Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/d3861b82-61e2-49b9-b47f-b22209774f28.roa
File: d3861b82-61e2-49b9-b47f-b22209774f28.roa (raw, json)
Hash identifier: jPdg5XcU8ZaurUFRWeGZJWHvhqCQO1I5Al12v78dylw=
Subject key identifier: 60:36:BC:E4:DB:9E:A1:9C:48:9C:B6:04:2A:05:DB:D4:63:DA:69:E4
Certificate issuer: /CN=df759b5af3da6c9df033b0de998970a4e79655d0
Certificate serial: 0106614B7AC5C6F0FF1BA647CEC775B5B477DCE5
Authority key identifier: DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/d3861b82-61e2-49b9-b47f-b22209774f28.roa
Signing time: Fri 07 Nov 2025 20:36:54 +0000
ROA not before: Fri 07 Nov 2025 20:36:54 +0000
ROA not after: Fri 12 Dec 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2001:3fc7:f800::/40 maxlen: 40
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.mft
rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 12 Nov 2025 09:00:37 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:06:61:4b:7a:c5:c6:f0:ff:1b:a6:47:ce:c7:75:b5:b4:77:dc:e5
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=df759b5af3da6c9df033b0de998970a4e79655d0
Validity
Not Before: Nov 7 20:36:54 2025 GMT
Not After : Dec 12 23:59:59 2025 GMT
Subject: serialNumber=61307cca997b7963df468ffacb2888b543453fd8834df3edd4571396dd4c8568, CN=98d67deb-bb75-4e77-b1a0-36016b2d6350
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ac:af:61:78:71:97:88:9f:b9:dc:53:66:36:ac:
d5:6d:8f:7f:58:b5:e4:ec:d0:48:64:44:30:24:cf:
46:46:42:99:cb:11:11:3a:97:ff:79:6c:c6:aa:c5:
5d:d3:ce:35:67:23:9b:3f:85:98:36:00:48:98:54:
8f:3e:d5:91:ea:b1:45:41:5d:d4:33:97:b1:d2:57:
fe:bf:f6:c4:58:b4:2b:c6:1b:10:80:a6:bd:c5:eb:
ac:65:18:65:45:96:ff:b7:52:d3:39:f3:35:aa:a5:
41:6b:2d:29:82:63:81:f6:00:93:4b:12:48:06:a6:
42:e2:0f:b3:62:ed:5c:c6:cb:71:a9:55:93:c7:09:
d0:96:25:4a:07:60:36:83:05:b7:dd:95:8a:17:31:
60:49:61:d6:21:49:ec:5e:a5:5b:81:7e:c8:b5:55:
d5:a9:4b:67:c6:77:76:5d:f0:2a:bd:93:91:16:f4:
4d:09:72:34:f4:07:b6:7a:36:6f:e3:62:1f:6d:e7:
0c:c1:c2:d0:27:31:25:31:73:4d:30:2c:fb:be:17:
a9:d6:7d:4d:1b:c4:9c:12:85:d6:8e:02:3a:55:67:
3d:98:83:a3:7d:a1:20:d1:72:44:dc:f4:58:d7:2a:
b3:87:c0:48:2b:74:de:6b:d7:e7:d3:72:da:8b:20:
d9:2b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
60:36:BC:E4:DB:9E:A1:9C:48:9C:B6:04:2A:05:DB:D4:63:DA:69:E4
X509v3 Authority Key Identifier:
keyid:DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/d3861b82-61e2-49b9-b47f-b22209774f28.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:3fc7:f800::/40
Signature Algorithm: sha256WithRSAEncryption
38:20:38:5d:b1:56:4e:e6:43:0a:fb:df:87:f1:71:90:c9:b9:
76:8d:bc:3e:bf:93:c7:4e:d7:48:1b:da:9a:6c:e0:91:4f:dd:
a4:59:47:75:8d:2a:32:ba:fd:be:0b:ee:6d:f1:9b:27:57:63:
b7:63:28:b2:0a:1f:39:a0:0f:dc:be:8c:aa:7e:fe:8e:7c:fe:
3e:72:70:2c:01:a9:3e:6b:34:37:3b:fb:42:cc:c8:75:bf:45:
f4:85:00:17:da:2a:82:05:cb:a5:e2:56:23:8e:c9:df:d5:e3:
d8:b8:8a:d9:d4:f5:4c:27:b4:1b:a0:b8:48:71:36:9a:4e:89:
3d:1b:36:12:cd:d8:61:a2:11:d5:8e:ec:74:b8:e2:fd:c3:6d:
e2:74:20:aa:40:1a:bd:0a:90:ca:19:8f:9c:02:06:0f:7f:46:
98:c9:d3:6b:f8:a5:30:f1:25:de:04:3a:07:9e:8f:ce:f8:e1:
b3:41:dc:44:06:2e:f5:61:69:ed:da:98:e2:55:f3:32:68:ba:
6d:29:fa:3a:5b:28:c3:61:78:3c:ea:e3:dc:e0:f6:f0:54:c8:
c4:42:25:87:e3:21:0a:5e:f3:cc:41:8d:70:fe:b6:8e:a7:a6:
f7:4f:5e:13:a3:04:12:c8:b5:bc:55:e7:8e:88:e6:cf:07:2a:
94:fb:14:0f
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUAQZhS3rFxvD/G6ZHzsd1tbR33OUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGY3NTliNWFmM2RhNmM5ZGYwMzNiMGRlOTk4OTcwYTRl
Nzk2NTVkMDAeFw0yNTExMDcyMDM2NTRaFw0yNTEyMTIyMzU5NTlaMHoxSTBHBgNV
BAUTQDYxMzA3Y2NhOTk3Yjc5NjNkZjQ2OGZmYWNiMjg4OGI1NDM0NTNmZDg4MzRk
ZjNlZGQ0NTcxMzk2ZGQ0Yzg1NjgxLTArBgNVBAMTJDk4ZDY3ZGViLWJiNzUtNGU3
Ny1iMWEwLTM2MDE2YjJkNjM1MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKyvYXhxl4ifudxTZjas1W2Pf1i15OzQSGREMCTPRkZCmcsRETqX/3lsxqrF
XdPONWcjmz+FmDYASJhUjz7VkeqxRUFd1DOXsdJX/r/2xFi0K8YbEICmvcXrrGUY
ZUWW/7dS0znzNaqlQWstKYJjgfYAk0sSSAamQuIPs2LtXMbLcalVk8cJ0JYlSgdg
NoMFt92VihcxYElh1iFJ7F6lW4F+yLVV1alLZ8Z3dl3wKr2TkRb0TQlyNPQHtno2
b+NiH23nDMHC0CcxJTFzTTAs+74XqdZ9TRvEnBKF1o4COlVnPZiDo32hINFyRNz0
WNcqs4fASCt03mvX59Ny2osg2SsCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBRgNrzk
256hnEictgQqBdvUY9pp5DAfBgNVHSMEGDAWgBTfdZta89psnfAzsN6ZiXCk55ZV
0DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzMzV2JXdlBh
Ykozd003RGVtWWx3cE9lV1ZkQS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9mZTM3MzdmYi0wOTVkLTQ0NGMtOTJmNC0zZjcyMjFmYjU0NGMv
ZDM4NjFiODItNjFlMi00OWI5LWI0N2YtYjIyMjA5Nzc0ZjI4LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZmUzNzM3ZmItMDk1ZC00NDRjLTkyZjQtM2Y3MjIxZmI1
NDRjLzBYRTV0WlZ5dUdlYUFfaDctMXFCcDdhWTRTby5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACABP8f4
MA0GCSqGSIb3DQEBCwUAA4IBAQA4IDhdsVZO5kMK+9+H8XGQybl2jbw+v5PHTtdI
G9qabOCRT92kWUd1jSoyuv2+C+5t8ZsnV2O3YyiyCh85oA/cvoyqfv6OfP4+cnAs
Aak+azQ3O/tCzMh1v0X0hQAX2iqCBcul4lYjjsnf1ePYuIrZ1PVMJ7QboLhIcTaa
Tok9GzYSzdhhohHVjux0uOL9w23idCCqQBq9CpDKGY+cAgYPf0aYydNr+KUw8SXe
BDoHno/O+OGzQdxEBi71YWnt2pjiVfMyaLptKfo6WyjDYXg86uPc4PbwVMjEQiWH
4yEKXvPMQY1w/raOp6b3T14TowQSyLW8VeeOiObPByqU+xQP
-----END CERTIFICATE-----
Generated at Tue Nov 11 13:55:08 2025 by rpki-client