Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/ef2e1fb6-d368-45de-866d-0e09f49b5eef.roa
File: ef2e1fb6-d368-45de-866d-0e09f49b5eef.roa (raw, json)
Hash identifier: 38/R7k9DcShFw+hjDPjG+O80jMseAUhDzwIwNsRbrBI=
Subject key identifier: E1:AD:16:43:94:7B:B3:D6:52:55:DD:09:4E:1E:6F:FA:60:0D:C1:EB
Certificate issuer: /CN=df759b5af3da6c9df033b0de998970a4e79655d0
Certificate serial: 0689FFFACF5DAC1D4A9C9C4191D0626DDAE8EAA9
Authority key identifier: DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/ef2e1fb6-d368-45de-866d-0e09f49b5eef.roa
Signing time: Fri 07 Nov 2025 20:36:56 +0000
ROA not before: Fri 07 Nov 2025 20:36:56 +0000
ROA not after: Fri 12 Dec 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2001:3fc0::/36 maxlen: 36
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.mft
rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 12 Nov 2025 09:00:37 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
06:89:ff:fa:cf:5d:ac:1d:4a:9c:9c:41:91:d0:62:6d:da:e8:ea:a9
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=df759b5af3da6c9df033b0de998970a4e79655d0
Validity
Not Before: Nov 7 20:36:56 2025 GMT
Not After : Dec 12 23:59:59 2025 GMT
Subject: serialNumber=8b8d1c947e4bc6300f1aff50f2e89ab0142a6ca7cba1f4a5dff2e729be809646, CN=98d67deb-bb75-4e77-b1a0-36016b2d6350
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c2:83:6c:95:25:6a:60:a8:33:16:c8:5b:6f:5d:
73:5b:95:52:c4:7d:93:e5:f8:16:72:e6:51:95:5e:
1c:ab:3b:d8:54:e0:52:88:c1:fb:fe:12:5e:e7:a2:
bf:dd:69:45:b5:63:87:f2:96:93:fd:e5:c4:df:c5:
78:de:8f:ea:7a:48:fd:25:16:fb:72:96:61:5b:51:
d6:56:33:5e:7f:12:96:12:a0:bf:98:90:29:26:4d:
50:b7:51:77:8a:d5:65:6b:31:9e:8a:84:20:e0:b1:
97:6d:8b:6f:61:50:ff:63:f3:51:18:3b:8a:a2:c5:
65:5f:d4:12:69:f8:9f:2b:51:48:d3:ce:08:24:d3:
ac:7c:7d:22:4a:fe:fc:02:83:55:70:d2:85:2c:5b:
52:93:e7:01:3f:bc:64:02:4b:63:10:52:58:40:42:
f3:92:9f:af:94:b7:93:4e:bb:a6:38:eb:02:ca:02:
8e:6c:ac:e1:ed:9c:19:67:e3:0b:24:2f:a3:aa:3c:
5a:f1:4c:ae:cc:1f:b7:1a:34:c5:03:9f:5e:9a:a4:
b3:da:d0:48:ef:e6:3f:5f:47:4d:61:6d:3d:23:f8:
bb:b0:06:0f:b4:fa:7c:06:59:5f:05:39:41:12:c6:
a5:63:d6:53:0b:b0:a4:6e:96:00:1a:de:7f:50:5e:
39:bf
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E1:AD:16:43:94:7B:B3:D6:52:55:DD:09:4E:1E:6F:FA:60:0D:C1:EB
X509v3 Authority Key Identifier:
keyid:DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/ef2e1fb6-d368-45de-866d-0e09f49b5eef.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:3fc0::/36
Signature Algorithm: sha256WithRSAEncryption
0f:31:88:54:7f:ef:24:ee:8d:67:f5:cb:d1:73:e1:11:d8:13:
ba:e3:09:a7:7d:1b:b7:23:05:e6:02:47:ae:86:9f:99:ec:a5:
69:6c:a0:03:57:cd:38:58:05:05:b0:51:b9:c5:73:82:89:6c:
21:53:c9:24:ff:a2:a2:f1:b2:fc:a1:a7:84:d0:02:0b:e4:bb:
13:58:85:16:3d:ff:43:ac:95:d2:65:ef:81:53:63:99:2e:39:
49:04:77:4f:64:e3:08:0e:bd:46:2c:d3:b3:85:25:3c:4c:3f:
03:3e:96:b8:e1:aa:df:7a:fd:26:a8:65:d2:d5:c1:f0:ca:43:
16:37:48:ef:18:a1:a3:fe:b4:95:39:08:52:2a:41:54:a3:32:
f5:0e:79:91:75:31:c5:22:ba:61:93:6c:32:19:9b:d0:53:09:
49:15:36:19:59:d6:55:cc:b1:25:c5:54:59:b2:20:f6:3d:3a:
3a:84:a5:ab:8b:10:ed:74:3b:a8:7a:4a:80:27:1d:43:24:10:
36:dc:28:15:6f:63:07:af:11:ec:ad:94:8a:3d:7e:39:42:3d:
21:2d:b3:10:28:7b:17:fb:30:dc:71:5f:d4:36:b1:bb:d8:7a:
f9:ae:ff:89:2c:8d:fc:7a:71:eb:ce:8a:e0:da:de:d9:e5:80:
94:0b:8a:59
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUBon/+s9drB1KnJxBkdBibdro6qkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGY3NTliNWFmM2RhNmM5ZGYwMzNiMGRlOTk4OTcwYTRl
Nzk2NTVkMDAeFw0yNTExMDcyMDM2NTZaFw0yNTEyMTIyMzU5NTlaMHoxSTBHBgNV
BAUTQDhiOGQxYzk0N2U0YmM2MzAwZjFhZmY1MGYyZTg5YWIwMTQyYTZjYTdjYmEx
ZjRhNWRmZjJlNzI5YmU4MDk2NDYxLTArBgNVBAMTJDk4ZDY3ZGViLWJiNzUtNGU3
Ny1iMWEwLTM2MDE2YjJkNjM1MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMKDbJUlamCoMxbIW29dc1uVUsR9k+X4FnLmUZVeHKs72FTgUojB+/4SXuei
v91pRbVjh/KWk/3lxN/FeN6P6npI/SUW+3KWYVtR1lYzXn8SlhKgv5iQKSZNULdR
d4rVZWsxnoqEIOCxl22Lb2FQ/2PzURg7iqLFZV/UEmn4nytRSNPOCCTTrHx9Ikr+
/AKDVXDShSxbUpPnAT+8ZAJLYxBSWEBC85Kfr5S3k067pjjrAsoCjmys4e2cGWfj
CyQvo6o8WvFMrswftxo0xQOfXpqks9rQSO/mP19HTWFtPSP4u7AGD7T6fAZZXwU5
QRLGpWPWUwuwpG6WABref1BeOb8CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBThrRZD
lHuz1lJV3QlOHm/6YA3B6zAfBgNVHSMEGDAWgBTfdZta89psnfAzsN6ZiXCk55ZV
0DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzMzV2JXdlBh
Ykozd003RGVtWWx3cE9lV1ZkQS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9mZTM3MzdmYi0wOTVkLTQ0NGMtOTJmNC0zZjcyMjFmYjU0NGMv
ZWYyZTFmYjYtZDM2OC00NWRlLTg2NmQtMGUwOWY0OWI1ZWVmLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZmUzNzM3ZmItMDk1ZC00NDRjLTkyZjQtM2Y3MjIxZmI1
NDRjLzBYRTV0WlZ5dUdlYUFfaDctMXFCcDdhWTRTby5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGBCABP8AA
MA0GCSqGSIb3DQEBCwUAA4IBAQAPMYhUf+8k7o1n9cvRc+ER2BO64wmnfRu3IwXm
Akeuhp+Z7KVpbKADV804WAUFsFG5xXOCiWwhU8kk/6Ki8bL8oaeE0AIL5LsTWIUW
Pf9DrJXSZe+BU2OZLjlJBHdPZOMIDr1GLNOzhSU8TD8DPpa44arfev0mqGXS1cHw
ykMWN0jvGKGj/rSVOQhSKkFUozL1DnmRdTHFIrphk2wyGZvQUwlJFTYZWdZVzLEl
xVRZsiD2PTo6hKWrixDtdDuoekqAJx1DJBA23CgVb2MHrxHsrZSKPX45Qj0hLbMQ
KHsX+zDccV/UNrG72Hr5rv+JLI38enHrzorg2t7Z5YCUC4pZ
-----END CERTIFICATE-----
Generated at Tue Nov 11 13:55:04 2025 by rpki-client