Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/e27e7a59-99bf-4559-b0df-87da2f6dc6e9.roa
File: e27e7a59-99bf-4559-b0df-87da2f6dc6e9.roa (raw, json)
Hash identifier: N7KfkEx99nxeqoFq1lisi8FVNh9/pdqfFrg0WgeCjz4=
Subject key identifier: 6B:D7:C1:1E:5C:EB:CB:89:F4:6F:BD:12:84:DD:F5:9D:59:CF:4D:15
Certificate issuer: /CN=df759b5af3da6c9df033b0de998970a4e79655d0
Certificate serial: 53BD807EBBD9E113B1226881A7D1A121ECA789F0
Authority key identifier: DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/e27e7a59-99bf-4559-b0df-87da2f6dc6e9.roa
Signing time: Fri 07 Nov 2025 20:36:54 +0000
ROA not before: Fri 07 Nov 2025 20:36:54 +0000
ROA not after: Fri 12 Dec 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2001:3fc1:8000::/38 maxlen: 38
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.mft
rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 12 Nov 2025 09:00:37 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
53:bd:80:7e:bb:d9:e1:13:b1:22:68:81:a7:d1:a1:21:ec:a7:89:f0
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=df759b5af3da6c9df033b0de998970a4e79655d0
Validity
Not Before: Nov 7 20:36:54 2025 GMT
Not After : Dec 12 23:59:59 2025 GMT
Subject: serialNumber=cb36795b68015cebb4cb4cb4ea42f2776ccaf7d617308117b167b5d6de488b27, CN=98d67deb-bb75-4e77-b1a0-36016b2d6350
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b8:19:97:d0:f7:1b:36:66:35:12:02:a8:09:47:
53:6b:bf:c4:82:96:e7:57:68:31:12:91:ec:ce:17:
16:df:51:80:48:fe:3e:7a:31:83:e4:54:89:89:19:
4e:2e:b0:1d:56:05:f8:33:4f:b1:9b:21:09:b6:46:
13:37:e2:b4:3b:72:4c:d3:48:92:5c:45:60:de:19:
c8:01:79:50:a7:78:d5:49:98:2e:e8:66:66:4b:26:
df:42:3f:38:1b:f0:b6:7c:44:8f:51:33:e7:74:15:
fd:04:1c:19:e0:3e:55:58:a2:d5:bb:2f:a4:04:9a:
68:4b:39:fd:e3:91:11:ab:e3:dd:bd:38:98:ab:75:
fc:45:08:a3:d2:2b:5d:81:4e:40:fd:31:e1:b5:bb:
e8:d1:02:4d:30:35:65:ef:96:36:69:c6:3b:38:84:
70:7a:3d:33:ae:16:99:a0:ef:eb:90:5a:cb:c5:13:
4a:04:8b:56:7a:0d:52:e9:48:94:1e:9b:cf:5d:f8:
26:ad:23:18:5a:9b:4d:9b:05:70:02:3b:90:a9:f4:
0b:85:3f:22:20:24:4a:15:61:25:67:4e:c0:fc:1e:
65:b8:39:de:98:fb:9e:c6:de:b3:d0:0f:9f:bd:02:
44:4d:83:1c:ac:b4:a0:33:e9:00:d7:fb:5a:40:c5:
8e:e9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6B:D7:C1:1E:5C:EB:CB:89:F4:6F:BD:12:84:DD:F5:9D:59:CF:4D:15
X509v3 Authority Key Identifier:
keyid:DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/e27e7a59-99bf-4559-b0df-87da2f6dc6e9.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:3fc1:8000::/38
Signature Algorithm: sha256WithRSAEncryption
0e:ef:4d:84:7e:99:76:d0:77:6b:35:7a:7b:a5:da:91:a2:38:
1a:24:c9:a2:03:38:81:5f:91:47:c8:69:15:55:a7:a7:09:67:
01:dc:5b:71:b7:06:ca:0f:92:8e:2e:b5:24:d9:5a:9c:3b:82:
c0:89:e2:90:a9:04:01:5f:cc:91:7c:f2:d2:27:7f:7b:8d:a9:
f9:77:ed:e8:6f:37:aa:2c:6e:2e:43:6c:3b:24:e3:ed:8e:b2:
1c:cf:be:c7:fb:48:89:80:03:08:80:b7:6b:d6:61:9e:78:4c:
8f:34:e9:54:98:3b:d3:12:08:7f:10:d1:fb:10:61:4b:b3:8f:
c6:e3:5c:72:db:9a:1b:31:25:ad:ab:53:0e:6c:12:9e:da:b9:
fd:ee:17:a8:c0:55:58:72:e2:1b:f3:c2:2b:1f:b2:34:38:4c:
4c:9d:24:5c:c1:8c:6a:6c:d3:db:4a:cf:5c:ea:99:c9:08:4c:
06:ae:cc:16:e4:fa:a7:b2:22:7d:c7:f8:1a:09:bb:4a:37:50:
68:af:c0:ee:66:bd:15:6e:54:bc:d4:4b:c0:6c:b2:bc:c8:4f:
af:46:20:ca:34:05:54:2a:ad:23:52:3a:2b:c6:ed:ce:4f:77:
65:eb:14:dc:c9:54:9c:ff:0e:a3:07:07:d5:86:4e:54:15:dd:
aa:de:a6:0f
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUU72AfrvZ4ROxImiBp9GhIeynifAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGY3NTliNWFmM2RhNmM5ZGYwMzNiMGRlOTk4OTcwYTRl
Nzk2NTVkMDAeFw0yNTExMDcyMDM2NTRaFw0yNTEyMTIyMzU5NTlaMHoxSTBHBgNV
BAUTQGNiMzY3OTViNjgwMTVjZWJiNGNiNGNiNGVhNDJmMjc3NmNjYWY3ZDYxNzMw
ODExN2IxNjdiNWQ2ZGU0ODhiMjcxLTArBgNVBAMTJDk4ZDY3ZGViLWJiNzUtNGU3
Ny1iMWEwLTM2MDE2YjJkNjM1MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALgZl9D3GzZmNRICqAlHU2u/xIKW51doMRKR7M4XFt9RgEj+Pnoxg+RUiYkZ
Ti6wHVYF+DNPsZshCbZGEzfitDtyTNNIklxFYN4ZyAF5UKd41UmYLuhmZksm30I/
OBvwtnxEj1Ez53QV/QQcGeA+VVii1bsvpASaaEs5/eOREavj3b04mKt1/EUIo9Ir
XYFOQP0x4bW76NECTTA1Ze+WNmnGOziEcHo9M64WmaDv65Bay8UTSgSLVnoNUulI
lB6bz134Jq0jGFqbTZsFcAI7kKn0C4U/IiAkShVhJWdOwPweZbg53pj7nsbes9AP
n70CRE2DHKy0oDPpANf7WkDFjukCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBRr18Ee
XOvLifRvvRKE3fWdWc9NFTAfBgNVHSMEGDAWgBTfdZta89psnfAzsN6ZiXCk55ZV
0DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzMzV2JXdlBh
Ykozd003RGVtWWx3cE9lV1ZkQS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9mZTM3MzdmYi0wOTVkLTQ0NGMtOTJmNC0zZjcyMjFmYjU0NGMv
ZTI3ZTdhNTktOTliZi00NTU5LWIwZGYtODdkYTJmNmRjNmU5LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZmUzNzM3ZmItMDk1ZC00NDRjLTkyZjQtM2Y3MjIxZmI1
NDRjLzBYRTV0WlZ5dUdlYUFfaDctMXFCcDdhWTRTby5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGAiABP8GA
MA0GCSqGSIb3DQEBCwUAA4IBAQAO702Efpl20HdrNXp7pdqRojgaJMmiAziBX5FH
yGkVVaenCWcB3FtxtwbKD5KOLrUk2VqcO4LAieKQqQQBX8yRfPLSJ397jan5d+3o
bzeqLG4uQ2w7JOPtjrIcz77H+0iJgAMIgLdr1mGeeEyPNOlUmDvTEgh/ENH7EGFL
s4/G41xy25obMSWtq1MObBKe2rn97heowFVYcuIb88IrH7I0OExMnSRcwYxqbNPb
Ss9c6pnJCEwGrswW5PqnsiJ9x/gaCbtKN1Bor8DuZr0VblS81EvAbLK8yE+vRiDK
NAVUKq0jUjorxu3OT3dl6xTcyVSc/w6jBwfVhk5UFd2q3qYP
-----END CERTIFICATE-----
Generated at Tue Nov 11 13:55:02 2025 by rpki-client