Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/d203f3b7-b0ac-4a90-8d89-cbcf13c69e19.roa
File: d203f3b7-b0ac-4a90-8d89-cbcf13c69e19.roa (raw, json)
Hash identifier: EiwrlBVIrM1+rcRoQp47t3jyy4KpFtT+V99NSoS0mqY=
Subject key identifier: 8A:C8:09:41:49:19:27:17:EB:E6:5D:EE:DE:56:65:95:CB:16:3A:48
Certificate issuer: /CN=df759b5af3da6c9df033b0de998970a4e79655d0
Certificate serial: 7355734D1F49163686BE060685A6DC7BFDBEE578
Authority key identifier: DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/d203f3b7-b0ac-4a90-8d89-cbcf13c69e19.roa
Signing time: Fri 07 Nov 2025 20:36:59 +0000
ROA not before: Fri 07 Nov 2025 20:36:59 +0000
ROA not after: Fri 12 Dec 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2001:3fc3:a000::/36 maxlen: 36
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.mft
rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 12 Nov 2025 09:00:37 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
73:55:73:4d:1f:49:16:36:86:be:06:06:85:a6:dc:7b:fd:be:e5:78
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=df759b5af3da6c9df033b0de998970a4e79655d0
Validity
Not Before: Nov 7 20:36:59 2025 GMT
Not After : Dec 12 23:59:59 2025 GMT
Subject: serialNumber=08dff3a709d92005a8312c703320aca5e70d3fb2f4296d0825b55579063c2e88, CN=98d67deb-bb75-4e77-b1a0-36016b2d6350
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ae:c0:22:c4:90:5a:e9:98:c0:09:8d:8d:d9:94:
ca:cc:74:d8:d9:11:4c:2c:54:8f:0e:54:16:09:49:
0b:3f:2a:10:5e:d0:31:de:d9:fd:27:01:f3:44:d8:
b3:b5:41:66:10:35:b4:94:78:5f:bb:39:43:13:29:
11:f7:35:83:ce:b7:9e:5f:89:e7:8f:f4:06:bd:00:
1b:c9:7f:17:d5:e2:fe:9e:10:fd:20:53:b4:80:2e:
8f:f0:0b:1d:32:e5:d8:b6:91:d2:1b:7e:35:0f:72:
4e:80:57:c3:fb:18:bb:00:38:31:b3:f0:ba:b4:67:
70:35:b6:d8:61:53:79:c5:b9:af:a8:68:db:e3:05:
5d:dd:bd:24:08:bb:c0:7f:d7:1b:61:7a:e3:b6:b5:
d8:aa:2c:87:47:74:1e:ce:fa:a0:a2:b3:74:01:00:
21:cc:80:41:d1:cf:90:1d:b5:e0:32:4a:1d:a4:bc:
26:96:92:99:a1:9d:f8:24:81:88:86:db:2b:ad:fe:
44:3e:f9:18:16:d9:a3:3f:91:0e:e4:b4:d4:e2:55:
cc:99:55:1a:e3:39:97:29:34:49:7a:27:8e:0c:6c:
a3:61:fb:d9:d6:67:29:84:a7:f7:72:49:ff:37:85:
82:f7:44:5c:2b:3a:23:a9:28:54:14:6e:31:38:19:
50:4f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8A:C8:09:41:49:19:27:17:EB:E6:5D:EE:DE:56:65:95:CB:16:3A:48
X509v3 Authority Key Identifier:
keyid:DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/d203f3b7-b0ac-4a90-8d89-cbcf13c69e19.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:3fc3:a000::/36
Signature Algorithm: sha256WithRSAEncryption
90:ad:aa:e2:73:41:c2:3f:83:71:cc:43:35:26:31:78:d0:20:
