Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/1934dc5e-8201-4fe2-b7d5-6bc5fd15f720.roa
File: 1934dc5e-8201-4fe2-b7d5-6bc5fd15f720.roa (raw, json)
Hash identifier: QgEgRElHzGfhzpVktIUJT3VpQ0TcfMQtFU1AEmtUBvA=
Subject key identifier: E1:00:1C:82:A6:DF:57:73:26:5E:B9:87:6A:24:28:E7:5A:E2:58:BB
Certificate issuer: /CN=df759b5af3da6c9df033b0de998970a4e79655d0
Certificate serial: 0EAF22E58F766E13E0A330BB23D30D752024D878
Authority key identifier: DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/1934dc5e-8201-4fe2-b7d5-6bc5fd15f720.roa
Signing time: Fri 07 Nov 2025 20:36:58 +0000
ROA not before: Fri 07 Nov 2025 20:36:58 +0000
ROA not after: Fri 12 Dec 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2001:3fc3:6000::/36 maxlen: 36
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.mft
rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 12 Nov 2025 09:00:37 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
0e:af:22:e5:8f:76:6e:13:e0:a3:30:bb:23:d3:0d:75:20:24:d8:78
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=df759b5af3da6c9df033b0de998970a4e79655d0
Validity
Not Before: Nov 7 20:36:58 2025 GMT
Not After : Dec 12 23:59:59 2025 GMT
Subject: serialNumber=82fbf704bc2886660653137d1175180c34f0223f6a148092ee9e85b8a2693ab0, CN=98d67deb-bb75-4e77-b1a0-36016b2d6350
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c1:60:d1:2c:6a:30:d9:a2:b3:a6:85:bd:15:6e:
87:94:ae:ea:cc:f4:5d:96:a0:cd:92:5d:c5:8a:1c:
74:27:dd:b5:19:8f:c9:a9:ae:49:27:98:43:be:b9:
40:d4:5e:f4:7d:ef:cd:32:03:70:7f:0a:bb:4d:46:
c2:af:1b:f9:20:b0:c9:ef:f2:0f:21:f1:62:9b:76:
93:5e:60:92:65:8e:52:95:a0:7e:7d:2e:a2:e8:1b:
21:b5:cc:a5:5b:f8:d1:7e:df:d8:f4:bc:b9:3b:15:
bd:81:ac:57:28:6f:19:d6:4a:26:3e:e5:e5:71:81:
dc:91:3d:28:e3:e1:01:f8:34:14:72:2b:2f:5c:03:
55:48:b4:43:ab:4f:e8:f3:a8:43:b4:be:73:22:c4:
05:b9:4d:55:37:50:cd:c3:da:dd:90:5a:3a:ff:50:
38:34:99:aa:72:07:9b:95:9b:a3:98:fd:87:30:6e:
e6:74:5a:93:cb:76:d4:47:48:3b:f4:67:13:01:13:
ed:af:10:c5:0a:71:0f:73:e4:7b:ca:0b:9c:a4:de:
12:66:fb:27:a0:bb:df:59:55:4f:9e:3b:3d:13:d1:
f7:ae:51:b6:f4:66:0e:75:06:c9:dd:7a:02:08:b8:
b9:64:f2:be:b9:74:9e:4c:5e:52:7c:c3:72:98:4b:
43:11
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E1:00:1C:82:A6:DF:57:73:26:5E:B9:87:6A:24:28:E7:5A:E2:58:BB
X509v3 Authority Key Identifier:
keyid:DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/1934dc5e-8201-4fe2-b7d5-6bc5fd15f720.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:3fc3:6000::/36
Signature Algorithm: sha256WithRSAEncryption
3e:78:2f:04:7c:2a:50:dd:dd:e4:67:a7:db:7c:6c:5b:1c:54:
