Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/cdf607fb-daf0-4767-b47b-4a8c3266c681.roa
File: cdf607fb-daf0-4767-b47b-4a8c3266c681.roa (raw, json)
Hash identifier: /o1EO/b9xaQUvWxYnOJ++Yr3MaZT2Q/rzW2MXAsC5xQ=
Subject key identifier: AA:9A:CE:45:9C:28:60:1A:86:0F:A4:C0:E1:F3:88:83:32:81:1B:56
Certificate issuer: /CN=df759b5af3da6c9df033b0de998970a4e79655d0
Certificate serial: 1A47783F7A3C6948800347E261CCE923960A8DE0
Authority key identifier: DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/cdf607fb-daf0-4767-b47b-4a8c3266c681.roa
Signing time: Fri 07 Nov 2025 20:36:56 +0000
ROA not before: Fri 07 Nov 2025 20:36:56 +0000
ROA not after: Fri 12 Dec 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2001:3fc1:8c00::/38 maxlen: 38
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.mft
rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 12 Nov 2025 09:00:37 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
1a:47:78:3f:7a:3c:69:48:80:03:47:e2:61:cc:e9:23:96:0a:8d:e0
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=df759b5af3da6c9df033b0de998970a4e79655d0
Validity
Not Before: Nov 7 20:36:56 2025 GMT
Not After : Dec 12 23:59:59 2025 GMT
Subject: serialNumber=c47d118ff42f743307b75746f80866869b8a8bba7c22f86d1a4959303cded9e9, CN=98d67deb-bb75-4e77-b1a0-36016b2d6350
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c6:32:38:df:36:47:19:8b:a9:32:a1:69:8f:c4:
98:43:a5:0c:a3:89:2e:dd:12:16:63:c7:40:1e:7d:
79:20:be:7f:79:40:c5:7b:03:1d:ac:7a:c4:dc:91:
60:d5:40:fe:62:b2:73:4e:71:65:26:15:ad:84:d8:
11:7a:32:8b:c8:04:32:a8:9a:b7:74:f8:83:ba:a5:
46:4f:df:8b:44:02:2a:8c:7a:e0:79:8c:1f:33:3a:
52:76:9d:48:35:17:f3:e9:fc:d7:a2:bc:46:40:3c:
39:11:c6:ae:5c:3b:4a:99:11:ec:2d:e6:2b:95:b3:
06:4c:e3:5b:f5:83:11:e7:99:7d:49:a1:86:85:2b:
48:a5:d6:90:ff:0e:02:c3:36:e7:ab:31:34:51:93:
a4:67:33:4b:20:f5:7b:b2:a2:8c:d9:6e:05:69:91:
a1:51:31:0d:f9:fd:03:1d:8e:7d:5f:57:7a:6a:47:
b9:c9:6e:d9:85:1a:91:f9:46:e5:5a:b4:1b:19:21:
9c:c7:8f:13:45:06:70:13:14:cd:ae:58:66:32:a1:
4e:09:ad:8b:66:9a:ce:fd:f3:d0:74:80:d6:38:b1:
11:f5:e4:e7:36:7d:5a:91:e1:d3:40:a4:0e:9f:90:
74:14:5a:f6:3b:da:8c:b5:b3:67:49:47:6e:18:61:
92:f7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AA:9A:CE:45:9C:28:60:1A:86:0F:A4:C0:E1:F3:88:83:32:81:1B:56
X509v3 Authority Key Identifier:
keyid:DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/cdf607fb-daf0-4767-b47b-4a8c3266c681.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:3fc1:8c00::/38
Signature Algorithm: sha256WithRSAEncryption
bc:53:76:50:11:19:2b:27:6f:e2:d7:0b:01:e6:00:43:92:da:
e5:f8:a4:94:97:1f:15:9a:88:a4:18:94:f8:57:e2:a2:c9:9f:
95:e1:54:76:f1:d4:24:12:d6:aa:e3:55:c3:38:31:d0:44:e1:
4f:17:89:d4:90:08:9a:48:5f:1f:a7:0a:c5:d8:fe:c0:da:a9:
5f:ad:da:ae:4f:2f:a8:2a:94:26:59:a8:49:3b:e3:c1:9f:82:
d1:e9:d5:0e:2c:91:51:44:cd:18:66:7b:7e:2b:3f:5b:8f:35:
38:8e:00:5d:08:37:68:84:5c:1c:bc:e0:4f:58:25:5f:87:c4:
eb:ee:69:e1:77:29:6b:43:84:f8:cf:79:0b:d7:98:c7:c6:f2:
b4:c0:cb:f1:1d:a6:c7:91:48:93:47:3c:06:90:bf:d6:94:31:
22:ed:84:58:bf:ea:57:a1:6b:eb:11:17:11:4d:82:32:5f:d7:
66:d5:0a:0e:4d:2a:51:7c:0b:5f:35:d6:88:49:c4:e4:1f:d7:
0d:19:8b:7d:f7:6e:08:3c:d2:0d:be:30:13:08:a4:db:97:88:
27:7d:08:df:39:9c:b5:a1:af:d3:70:0f:2d:9b:ef:13:9d:95:
8e:14:ae:45:d1:80:4b:20:8d:c3:0e:18:77:07:b5:4e:a3:ae:
ac:de:f9:10
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUGkd4P3o8aUiAA0fiYczpI5YKjeAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGY3NTliNWFmM2RhNmM5ZGYwMzNiMGRlOTk4OTcwYTRl
Nzk2NTVkMDAeFw0yNTExMDcyMDM2NTZaFw0yNTEyMTIyMzU5NTlaMHoxSTBHBgNV
BAUTQGM0N2QxMThmZjQyZjc0MzMwN2I3NTc0NmY4MDg2Njg2OWI4YThiYmE3YzIy
Zjg2ZDFhNDk1OTMwM2NkZWQ5ZTkxLTArBgNVBAMTJDk4ZDY3ZGViLWJiNzUtNGU3
Ny1iMWEwLTM2MDE2YjJkNjM1MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMYyON82RxmLqTKhaY/EmEOlDKOJLt0SFmPHQB59eSC+f3lAxXsDHax6xNyR
YNVA/mKyc05xZSYVrYTYEXoyi8gEMqiat3T4g7qlRk/fi0QCKox64HmMHzM6Unad
SDUX8+n816K8RkA8ORHGrlw7SpkR7C3mK5WzBkzjW/WDEeeZfUmhhoUrSKXWkP8O
AsM256sxNFGTpGczSyD1e7KijNluBWmRoVExDfn9Ax2OfV9XempHuclu2YUakflG
5Vq0GxkhnMePE0UGcBMUza5YZjKhTgmti2aazv3z0HSA1jixEfXk5zZ9WpHh00Ck
Dp+QdBRa9jvajLWzZ0lHbhhhkvcCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBSqms5F
nChgGoYPpMDh84iDMoEbVjAfBgNVHSMEGDAWgBTfdZta89psnfAzsN6ZiXCk55ZV
0DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzMzV2JXdlBh
Ykozd003RGVtWWx3cE9lV1ZkQS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9mZTM3MzdmYi0wOTVkLTQ0NGMtOTJmNC0zZjcyMjFmYjU0NGMv
Y2RmNjA3ZmItZGFmMC00NzY3LWI0N2ItNGE4YzMyNjZjNjgxLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZmUzNzM3ZmItMDk1ZC00NDRjLTkyZjQtM2Y3MjIxZmI1
NDRjLzBYRTV0WlZ5dUdlYUFfaDctMXFCcDdhWTRTby5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGAiABP8GM
MA0GCSqGSIb3DQEBCwUAA4IBAQC8U3ZQERkrJ2/i1wsB5gBDktrl+KSUlx8Vmoik
GJT4V+KiyZ+V4VR28dQkEtaq41XDODHQROFPF4nUkAiaSF8fpwrF2P7A2qlfrdqu
Ty+oKpQmWahJO+PBn4LR6dUOLJFRRM0YZnt+Kz9bjzU4jgBdCDdohFwcvOBPWCVf
h8Tr7mnhdylrQ4T4z3kL15jHxvK0wMvxHabHkUiTRzwGkL/WlDEi7YRYv+pXoWvr
ERcRTYIyX9dm1QoOTSpRfAtfNdaIScTkH9cNGYt9924IPNINvjATCKTbl4gnfQjf
OZy1oa/TcA8tm+8TnZWOFK5F0YBLII3DDhh3B7VOo66s3vkQ
-----END CERTIFICATE-----
Generated at Tue Nov 11 13:55:07 2025 by rpki-client