Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/d5d13f03-51e3-4e02-981f-1c9a02e38524.roa
File: d5d13f03-51e3-4e02-981f-1c9a02e38524.roa (raw, json)
Hash identifier: QvYEWev62OWXprCyILk5u5da5ikSdFfHpXH/anJ57kk=
Subject key identifier: BA:7A:D7:CB:BC:0C:D2:C8:A1:E7:9B:38:35:76:F0:F8:EF:5F:5D:E2
Certificate issuer: /CN=df759b5af3da6c9df033b0de998970a4e79655d0
Certificate serial: 3D47D9C7446A8521A7F8E598FE58D09AB1E0C185
Authority key identifier: DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/d5d13f03-51e3-4e02-981f-1c9a02e38524.roa
Signing time: Fri 07 Nov 2025 20:38:17 +0000
ROA not before: Fri 07 Nov 2025 20:38:17 +0000
ROA not after: Fri 12 Dec 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2001:3fc7:5000::/36 maxlen: 36
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.mft
rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 12 Nov 2025 09:00:37 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
3d:47:d9:c7:44:6a:85:21:a7:f8:e5:98:fe:58:d0:9a:b1:e0:c1:85
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=df759b5af3da6c9df033b0de998970a4e79655d0
Validity
Not Before: Nov 7 20:38:17 2025 GMT
Not After : Dec 12 23:59:59 2025 GMT
Subject: serialNumber=41864c203df8d8d6936fc7df724f5537f22bbb6c2044e7030c0c678ed6497869, CN=98d67deb-bb75-4e77-b1a0-36016b2d6350
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cd:52:ba:ea:b0:75:45:92:44:01:75:a9:f9:ad:
b9:a5:22:cf:0d:b3:7a:a0:04:d5:ff:46:76:1e:8d:
47:d3:8b:8b:bc:34:d8:84:ed:cb:14:03:3c:ef:3f:
31:20:35:c9:bf:87:a0:71:b6:a7:25:e0:42:60:92:
e3:c5:cb:e6:90:e4:d6:46:d0:3d:1d:eb:c5:59:0a:
47:1b:f4:72:94:88:ad:06:5e:95:3a:30:3e:a3:f9:
a6:f7:33:f3:f7:d4:53:56:1f:a3:ac:ed:d7:77:09:
6a:88:b1:5d:72:9f:eb:ff:c9:7a:14:b7:c5:cd:63:
44:42:02:3a:a3:16:a0:64:c4:aa:59:48:9b:2e:13:
ac:db:af:55:ee:1d:49:14:64:f3:cc:82:92:2d:f1:
4a:44:ab:f8:d4:06:e4:96:06:3e:55:73:ba:8e:d8:
b5:50:a5:08:35:ae:15:1e:92:4b:e2:44:70:58:1c:
e9:8f:93:5e:7b:f3:17:b5:d5:86:8d:ff:5c:3b:1a:
49:9c:52:c8:e3:0c:94:fc:14:30:e6:9f:af:b8:49:
00:f2:4d:b1:14:cc:48:2f:75:2f:18:42:7d:4a:96:
52:aa:3f:fe:16:c2:34:85:8e:89:ae:0e:2c:d8:e9:
fb:38:f6:61:db:6a:e3:9d:d0:e3:83:e8:e8:30:90:
ab:51
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BA:7A:D7:CB:BC:0C:D2:C8:A1:E7:9B:38:35:76:F0:F8:EF:5F:5D:E2
X509v3 Authority Key Identifier:
keyid:DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/d5d13f03-51e3-4e02-981f-1c9a02e38524.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:3fc7:5000::/36
Signature Algorithm: sha256WithRSAEncryption
cb:39:2d:d9:7e:78:b5:2e:c8:b8:9b:ab:26:50:2c:3c:79:27:
