Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/a9974ff0-62d1-4203-bf68-04eb8602d197.roa
File: a9974ff0-62d1-4203-bf68-04eb8602d197.roa (raw, json)
Hash identifier: INqxjK+zxIEG0SCbYdOgM7CAy7e9gwlTQZPcJ1zEw84=
Subject key identifier: 5D:46:96:D0:97:47:80:9F:23:41:BF:C6:7D:DF:77:4A:A5:5E:91:F4
Certificate issuer: /CN=df759b5af3da6c9df033b0de998970a4e79655d0
Certificate serial: 0AA2CFE7228EF6F61C2E50AF115F25EA9FBE6AEF
Authority key identifier: DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/a9974ff0-62d1-4203-bf68-04eb8602d197.roa
Signing time: Fri 07 Nov 2025 20:21:49 +0000
ROA not before: Fri 07 Nov 2025 20:21:49 +0000
ROA not after: Fri 12 Dec 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2001:3fc7:7000::/36 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.mft
rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 12 Nov 2025 09:00:37 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
0a:a2:cf:e7:22:8e:f6:f6:1c:2e:50:af:11:5f:25:ea:9f:be:6a:ef
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=df759b5af3da6c9df033b0de998970a4e79655d0
Validity
Not Before: Nov 7 20:21:49 2025 GMT
Not After : Dec 12 23:59:59 2025 GMT
Subject: serialNumber=4003abc4683245f38d25d53a8f9f07bc5114158bb547fba02b876c13a020d85a, CN=98d67deb-bb75-4e77-b1a0-36016b2d6350
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8d:5f:61:80:87:a1:f7:90:32:05:30:aa:86:02:
5c:b5:e8:48:84:3f:43:cd:57:66:e1:f1:60:39:64:
0f:de:ef:a1:91:2e:24:d8:6b:cf:fb:5f:23:b7:4e:
31:e5:fd:0b:3d:67:f4:27:e4:33:f0:70:24:46:bb:
4c:32:48:64:10:08:df:2b:f3:f2:72:f8:f4:88:fd:
42:6d:81:8c:78:44:c5:12:dc:6c:af:30:a1:25:fb:
06:b7:56:d0:1a:c0:6b:3e:53:ca:02:02:ee:5f:8d:
f9:0c:be:74:3b:4a:1c:6e:72:18:12:85:c2:11:1c:
38:0b:19:43:cd:9e:45:bb:56:00:3b:b7:db:e0:b5:
ca:28:80:28:d8:7a:00:ae:e3:f1:79:8c:2c:74:b0:
52:3b:da:5c:9f:f9:ac:fd:10:af:d1:d1:fc:f0:6c:
46:7c:5e:18:2e:14:8c:59:51:5a:01:bd:43:b5:f8:
24:39:01:9d:09:8a:8b:1a:6f:aa:ee:d6:43:18:d6:
6d:e4:4b:9b:32:2f:91:10:e1:39:eb:ae:f6:87:4c:
04:a6:c3:2b:2b:74:15:61:47:45:91:c2:4e:21:42:
91:a9:7c:d0:17:26:33:e1:0c:3e:b2:f2:c5:b0:74:
46:75:b5:12:80:9e:2e:8a:14:ac:85:7e:7a:68:76:
8e:31
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5D:46:96:D0:97:47:80:9F:23:41:BF:C6:7D:DF:77:4A:A5:5E:91:F4
X509v3 Authority Key Identifier:
keyid:DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/a9974ff0-62d1-4203-bf68-04eb8602d197.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:3fc7:7000::/36
Signature Algorithm: sha256WithRSAEncryption
b4:68:c5:f4:6c:f2:10:d7:4d:f8:dd:de:39:28:b3:60:27:d1:
42:60:2f:1f:7b:9b:46:52:71:9b:e7:df:69:68:61:64:1b:6e:
bf:40:4e:7e:1e:1e:c2:b6:fc:ae:b7:87:03:41:4f:4a:1e:2e:
1a:17:f1:71:84:6e:d8:1e:22:23:8a:9c:e9:36:95:81:57:38:
64:91:48:69:c6:1e:ee:0c:17:f5:de:fa:12:4e:09:e7:85:ec:
1d:94:c9:63:c2:39:93:71:27:c1:d8:6a:00:50:19:2d:2f:b2:
fd:70:a5:77:c3:a5:06:7a:c8:6a:11:5d:97:5c:81:63:82:96:
e9:95:f7:c2:a0:50:de:59:be:1f:d7:87:e6:b9:5a:59:f2:ca:
2e:f4:26:9c:2e:eb:15:5e:23:17:e5:04:9c:07:2f:37:80:f4:
c9:af:08:3e:3c:57:5e:15:fb:38:84:53:a9:bf:55:01:34:f4:
1b:2c:d0:82:d1:ce:18:ea:e9:6c:99:47:49:1b:eb:23:13:5b:
ae:6a:b9:6b:bc:bd:22:b7:38:fe:06:76:04:d5:af:d5:e1:aa:
61:28:f0:47:45:18:5b:90:cd:96:a0:d1:99:db:59:41:f6:2a:
51:73:bb:17:7a:6b:e7:3d:54:7b:4c:8c:e1:2e:8a:ee:c4:47:
9f:2e:83:a0
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUCqLP5yKO9vYcLlCvEV8l6p++au8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGY3NTliNWFmM2RhNmM5ZGYwMzNiMGRlOTk4OTcwYTRl
Nzk2NTVkMDAeFw0yNTExMDcyMDIxNDlaFw0yNTEyMTIyMzU5NTlaMHoxSTBHBgNV
BAUTQDQwMDNhYmM0NjgzMjQ1ZjM4ZDI1ZDUzYThmOWYwN2JjNTExNDE1OGJiNTQ3
ZmJhMDJiODc2YzEzYTAyMGQ4NWExLTArBgNVBAMTJDk4ZDY3ZGViLWJiNzUtNGU3
Ny1iMWEwLTM2MDE2YjJkNjM1MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAI1fYYCHofeQMgUwqoYCXLXoSIQ/Q81XZuHxYDlkD97voZEuJNhrz/tfI7dO
MeX9Cz1n9CfkM/BwJEa7TDJIZBAI3yvz8nL49Ij9Qm2BjHhExRLcbK8woSX7BrdW
0BrAaz5TygIC7l+N+Qy+dDtKHG5yGBKFwhEcOAsZQ82eRbtWADu32+C1yiiAKNh6
AK7j8XmMLHSwUjvaXJ/5rP0Qr9HR/PBsRnxeGC4UjFlRWgG9Q7X4JDkBnQmKixpv
qu7WQxjWbeRLmzIvkRDhOeuu9odMBKbDKyt0FWFHRZHCTiFCkal80BcmM+EMPrLy
xbB0RnW1EoCeLooUrIV+emh2jjECAwEAAaOCAiMwggIfMB0GA1UdDgQWBBRdRpbQ
l0eAnyNBv8Z933dKpV6R9DAfBgNVHSMEGDAWgBTfdZta89psnfAzsN6ZiXCk55ZV
0DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzMzV2JXdlBh
Ykozd003RGVtWWx3cE9lV1ZkQS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9mZTM3MzdmYi0wOTVkLTQ0NGMtOTJmNC0zZjcyMjFmYjU0NGMv
YTk5NzRmZjAtNjJkMS00MjAzLWJmNjgtMDRlYjg2MDJkMTk3LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZmUzNzM3ZmItMDk1ZC00NDRjLTkyZjQtM2Y3MjIxZmI1
NDRjLzBYRTV0WlZ5dUdlYUFfaDctMXFCcDdhWTRTby5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGBCABP8dw
MA0GCSqGSIb3DQEBCwUAA4IBAQC0aMX0bPIQ10343d45KLNgJ9FCYC8fe5tGUnGb
599paGFkG26/QE5+Hh7Ctvyut4cDQU9KHi4aF/FxhG7YHiIjipzpNpWBVzhkkUhp
xh7uDBf13voSTgnnhewdlMljwjmTcSfB2GoAUBktL7L9cKV3w6UGeshqEV2XXIFj
gpbplffCoFDeWb4f14fmuVpZ8sou9CacLusVXiMX5QScBy83gPTJrwg+PFdeFfs4
hFOpv1UBNPQbLNCC0c4Y6ulsmUdJG+sjE1uuarlrvL0itzj+BnYE1a/V4aphKPBH
RRhbkM2WoNGZ21lB9ipRc7sXemvnPVR7TIzhLoruxEefLoOg
-----END CERTIFICATE-----
Generated at Tue Nov 11 13:54:56 2025 by rpki-client