Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/ecfac2f3-79d5-4611-9977-14a354495dc8.roa
File: ecfac2f3-79d5-4611-9977-14a354495dc8.roa (raw, json)
Hash identifier: 2jUQJenVteT2LHArRdibx/6gHxQ892WOY7Gymz+vGbM=
Subject key identifier: A5:69:92:20:84:14:E4:96:9B:A6:83:20:11:48:4A:25:AF:C5:F7:36
Certificate issuer: /CN=df759b5af3da6c9df033b0de998970a4e79655d0
Certificate serial: 1A78F53B18616E4D430B6C2E74BA600F4AE00BF6
Authority key identifier: DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/ecfac2f3-79d5-4611-9977-14a354495dc8.roa
Signing time: Fri 07 Nov 2025 20:38:19 +0000
ROA not before: Fri 07 Nov 2025 20:38:19 +0000
ROA not after: Fri 12 Dec 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2001:3fc0::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.mft
rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 12 Nov 2025 09:00:37 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
1a:78:f5:3b:18:61:6e:4d:43:0b:6c:2e:74:ba:60:0f:4a:e0:0b:f6
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=df759b5af3da6c9df033b0de998970a4e79655d0
Validity
Not Before: Nov 7 20:38:19 2025 GMT
Not After : Dec 12 23:59:59 2025 GMT
Subject: serialNumber=1c5182c6323c8db7bbb9d42e566436d2c0735f64d23bf4c462238ea925fa2d05, CN=98d67deb-bb75-4e77-b1a0-36016b2d6350
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a7:64:60:b4:cb:38:6f:e2:ce:25:a3:fa:9c:1c:
a1:13:cf:b2:05:c8:10:ab:c5:92:38:77:47:21:97:
4f:fa:62:72:81:21:61:0f:a6:9c:7a:45:a7:01:fe:
9e:b0:e6:55:d3:b2:05:40:52:04:f1:7d:16:af:14:
82:07:28:9a:94:dd:df:89:6b:9e:4a:d5:df:78:c2:
df:4b:bc:40:89:61:81:9f:1b:6c:81:fa:7a:48:6c:
36:ee:bd:59:4e:ab:99:7c:cb:48:87:82:c3:5b:fe:
53:05:1e:80:da:7a:93:de:d9:2c:89:dd:33:33:f4:
40:cf:5a:ed:6e:10:3a:c7:ec:bd:62:3e:82:e1:b9:
55:2d:d3:b1:36:f0:1d:02:41:1d:55:bb:55:79:94:
cd:a5:47:e1:2e:88:b3:bb:fb:56:80:a8:ad:db:23:
7a:07:bc:be:f6:cd:0c:e4:63:a0:fe:cb:65:5c:15:
97:62:8c:ff:1c:42:3e:09:c9:c6:2c:ae:9c:30:02:
c7:6f:96:90:16:ba:d3:e3:ad:53:b2:71:e1:40:84:
14:cc:0c:90:72:45:fb:0f:0d:67:d7:cc:b1:7e:da:
13:bd:6e:e1:87:0a:57:12:d9:a7:04:f1:57:20:d5:
4b:67:44:50:49:d0:5e:28:e9:44:53:23:49:cc:33:
4f:b7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A5:69:92:20:84:14:E4:96:9B:A6:83:20:11:48:4A:25:AF:C5:F7:36
X509v3 Authority Key Identifier:
keyid:DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/ecfac2f3-79d5-4611-9977-14a354495dc8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:3fc0::/29
Signature Algorithm: sha256WithRSAEncryption
09:5e:25:a6:c5:37:02:19:c0:f0:5b:8e:3d:7a:12:4e:62:c7:
