Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/b1191abf-2871-473a-8ee2-a2089f6894a7.roa
File: b1191abf-2871-473a-8ee2-a2089f6894a7.roa (raw, json)
Hash identifier: /GYW2UIsE5PV9Dq7V+ifajsCXh+XfkjH4gUDzDQR/Yo=
Subject key identifier: 22:D5:D5:45:5E:A8:18:9A:C1:F5:C9:E7:CC:C4:13:7B:4E:53:C9:7E
Certificate issuer: /CN=df759b5af3da6c9df033b0de998970a4e79655d0
Certificate serial: 7D7840FD81F18DC80FC13E7933B34D66C1DB171C
Authority key identifier: DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/b1191abf-2871-473a-8ee2-a2089f6894a7.roa
Signing time: Fri 07 Nov 2025 20:23:13 +0000
ROA not before: Fri 07 Nov 2025 20:23:13 +0000
ROA not after: Fri 12 Dec 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2001:3fc7:2840::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.mft
rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 12 Nov 2025 09:00:37 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
7d:78:40:fd:81:f1:8d:c8:0f:c1:3e:79:33:b3:4d:66:c1:db:17:1c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=df759b5af3da6c9df033b0de998970a4e79655d0
Validity
Not Before: Nov 7 20:23:13 2025 GMT
Not After : Dec 12 23:59:59 2025 GMT
Subject: serialNumber=26b445ec97b2268c306f016869c989fa8c1c047f0d712a086ae0fad68845df83, CN=98d67deb-bb75-4e77-b1a0-36016b2d6350
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b8:c1:96:cb:35:d4:75:54:56:95:3d:1e:d5:ad:
00:2b:81:74:ba:c2:8d:05:f6:1c:b0:b4:d3:04:f5:
a1:63:bb:46:83:52:aa:d9:50:00:3f:70:0a:73:f6:
18:68:10:c2:8e:ce:b9:d6:26:3f:03:43:09:44:ca:
9a:ec:3b:0f:2e:1b:c5:a0:18:eb:c0:b7:84:84:84:
95:e9:8a:d4:77:07:7d:5f:55:5a:ec:d4:4d:f7:86:
37:97:6c:10:65:68:db:ca:33:75:3d:dc:a4:02:a7:
f4:08:30:88:63:11:42:33:9f:d1:ee:11:00:07:f5:
37:f9:9b:12:22:cd:0a:e0:80:e9:8d:e2:0a:6a:af:
a5:8e:f6:41:04:60:50:1f:f1:50:f3:2f:f2:40:79:
8b:b9:52:52:c0:6b:99:8e:9c:e9:54:9d:de:10:76:
d6:19:b9:14:0f:8d:7a:31:c4:1e:cf:09:0e:40:97:
39:78:e6:e4:bb:df:50:02:ae:7b:10:49:c5:a6:f0:
96:10:a3:3c:3e:2a:ab:bf:27:f7:49:47:bc:8d:e4:
ce:55:10:eb:0a:5b:ea:5a:12:d8:af:ef:a7:2d:78:
52:a0:f1:d6:33:3b:f1:4f:7d:5e:3c:d5:60:bb:59:
c1:63:73:c9:b6:1e:9e:43:f3:68:f1:86:e5:51:ba:
28:75
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
22:D5:D5:45:5E:A8:18:9A:C1:F5:C9:E7:CC:C4:13:7B:4E:53:C9:7E
X509v3 Authority Key Identifier:
keyid:DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/b1191abf-2871-473a-8ee2-a2089f6894a7.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:3fc7:2840::/48
Signature Algorithm: sha256WithRSAEncryption
46:d1:b0:e4:6a:c8:50:48:59:67:80:6b:58:e4:b0:f8:61:f7:
e0:f7:a8:b1:16:50:d3:5c:e1:d2:04:83:92:9b:da:63:44:7d:
17:33:3b:da:31:37:1f:9d:c0:da:ff:41:b4:3d:35:26:f5:d4:
5a:d9:89:63:8a:5d:ae:00:95:15:58:8a:c5:38:56:c7:9a:7d:
1d:2f:20:c8:32:e8:6e:4a:3e:7e:49:aa:15:ba:c7:7d:20:9a:
63:4f:67:20:9a:be:81:42:24:3a:73:01:6a:34:06:02:ad:3b:
a5:9b:cc:1d:df:cb:27:7f:84:25:a1:2a:03:50:4a:d7:13:0c:
b4:84:c1:cd:b1:01:5f:08:1d:f6:09:ad:4b:d6:ff:af:33:25:
61:c4:cb:fe:e2:d6:39:78:c7:15:09:22:f0:c2:21:2a:f6:75:
f9:a4:83:70:15:15:ff:bd:6a:8c:c8:17:58:eb:dd:79:75:8c:
54:61:cd:ec:c8:04:19:bd:81:da:62:ad:d6:17:4b:6b:61:0e:
12:fe:4d:42:2d:b9:ce:47:7e:1b:90:a7:0b:fc:04:19:8a:94:
73:d7:5d:8a:39:4a:26:d3:d0:e6:3c:cf:ae:69:0c:ca:7b:28:
b5:e5:d3:7b:94:3d:e0:b6:5f:3c:a1:c2:08:dc:8c:db:7d:c3:
bd:ee:6f:41
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUfXhA/YHxjcgPwT55M7NNZsHbFxwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGY3NTliNWFmM2RhNmM5ZGYwMzNiMGRlOTk4OTcwYTRl
Nzk2NTVkMDAeFw0yNTExMDcyMDIzMTNaFw0yNTEyMTIyMzU5NTlaMHoxSTBHBgNV
BAUTQDI2YjQ0NWVjOTdiMjI2OGMzMDZmMDE2ODY5Yzk4OWZhOGMxYzA0N2YwZDcx
MmEwODZhZTBmYWQ2ODg0NWRmODMxLTArBgNVBAMTJDk4ZDY3ZGViLWJiNzUtNGU3
Ny1iMWEwLTM2MDE2YjJkNjM1MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALjBlss11HVUVpU9HtWtACuBdLrCjQX2HLC00wT1oWO7RoNSqtlQAD9wCnP2
GGgQwo7OudYmPwNDCUTKmuw7Dy4bxaAY68C3hISElemK1HcHfV9VWuzUTfeGN5ds
EGVo28ozdT3cpAKn9AgwiGMRQjOf0e4RAAf1N/mbEiLNCuCA6Y3iCmqvpY72QQRg
UB/xUPMv8kB5i7lSUsBrmY6c6VSd3hB21hm5FA+NejHEHs8JDkCXOXjm5LvfUAKu
exBJxabwlhCjPD4qq78n90lHvI3kzlUQ6wpb6loS2K/vpy14UqDx1jM78U99XjzV
YLtZwWNzybYenkPzaPGG5VG6KHUCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBQi1dVF
XqgYmsH1yefMxBN7TlPJfjAfBgNVHSMEGDAWgBTfdZta89psnfAzsN6ZiXCk55ZV
0DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzMzV2JXdlBh
Ykozd003RGVtWWx3cE9lV1ZkQS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9mZTM3MzdmYi0wOTVkLTQ0NGMtOTJmNC0zZjcyMjFmYjU0NGMv
YjExOTFhYmYtMjg3MS00NzNhLThlZTItYTIwODlmNjg5NGE3LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZmUzNzM3ZmItMDk1ZC00NDRjLTkyZjQtM2Y3MjIxZmI1
NDRjLzBYRTV0WlZ5dUdlYUFfaDctMXFCcDdhWTRTby5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACABP8co
QDANBgkqhkiG9w0BAQsFAAOCAQEARtGw5GrIUEhZZ4BrWOSw+GH34PeosRZQ01zh
0gSDkpvaY0R9FzM72jE3H53A2v9BtD01JvXUWtmJY4pdrgCVFViKxThWx5p9HS8g
yDLobko+fkmqFbrHfSCaY09nIJq+gUIkOnMBajQGAq07pZvMHd/LJ3+EJaEqA1BK
1xMMtITBzbEBXwgd9gmtS9b/rzMlYcTL/uLWOXjHFQki8MIhKvZ1+aSDcBUV/71q
jMgXWOvdeXWMVGHN7MgEGb2B2mKt1hdLa2EOEv5NQi25zkd+G5CnC/wEGYqUc9dd
ijlKJtPQ5jzPrmkMynsoteXTe5Q94LZfPKHCCNyM233Dve5vQQ==
-----END CERTIFICATE-----
Generated at Tue Nov 11 13:54:54 2025 by rpki-client