Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/c47386ff-4f1d-480a-be76-cc4ee1b3a35f.roa
File: c47386ff-4f1d-480a-be76-cc4ee1b3a35f.roa (raw, json)
Hash identifier: tlEtGCewwSV3CCcU9ggDJQoHqvBmD9/67bgFlhjTJ0U=
Subject key identifier: 47:C8:05:0B:98:C3:BA:40:0E:24:8C:82:D9:28:F8:CF:3B:12:C0:5C
Certificate issuer: /CN=df759b5af3da6c9df033b0de998970a4e79655d0
Certificate serial: 064251A6602608F2BD0923623857D05E2D145F66
Authority key identifier: DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/c47386ff-4f1d-480a-be76-cc4ee1b3a35f.roa
Signing time: Fri 07 Nov 2025 20:21:45 +0000
ROA not before: Fri 07 Nov 2025 20:21:45 +0000
ROA not after: Fri 12 Dec 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2001:3fc3::/36 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.mft
rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 12 Nov 2025 09:00:37 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
06:42:51:a6:60:26:08:f2:bd:09:23:62:38:57:d0:5e:2d:14:5f:66
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=df759b5af3da6c9df033b0de998970a4e79655d0
Validity
Not Before: Nov 7 20:21:45 2025 GMT
Not After : Dec 12 23:59:59 2025 GMT
Subject: serialNumber=db6ee9a4c46094728b490ee14fd66fb724911cbecc613aca8382a70d480d3fab, CN=98d67deb-bb75-4e77-b1a0-36016b2d6350
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c8:97:62:bb:d8:bc:6c:53:d1:8e:d7:66:d9:5c:
40:74:0d:5f:46:d4:09:ea:7a:7c:42:b9:59:bb:aa:
ad:1e:27:3f:13:15:06:b7:a8:43:8e:04:98:57:3d:
1e:58:7a:29:15:4c:ea:b5:15:f2:82:02:86:30:1b:
84:8b:41:79:81:9f:90:e1:15:f9:1c:5c:65:18:b6:
8e:6a:22:33:91:32:17:28:8d:8f:0c:46:77:62:80:
82:01:ff:d2:15:fa:1d:4e:52:98:a4:49:40:f1:bb:
ed:2a:a4:aa:72:d3:55:77:3f:57:06:4b:27:db:e6:
8b:28:81:aa:09:17:e6:92:54:6e:4c:b6:92:e9:a4:
54:1e:93:bf:56:76:ad:f7:91:7f:98:a2:56:c5:44:
f8:81:89:15:0b:3d:d0:0b:79:7f:dc:18:51:d1:79:
b0:cd:84:b8:79:8f:14:a4:43:83:bd:3e:c1:a7:2a:
1c:19:25:df:49:c9:37:41:67:13:e0:80:60:5f:88:
2c:cf:02:f3:5b:d5:2d:7e:94:5d:e0:97:37:56:83:
c1:8d:10:5c:51:da:a8:b6:9d:f8:7d:3c:99:9f:d4:
46:97:7a:83:fd:df:76:20:81:9c:7f:e8:f2:f5:41:
56:71:09:0c:a8:49:f9:e0:e0:8c:40:29:dd:c9:1d:
a9:3d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
47:C8:05:0B:98:C3:BA:40:0E:24:8C:82:D9:28:F8:CF:3B:12:C0:5C
X509v3 Authority Key Identifier:
keyid:DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/c47386ff-4f1d-480a-be76-cc4ee1b3a35f.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:3fc3::/36
Signature Algorithm: sha256WithRSAEncryption
a1:9e:eb:11:b2:61:c4:44:a6:bf:9f:40:b6:6d:53:07:cf:bb:
84:87:d3:36:0f:e5:f0:30:56:e4:aa:f0:76:26:bf:24:da:d7:
5d:4f:a5:7f:f7:cb:d7:38:aa:66:18:a6:77:91:29:fb:52:d6:
f7:cb:e7:d9:46:37:9a:3c:92:0f:a7:27:46:0d:73:f2:90:40:
1a:99:b0:16:fc:ca:78:76:05:fe:a6:48:f7:fc:64:ba:bc:8a:
16:2d:d8:96:9f:ec:a6:ff:d2:4e:3c:aa:ce:16:09:30:c3:33:
ce:f9:21:75:59:4c:0e:92:5e:6a:6d:7c:49:3b:a5:ad:55:58:
a6:97:f0:95:e7:3c:f4:90:ac:0c:ad:65:b0:01:ac:eb:7c:4e:
3a:3c:f7:e7:83:06:2a:35:39:86:09:b2:a2:82:e4:1f:32:62:
95:8a:60:da:4c:83:ab:cb:13:b0:5a:d3:a6:a6:ed:16:c0:e4:
8a:8f:d3:df:bc:34:ea:0a:ab:2e:3b:d6:04:fb:53:73:45:f8:
f0:5a:ad:57:b3:a3:72:8e:8d:d9:4b:16:b9:45:da:07:07:55:
82:17:ae:58:78:0a:27:7d:16:48:46:0a:2d:52:5f:48:fc:2b:
c9:59:07:5c:b1:70:73:2b:94:2a:37:9b:4b:cb:71:e5:05:76:
47:91:fa:37
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUBkJRpmAmCPK9CSNiOFfQXi0UX2YwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGY3NTliNWFmM2RhNmM5ZGYwMzNiMGRlOTk4OTcwYTRl
Nzk2NTVkMDAeFw0yNTExMDcyMDIxNDVaFw0yNTEyMTIyMzU5NTlaMHoxSTBHBgNV
BAUTQGRiNmVlOWE0YzQ2MDk0NzI4YjQ5MGVlMTRmZDY2ZmI3MjQ5MTFjYmVjYzYx
M2FjYTgzODJhNzBkNDgwZDNmYWIxLTArBgNVBAMTJDk4ZDY3ZGViLWJiNzUtNGU3
Ny1iMWEwLTM2MDE2YjJkNjM1MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMiXYrvYvGxT0Y7XZtlcQHQNX0bUCep6fEK5WbuqrR4nPxMVBreoQ44EmFc9
Hlh6KRVM6rUV8oIChjAbhItBeYGfkOEV+RxcZRi2jmoiM5EyFyiNjwxGd2KAggH/
0hX6HU5SmKRJQPG77SqkqnLTVXc/VwZLJ9vmiyiBqgkX5pJUbky2kumkVB6Tv1Z2
rfeRf5iiVsVE+IGJFQs90At5f9wYUdF5sM2EuHmPFKRDg70+wacqHBkl30nJN0Fn
E+CAYF+ILM8C81vVLX6UXeCXN1aDwY0QXFHaqLad+H08mZ/URpd6g/3fdiCBnH/o
8vVBVnEJDKhJ+eDgjEAp3ckdqT0CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBRHyAUL
mMO6QA4kjILZKPjPOxLAXDAfBgNVHSMEGDAWgBTfdZta89psnfAzsN6ZiXCk55ZV
0DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzMzV2JXdlBh
Ykozd003RGVtWWx3cE9lV1ZkQS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9mZTM3MzdmYi0wOTVkLTQ0NGMtOTJmNC0zZjcyMjFmYjU0NGMv
YzQ3Mzg2ZmYtNGYxZC00ODBhLWJlNzYtY2M0ZWUxYjNhMzVmLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZmUzNzM3ZmItMDk1ZC00NDRjLTkyZjQtM2Y3MjIxZmI1
NDRjLzBYRTV0WlZ5dUdlYUFfaDctMXFCcDdhWTRTby5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGBCABP8MA
MA0GCSqGSIb3DQEBCwUAA4IBAQChnusRsmHERKa/n0C2bVMHz7uEh9M2D+XwMFbk
qvB2Jr8k2tddT6V/98vXOKpmGKZ3kSn7Utb3y+fZRjeaPJIPpydGDXPykEAambAW
/Mp4dgX+pkj3/GS6vIoWLdiWn+ym/9JOPKrOFgkwwzPO+SF1WUwOkl5qbXxJO6Wt
VViml/CV5zz0kKwMrWWwAazrfE46PPfngwYqNTmGCbKiguQfMmKVimDaTIOryxOw
WtOmpu0WwOSKj9PfvDTqCqsuO9YE+1NzRfjwWq1Xs6Nyjo3ZSxa5RdoHB1WCF65Y
eAonfRZIRgotUl9I/CvJWQdcsXBzK5QqN5tLy3HlBXZHkfo3
-----END CERTIFICATE-----
Generated at Tue Nov 11 13:55:04 2025 by rpki-client