1b:06:9f:0b:a1:6e:af:fb:e3:f5:b1:5d:ff:da:98:e7:79:3b:
60:65:aa:3e:7f:27:f9:fd:fe:e0:93:0c:eb:ed:27:23:19:8b:
30:56:3f:d7:94:45:02:d4:a6:12:85:ae:64:1c:4c:8d:aa:e3:
d3:28:ec:36:09:72:ff:51:3b:7e:55:fe:3e:ab:9f:c2:00:9c:
35:e9:13:f4:4b:d3:c8:39:e7:99:7d:1f:68:d2:a7:34:9d:73:
06:28:d2:51:b7:01:ff:b6:55:04:af:ec:cb:5d:3d:2d:7a:cc:
1c:df:bc:9c:79:fb:a1:c5:d8:50:f8:b9:cc:98:04:6e:ea:73:
3c:8d:69:54:f3:d7:b4:8c:3e:aa:7d:a9:71:62:31:8d:a3:e8:
91:17:3b:0d:17:11:f6:12:fe:58:a2:ea:28:35:f4:d5:37:a2:
38:60:90:3a:7a:5e:11:57:ad:0c:78:23:5a:86:70:7a:1c:c7:
14:c3:9d:19:2d:66:72:21:fa:dc:fa:d0:aa:53:d7:08:0c:a1:
98:9c:ec:47:cc:ae:ce:94:62:39:b5:40:54:c4:91:97:e8:82:
98:40:5b:fd:f4:1e:7b:16:99:7a:ac:01:87:f4:8e:0d:f3:9a:
ae:cb:ff:11
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUPUfZx0RqhSGn+OWY/ljQmrHgwYUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGY3NTliNWFmM2RhNmM5ZGYwMzNiMGRlOTk4OTcwYTRl
Nzk2NTVkMDAeFw0yNTExMDcyMDM4MTdaFw0yNTEyMTIyMzU5NTlaMHoxSTBHBgNV
BAUTQDQxODY0YzIwM2RmOGQ4ZDY5MzZmYzdkZjcyNGY1NTM3ZjIyYmJiNmMyMDQ0
ZTcwMzBjMGM2NzhlZDY0OTc4NjkxLTArBgNVBAMTJDk4ZDY3ZGViLWJiNzUtNGU3
Ny1iMWEwLTM2MDE2YjJkNjM1MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAM1SuuqwdUWSRAF1qfmtuaUizw2zeqAE1f9Gdh6NR9OLi7w02ITtyxQDPO8/
MSA1yb+HoHG2pyXgQmCS48XL5pDk1kbQPR3rxVkKRxv0cpSIrQZelTowPqP5pvcz
8/fUU1Yfo6zt13cJaoixXXKf6//JehS3xc1jREICOqMWoGTEqllImy4TrNuvVe4d
SRRk88yCki3xSkSr+NQG5JYGPlVzuo7YtVClCDWuFR6SS+JEcFgc6Y+TXnvzF7XV
ho3/XDsaSZxSyOMMlPwUMOafr7hJAPJNsRTMSC91LxhCfUqWUqo//hbCNIWOia4O
LNjp+zj2Ydtq453Q44Po6DCQq1ECAwEAAaOCAiMwggIfMB0GA1UdDgQWBBS6etfL
vAzSyKHnmzg1dvD4719d4jAfBgNVHSMEGDAWgBTfdZta89psnfAzsN6ZiXCk55ZV
0DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzMzV2JXdlBh
Ykozd003RGVtWWx3cE9lV1ZkQS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9mZTM3MzdmYi0wOTVkLTQ0NGMtOTJmNC0zZjcyMjFmYjU0NGMv
ZDVkMTNmMDMtNTFlMy00ZTAyLTk4MWYtMWM5YTAyZTM4NTI0LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZmUzNzM3ZmItMDk1ZC00NDRjLTkyZjQtM2Y3MjIxZmI1
NDRjLzBYRTV0WlZ5dUdlYUFfaDctMXFCcDdhWTRTby5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGBCABP8dQ
MA0GCSqGSIb3DQEBCwUAA4IBAQDLOS3Zfni1Lsi4m6smUCw8eScbBp8LoW6v++P1
sV3/2pjneTtgZao+fyf5/f7gkwzr7ScjGYswVj/XlEUC1KYSha5kHEyNquPTKOw2
CXL/UTt+Vf4+q5/CAJw16RP0S9PIOeeZfR9o0qc0nXMGKNJRtwH/tlUEr+zLXT0t
eswc37ycefuhxdhQ+LnMmARu6nM8jWlU89e0jD6qfalxYjGNo+iRFzsNFxH2Ev5Y
ouooNfTVN6I4YJA6el4RV60MeCNahnB6HMcUw50ZLWZyIfrc+tCqU9cIDKGYnOxH
zK7OlGI5tUBUxJGX6IKYQFv99B57Fpl6rAGH9I4N85quy/8R
-----END CERTIFICATE-----
Generated at Tue Nov 11 13:55:07 2025 by rpki-client