Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/a58b6238-ef14-49df-aad0-16d332405e96.roa
File: a58b6238-ef14-49df-aad0-16d332405e96.roa (raw, json)
Hash identifier: +PXF7WHY1CRxb6vL2KyuWDn8IAtnj2a1da/SozMRejw=
Subject key identifier: 83:BF:69:09:3E:66:A4:ED:48:15:39:12:BC:E1:8A:4C:0B:D6:17:A9
Certificate issuer: /CN=df759b5af3da6c9df033b0de998970a4e79655d0
Certificate serial: 6C1FDC3A28013BE910B11D5023F1524174BEE9BC
Authority key identifier: DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/a58b6238-ef14-49df-aad0-16d332405e96.roa
Signing time: Fri 07 Nov 2025 20:38:16 +0000
ROA not before: Fri 07 Nov 2025 20:38:16 +0000
ROA not after: Fri 12 Dec 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2001:3fc7:1000::/36 maxlen: 36
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.mft
rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 12 Nov 2025 09:00:37 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
6c:1f:dc:3a:28:01:3b:e9:10:b1:1d:50:23:f1:52:41:74:be:e9:bc
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=df759b5af3da6c9df033b0de998970a4e79655d0
Validity
Not Before: Nov 7 20:38:16 2025 GMT
Not After : Dec 12 23:59:59 2025 GMT
Subject: serialNumber=d7684b7732bb7670e3103f0c94dcddf62ec54ba623410c5ea611ef9baeeff249, CN=98d67deb-bb75-4e77-b1a0-36016b2d6350
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ac:1e:e0:5f:38:cb:0d:43:58:19:9e:d0:2c:b9:
9f:87:c6:d5:94:4d:8e:79:93:f6:9b:05:9c:22:2c:
7e:2f:77:f2:1d:39:64:8a:d8:d4:47:93:35:1e:12:
c2:55:c1:9f:f3:0d:fa:34:a2:95:53:0a:76:17:1b:
31:13:42:c3:3b:e5:21:63:02:c5:ad:1b:c7:31:52:
a0:15:f0:ce:ce:3e:af:1f:b1:c0:6a:55:a5:41:b6:
d1:83:d7:a8:29:ee:07:89:5d:e7:80:bb:95:6f:ee:
26:75:96:8a:3f:62:a1:7e:eb:2d:94:3c:64:a5:7f:
79:bd:07:9f:b8:89:85:d0:57:2b:c0:6d:18:eb:22:
75:94:08:8d:8c:b6:63:ef:31:cf:49:d4:57:e0:59:
4e:99:36:83:3c:e1:e8:a9:ea:91:28:db:db:c5:93:
27:9f:ba:f3:93:39:fb:f3:5b:6c:a8:e6:0c:80:79:
bb:e1:17:68:31:1b:e9:82:8d:53:14:b5:40:d9:f9:
47:04:4a:be:37:80:bf:eb:a9:71:a8:8f:60:3f:4b:
9a:9f:3c:1b:27:c3:70:e9:5a:de:2a:b4:d1:2b:04:
40:d7:ea:c7:ab:3a:9b:1c:43:45:ac:1e:9d:6a:f4:
90:1f:c7:4b:5c:b1:a9:b6:06:3a:f7:a6:8c:b3:5d:
ab:bb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
83:BF:69:09:3E:66:A4:ED:48:15:39:12:BC:E1:8A:4C:0B:D6:17:A9
X509v3 Authority Key Identifier:
keyid:DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/a58b6238-ef14-49df-aad0-16d332405e96.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:3fc7:1000::/36
Signature Algorithm: sha256WithRSAEncryption
3d:3c:49:6c:23:8b:d9:25:2a:70:b8:02:ba:f5:15:02:1b:72:
66:10:66:cc:e6:58:be:86:dd:fa:2b:1a:46:27:50:75:f4:be:
12:cf:9e:91:6b:1b:69:41:db:6f:c9:92:53:2c:84:66:d1:5a:
e8:a4:a3:da:d8:10:c7:52:7a:bd:af:7d:0b:74:c2:85:ba:a6:
c0:dc:c3:68:4e:d8:da:fa:62:1b:d8:0d:e0:c0:e3:d4:8b:81:
4e:ff:91:fe:02:9e:05:f6:d5:bb:c4:8a:8d:e8:1d:f5:2e:81:
91:9c:67:e6:92:c5:4a:07:eb:33:59:ca:c5:0b:3e:14:6b:b0:
a8:79:54:90:c8:54:3a:34:f9:c9:60:d7:c8:97:75:ea:26:6e:
77:e5:41:75:fa:5f:c0:58:ef:fb:db:08:64:70:21:f4:7c:c6:
ca:db:0a:3d:2f:fd:97:ec:66:df:ee:0a:d3:ec:0a:28:75:4a:
7c:5a:00:51:4a:44:81:22:e2:d1:c0:3c:e7:65:7f:a1:3d:53:
e6:ae:13:a3:cf:99:d4:06:23:09:74:a9:cf:3d:5c:23:9c:bf:
b9:d0:4a:b3:77:13:c7:62:da:56:c1:cc:63:f0:18:51:ef:11:
f8:38:8d:f3:ae:92:c6:bc:9d:25:eb:8e:6a:3b:60:f3:66:45:
73:10:9f:44
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUbB/cOigBO+kQsR1QI/FSQXS+6bwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGY3NTliNWFmM2RhNmM5ZGYwMzNiMGRlOTk4OTcwYTRl
Nzk2NTVkMDAeFw0yNTExMDcyMDM4MTZaFw0yNTEyMTIyMzU5NTlaMHoxSTBHBgNV
BAUTQGQ3Njg0Yjc3MzJiYjc2NzBlMzEwM2YwYzk0ZGNkZGY2MmVjNTRiYTYyMzQx
MGM1ZWE2MTFlZjliYWVlZmYyNDkxLTArBgNVBAMTJDk4ZDY3ZGViLWJiNzUtNGU3
Ny1iMWEwLTM2MDE2YjJkNjM1MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKwe4F84yw1DWBme0Cy5n4fG1ZRNjnmT9psFnCIsfi938h05ZIrY1EeTNR4S
wlXBn/MN+jSilVMKdhcbMRNCwzvlIWMCxa0bxzFSoBXwzs4+rx+xwGpVpUG20YPX
qCnuB4ld54C7lW/uJnWWij9ioX7rLZQ8ZKV/eb0Hn7iJhdBXK8BtGOsidZQIjYy2
Y+8xz0nUV+BZTpk2gzzh6KnqkSjb28WTJ5+685M5+/NbbKjmDIB5u+EXaDEb6YKN
UxS1QNn5RwRKvjeAv+upcaiPYD9Lmp88GyfDcOla3iq00SsEQNfqx6s6mxxDRawe
nWr0kB/HS1yxqbYGOvemjLNdq7sCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBSDv2kJ
Pmak7UgVORK84YpMC9YXqTAfBgNVHSMEGDAWgBTfdZta89psnfAzsN6ZiXCk55ZV
0DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzMzV2JXdlBh
Ykozd003RGVtWWx3cE9lV1ZkQS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9mZTM3MzdmYi0wOTVkLTQ0NGMtOTJmNC0zZjcyMjFmYjU0NGMv
YTU4YjYyMzgtZWYxNC00OWRmLWFhZDAtMTZkMzMyNDA1ZTk2LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZmUzNzM3ZmItMDk1ZC00NDRjLTkyZjQtM2Y3MjIxZmI1
NDRjLzBYRTV0WlZ5dUdlYUFfaDctMXFCcDdhWTRTby5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGBCABP8cQ
MA0GCSqGSIb3DQEBCwUAA4IBAQA9PElsI4vZJSpwuAK69RUCG3JmEGbM5li+ht36
KxpGJ1B19L4Sz56RaxtpQdtvyZJTLIRm0VropKPa2BDHUnq9r30LdMKFuqbA3MNo
Ttja+mIb2A3gwOPUi4FO/5H+Ap4F9tW7xIqN6B31LoGRnGfmksVKB+szWcrFCz4U
a7CoeVSQyFQ6NPnJYNfIl3XqJm535UF1+l/AWO/72whkcCH0fMbK2wo9L/2X7Gbf
7grT7AoodUp8WgBRSkSBIuLRwDznZX+hPVPmrhOjz5nUBiMJdKnPPVwjnL+50Eqz
dxPHYtpWwcxj8BhR7xH4OI3zrpLGvJ0l645qO2DzZkVzEJ9E
-----END CERTIFICATE-----
Generated at Tue Nov 11 13:55:01 2025 by rpki-client