Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/e4dad8c7-9a9d-474f-aaf2-ab7a9e517288.roa
File: e4dad8c7-9a9d-474f-aaf2-ab7a9e517288.roa (raw, json)
Hash identifier: wVZlnswy3fE+hSuJw0jgq828O3WH5Np5tHHDeKkwvIE=
Subject key identifier: A4:42:44:A4:5C:0C:AE:DA:7A:71:E7:7A:6D:F5:A0:52:95:04:4B:1A
Certificate issuer: /CN=df759b5af3da6c9df033b0de998970a4e79655d0
Certificate serial: 3F38B192A2B86B1C7EE80BEF80C22D2853682B6E
Authority key identifier: DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/e4dad8c7-9a9d-474f-aaf2-ab7a9e517288.roa
Signing time: Fri 07 Nov 2025 20:23:18 +0000
ROA not before: Fri 07 Nov 2025 20:23:18 +0000
ROA not after: Fri 12 Dec 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2001:3fc6:100::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.mft
rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 12 Nov 2025 09:00:37 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
3f:38:b1:92:a2:b8:6b:1c:7e:e8:0b:ef:80:c2:2d:28:53:68:2b:6e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=df759b5af3da6c9df033b0de998970a4e79655d0
Validity
Not Before: Nov 7 20:23:18 2025 GMT
Not After : Dec 12 23:59:59 2025 GMT
Subject: serialNumber=585ab5762971bfc66f3cbd92f2f3101e208da516dda5fe26f6abe0a2ea1da573, CN=98d67deb-bb75-4e77-b1a0-36016b2d6350
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b7:1d:93:98:2c:8b:5f:33:44:88:27:8d:79:f7:
5d:c8:89:32:c6:49:69:c2:d1:21:3d:0c:0f:a6:e5:
4b:b3:9d:82:43:51:a3:ce:d0:bc:6e:bb:6d:bd:f9:
b3:81:15:d8:c9:02:15:dd:8a:55:c0:4c:2e:2a:40:
04:e0:03:01:87:e0:1b:6d:f0:68:9a:ef:14:c9:e5:
53:c7:1b:2f:c4:e1:0c:94:ad:35:bf:e4:7f:9c:16:
54:fe:e2:13:dd:4e:29:e8:b3:a8:b5:7b:9a:0c:ab:
16:eb:c6:1b:88:e0:74:a7:4e:7a:a2:f0:cf:8d:79:
32:ea:a2:3d:5d:d2:5d:2e:4d:a4:bb:d9:21:ac:98:
47:99:17:3f:a0:ea:86:ae:71:5c:b7:36:ee:85:05:
78:96:b2:24:c5:57:85:3a:12:aa:32:6b:87:00:bb:
88:30:42:59:5e:6b:7f:68:c3:6c:57:fc:e2:07:f5:
3e:88:a3:b6:21:2f:ae:af:46:13:c8:e4:84:bb:b7:
63:77:8e:aa:1f:2c:67:df:c4:4e:2e:3c:36:69:12:
c6:c2:e2:c5:2b:79:b0:94:e2:51:97:77:ba:2a:28:
15:a6:bf:e9:f8:87:19:96:db:62:65:f2:be:80:de:
9c:ba:0f:97:30:6c:f2:33:e1:db:b4:79:77:cc:9e:
dc:9d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A4:42:44:A4:5C:0C:AE:DA:7A:71:E7:7A:6D:F5:A0:52:95:04:4B:1A
X509v3 Authority Key Identifier:
keyid:DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/e4dad8c7-9a9d-474f-aaf2-ab7a9e517288.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:3fc6:100::/48
Signature Algorithm: sha256WithRSAEncryption
1b:2b:ee:bd:f0:11:4f:b3:41:40:d6:21:30:d7:6a:3d:5d:3e:
98:5a:64:0a:3c:f7:47:cd:5b:c0:16:fd:c0:2d:eb:b0:2e:1e:
6a:bc:c1:62:66:01:f9:99:e9:6b:db:e2:b5:31:93:80:8c:01:
92:34:ed:5b:a3:0e:00:e9:98:33:8c:74:17:c6:1d:70:6a:12:
03:b9:bc:52:51:a3:0f:09:bd:6d:45:8b:e3:e7:28:4d:bf:a0:
f6:de:9b:c2:44:0c:13:fc:29:ca:e7:f5:a5:11:b6:d5:cb:24:
2f:75:6b:4c:04:be:d0:93:dc:b3:21:52:74:5b:4f:ee:01:a1:
3a:f7:d3:b6:bb:30:6b:89:7e:7a:be:b7:aa:2f:5c:a3:ee:d6:
ee:1d:d0:fd:48:db:2d:ca:41:8f:3e:7d:a4:9c:6d:87:23:f5:
ae:d7:35:88:b0:77:9c:97:41:31:3a:fe:56:46:dc:27:ff:af:
36:83:07:94:f7:e8:70:d6:4c:b3:7d:bd:56:52:77:b7:a8:4a:
69:62:25:6c:10:a6:2e:e9:d7:39:ca:e2:3a:6f:fd:00:8a:c3:
1d:7d:d7:47:0b:d0:9e:3c:48:22:a7:d3:cb:44:83:cf:0d:f9:
ea:3c:58:b6:c6:79:f4:81:85:eb:b6:e1:d2:e6:a0:c7:8a:c1:
d6:2a:67:ce
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUPzixkqK4axx+6AvvgMItKFNoK24wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGY3NTliNWFmM2RhNmM5ZGYwMzNiMGRlOTk4OTcwYTRl
Nzk2NTVkMDAeFw0yNTExMDcyMDIzMThaFw0yNTEyMTIyMzU5NTlaMHoxSTBHBgNV
BAUTQDU4NWFiNTc2Mjk3MWJmYzY2ZjNjYmQ5MmYyZjMxMDFlMjA4ZGE1MTZkZGE1
ZmUyNmY2YWJlMGEyZWExZGE1NzMxLTArBgNVBAMTJDk4ZDY3ZGViLWJiNzUtNGU3
Ny1iMWEwLTM2MDE2YjJkNjM1MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALcdk5gsi18zRIgnjXn3XciJMsZJacLRIT0MD6blS7OdgkNRo87QvG67bb35
s4EV2MkCFd2KVcBMLipABOADAYfgG23waJrvFMnlU8cbL8ThDJStNb/kf5wWVP7i
E91OKeizqLV7mgyrFuvGG4jgdKdOeqLwz415MuqiPV3SXS5NpLvZIayYR5kXP6Dq
hq5xXLc27oUFeJayJMVXhToSqjJrhwC7iDBCWV5rf2jDbFf84gf1PoijtiEvrq9G
E8jkhLu3Y3eOqh8sZ9/ETi48NmkSxsLixSt5sJTiUZd3uiooFaa/6fiHGZbbYmXy
voDenLoPlzBs8jPh27R5d8ye3J0CAwEAAaOCAiQwggIgMB0GA1UdDgQWBBSkQkSk
XAyu2npx53pt9aBSlQRLGjAfBgNVHSMEGDAWgBTfdZta89psnfAzsN6ZiXCk55ZV
0DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzMzV2JXdlBh
Ykozd003RGVtWWx3cE9lV1ZkQS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9mZTM3MzdmYi0wOTVkLTQ0NGMtOTJmNC0zZjcyMjFmYjU0NGMv
ZTRkYWQ4YzctOWE5ZC00NzRmLWFhZjItYWI3YTllNTE3Mjg4LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZmUzNzM3ZmItMDk1ZC00NDRjLTkyZjQtM2Y3MjIxZmI1
NDRjLzBYRTV0WlZ5dUdlYUFfaDctMXFCcDdhWTRTby5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACABP8YB
ADANBgkqhkiG9w0BAQsFAAOCAQEAGyvuvfART7NBQNYhMNdqPV0+mFpkCjz3R81b
wBb9wC3rsC4earzBYmYB+Znpa9vitTGTgIwBkjTtW6MOAOmYM4x0F8YdcGoSA7m8
UlGjDwm9bUWL4+coTb+g9t6bwkQME/wpyuf1pRG21cskL3VrTAS+0JPcsyFSdFtP
7gGhOvfTtrswa4l+er63qi9co+7W7h3Q/UjbLcpBjz59pJxthyP1rtc1iLB3nJdB
MTr+VkbcJ/+vNoMHlPfocNZMs329VlJ3t6hKaWIlbBCmLunXOcriOm/9AIrDHX3X
RwvQnjxIIqfTy0SDzw356jxYtsZ59IGF67bh0uagx4rB1ipnzg==
-----END CERTIFICATE-----
Generated at Tue Nov 11 13:55:06 2025 by rpki-client