Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/fda00aef-6886-4665-94fd-a76addf441b7.roa
File: fda00aef-6886-4665-94fd-a76addf441b7.roa (raw, json)
Hash identifier: a2stt6tVwi6nkmlHG2/UesR66lpyZthHxIYb25weumE=
Subject key identifier: 4E:4A:6F:E4:8A:8A:21:65:58:81:4A:CA:FC:85:98:FC:F5:FE:52:D1
Certificate issuer: /CN=df759b5af3da6c9df033b0de998970a4e79655d0
Certificate serial: 09351BC3BBDBFEEB4CCBF509A4927BAE8F32B33A
Authority key identifier: DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/fda00aef-6886-4665-94fd-a76addf441b7.roa
Signing time: Fri 07 Nov 2025 20:36:58 +0000
ROA not before: Fri 07 Nov 2025 20:36:58 +0000
ROA not after: Fri 12 Dec 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2001:3fc3:8000::/36 maxlen: 36
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.mft
rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 12 Nov 2025 09:00:37 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
09:35:1b:c3:bb:db:fe:eb:4c:cb:f5:09:a4:92:7b:ae:8f:32:b3:3a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=df759b5af3da6c9df033b0de998970a4e79655d0
Validity
Not Before: Nov 7 20:36:58 2025 GMT
Not After : Dec 12 23:59:59 2025 GMT
Subject: serialNumber=5965c144b1fc1c770081920d6a5fef994bafc5ed8ab6d2dd61b3e2ef83445781, CN=98d67deb-bb75-4e77-b1a0-36016b2d6350
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e3:dd:69:a7:73:d3:2e:c0:8c:14:4d:ff:b7:bf:
82:85:64:dc:32:c9:75:bf:9f:7c:7d:d2:9c:5e:d2:
fc:26:cf:c0:d2:cd:78:fe:36:77:73:48:40:ca:92:
c6:30:b2:d1:75:a7:9c:29:25:99:a0:26:8c:1c:01:
84:9f:c4:67:80:f2:93:82:4d:c4:f9:c9:3a:5f:14:
a6:59:e7:cc:69:c1:5c:bf:84:cb:31:d4:71:95:9d:
ad:c7:b1:78:63:5d:e8:bb:ff:b9:2b:8b:d6:0e:d5:
f9:ae:3f:5c:b0:fa:42:36:f9:d8:ee:3d:c5:b5:f8:
7f:fe:e4:fc:31:49:14:b2:76:50:1e:54:a4:f8:f7:
db:f5:39:09:51:5e:7e:95:7f:1d:c2:63:9c:85:fc:
a5:71:6e:e6:f5:95:4d:81:e5:0b:46:87:c4:cb:e0:
6f:e1:d7:da:48:36:6a:4c:2e:b8:4f:a0:9b:2a:8b:
a7:da:52:d9:9d:e2:bf:45:c7:80:0c:af:40:8d:b0:
99:61:9e:ca:9a:db:47:5c:c0:3a:9c:16:5c:b7:0e:
92:be:3f:96:f6:a8:01:f9:f3:49:75:7a:8d:7a:9c:
a3:2f:93:a8:e3:2b:7e:05:cc:ec:8c:77:16:5b:d1:
0a:f7:6c:fc:67:8c:8c:e8:14:21:a4:fa:b1:f3:d7:
4b:99
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4E:4A:6F:E4:8A:8A:21:65:58:81:4A:CA:FC:85:98:FC:F5:FE:52:D1
X509v3 Authority Key Identifier:
keyid:DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/fda00aef-6886-4665-94fd-a76addf441b7.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:3fc3:8000::/36
Signature Algorithm: sha256WithRSAEncryption
5b:f3:53:3a:6d:32:66:83:d3:e8:8d:71:3a:1c:6a:d1:a9:a2:
