Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/ef7cb92c-ab72-4979-b259-a331d41e87f8.roa
File: ef7cb92c-ab72-4979-b259-a331d41e87f8.roa (raw, json)
Hash identifier: JcRi+RxRkwRFb1OF2AjVQtzldMyv3FCKOXrY3j3eJLg=
Subject key identifier: 2D:E5:76:8B:58:C9:DE:91:D4:B4:47:23:2A:03:3A:8F:A3:1D:B0:B1
Certificate issuer: /CN=df759b5af3da6c9df033b0de998970a4e79655d0
Certificate serial: 1F54622824DA8142E8D3E80CC41820B7907F00A5
Authority key identifier: DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/ef7cb92c-ab72-4979-b259-a331d41e87f8.roa
Signing time: Fri 07 Nov 2025 20:38:19 +0000
ROA not before: Fri 07 Nov 2025 20:38:19 +0000
ROA not after: Fri 12 Dec 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2001:3fc2::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.mft
rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 12 Nov 2025 09:00:37 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
1f:54:62:28:24:da:81:42:e8:d3:e8:0c:c4:18:20:b7:90:7f:00:a5
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=df759b5af3da6c9df033b0de998970a4e79655d0
Validity
Not Before: Nov 7 20:38:19 2025 GMT
Not After : Dec 12 23:59:59 2025 GMT
Subject: serialNumber=3e3398b2686f165b43d4afc5c2bd09dcbd3aa00880b8248496b883d576762b4e, CN=98d67deb-bb75-4e77-b1a0-36016b2d6350
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ed:5b:be:9d:07:1c:a8:92:4f:6e:9c:3c:86:76:
5f:98:6d:53:f8:f7:c2:e3:82:e0:c4:ec:ba:fe:bb:
48:39:c7:ef:ea:1f:5c:d6:a9:7a:63:38:61:f5:8b:
f5:75:07:13:60:47:4d:16:e2:13:65:48:98:c8:83:
14:1d:1c:d0:28:df:a8:b2:20:80:a3:92:45:05:53:
06:14:f7:fa:d9:36:ea:93:10:b8:7c:31:82:60:b1:
34:08:0b:89:3f:fd:87:9d:a2:0c:6b:a1:97:d1:63:
c5:63:4a:e0:cc:82:0e:a5:39:d9:22:2a:52:86:dd:
de:90:42:dd:f3:da:25:3c:1a:06:47:38:4f:83:a0:
f7:8f:50:05:4e:7b:5a:a0:82:b1:52:90:6f:7f:1e:
4f:d1:e1:b2:a4:46:cd:4b:14:85:d4:6a:d2:4d:da:
d5:c7:10:4d:e8:72:d4:b9:10:d2:13:29:dd:23:69:
30:d3:76:ed:cd:2c:57:b9:47:b4:76:43:01:ec:47:
a8:1f:88:82:18:0f:7f:08:bb:1b:d3:29:20:74:60:
19:4c:6a:88:ca:6a:6b:57:b2:20:b9:af:43:cf:a9:
c0:0d:ea:df:0f:64:e7:9f:3b:95:2e:1b:86:c9:4b:
10:d2:98:0c:a3:d6:6c:57:cb:5e:d9:9b:42:52:5b:
8d:b3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2D:E5:76:8B:58:C9:DE:91:D4:B4:47:23:2A:03:3A:8F:A3:1D:B0:B1
X509v3 Authority Key Identifier:
keyid:DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/ef7cb92c-ab72-4979-b259-a331d41e87f8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:3fc2::/32
Signature Algorithm: sha256WithRSAEncryption
56:84:2d:dd:e3:3f:0c:d2:d0:26:74:b3:ad:87:4c:ad:32:a1:
