Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/c5a8891f-2cfd-49db-84c7-7a149ce6f868.roa
File: c5a8891f-2cfd-49db-84c7-7a149ce6f868.roa (raw, json)
Hash identifier: FM8h0xCpEPC3L7OK9t1S65KqRMFSc4JqsA/ds4L0ZKM=
Subject key identifier: FB:B3:A2:84:62:E4:79:FD:6B:CD:5A:58:84:CE:3B:4B:3E:D9:72:A4
Certificate issuer: /CN=df759b5af3da6c9df033b0de998970a4e79655d0
Certificate serial: 43B3E4C37DF5D008172612CAA5616E72C8210FDB
Authority key identifier: DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/c5a8891f-2cfd-49db-84c7-7a149ce6f868.roa
Signing time: Fri 07 Nov 2025 20:21:50 +0000
ROA not before: Fri 07 Nov 2025 20:21:50 +0000
ROA not after: Fri 12 Dec 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2001:3fc7::/36 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.mft
rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 12 Nov 2025 09:00:37 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
43:b3:e4:c3:7d:f5:d0:08:17:26:12:ca:a5:61:6e:72:c8:21:0f:db
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=df759b5af3da6c9df033b0de998970a4e79655d0
Validity
Not Before: Nov 7 20:21:50 2025 GMT
Not After : Dec 12 23:59:59 2025 GMT
Subject: serialNumber=84bea55c7af800ef68affd517b4f72bce6573e0be4880bd2c9bb6fe1066ac11c, CN=98d67deb-bb75-4e77-b1a0-36016b2d6350
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9f:81:d6:f1:eb:66:1a:9a:10:39:1b:c9:50:39:
cf:2a:74:e3:76:b6:10:76:1d:59:55:24:91:13:b6:
ad:26:df:e2:a6:55:3c:f2:3c:65:fd:f7:25:89:d7:
52:a1:fc:ac:9f:79:45:b0:fd:f1:e1:41:6e:a2:d9:
41:90:cc:b2:7f:b4:9c:09:87:8a:b3:9d:ce:e9:b4:
a6:12:b0:7a:36:8d:17:ce:f3:5a:b6:db:be:c6:48:
71:f7:ae:06:5b:09:98:c9:3d:66:5c:6a:f4:da:da:
bc:fc:04:42:b7:3e:7e:2b:5c:fe:81:f4:5a:e4:01:
fb:6d:4b:62:f9:7b:ec:f3:d6:6a:8a:62:6c:42:ec:
fb:cb:97:20:8b:72:62:87:37:0f:66:f1:37:36:d3:
e8:2b:c5:a8:df:c5:01:e0:e0:8a:92:4c:4e:ab:42:
42:c3:50:91:09:bf:b4:0e:4a:6d:40:26:a7:d9:09:
dc:52:14:d0:25:4d:b5:77:dc:c7:b1:1c:21:41:25:
75:c9:ad:e5:89:68:c4:a0:76:bc:9f:6c:fe:47:4c:
5a:5d:da:f3:1f:4d:10:1c:29:fb:8c:68:fe:32:a9:
8b:2c:e5:fe:e7:33:e5:58:ff:34:e3:27:6e:27:cf:
64:50:67:d8:c6:b9:f9:ed:04:dd:a3:1e:15:c5:52:
2d:cb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FB:B3:A2:84:62:E4:79:FD:6B:CD:5A:58:84:CE:3B:4B:3E:D9:72:A4
X509v3 Authority Key Identifier:
keyid:DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/c5a8891f-2cfd-49db-84c7-7a149ce6f868.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:3fc7::/36
Signature Algorithm: sha256WithRSAEncryption
6b:3b:fc:ed:d8:6c:31:69:85:5c:15:35:48:ee:de:b1:dc:1e:
7d:f2:2c:67:83:bb:30:f8:3c:4d:e2:86:58:36:32:93:f8:46:
f8:56:7c:61:09:09:3a:cd:0c:e8:6b:50:69:23:d3:b4:32:2b:
71:91:95:db:d4:10:a1:a2:23:22:43:9a:81:7f:e6:3a:9a:4b:
1f:f8:10:91:51:9b:dc:b0:bc:33:6d:d6:f9:69:9c:47:80:a9:
0a:4c:c1:20:2e:e2:25:ff:1d:7a:20:c7:ca:42:93:68:a2:0d:
d1:2c:fa:1c:09:25:d1:5e:fb:ad:71:32:12:a0:73:e5:c7:10:
03:67:60:b6:1e:39:8b:03:ee:92:4d:6d:8e:b5:98:0e:14:fb:
97:b4:c0:b8:cd:4a:e3:19:4e:30:73:29:c8:1e:b6:a1:ae:87:
5f:3d:f9:7e:25:14:96:fe:11:82:3d:45:40:17:ec:ea:62:b7:
47:4e:21:90:c5:ee:f0:7d:61:4e:0d:70:17:a3:8e:0c:ad:e3:
ce:7a:e5:a2:95:88:cd:f9:0f:16:f5:46:30:1f:a7:9b:d7:0e:
4b:4a:50:14:4b:f0:4c:4d:ad:40:33:aa:98:e0:5a:11:c1:c6:
1a:57:84:e3:47:eb:d4:8f:44:42:36:da:3a:cb:86:60:c0:75:
99:f9:e2:8f
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUQ7Pkw3310AgXJhLKpWFucsghD9swDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGY3NTliNWFmM2RhNmM5ZGYwMzNiMGRlOTk4OTcwYTRl
Nzk2NTVkMDAeFw0yNTExMDcyMDIxNTBaFw0yNTEyMTIyMzU5NTlaMHoxSTBHBgNV
BAUTQDg0YmVhNTVjN2FmODAwZWY2OGFmZmQ1MTdiNGY3MmJjZTY1NzNlMGJlNDg4
MGJkMmM5YmI2ZmUxMDY2YWMxMWMxLTArBgNVBAMTJDk4ZDY3ZGViLWJiNzUtNGU3
Ny1iMWEwLTM2MDE2YjJkNjM1MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJ+B1vHrZhqaEDkbyVA5zyp043a2EHYdWVUkkRO2rSbf4qZVPPI8Zf33JYnX
UqH8rJ95RbD98eFBbqLZQZDMsn+0nAmHirOdzum0phKwejaNF87zWrbbvsZIcfeu
BlsJmMk9Zlxq9NravPwEQrc+fitc/oH0WuQB+21LYvl77PPWaopibELs+8uXIIty
Yoc3D2bxNzbT6CvFqN/FAeDgipJMTqtCQsNQkQm/tA5KbUAmp9kJ3FIU0CVNtXfc
x7EcIUEldcmt5YloxKB2vJ9s/kdMWl3a8x9NEBwp+4xo/jKpiyzl/ucz5Vj/NOMn
bifPZFBn2Ma5+e0E3aMeFcVSLcsCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBT7s6KE
YuR5/WvNWliEzjtLPtlypDAfBgNVHSMEGDAWgBTfdZta89psnfAzsN6ZiXCk55ZV
0DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzMzV2JXdlBh
Ykozd003RGVtWWx3cE9lV1ZkQS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9mZTM3MzdmYi0wOTVkLTQ0NGMtOTJmNC0zZjcyMjFmYjU0NGMv
YzVhODg5MWYtMmNmZC00OWRiLTg0YzctN2ExNDljZTZmODY4LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZmUzNzM3ZmItMDk1ZC00NDRjLTkyZjQtM2Y3MjIxZmI1
NDRjLzBYRTV0WlZ5dUdlYUFfaDctMXFCcDdhWTRTby5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGBCABP8cA
MA0GCSqGSIb3DQEBCwUAA4IBAQBrO/zt2GwxaYVcFTVI7t6x3B598ixng7sw+DxN
4oZYNjKT+Eb4VnxhCQk6zQzoa1BpI9O0MitxkZXb1BChoiMiQ5qBf+Y6mksf+BCR
UZvcsLwzbdb5aZxHgKkKTMEgLuIl/x16IMfKQpNoog3RLPocCSXRXvutcTISoHPl
xxADZ2C2HjmLA+6STW2OtZgOFPuXtMC4zUrjGU4wcynIHrahrodfPfl+JRSW/hGC
PUVAF+zqYrdHTiGQxe7wfWFODXAXo44MrePOeuWilYjN+Q8W9UYwH6eb1w5LSlAU
S/BMTa1AM6qY4FoRwcYaV4TjR+vUj0RCNto6y4ZgwHWZ+eKP
-----END CERTIFICATE-----
Generated at Tue Nov 11 13:55:08 2025 by rpki-client