Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/b2738aa7-be3c-48f9-8b59-e5db58d9244b.roa
File: b2738aa7-be3c-48f9-8b59-e5db58d9244b.roa (raw, json)
Hash identifier: 7BxoHBd/U7J7I80zRXHQPTtpifqScCdgG4XoWpuaMIc=
Subject key identifier: 10:4F:D7:31:07:72:69:02:D1:C2:43:C5:57:04:F2:D5:45:58:40:EB
Certificate issuer: /CN=df759b5af3da6c9df033b0de998970a4e79655d0
Certificate serial: 5739F2E186A3E252A73FE1268CD3D1D2398E1C3F
Authority key identifier: DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/b2738aa7-be3c-48f9-8b59-e5db58d9244b.roa
Signing time: Fri 07 Nov 2025 20:38:18 +0000
ROA not before: Fri 07 Nov 2025 20:38:18 +0000
ROA not after: Fri 12 Dec 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2001:3fc7:6000::/36 maxlen: 36
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.mft
rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 12 Nov 2025 09:00:37 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
57:39:f2:e1:86:a3:e2:52:a7:3f:e1:26:8c:d3:d1:d2:39:8e:1c:3f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=df759b5af3da6c9df033b0de998970a4e79655d0
Validity
Not Before: Nov 7 20:38:18 2025 GMT
Not After : Dec 12 23:59:59 2025 GMT
Subject: serialNumber=d579013f65d6ee2a27bb7a02431f6ba1150ba4a6ec1214640de413dbe5c77c28, CN=98d67deb-bb75-4e77-b1a0-36016b2d6350
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c1:1c:cd:dd:b4:0c:23:7d:b5:ee:00:10:35:4a:
66:7c:cc:fa:65:88:70:a6:de:45:8f:63:8b:0c:58:
15:e0:64:83:70:0f:6f:fd:4a:70:aa:98:21:47:cf:
50:a7:06:a3:82:99:59:57:34:66:3e:a5:2e:f9:20:
8a:5e:c3:07:93:22:67:d1:94:78:21:18:aa:da:3f:
04:3b:30:1a:19:56:ce:73:5f:64:49:08:4d:cf:44:
37:94:5b:5f:fe:f1:e4:9d:b0:1e:89:d5:28:c5:02:
61:cf:d5:52:8b:46:35:75:65:0e:50:cc:57:72:37:
61:39:49:35:e7:71:7c:dd:12:3e:88:a5:60:35:90:
fa:f8:61:f2:c0:a2:2b:7e:dc:25:31:50:2f:22:73:
89:b3:55:92:a8:de:bf:7c:8c:7d:1a:f0:85:48:a5:
85:12:52:ca:fd:d8:89:20:4f:e2:60:96:e5:3d:77:
5b:a0:20:00:4e:35:19:4d:4e:c4:21:7a:eb:88:9f:
f5:2a:ac:5a:0c:69:0e:9d:33:24:87:8b:50:10:47:
91:1d:e8:a8:46:7a:49:ff:f7:d5:c5:be:11:09:fc:
4e:96:9f:16:f9:98:73:22:10:57:bc:70:a3:93:3c:
9f:0f:0f:1c:b8:69:00:d5:07:18:07:26:28:87:c2:
c5:7d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
10:4F:D7:31:07:72:69:02:D1:C2:43:C5:57:04:F2:D5:45:58:40:EB
X509v3 Authority Key Identifier:
keyid:DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/b2738aa7-be3c-48f9-8b59-e5db58d9244b.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:3fc7:6000::/36
Signature Algorithm: sha256WithRSAEncryption
9b:e9:cb:91:79:f0:af:8a:c3:6e:34:54:79:12:68:09:5f:22:
00:e9:7b:e0:20:e8:35:72:fb:36:d0:1d:c5:7c:61:ae:fb:7c:
b7:ad:dc:55:31:66:c0:ca:90:09:4b:e0:8b:4e:25:64:25:c6:
b7:e9:72:19:34:9a:0e:e7:69:87:fd:06:55:75:a5:09:0c:47:
c5:31:97:bd:b9:c3:5f:f1:ea:df:b7:ab:a2:b3:e6:c2:e6:7c:
39:11:32:9e:1e:56:11:7a:0a:9e:84:6a:8b:32:ee:c5:48:74:
19:76:e8:eb:36:4b:eb:de:30:88:4e:74:02:44:f3:8d:d3:37:
12:0b:e5:68:23:35:3a:02:f3:0f:12:55:af:d5:f6:ad:4e:3d:
28:fa:ab:e3:75:80:31:e8:fb:1e:bc:ec:fa:6b:a0:76:6d:13:
bb:a6:2b:65:c9:b8:0b:27:80:e4:c3:3e:d6:ef:03:40:0b:8f:
f5:b1:b8:be:28:d3:31:5e:45:b8:7d:95:86:af:71:4a:cc:f3:
8d:35:44:bf:9b:3c:ad:67:41:a2:39:c9:d9:72:67:7c:fd:fa:
fa:67:de:c5:dc:79:1d:e9:4e:7a:36:69:5d:f6:a1:cd:96:03:
0b:11:6f:fe:c7:a9:47:78:af:64:5b:c9:91:97:fe:a9:6f:35:
49:02:c7:5e
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUVzny4Yaj4lKnP+EmjNPR0jmOHD8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGY3NTliNWFmM2RhNmM5ZGYwMzNiMGRlOTk4OTcwYTRl
Nzk2NTVkMDAeFw0yNTExMDcyMDM4MThaFw0yNTEyMTIyMzU5NTlaMHoxSTBHBgNV
BAUTQGQ1NzkwMTNmNjVkNmVlMmEyN2JiN2EwMjQzMWY2YmExMTUwYmE0YTZlYzEy
MTQ2NDBkZTQxM2RiZTVjNzdjMjgxLTArBgNVBAMTJDk4ZDY3ZGViLWJiNzUtNGU3
Ny1iMWEwLTM2MDE2YjJkNjM1MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMEczd20DCN9te4AEDVKZnzM+mWIcKbeRY9jiwxYFeBkg3APb/1KcKqYIUfP
UKcGo4KZWVc0Zj6lLvkgil7DB5MiZ9GUeCEYqto/BDswGhlWznNfZEkITc9EN5Rb
X/7x5J2wHonVKMUCYc/VUotGNXVlDlDMV3I3YTlJNedxfN0SPoilYDWQ+vhh8sCi
K37cJTFQLyJzibNVkqjev3yMfRrwhUilhRJSyv3YiSBP4mCW5T13W6AgAE41GU1O
xCF664if9SqsWgxpDp0zJIeLUBBHkR3oqEZ6Sf/31cW+EQn8TpafFvmYcyIQV7xw
o5M8nw8PHLhpANUHGAcmKIfCxX0CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBQQT9cx
B3JpAtHCQ8VXBPLVRVhA6zAfBgNVHSMEGDAWgBTfdZta89psnfAzsN6ZiXCk55ZV
0DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzMzV2JXdlBh
Ykozd003RGVtWWx3cE9lV1ZkQS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9mZTM3MzdmYi0wOTVkLTQ0NGMtOTJmNC0zZjcyMjFmYjU0NGMv
YjI3MzhhYTctYmUzYy00OGY5LThiNTktZTVkYjU4ZDkyNDRiLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZmUzNzM3ZmItMDk1ZC00NDRjLTkyZjQtM2Y3MjIxZmI1
NDRjLzBYRTV0WlZ5dUdlYUFfaDctMXFCcDdhWTRTby5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGBCABP8dg
MA0GCSqGSIb3DQEBCwUAA4IBAQCb6cuRefCvisNuNFR5EmgJXyIA6XvgIOg1cvs2
0B3FfGGu+3y3rdxVMWbAypAJS+CLTiVkJca36XIZNJoO52mH/QZVdaUJDEfFMZe9
ucNf8erft6uis+bC5nw5ETKeHlYRegqehGqLMu7FSHQZdujrNkvr3jCITnQCRPON
0zcSC+VoIzU6AvMPElWv1fatTj0o+qvjdYAx6PsevOz6a6B2bRO7pitlybgLJ4Dk
wz7W7wNAC4/1sbi+KNMxXkW4fZWGr3FKzPONNUS/mzytZ0GiOcnZcmd8/fr6Z97F
3Hkd6U56Nmld9qHNlgMLEW/+x6lHeK9kW8mRl/6pbzVJAsde
-----END CERTIFICATE-----
Generated at Tue Nov 11 13:55:08 2025 by rpki-client