d5:22:4d:5c:01:5a:0e:3f:56:e0:5b:ba:66:1a:ff:f4:ab:77:
a7:6a:a0:c7:78:81:32:92:c8:7c:7b:5a:18:a3:45:a9:e9:b8:
93:47:c5:4d:79:f6:a3:a2:21:01:e3:93:fe:c2:bd:2e:c8:50:
8f:8c:3c:75:e9:8f:7e:1e:65:2e:a8:ed:78:c2:14:c0:50:84:
89:60:5c:52:9d:2c:5f:2b:31:b9:91:0c:8a:16:22:81:13:9f:
f4:7d:5d:f9:e2:ad:49:16:9a:55:19:6d:6a:33:7c:3d:f2:cd:
d4:85:42:66:4d:02:57:a9:c4:11:2d:15:aa:3a:5e:58:7f:af:
1a:c4:bd:fd:57:be:17:76:f6:07:ec:75:22:97:da:61:8e:4d:
66:5b:14:0e:6c:c9:d5:a3:fa:2d:fa:5b:49:17:ab:ab:57:22:
85:2c:0c:01:f5:85:ba:28:4d:9b:7c:32:4c:c9:ea:bb:01:0b:
b9:ee:d6:d0:98:0c:5b:74:13:3f:17:bf:74:9b:ec:67:71:c8:
58:61:01:39:47:7e:d9:90:17:27:5c:35:a9:2d:8e:d1:eb:48:
cb:21:09:7a:05:51:5c:87:c0:6d:41:ee:76:b6:f7:54:6a:4e:
da:60:36:73
-----BEGIN CERTIFICATE-----
MIIFXzCCBEegAwIBAgIUGnj1Oxhhbk1DC2wudLpgD0rgC/YwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGY3NTliNWFmM2RhNmM5ZGYwMzNiMGRlOTk4OTcwYTRl
Nzk2NTVkMDAeFw0yNTExMDcyMDM4MTlaFw0yNTEyMTIyMzU5NTlaMHoxSTBHBgNV
BAUTQDFjNTE4MmM2MzIzYzhkYjdiYmI5ZDQyZTU2NjQzNmQyYzA3MzVmNjRkMjNi
ZjRjNDYyMjM4ZWE5MjVmYTJkMDUxLTArBgNVBAMTJDk4ZDY3ZGViLWJiNzUtNGU3
Ny1iMWEwLTM2MDE2YjJkNjM1MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKdkYLTLOG/iziWj+pwcoRPPsgXIEKvFkjh3RyGXT/picoEhYQ+mnHpFpwH+
nrDmVdOyBUBSBPF9Fq8UggcompTd34lrnkrV33jC30u8QIlhgZ8bbIH6ekhsNu69
WU6rmXzLSIeCw1v+UwUegNp6k97ZLIndMzP0QM9a7W4QOsfsvWI+guG5VS3TsTbw
HQJBHVW7VXmUzaVH4S6Is7v7VoCordsjege8vvbNDORjoP7LZVwVl2KM/xxCPgnJ
xiyunDACx2+WkBa60+OtU7Jx4UCEFMwMkHJF+w8NZ9fMsX7aE71u4YcKVxLZpwTx
VyDVS2dEUEnQXijpRFMjScwzT7cCAwEAAaOCAiIwggIeMB0GA1UdDgQWBBSlaZIg
hBTklpumgyARSEolr8X3NjAfBgNVHSMEGDAWgBTfdZta89psnfAzsN6ZiXCk55ZV
0DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzMzV2JXdlBh
Ykozd003RGVtWWx3cE9lV1ZkQS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9mZTM3MzdmYi0wOTVkLTQ0NGMtOTJmNC0zZjcyMjFmYjU0NGMv
ZWNmYWMyZjMtNzlkNS00NjExLTk5NzctMTRhMzU0NDk1ZGM4LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZmUzNzM3ZmItMDk1ZC00NDRjLTkyZjQtM2Y3MjIxZmI1
NDRjLzBYRTV0WlZ5dUdlYUFfaDctMXFCcDdhWTRTby5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFAyABP8Aw
DQYJKoZIhvcNAQELBQADggEBAAleJabFNwIZwPBbjj16Ek5ix9UiTVwBWg4/VuBb
umYa//Srd6dqoMd4gTKSyHx7WhijRanpuJNHxU159qOiIQHjk/7CvS7IUI+MPHXp
j34eZS6o7XjCFMBQhIlgXFKdLF8rMbmRDIoWIoETn/R9XfnirUkWmlUZbWozfD3y
zdSFQmZNAlepxBEtFao6Xlh/rxrEvf1Xvhd29gfsdSKX2mGOTWZbFA5sydWj+i36
W0kXq6tXIoUsDAH1hbooTZt8MkzJ6rsBC7nu1tCYDFt0Ez8Xv3Sb7GdxyFhhATlH
ftmQFydcNaktjtHrSMshCXoFUVyHwG1B7na291RqTtpgNnM=
-----END CERTIFICATE-----
Generated at Tue Nov 11 13:55:00 2025 by rpki-client