9e:44:04:f8:0f:4c:73:e6:ff:f6:54:62:18:ce:25:36:19:0d:
aa:70:56:4b:86:06:a5:67:5c:63:7c:47:f5:75:6d:24:a3:15:
a5:ad:66:dc:67:a1:2a:76:dd:f5:a3:da:3c:38:f2:80:ab:48:
a0:b1:4e:12:a5:52:f7:33:cf:e9:bc:1b:84:81:dd:ae:00:0d:
55:87:80:b7:46:ba:e8:bd:50:20:31:14:28:d7:90:82:51:51:
3e:ae:f3:3d:35:5d:b1:25:7f:58:2f:31:3d:a4:f9:bc:fd:7b:
31:72:82:c1:98:05:f3:f8:d5:ed:b0:d6:ba:b6:61:5b:df:e7:
07:65:05:b3:4d:3c:55:7c:f3:39:bc:c7:3a:cb:1d:25:26:d6:
b3:37:08:91:91:c1:e3:ea:92:65:c3:d1:f3:07:76:4f:b6:dd:
bf:37:78:66:c5:33:1f:47:7c:6d:5a:ee:6c:16:c4:e6:3a:8e:
c5:8f:d4:10:3f:dc:a5:b0:86:ad:67:d2:29:8a:8f:ac:d5:e0:
4f:a1:55:f6:a8:ed:98:ca:5e:43:11:7e:be:f3:aa:39:07:2f:
90:20:dc:23:01:d4:a3:9c:44:60:09:ba:ed:21:b6:23:bb:6d:
89:aa:d8:32
-----BEGIN CERTIFICATE-----
MIIFXzCCBEegAwIBAgIUH1RiKCTagULo0+gMxBggt5B/AKUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGY3NTliNWFmM2RhNmM5ZGYwMzNiMGRlOTk4OTcwYTRl
Nzk2NTVkMDAeFw0yNTExMDcyMDM4MTlaFw0yNTEyMTIyMzU5NTlaMHoxSTBHBgNV
BAUTQDNlMzM5OGIyNjg2ZjE2NWI0M2Q0YWZjNWMyYmQwOWRjYmQzYWEwMDg4MGI4
MjQ4NDk2Yjg4M2Q1NzY3NjJiNGUxLTArBgNVBAMTJDk4ZDY3ZGViLWJiNzUtNGU3
Ny1iMWEwLTM2MDE2YjJkNjM1MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAO1bvp0HHKiST26cPIZ2X5htU/j3wuOC4MTsuv67SDnH7+ofXNapemM4YfWL
9XUHE2BHTRbiE2VImMiDFB0c0CjfqLIggKOSRQVTBhT3+tk26pMQuHwxgmCxNAgL
iT/9h52iDGuhl9FjxWNK4MyCDqU52SIqUobd3pBC3fPaJTwaBkc4T4Og949QBU57
WqCCsVKQb38eT9HhsqRGzUsUhdRq0k3a1ccQTehy1LkQ0hMp3SNpMNN27c0sV7lH
tHZDAexHqB+IghgPfwi7G9MpIHRgGUxqiMpqa1eyILmvQ8+pwA3q3w9k5587lS4b
hslLENKYDKPWbFfLXtmbQlJbjbMCAwEAAaOCAiIwggIeMB0GA1UdDgQWBBQt5XaL
WMnekdS0RyMqAzqPox2wsTAfBgNVHSMEGDAWgBTfdZta89psnfAzsN6ZiXCk55ZV
0DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzMzV2JXdlBh
Ykozd003RGVtWWx3cE9lV1ZkQS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9mZTM3MzdmYi0wOTVkLTQ0NGMtOTJmNC0zZjcyMjFmYjU0NGMv
ZWY3Y2I5MmMtYWI3Mi00OTc5LWIyNTktYTMzMWQ0MWU4N2Y4LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZmUzNzM3ZmItMDk1ZC00NDRjLTkyZjQtM2Y3MjIxZmI1
NDRjLzBYRTV0WlZ5dUdlYUFfaDctMXFCcDdhWTRTby5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACABP8Iw
DQYJKoZIhvcNAQELBQADggEBAFaELd3jPwzS0CZ0s62HTK0yoZ5EBPgPTHPm//ZU
YhjOJTYZDapwVkuGBqVnXGN8R/V1bSSjFaWtZtxnoSp23fWj2jw48oCrSKCxThKl
Uvczz+m8G4SB3a4ADVWHgLdGuui9UCAxFCjXkIJRUT6u8z01XbElf1gvMT2k+bz9
ezFygsGYBfP41e2w1rq2YVvf5wdlBbNNPFV88zm8xzrLHSUm1rM3CJGRwePqkmXD
0fMHdk+23b83eGbFMx9HfG1a7mwWxOY6jsWP1BA/3KWwhq1n0imKj6zV4E+hVfao
7ZjKXkMRfr7zqjkHL5Ag3CMB1KOcRGAJuu0htiO7bYmq2DI=
-----END CERTIFICATE-----
Generated at Tue Nov 11 13:55:05 2025 by rpki-client