Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/a2cac7c7-df41-4db6-b8bd-1b27d0ffc119.roa
File: a2cac7c7-df41-4db6-b8bd-1b27d0ffc119.roa (raw, json)
Hash identifier: dvXN3WbysQOPR3VadFDdMjVsx7zvegST4gLY//JjgVU=
Subject key identifier: 11:A0:2C:A2:40:B4:BB:C9:1C:0E:EB:ED:5B:94:D1:B0:8F:1F:AB:09
Certificate issuer: /CN=df759b5af3da6c9df033b0de998970a4e79655d0
Certificate serial: 407807ED683236C0FFE7AF32776C9D2924F2A0EC
Authority key identifier: DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/a2cac7c7-df41-4db6-b8bd-1b27d0ffc119.roa
Signing time: Fri 07 Nov 2025 20:21:52 +0000
ROA not before: Fri 07 Nov 2025 20:21:52 +0000
ROA not after: Fri 12 Dec 2025 23:59:59 +0000
asID: 7224
IP address blocks: 2001:3fc7:d000::/36 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.mft
rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 12 Nov 2025 09:00:37 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
40:78:07:ed:68:32:36:c0:ff:e7:af:32:77:6c:9d:29:24:f2:a0:ec
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=df759b5af3da6c9df033b0de998970a4e79655d0
Validity
Not Before: Nov 7 20:21:52 2025 GMT
Not After : Dec 12 23:59:59 2025 GMT
Subject: serialNumber=9c03cd23e3c74ec0c5aa617482e6496b4bbc2dce9d61939d3dad6fc0f5e387e2, CN=98d67deb-bb75-4e77-b1a0-36016b2d6350
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cb:59:a2:95:01:01:75:9c:84:e3:32:ac:68:b3:
24:de:c0:ca:e7:e8:38:13:2e:cd:41:db:e9:19:b4:
47:99:4d:8f:3a:99:0c:ec:82:d4:fb:2d:9f:c4:60:
fa:91:25:e7:d6:45:21:dd:09:8a:0a:07:a0:71:41:
47:f3:d7:84:13:58:cd:1e:44:b9:7d:7a:a4:0a:c4:
89:d2:ea:21:80:c0:a1:25:d5:ea:da:93:d3:7c:34:
e1:77:98:0e:5b:67:a2:ca:f7:18:aa:57:25:38:ac:
d1:7b:f1:e7:91:4f:79:53:42:ab:2e:84:0d:4c:0c:
e1:07:3c:82:a5:38:19:79:1f:08:b6:43:c4:0b:d3:
85:90:b4:d4:91:f2:4d:b9:67:71:b2:42:67:c7:eb:
79:97:1e:ab:63:97:7d:ab:e6:3b:84:a1:10:14:57:
1d:ea:df:ef:ee:2c:2f:7d:35:e9:6c:57:e7:1f:1e:
47:65:92:49:66:83:bf:82:f1:30:2d:91:5d:0f:88:
21:32:00:44:b9:de:e7:6f:ce:c4:31:ef:e7:c4:70:
f9:2c:ec:8e:3c:7c:3c:3e:b1:5e:14:5a:80:5b:11:
52:60:24:cf:ca:4a:88:9c:42:3f:5f:e0:42:2d:4d:
97:67:b8:2e:50:72:a5:92:de:da:ff:3a:f5:ec:33:
10:21
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
11:A0:2C:A2:40:B4:BB:C9:1C:0E:EB:ED:5B:94:D1:B0:8F:1F:AB:09
X509v3 Authority Key Identifier:
keyid:DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/a2cac7c7-df41-4db6-b8bd-1b27d0ffc119.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:3fc7:d000::/36
Signature Algorithm: sha256WithRSAEncryption
01:2a:35:a3:5c:71:e4:1c:9e:0c:5e:9a:00:c7:39:23:a2:a9:
5a:53:58:2e:84:49:fd:45:06:f6:10:0f:c9:05:f9:8a:59:90:
4f:de:71:a8:f2:69:c1:76:3f:7b:bb:b9:73:8a:f3:18:31:be:
18:e4:50:82:bb:11:57:b8:d8:b2:ae:e2:fa:b5:99:9c:37:a8:
3e:08:ef:88:2e:c6:d7:2d:48:2f:42:c3:59:99:91:e7:e5:b9:
77:45:4f:ad:0f:1d:16:5d:88:66:1f:40:62:de:47:c8:e6:0c:
c4:44:db:aa:58:da:71:90:ed:e8:0a:b3:a4:a1:c6:ee:14:e3:
3d:5c:e5:23:58:29:35:7e:ca:3d:d5:ae:97:9c:14:3d:11:5d:
a1:e4:10:74:05:84:50:3c:1e:33:d8:b0:a3:f3:77:f5:00:dc:
bb:03:8d:c9:3f:a6:f9:88:ba:aa:1b:95:a6:01:a6:1a:96:fb:
b1:77:c3:48:18:4f:64:c3:0f:37:03:91:3e:ef:2d:f0:c1:03:
ea:2b:a0:de:5a:02:d8:f7:08:95:0a:71:12:43:52:71:a3:bf:
2b:dd:6a:b1:02:30:8a:61:7d:15:8d:c9:74:51:90:a1:11:93:
ad:99:f7:b0:c1:e0:8a:6b:18:ef:59:2f:bf:10:a2:16:49:8b:
4f:b2:e9:85
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUQHgH7WgyNsD/568yd2ydKSTyoOwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGY3NTliNWFmM2RhNmM5ZGYwMzNiMGRlOTk4OTcwYTRl
Nzk2NTVkMDAeFw0yNTExMDcyMDIxNTJaFw0yNTEyMTIyMzU5NTlaMHoxSTBHBgNV
BAUTQDljMDNjZDIzZTNjNzRlYzBjNWFhNjE3NDgyZTY0OTZiNGJiYzJkY2U5ZDYx
OTM5ZDNkYWQ2ZmMwZjVlMzg3ZTIxLTArBgNVBAMTJDk4ZDY3ZGViLWJiNzUtNGU3
Ny1iMWEwLTM2MDE2YjJkNjM1MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMtZopUBAXWchOMyrGizJN7AyufoOBMuzUHb6Rm0R5lNjzqZDOyC1Pstn8Rg
+pEl59ZFId0JigoHoHFBR/PXhBNYzR5EuX16pArEidLqIYDAoSXV6tqT03w04XeY
Dltnosr3GKpXJTis0Xvx55FPeVNCqy6EDUwM4Qc8gqU4GXkfCLZDxAvThZC01JHy
TblncbJCZ8freZceq2OXfavmO4ShEBRXHerf7+4sL3016WxX5x8eR2WSSWaDv4Lx
MC2RXQ+IITIARLne52/OxDHv58Rw+Szsjjx8PD6xXhRagFsRUmAkz8pKiJxCP1/g
Qi1Nl2e4LlBypZLe2v869ewzECECAwEAAaOCAiMwggIfMB0GA1UdDgQWBBQRoCyi
QLS7yRwO6+1blNGwjx+rCTAfBgNVHSMEGDAWgBTfdZta89psnfAzsN6ZiXCk55ZV
0DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzMzV2JXdlBh
Ykozd003RGVtWWx3cE9lV1ZkQS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9mZTM3MzdmYi0wOTVkLTQ0NGMtOTJmNC0zZjcyMjFmYjU0NGMv
YTJjYWM3YzctZGY0MS00ZGI2LWI4YmQtMWIyN2QwZmZjMTE5LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZmUzNzM3ZmItMDk1ZC00NDRjLTkyZjQtM2Y3MjIxZmI1
NDRjLzBYRTV0WlZ5dUdlYUFfaDctMXFCcDdhWTRTby5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGBCABP8fQ
MA0GCSqGSIb3DQEBCwUAA4IBAQABKjWjXHHkHJ4MXpoAxzkjoqlaU1guhEn9RQb2
EA/JBfmKWZBP3nGo8mnBdj97u7lzivMYMb4Y5FCCuxFXuNiyruL6tZmcN6g+CO+I
LsbXLUgvQsNZmZHn5bl3RU+tDx0WXYhmH0Bi3kfI5gzERNuqWNpxkO3oCrOkocbu
FOM9XOUjWCk1fso91a6XnBQ9EV2h5BB0BYRQPB4z2LCj83f1ANy7A43JP6b5iLqq
G5WmAaYalvuxd8NIGE9kww83A5E+7y3wwQPqK6DeWgLY9wiVCnESQ1Jxo78r3Wqx
AjCKYX0Vjcl0UZChEZOtmfewweCKaxjvWS+/EKIWSYtPsumF
-----END CERTIFICATE-----
Generated at Tue Nov 11 13:55:08 2025 by rpki-client