cd:50:06:92:84:f1:05:68:f5:f8:4c:e6:65:10:1f:cb:ad:c0:
65:f3:53:6e:48:a3:61:db:ea:63:1f:90:ba:c4:2d:04:e3:55:
ef:6a:79:77:97:5e:38:5d:70:d1:be:1e:a2:c1:c6:b9:6f:62:
b1:fc:a9:bf:28:63:88:fa:5a:85:1e:d5:50:5b:ee:2b:ac:ac:
ac:6f:89:75:9c:08:a8:9d:d2:59:1d:99:8a:9c:d6:40:a7:f8:
f6:dc:e3:2e:6e:72:80:7f:f7:03:40:ee:4e:29:02:04:71:97:
da:74:4b:0c:a2:ed:22:8b:ca:36:07:b2:7e:50:10:51:eb:74:
16:b5:71:40:85:6d:01:b3:73:df:0b:e7:a7:4b:7b:8a:76:a9:
8c:0d:50:5a:c6:34:7a:f5:e2:f6:2c:d4:92:bb:36:09:64:01:
79:70:b5:29:cd:6b:14:b9:15:a8:a5:07:87:58:ec:e7:a6:3a:
71:8a:8d:03:00:18:26:1f:40:39:f5:b7:af:6a:2f:89:f5:2c:
a4:db:27:34:8d:1d:1d:3c:6e:80:4d:95:f9:fc:e5:38:dc:4a:
e3:7d:0b:4f:ae:39:95:b3:5e:a5:27:5f:b7:05:54:1d:03:12:
67:5d:e3:f8
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUDq8i5Y92bhPgozC7I9MNdSAk2HgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGY3NTliNWFmM2RhNmM5ZGYwMzNiMGRlOTk4OTcwYTRl
Nzk2NTVkMDAeFw0yNTExMDcyMDM2NThaFw0yNTEyMTIyMzU5NTlaMHoxSTBHBgNV
BAUTQDgyZmJmNzA0YmMyODg2NjYwNjUzMTM3ZDExNzUxODBjMzRmMDIyM2Y2YTE0
ODA5MmVlOWU4NWI4YTI2OTNhYjAxLTArBgNVBAMTJDk4ZDY3ZGViLWJiNzUtNGU3
Ny1iMWEwLTM2MDE2YjJkNjM1MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMFg0SxqMNmis6aFvRVuh5Su6sz0XZagzZJdxYocdCfdtRmPyamuSSeYQ765
QNRe9H3vzTIDcH8Ku01Gwq8b+SCwye/yDyHxYpt2k15gkmWOUpWgfn0uougbIbXM
pVv40X7f2PS8uTsVvYGsVyhvGdZKJj7l5XGB3JE9KOPhAfg0FHIrL1wDVUi0Q6tP
6POoQ7S+cyLEBblNVTdQzcPa3ZBaOv9QODSZqnIHm5Wbo5j9hzBu5nRak8t21EdI
O/RnEwET7a8QxQpxD3Pke8oLnKTeEmb7J6C731lVT547PRPR965RtvRmDnUGyd16
Agi4uWTyvrl0nkxeUnzDcphLQxECAwEAAaOCAiMwggIfMB0GA1UdDgQWBBThAByC
pt9XcyZeuYdqJCjnWuJYuzAfBgNVHSMEGDAWgBTfdZta89psnfAzsN6ZiXCk55ZV
0DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzMzV2JXdlBh
Ykozd003RGVtWWx3cE9lV1ZkQS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9mZTM3MzdmYi0wOTVkLTQ0NGMtOTJmNC0zZjcyMjFmYjU0NGMv
MTkzNGRjNWUtODIwMS00ZmUyLWI3ZDUtNmJjNWZkMTVmNzIwLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZmUzNzM3ZmItMDk1ZC00NDRjLTkyZjQtM2Y3MjIxZmI1
NDRjLzBYRTV0WlZ5dUdlYUFfaDctMXFCcDdhWTRTby5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGBCABP8Ng
MA0GCSqGSIb3DQEBCwUAA4IBAQA+eC8EfCpQ3d3kZ6fbfGxbHFTNUAaShPEFaPX4
TOZlEB/LrcBl81NuSKNh2+pjH5C6xC0E41Xvanl3l144XXDRvh6iwca5b2Kx/Km/
KGOI+lqFHtVQW+4rrKysb4l1nAiondJZHZmKnNZAp/j23OMubnKAf/cDQO5OKQIE
cZfadEsMou0ii8o2B7J+UBBR63QWtXFAhW0Bs3PfC+enS3uKdqmMDVBaxjR69eL2
LNSSuzYJZAF5cLUpzWsUuRWopQeHWOznpjpxio0DABgmH0A59bevai+J9Syk2yc0
jR0dPG6ATZX5/OU43ErjfQtPrjmVs16lJ1+3BVQdAxJnXeP4
-----END CERTIFICATE-----
Generated at Tue Nov 11 13:55:05 2025 by rpki-client