Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/a7fd28cc-be6c-4ec2-845a-c1595c2cfd21.roa
File: a7fd28cc-be6c-4ec2-845a-c1595c2cfd21.roa (raw, json)
Hash identifier: ng2mpyQiBxemyMQ6EA4QpselI8bpy4Lxj+6g0vyuYUo=
Subject key identifier: AB:F3:95:E4:AB:A3:F5:AA:93:14:5C:B5:CE:66:63:B8:0E:15:FB:C3
Certificate issuer: /CN=df759b5af3da6c9df033b0de998970a4e79655d0
Certificate serial: 5527AD5E21B6C1F9EAD8E99146B10029A29968D4
Authority key identifier: DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/a7fd28cc-be6c-4ec2-845a-c1595c2cfd21.roa
Signing time: Fri 07 Nov 2025 20:36:55 +0000
ROA not before: Fri 07 Nov 2025 20:36:55 +0000
ROA not after: Fri 12 Dec 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2001:3fc1:8400::/38 maxlen: 38
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.mft
rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 12 Nov 2025 09:00:37 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
55:27:ad:5e:21:b6:c1:f9:ea:d8:e9:91:46:b1:00:29:a2:99:68:d4
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=df759b5af3da6c9df033b0de998970a4e79655d0
Validity
Not Before: Nov 7 20:36:55 2025 GMT
Not After : Dec 12 23:59:59 2025 GMT
Subject: serialNumber=d1378e67dfbee8cbb841248cf510b9eb406ec72ab624aae13cd53488cf3fd1a5, CN=98d67deb-bb75-4e77-b1a0-36016b2d6350
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b3:3d:ca:b3:fa:74:06:d3:f8:e0:88:f9:d5:2a:
f4:a3:b6:85:dd:73:c6:47:b5:38:50:e7:97:8d:04:
51:f7:de:6a:76:8c:48:9f:f3:1c:4d:33:92:96:53:
50:f7:c8:19:fa:e2:1a:16:db:a1:6b:30:1a:20:dd:
22:57:fa:e0:29:57:10:fa:f5:2a:ea:24:66:27:bf:
aa:b9:53:b2:3d:da:97:84:62:82:11:87:e8:96:64:
36:a2:08:08:0c:ee:04:30:4d:cc:c2:a0:27:31:28:
b3:2a:20:c0:4b:16:25:b8:b6:5d:9e:dc:05:3d:66:
a2:98:b8:90:6a:39:e4:95:3c:52:2d:f4:0c:79:f5:
e3:be:e1:49:4c:1e:05:8e:fe:17:6d:37:fb:1e:c5:
bb:9f:df:ad:e9:2d:0a:ca:9e:13:fd:f3:dd:5e:b2:
65:cc:27:f1:12:62:ad:8a:ba:f7:af:b3:71:39:2f:
e5:0d:bf:3f:6d:57:af:d3:59:9e:dd:2e:49:25:15:
af:4e:45:72:ce:d8:61:99:5b:69:aa:f8:87:06:95:
65:1a:ec:48:ce:32:2a:8e:a7:db:33:7f:68:99:7e:
df:b9:a5:ef:7f:3c:73:9f:4b:70:ed:37:56:1b:85:
95:96:bb:ef:a2:2a:a9:11:aa:96:8f:64:6a:4b:13:
33:07
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AB:F3:95:E4:AB:A3:F5:AA:93:14:5C:B5:CE:66:63:B8:0E:15:FB:C3
X509v3 Authority Key Identifier:
keyid:DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/a7fd28cc-be6c-4ec2-845a-c1595c2cfd21.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:3fc1:8400::/38
Signature Algorithm: sha256WithRSAEncryption
b9:c8:f6:0c:f3:e6:92:5c:9c:a0:97:95:c2:cf:6e:95:d5:1e:
46:58:d2:df:d9:b7:ec:3b:86:03:b6:c9:84:38:3f:a4:9c:40:
ab:8f:ac:b1:a0:3e:cf:4a:bf:c2:8f:45:9b:94:97:dd:0d:f4:
43:b3:0b:38:81:a3:da:a6:8d:3f:dc:73:e3:7a:41:3f:7b:4f:
3c:30:cb:e7:5c:4d:51:b0:df:32:60:70:45:2b:07:44:6f:e1:
f1:f1:67:6b:24:fe:b7:28:08:38:a9:13:ef:fc:80:ed:b7:d6:
60:e7:5e:9d:73:d0:a4:ea:b8:f6:f7:f8:d0:24:cc:59:3f:d7:
1f:68:67:d3:9f:5c:f4:08:3a:68:72:e7:b1:36:f1:f7:ff:37:
25:e2:b3:71:f0:05:52:ae:ab:69:ff:13:87:7a:b5:1d:87:2e:
d1:8e:31:a0:37:85:3f:1c:6a:51:1e:4f:0b:7b:5a:76:5c:8e:
ae:0e:dd:04:36:1f:8f:12:fd:f3:9b:28:81:6a:6a:6e:d3:b8:
78:df:90:4e:45:39:49:0e:c6:11:49:71:1e:48:b6:63:3d:71:
7f:e6:3a:95:bf:93:51:c7:7d:43:5e:18:b3:8d:69:05:58:e5:
f3:68:68:ea:94:67:e7:e2:40:98:4c:67:5b:1c:2c:1b:d1:e6:
b7:6c:04:91
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUVSetXiG2wfnq2OmRRrEAKaKZaNQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGY3NTliNWFmM2RhNmM5ZGYwMzNiMGRlOTk4OTcwYTRl
Nzk2NTVkMDAeFw0yNTExMDcyMDM2NTVaFw0yNTEyMTIyMzU5NTlaMHoxSTBHBgNV
BAUTQGQxMzc4ZTY3ZGZiZWU4Y2JiODQxMjQ4Y2Y1MTBiOWViNDA2ZWM3MmFiNjI0
YWFlMTNjZDUzNDg4Y2YzZmQxYTUxLTArBgNVBAMTJDk4ZDY3ZGViLWJiNzUtNGU3
Ny1iMWEwLTM2MDE2YjJkNjM1MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALM9yrP6dAbT+OCI+dUq9KO2hd1zxke1OFDnl40EUffeanaMSJ/zHE0zkpZT
UPfIGfriGhbboWswGiDdIlf64ClXEPr1KuokZie/qrlTsj3al4RighGH6JZkNqII
CAzuBDBNzMKgJzEosyogwEsWJbi2XZ7cBT1mopi4kGo55JU8Ui30DHn1477hSUwe
BY7+F203+x7Fu5/frektCsqeE/3z3V6yZcwn8RJirYq696+zcTkv5Q2/P21Xr9NZ
nt0uSSUVr05Fcs7YYZlbaar4hwaVZRrsSM4yKo6n2zN/aJl+37ml7388c59LcO03
VhuFlZa776IqqRGqlo9kaksTMwcCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBSr85Xk
q6P1qpMUXLXOZmO4DhX7wzAfBgNVHSMEGDAWgBTfdZta89psnfAzsN6ZiXCk55ZV
0DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzMzV2JXdlBh
Ykozd003RGVtWWx3cE9lV1ZkQS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9mZTM3MzdmYi0wOTVkLTQ0NGMtOTJmNC0zZjcyMjFmYjU0NGMv
YTdmZDI4Y2MtYmU2Yy00ZWMyLTg0NWEtYzE1OTVjMmNmZDIxLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZmUzNzM3ZmItMDk1ZC00NDRjLTkyZjQtM2Y3MjIxZmI1
NDRjLzBYRTV0WlZ5dUdlYUFfaDctMXFCcDdhWTRTby5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGAiABP8GE
MA0GCSqGSIb3DQEBCwUAA4IBAQC5yPYM8+aSXJygl5XCz26V1R5GWNLf2bfsO4YD
tsmEOD+knECrj6yxoD7PSr/Cj0WblJfdDfRDsws4gaPapo0/3HPjekE/e088MMvn
XE1RsN8yYHBFKwdEb+Hx8WdrJP63KAg4qRPv/IDtt9Zg516dc9Ck6rj29/jQJMxZ
P9cfaGfTn1z0CDpocuexNvH3/zcl4rNx8AVSrqtp/xOHerUdhy7RjjGgN4U/HGpR
Hk8Le1p2XI6uDt0ENh+PEv3zmyiBampu07h435BORTlJDsYRSXEeSLZjPXF/5jqV
v5NRx31DXhizjWkFWOXzaGjqlGfn4kCYTGdbHCwb0ea3bASR
-----END CERTIFICATE-----
Generated at Tue Nov 11 13:55:05 2025 by rpki-client