6c:e0:d3:f2:5b:8e:70:a4:1c:67:8b:40:
d1:51:ae:5b:08:8c:ab:ed:05:96:74:4a:1e:4e:96:50:a3:2c:
d4:2f:27:d5
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUVP72NLAIgljKlEwQvm5d9pBh2vowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGY3NTliNWFmM2RhNmM5ZGYwMzNiMGRlOTk4OTcwYTRl
Nzk2NTVkMDAeFw0yNTExMDcyMDIzMTJaFw0yNTEyMTIyMzU5NTlaMHoxSTBHBgNV
BAUTQGFmZWU3ZjVmMDNkZmRmZTMzNmY1YzVkNWVhYjdkMmI5NDNlMmNkMWZiMjg3
MzE3YmU1NWQ2NjRhZWFmZTI0MWMxLTArBgNVBAMTJDk4ZDY3ZGViLWJiNzUtNGU3
Ny1iMWEwLTM2MDE2YjJkNjM1MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALDfbKvPvk47AzRbuRdLv283G1H5piVIuufxw2fW9V+5oIo29KLUkL96dHrU
N5VPixPDnp749TlyhcPkir1gOFr4LT3R1Wuo+YuLKaC3DuNBF3lTLI/nTNINve9s
tV+oPgnQfJl8+2Jguyih5jde4G9WGn1Zif/WW0NsZ03QBGRraEwAklKRZS6whzb+
KFVgdzUnCj6oqRmQ8fK/BjmNX/PNie2yIqsg3NoEZkDSVyV3Jqr1T5OdHLePvaPI
YoTOd5HEexZXtX+2O39RHPVapuY1ueMhSrEySg0Iv3pa9iKwqmjRYD6FFT9fyFmz
URmpStPOsDeQQtjn6Yi3W1xo6JkCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBTdkfM8
QMxqvRkqiHv1zlaU3tHNMjAfBgNVHSMEGDAWgBTfdZta89psnfAzsN6ZiXCk55ZV
0DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzMzV2JXdlBh
Ykozd003RGVtWWx3cE9lV1ZkQS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9mZTM3MzdmYi0wOTVkLTQ0NGMtOTJmNC0zZjcyMjFmYjU0NGMv
YTIxN2FjYjYtMjVkYi00ZjdmLWJlZDItMDI1MTk3ODQyNGMxLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZmUzNzM3ZmItMDk1ZC00NDRjLTkyZjQtM2Y3MjIxZmI1
NDRjLzBYRTV0WlZ5dUdlYUFfaDctMXFCcDdhWTRTby5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACABP8AI
QDANBgkqhkiG9w0BAQsFAAOCAQEAd6N7loYfOZLuFUiye96/lSaWOLkkQAFxDwjs
OMFm7Rz+V95q4rtAZr3pp35yoWU2h0KsvVG2/KyPWfG8YLiIzdPyPWNC2Yuv09Rz
BXztmyvucV0UFhgqS1nqWLWVhl5mRC4dZCs/HEIRNAdfiK0A7bgOnyEXW/RlsqhS
xo6dN38n81/DmZmqdmsgXlgcSOyb2+nfcnlqYAxEry1u3VlvAcaV50X9sXabFQU0
hJnNjrtsSM32YuzXGE/4SbLeTVM4WPrex9+KAakSiIvjuPc0+oLskgDNlz5Vid4Z
TLEYbODT8luOcKQcZ4tA0VGuWwiMq+0FlnRKHk6WUKMs1C8n1Q==
-----END CERTIFICATE-----
Generated at Tue Nov 11 13:55:07 2025 by rpki-client