Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/aab50dd8-a220-4509-8901-cb5ca23cff5f.roa
File: aab50dd8-a220-4509-8901-cb5ca23cff5f.roa (raw, json)
Hash identifier: T1nszY7x7q48zXtH3fl+SnCT0MVm+lepnm6SSGJslH0=
Subject key identifier: 65:D9:AC:51:08:6C:5D:2C:EE:DF:38:BD:C6:3F:2F:90:20:03:DB:D2
Certificate issuer: /CN=df759b5af3da6c9df033b0de998970a4e79655d0
Certificate serial: 6D31C6C6D7AA32959A5280F3A544ED5A7DB6B0FE
Authority key identifier: DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/aab50dd8-a220-4509-8901-cb5ca23cff5f.roa
Signing time: Fri 07 Nov 2025 20:23:11 +0000
ROA not before: Fri 07 Nov 2025 20:23:11 +0000
ROA not after: Fri 12 Dec 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2001:3fc6:c::/47 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.mft
rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 12 Nov 2025 09:00:37 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
6d:31:c6:c6:d7:aa:32:95:9a:52:80:f3:a5:44:ed:5a:7d:b6:b0:fe
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=df759b5af3da6c9df033b0de998970a4e79655d0
Validity
Not Before: Nov 7 20:23:11 2025 GMT
Not After : Dec 12 23:59:59 2025 GMT
Subject: serialNumber=5cdea268fba3e3c0f8db256f268f459e728e496af935cf6c21727c4a247ac624, CN=98d67deb-bb75-4e77-b1a0-36016b2d6350
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b7:52:40:8f:fa:56:f4:14:af:70:1f:08:a2:b0:
4c:10:57:08:ac:97:66:df:78:53:37:cf:da:d1:9c:
b3:14:18:91:58:16:81:df:e3:2b:14:0a:f8:60:b3:
31:6d:c4:8a:e1:01:0d:00:e9:ca:eb:8e:80:79:7b:
b0:05:c0:08:a3:7d:2b:c9:d9:6b:e1:a8:fa:bb:b3:
9c:03:f0:87:92:33:77:b4:00:ed:b2:18:3c:26:47:
f0:e8:0d:5f:4e:b6:30:ac:3e:02:56:ea:5b:ef:05:
72:e9:83:a7:64:05:65:85:3a:75:55:61:a0:27:48:
c2:cc:12:ed:8f:c8:45:cf:26:50:f2:0a:60:ef:ed:
ea:7e:83:f2:6b:45:0b:42:65:80:ab:f8:fe:c9:20:
01:ad:52:ff:c0:b2:7f:54:40:c8:50:4f:05:10:b2:
e1:a4:92:93:31:12:8a:ad:ba:60:74:8f:40:0c:42:
d0:60:a9:67:20:24:a4:fa:51:65:08:2d:5f:9e:39:
ec:5f:62:4b:a5:c2:9b:43:7c:93:c0:cd:14:67:c1:
6a:3d:af:38:6a:f6:d0:ac:98:ec:bf:bc:06:91:6c:
6b:72:06:7d:96:b9:7f:0d:bc:37:43:57:02:26:92:
9e:6c:f5:ae:a3:33:51:2b:1a:6d:3c:dc:52:90:6c:
31:1d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
65:D9:AC:51:08:6C:5D:2C:EE:DF:38:BD:C6:3F:2F:90:20:03:DB:D2
X509v3 Authority Key Identifier:
keyid:DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/aab50dd8-a220-4509-8901-cb5ca23cff5f.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:3fc6:c::/47
Signature Algorithm: sha256WithRSAEncryption
c1:f7:5c:a2:ad:92:27:91:c6:e2:27:96:e9:f1:18:0c:a7:61:
58:30:a0:55:4d:98:39:47:94:e7:e5:07:cb:ec:f5:8d:9d:b6:
bc:0f:79:59:72:9a:c0:e8:e6:a3:29:6a:5a:f3:55:8c:67:50:
97:43:64:14:5b:a8:4a:3b:d9:4b:48:b0:66:46:cc:5a:7c:62:
57:f8:ca:cc:8c:3f:31:67:cb:45:ff:dc:d1:f7:49:2e:33:d1:
a2:3b:f5:60:1d:13:17:3c:0c:a9:26:34:a7:8a:2f:ab:6e:20:
4e:98:10:b3:b2:b9:79:23:01:29:29:5e:0b:1b:f3:8e:ab:e8:
45:4a:14:77:45:be:47:73:a6:97:18:51:0c:ce:90:1c:70:31:
6a:dd:13:60:a0:48:c8:6b:76:2f:1d:72:d3:f9:61:8e:f2:5d:
22:37:67:85:19:ef:39:5a:f5:46:99:6b:19:c3:de:b8:d7:69:
85:91:79:57:37:0d:16:a4:92:cb:cd:98:35:c2:10:62:53:30:
18:49:95:d0:ee:1a:6f:3f:d1:f9:a1:dd:8a:97:2f:86:54:e3:
47:62:5b:e8:fd:71:8c:76:90:bd:65:c0:c0:85:b6:f2:df:99:
20:e7:ab:28:cc:8e:a5:aa:f5:15:16:82:ee:2d:ca:72:23:35:
a4:25:84:af
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUbTHGxteqMpWaUoDzpUTtWn22sP4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGY3NTliNWFmM2RhNmM5ZGYwMzNiMGRlOTk4OTcwYTRl
Nzk2NTVkMDAeFw0yNTExMDcyMDIzMTFaFw0yNTEyMTIyMzU5NTlaMHoxSTBHBgNV
BAUTQDVjZGVhMjY4ZmJhM2UzYzBmOGRiMjU2ZjI2OGY0NTllNzI4ZTQ5NmFmOTM1
Y2Y2YzIxNzI3YzRhMjQ3YWM2MjQxLTArBgNVBAMTJDk4ZDY3ZGViLWJiNzUtNGU3
Ny1iMWEwLTM2MDE2YjJkNjM1MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALdSQI/6VvQUr3AfCKKwTBBXCKyXZt94UzfP2tGcsxQYkVgWgd/jKxQK+GCz
MW3EiuEBDQDpyuuOgHl7sAXACKN9K8nZa+Go+ruznAPwh5Izd7QA7bIYPCZH8OgN
X062MKw+AlbqW+8FcumDp2QFZYU6dVVhoCdIwswS7Y/IRc8mUPIKYO/t6n6D8mtF
C0JlgKv4/skgAa1S/8Cyf1RAyFBPBRCy4aSSkzESiq26YHSPQAxC0GCpZyAkpPpR
ZQgtX5457F9iS6XCm0N8k8DNFGfBaj2vOGr20KyY7L+8BpFsa3IGfZa5fw28N0NX
AiaSnmz1rqMzUSsabTzcUpBsMR0CAwEAAaOCAiQwggIgMB0GA1UdDgQWBBRl2axR
CGxdLO7fOL3GPy+QIAPb0jAfBgNVHSMEGDAWgBTfdZta89psnfAzsN6ZiXCk55ZV
0DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzMzV2JXdlBh
Ykozd003RGVtWWx3cE9lV1ZkQS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9mZTM3MzdmYi0wOTVkLTQ0NGMtOTJmNC0zZjcyMjFmYjU0NGMv
YWFiNTBkZDgtYTIyMC00NTA5LTg5MDEtY2I1Y2EyM2NmZjVmLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZmUzNzM3ZmItMDk1ZC00NDRjLTkyZjQtM2Y3MjIxZmI1
NDRjLzBYRTV0WlZ5dUdlYUFfaDctMXFCcDdhWTRTby5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHASABP8YA
DDANBgkqhkiG9w0BAQsFAAOCAQEAwfdcoq2SJ5HG4ieW6fEYDKdhWDCgVU2YOUeU
5+UHy+z1jZ22vA95WXKawOjmoylqWvNVjGdQl0NkFFuoSjvZS0iwZkbMWnxiV/jK
zIw/MWfLRf/c0fdJLjPRojv1YB0TFzwMqSY0p4ovq24gTpgQs7K5eSMBKSleCxvz
jqvoRUoUd0W+R3OmlxhRDM6QHHAxat0TYKBIyGt2Lx1y0/lhjvJdIjdnhRnvOVr1
RplrGcPeuNdphZF5VzcNFqSSy82YNcIQYlMwGEmV0O4abz/R+aHdipcvhlTjR2Jb
6P1xjHaQvWXAwIW28t+ZIOerKMyOpar1FRaC7i3KciM1pCWErw==
-----END CERTIFICATE-----
Generated at Tue Nov 11 13:54:59 2025 by rpki-client