22:01:e9:0e:cc:7d:3e:69:b7:30:e1:33:3c:88:03:ba:f9:5b:
eb:81:70:95:67:3f:d3:5c:8a:a8:f8:4f:8f:20:41:21:67:76:
54:c2:41:ba:d6:3c:ad:1d:09:d5:df:09:64:3a:42:44:e0:f5:
b0:5b:8e:11:dc:fc:60:cc:b0:36:b9:e6:dd:a8:cd:fb:e5:bc:
d3:0a:99:ff:0b:5f:59:d6:6d:2d:10:3d:6b:6b:1c:a5:de:98:
f3:65:29:3f:6e:99:54:c8:97:c9:38:41:16:38:4b:7b:5c:1b:
97:47:e1:25:43:7c:8f:06:ff:cb:dc:a0:76:9a:05:ac:77:9c:
2c:f3:6a:3e:05:5f:ed:ed:66:f2:85:1b:34:4a:99:1f:d0:80:
b9:82:fa:a9:c6:80:56:9c:a3:c0:e2:63:99:28:f7:9e:96:e2:
2c:c7:be:b9:42:45:c6:a6:2d:dd:1f:f2:2b:b3:96:d7:3d:24:
2d:a4:27:eb:45:ba:9e:af:f3:e8:c0:1d:1d:f0:3c:9e:6d:18:
1c:20:be:fa:67:9f:8b:3a:03:d1:80:41:8b:db:42:de:80:b5:
15:34:c7:8d:85:7a:58:fa:82:1a:85:4c:cc:7e:e4:fc:ce:d7:
c0:36:35:6b
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUc1VzTR9JFjaGvgYGhabce/2+5XgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGY3NTliNWFmM2RhNmM5ZGYwMzNiMGRlOTk4OTcwYTRl
Nzk2NTVkMDAeFw0yNTExMDcyMDM2NTlaFw0yNTEyMTIyMzU5NTlaMHoxSTBHBgNV
BAUTQDA4ZGZmM2E3MDlkOTIwMDVhODMxMmM3MDMzMjBhY2E1ZTcwZDNmYjJmNDI5
NmQwODI1YjU1NTc5MDYzYzJlODgxLTArBgNVBAMTJDk4ZDY3ZGViLWJiNzUtNGU3
Ny1iMWEwLTM2MDE2YjJkNjM1MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAK7AIsSQWumYwAmNjdmUysx02NkRTCxUjw5UFglJCz8qEF7QMd7Z/ScB80TY
s7VBZhA1tJR4X7s5QxMpEfc1g863nl+J54/0Br0AG8l/F9Xi/p4Q/SBTtIAuj/AL
HTLl2LaR0ht+NQ9yToBXw/sYuwA4MbPwurRncDW22GFTecW5r6ho2+MFXd29JAi7
wH/XG2F647a12Kosh0d0Hs76oKKzdAEAIcyAQdHPkB214DJKHaS8JpaSmaGd+CSB
iIbbK63+RD75GBbZoz+RDuS01OJVzJlVGuM5lyk0SXonjgxso2H72dZnKYSn93JJ
/zeFgvdEXCs6I6koVBRuMTgZUE8CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBSKyAlB
SRknF+vmXe7eVmWVyxY6SDAfBgNVHSMEGDAWgBTfdZta89psnfAzsN6ZiXCk55ZV
0DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzMzV2JXdlBh
Ykozd003RGVtWWx3cE9lV1ZkQS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9mZTM3MzdmYi0wOTVkLTQ0NGMtOTJmNC0zZjcyMjFmYjU0NGMv
ZDIwM2YzYjctYjBhYy00YTkwLThkODktY2JjZjEzYzY5ZTE5LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZmUzNzM3ZmItMDk1ZC00NDRjLTkyZjQtM2Y3MjIxZmI1
NDRjLzBYRTV0WlZ5dUdlYUFfaDctMXFCcDdhWTRTby5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGBCABP8Og
MA0GCSqGSIb3DQEBCwUAA4IBAQCQraric0HCP4NxzEM1JjF40CAiAekOzH0+abcw
4TM8iAO6+VvrgXCVZz/TXIqo+E+PIEEhZ3ZUwkG61jytHQnV3wlkOkJE4PWwW44R
3PxgzLA2uebdqM375bzTCpn/C19Z1m0tED1raxyl3pjzZSk/bplUyJfJOEEWOEt7
XBuXR+ElQ3yPBv/L3KB2mgWsd5ws82o+BV/t7WbyhRs0Spkf0IC5gvqpxoBWnKPA
4mOZKPeeluIsx765QkXGpi3dH/Irs5bXPSQtpCfrRbqer/PowB0d8DyebRgcIL76
Z5+LOgPRgEGL20LegLUVNMeNhXpY+oIahUzMfuT8ztfANjVr
-----END CERTIFICATE-----
Generated at Tue Nov 11 13:55:03 2025 by rpki-client