d6:74:89:d3:d6:7e:1c:99:9a:8b:56:e0:23:fe:3b:06:c5:01:
ea:16:03:e1:1c:1d:23:78:90:bb:0c:24:3f:ac:15:e9:85:d2:
73:c6:7c:86:6d:04:74:6e:58:70:b5:1a:d1:7f:b5:49:92:9d:
2d:59:99:99:76:a0:de:c0:41:5d:4d:33:1f:68:2c:21:f1:db:
7f:22:1e:0a:1c:78:a0:26:31:13:c4:7e:9d:d9:72:42:78:ce:
a3:78:84:6c:a2:e3:a9:53:2c:0e:91:9c:bc:69:e6:03:11:a9:
0d:d4:68:d8:cc:ba:22:46:c1:f6:7d:08:6e:9f:c7:f7:70:28:
df:49:6e:cf:87:0e:94:97:8c:21:55:80:8b:18:ed:a7:e9:ef:
f5:74:d1:9f:f7:26:c8:63:84:17:d2:37:07:e4:13:d8:9b:81:
e5:bd:16:da:0e:f2:b1:8f:95:d5:ee:2a:c8:fc:b7:bb:8b:83:
37:99:f1:3a:83:79:5a:77:19:0d:ae:e0:e6:20:b7:12:bb:4e:
74:ec:22:e6:16:0c:18:d9:3c:a1:29:75:25:8e:0e:5a:c3:8a:
74:e1:b6:48:46:76:77:e1:4a:2c:f8:89:aa:c1:bf:64:16:83:
8e:fb:d0:6e
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUCTUbw7vb/utMy/UJpJJ7ro8yszowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGY3NTliNWFmM2RhNmM5ZGYwMzNiMGRlOTk4OTcwYTRl
Nzk2NTVkMDAeFw0yNTExMDcyMDM2NThaFw0yNTEyMTIyMzU5NTlaMHoxSTBHBgNV
BAUTQDU5NjVjMTQ0YjFmYzFjNzcwMDgxOTIwZDZhNWZlZjk5NGJhZmM1ZWQ4YWI2
ZDJkZDYxYjNlMmVmODM0NDU3ODExLTArBgNVBAMTJDk4ZDY3ZGViLWJiNzUtNGU3
Ny1iMWEwLTM2MDE2YjJkNjM1MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAOPdaadz0y7AjBRN/7e/goVk3DLJdb+ffH3SnF7S/CbPwNLNeP42d3NIQMqS
xjCy0XWnnCklmaAmjBwBhJ/EZ4Dyk4JNxPnJOl8UplnnzGnBXL+EyzHUcZWdrcex
eGNd6Lv/uSuL1g7V+a4/XLD6Qjb52O49xbX4f/7k/DFJFLJ2UB5UpPj32/U5CVFe
fpV/HcJjnIX8pXFu5vWVTYHlC0aHxMvgb+HX2kg2akwuuE+gmyqLp9pS2Z3iv0XH
gAyvQI2wmWGeyprbR1zAOpwWXLcOkr4/lvaoAfnzSXV6jXqcoy+TqOMrfgXM7Ix3
FlvRCvds/GeMjOgUIaT6sfPXS5kCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBROSm/k
ioohZViBSsr8hZj89f5S0TAfBgNVHSMEGDAWgBTfdZta89psnfAzsN6ZiXCk55ZV
0DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzMzV2JXdlBh
Ykozd003RGVtWWx3cE9lV1ZkQS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9mZTM3MzdmYi0wOTVkLTQ0NGMtOTJmNC0zZjcyMjFmYjU0NGMv
ZmRhMDBhZWYtNjg4Ni00NjY1LTk0ZmQtYTc2YWRkZjQ0MWI3LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZmUzNzM3ZmItMDk1ZC00NDRjLTkyZjQtM2Y3MjIxZmI1
NDRjLzBYRTV0WlZ5dUdlYUFfaDctMXFCcDdhWTRTby5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGBCABP8OA
MA0GCSqGSIb3DQEBCwUAA4IBAQBb81M6bTJmg9PojXE6HGrRqaLWdInT1n4cmZqL
VuAj/jsGxQHqFgPhHB0jeJC7DCQ/rBXphdJzxnyGbQR0blhwtRrRf7VJkp0tWZmZ
dqDewEFdTTMfaCwh8dt/Ih4KHHigJjETxH6d2XJCeM6jeIRsouOpUywOkZy8aeYD
EakN1GjYzLoiRsH2fQhun8f3cCjfSW7Phw6Ul4whVYCLGO2n6e/1dNGf9ybIY4QX
0jcH5BPYm4HlvRbaDvKxj5XV7irI/Le7i4M3mfE6g3ladxkNruDmILcSu0507CLm
FgwY2TyhKXUljg5aw4p04bZIRnZ34Uos+Imqwb9kFoOO+9Bu
-----END CERTIFICATE-----
Generated at Tue Nov 11 13:54:56 2025 by rpki-client