Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/2a407bd1-1674-49d7-8265-4aa9aa99f947.roa
File: 2a407bd1-1674-49d7-8265-4aa9aa99f947.roa (raw, json)
Hash identifier: lExNsIhn33GaVQ5ojMaClFHiT2SJSJuihd1IsO0SMh4=
Subject key identifier: 1D:EE:84:C3:5C:C5:9F:93:3A:0D:C3:89:E3:94:12:34:72:E0:58:B8
Certificate issuer: /CN=df759b5af3da6c9df033b0de998970a4e79655d0
Certificate serial: 0D4051349E3BF1650DC60632D3749A8E659FA1EF
Authority key identifier: DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/2a407bd1-1674-49d7-8265-4aa9aa99f947.roa
Signing time: Fri 07 Nov 2025 20:21:48 +0000
ROA not before: Fri 07 Nov 2025 20:21:48 +0000
ROA not after: Fri 12 Dec 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2001:3fc5:9000::/36 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.mft
rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 12 Nov 2025 09:00:37 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
0d:40:51:34:9e:3b:f1:65:0d:c6:06:32:d3:74:9a:8e:65:9f:a1:ef
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=df759b5af3da6c9df033b0de998970a4e79655d0
Validity
Not Before: Nov 7 20:21:48 2025 GMT
Not After : Dec 12 23:59:59 2025 GMT
Subject: serialNumber=6e81c317a1aee8907ea3f996da3825425d6d67ad8bde03460711e95c9f1ba345, CN=98d67deb-bb75-4e77-b1a0-36016b2d6350
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a4:58:b1:ec:43:33:e5:25:df:b5:4b:ae:e2:8d:
d2:a7:7a:ea:f1:d9:bd:f2:84:97:54:67:60:ba:0a:
10:5c:e2:02:7d:64:4d:b2:f0:a0:d0:91:d7:59:c0:
c5:4c:df:1c:5a:5c:64:95:a7:36:0d:ff:7e:5b:3e:
6f:b9:1c:66:90:59:c6:31:98:18:bf:40:11:5f:a0:
b2:db:09:f9:75:1d:15:76:a7:a4:50:cb:d6:53:14:
14:b7:95:48:11:27:49:40:a1:06:35:c2:08:c3:d9:
92:f4:fe:12:6e:47:4a:63:f7:21:1f:2d:e9:de:27:
7a:ea:f2:ad:56:d2:56:b8:b2:75:06:92:af:d9:28:
a6:f3:e9:8b:f5:4b:8f:43:63:4f:6c:0f:3c:7f:6d:
f3:bb:10:a5:d8:c7:dd:b7:5e:5b:26:c1:74:44:39:
00:3c:e6:62:d7:6a:15:f3:00:50:66:93:ff:c1:2e:
5b:b6:48:88:cb:ad:5c:05:66:e2:87:df:7d:e5:41:
c7:bf:6b:ce:0d:42:d3:e5:91:ec:3c:b0:20:94:29:
78:59:94:1a:e2:18:92:a5:ec:eb:6a:b0:54:7e:72:
d3:60:48:6c:a2:b7:83:7c:46:95:31:5a:6e:f9:f2:
bd:26:f4:49:d6:f4:6c:7d:cb:d2:7f:41:f1:3a:55:
63:7d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1D:EE:84:C3:5C:C5:9F:93:3A:0D:C3:89:E3:94:12:34:72:E0:58:B8
X509v3 Authority Key Identifier:
keyid:DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/2a407bd1-1674-49d7-8265-4aa9aa99f947.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:3fc5:9000::/36
Signature Algorithm: sha256WithRSAEncryption
00:20:19:a2:d2:19:9c:9e:72:a5:48:9b:b1:2c:6f:8e:c6:48:
56:a2:4b:cb:a4:0f:41:99:5e:a6:62:36:dc:8d:92:d9:f4:4e:
76:da:de:42:c0:ce:46:a3:d4:11:a6:94:a7:eb:59:78:33:8c:
f2:ed:4c:b8:93:82:6a:62:f3:b0:95:c3:9e:e6:7a:e6:e8:d7:
f6:85:f9:32:e1:76:47:0d:92:e2:6e:26:ca:a6:c4:cd:7c:44:
b2:b0:e4:ae:42:94:8d:2d:d7:b7:a3:11:6a:f3:18:5b:2b:3b:
85:2d:0e:36:41:1f:d8:80:d9:c3:65:ff:28:3e:ce:00:ca:ae:
ed:dd:ea:ea:9a:fd:25:ea:d9:6c:70:56:9d:32:57:71:19:af:
aa:b3:f9:17:d1:f1:0b:77:a4:60:7d:ba:d3:8d:ec:bf:31:41:
dd:e2:58:02:d2:00:4d:e7:7d:c5:8c:a3:52:f6:0e:63:17:5c:
b6:aa:20:7f:84:af:af:66:62:46:2b:67:83:3c:61:35:93:31:
5f:f3:62:98:79:b1:9a:18:08:c6:b3:0f:ba:c0:21:65:c7:2d:
67:09:8e:58:80:5b:c0:65:6c:c7:4d:fb:87:cd:05:77:6a:a8:
69:74:01:36:52:db:73:86:59:68:e0:9e:9e:ce:ab:ea:b3:d2:
83:12:45:8e
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUDUBRNJ478WUNxgYy03SajmWfoe8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGY3NTliNWFmM2RhNmM5ZGYwMzNiMGRlOTk4OTcwYTRl
Nzk2NTVkMDAeFw0yNTExMDcyMDIxNDhaFw0yNTEyMTIyMzU5NTlaMHoxSTBHBgNV
BAUTQDZlODFjMzE3YTFhZWU4OTA3ZWEzZjk5NmRhMzgyNTQyNWQ2ZDY3YWQ4YmRl
MDM0NjA3MTFlOTVjOWYxYmEzNDUxLTArBgNVBAMTJDk4ZDY3ZGViLWJiNzUtNGU3
Ny1iMWEwLTM2MDE2YjJkNjM1MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKRYsexDM+Ul37VLruKN0qd66vHZvfKEl1RnYLoKEFziAn1kTbLwoNCR11nA
xUzfHFpcZJWnNg3/fls+b7kcZpBZxjGYGL9AEV+gstsJ+XUdFXanpFDL1lMUFLeV
SBEnSUChBjXCCMPZkvT+Em5HSmP3IR8t6d4neuryrVbSVriydQaSr9kopvPpi/VL
j0NjT2wPPH9t87sQpdjH3bdeWybBdEQ5ADzmYtdqFfMAUGaT/8EuW7ZIiMutXAVm
4offfeVBx79rzg1C0+WR7DywIJQpeFmUGuIYkqXs62qwVH5y02BIbKK3g3xGlTFa
bvnyvSb0Sdb0bH3L0n9B8TpVY30CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBQd7oTD
XMWfkzoNw4njlBI0cuBYuDAfBgNVHSMEGDAWgBTfdZta89psnfAzsN6ZiXCk55ZV
0DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzMzV2JXdlBh
Ykozd003RGVtWWx3cE9lV1ZkQS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9mZTM3MzdmYi0wOTVkLTQ0NGMtOTJmNC0zZjcyMjFmYjU0NGMv
MmE0MDdiZDEtMTY3NC00OWQ3LTgyNjUtNGFhOWFhOTlmOTQ3LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZmUzNzM3ZmItMDk1ZC00NDRjLTkyZjQtM2Y3MjIxZmI1
NDRjLzBYRTV0WlZ5dUdlYUFfaDctMXFCcDdhWTRTby5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGBCABP8WQ
MA0GCSqGSIb3DQEBCwUAA4IBAQAAIBmi0hmcnnKlSJuxLG+OxkhWokvLpA9BmV6m
YjbcjZLZ9E522t5CwM5Go9QRppSn61l4M4zy7Uy4k4JqYvOwlcOe5nrm6Nf2hfky
4XZHDZLibibKpsTNfESysOSuQpSNLde3oxFq8xhbKzuFLQ42QR/YgNnDZf8oPs4A
yq7t3erqmv0l6tlscFadMldxGa+qs/kX0fELd6RgfbrTjey/MUHd4lgC0gBN533F
jKNS9g5jF1y2qiB/hK+vZmJGK2eDPGE1kzFf82KYebGaGAjGsw+6wCFlxy1nCY5Y
gFvAZWzHTfuHzQV3aqhpdAE2Uttzhllo4J6ezqvqs9KDEkWO
-----END CERTIFICATE-----
Generated at Tue Nov 11 13:55:03 2025 by rpki-client