Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/1934dc5e-8201-4fe2-b7d5-6bc5fd15f720.roa
File: 1934dc5e-8201-4fe2-b7d5-6bc5fd15f720.roa (raw, json)
Hash identifier: dUMJuBc79k7i52YLGulpJRZxw0pkkv5TQ0tLZr3Q1d0=
Subject key identifier: 9E:BE:34:49:40:9D:F9:D0:9C:E8:41:01:77:DF:C8:86:6A:5A:97:C7
Certificate issuer: /CN=df759b5af3da6c9df033b0de998970a4e79655d0
Certificate serial: 237D232B7840332820FC793D944C8996356D7DD0
Authority key identifier: DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/1934dc5e-8201-4fe2-b7d5-6bc5fd15f720.roa
Signing time: Mon 11 May 2026 01:40:06 +0000
ROA not before: Mon 11 May 2026 01:40:06 +0000
ROA not after: Sun 09 Aug 2026 23:59:59 +0000
asID: 16509
IP address blocks: 2001:3fc3:6000::/36 maxlen: 36
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.mft
rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 13 May 2026 14:18:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
23:7d:23:2b:78:40:33:28:20:fc:79:3d:94:4c:89:96:35:6d:7d:d0
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=df759b5af3da6c9df033b0de998970a4e79655d0
Validity
Not Before: May 11 01:40:06 2026 GMT
Not After : Aug 9 23:59:59 2026 GMT
Subject: serialNumber=fb7d12895f5006478945dac9b80618cf0214c0a0952d13235efe37ad5fbb92d8, CN=98d67deb-bb75-4e77-b1a0-36016b2d6350
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d6:29:d2:94:6b:50:43:af:1d:4d:d5:b7:d1:a2:
00:cd:17:09:ff:c2:24:d0:61:96:c6:0d:2d:15:8b:
27:5b:02:f3:88:dc:21:06:4b:50:7e:a1:dc:80:de:
bf:66:23:a3:19:01:84:a1:c1:c7:7d:83:2c:52:26:
e6:68:e8:47:88:16:27:42:e3:a5:46:0e:e5:1a:4b:
db:5f:10:69:2e:e6:e7:22:de:74:a8:12:94:7c:88:
c8:3e:aa:e2:26:a2:a4:c7:4b:c1:41:74:f7:fc:49:
82:9b:a3:b4:fb:32:12:aa:1d:c1:12:a9:6c:9a:68:
d7:61:c6:ee:3b:c3:aa:f5:10:56:b8:81:e8:d4:13:
07:87:a1:44:08:9b:71:03:8b:5a:e9:85:42:95:b6:
f4:d1:bc:32:73:77:66:54:a5:14:02:a7:18:ee:ed:
1c:75:8a:5d:60:32:5a:5a:47:59:37:8e:60:99:19:
8f:c9:6e:1d:33:76:1a:ab:b2:1f:43:f3:b4:43:46:
cb:a4:62:1e:08:20:09:1d:34:d9:50:b1:37:1f:ee:
97:2e:cc:50:e8:a2:1f:e5:11:6f:15:41:5a:d3:9f:
92:89:e4:8a:8d:6a:3b:ca:60:5b:50:7d:7b:28:50:
09:75:3f:78:7e:02:c8:25:5d:03:34:ee:db:9c:e8:
d6:b7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9E:BE:34:49:40:9D:F9:D0:9C:E8:41:01:77:DF:C8:86:6A:5A:97:C7
X509v3 Authority Key Identifier:
keyid:DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/1934dc5e-8201-4fe2-b7d5-6bc5fd15f720.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:3fc3:6000::/36
Signature Algorithm: sha256WithRSAEncryption
31:22:e2:c0:c6:56:ef:cf:40:87:ae:2d:30:57:bd:a1:b1:e1:
5d:83:fb:c8:95:86:1a:00:a4:8c:2a:01:71:58:20:5b:00:13:
3a:0c:2a:59:48:c0:47:5f:8e:2c:37:03:50:e4:a6:f9:3e:60:
97:73:1a:5a:e5:0a:14:0b:81:cf:7e:23:47:5e:bf:58:21:59:
44:97:01:9b:12:4f:6a:ed:40:80:4b:9b:28:45:8c:50:84:9b:
8a:3c:87:e9:34:2e:ab:df:b2:45:e9:4e:f1:f1:ca:c9:29:63:
c0:50:5a:c2:9f:63:5e:9f:8e:31:f8:50:66:d2:46:fd:0a:b4:
a5:28:cc:19:38:c4:48:e0:da:da:57:fb:ce:01:9f:1a:eb:aa:
f9:d4:b2:5f:b7:7f:1f:1f:7e:1c:83:04:a2:12:89:c5:c3:79:
23:0b:4a:8a:59:bc:4e:c0:4f:81:82:f6:4a:72:84:2f:ed:2a:
f6:55:a5:f5:db:9f:59:fc:fc:0c:3e:5b:66:5e:95:fe:dd:4c:
71:e4:46:3c:61:74:f6:3a:55:7d:3a:50:42:23:04:d0:0a:a0:
e0:ad:9f:42:16:1c:be:78:a7:a0:bc:79:b7:1c:3f:67:54:ef:
f6:a8:7f:71:4e:d6:bb:b3:50:16:8d:c2:a1:db:ed:d9:af:d8:
bf:9e:0c:c1
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUI30jK3hAMygg/Hk9lEyJljVtfdAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGY3NTliNWFmM2RhNmM5ZGYwMzNiMGRlOTk4OTcwYTRl
Nzk2NTVkMDAeFw0yNjA1MTEwMTQwMDZaFw0yNjA4MDkyMzU5NTlaMHoxSTBHBgNV
BAUTQGZiN2QxMjg5NWY1MDA2NDc4OTQ1ZGFjOWI4MDYxOGNmMDIxNGMwYTA5NTJk
MTMyMzVlZmUzN2FkNWZiYjkyZDgxLTArBgNVBAMTJDk4ZDY3ZGViLWJiNzUtNGU3
Ny1iMWEwLTM2MDE2YjJkNjM1MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANYp0pRrUEOvHU3Vt9GiAM0XCf/CJNBhlsYNLRWLJ1sC84jcIQZLUH6h3IDe
v2YjoxkBhKHBx32DLFIm5mjoR4gWJ0LjpUYO5RpL218QaS7m5yLedKgSlHyIyD6q
4iaipMdLwUF09/xJgpujtPsyEqodwRKpbJpo12HG7jvDqvUQVriB6NQTB4ehRAib
cQOLWumFQpW29NG8MnN3ZlSlFAKnGO7tHHWKXWAyWlpHWTeOYJkZj8luHTN2Gquy
H0PztENGy6RiHgggCR002VCxNx/uly7MUOiiH+URbxVBWtOfkonkio1qO8pgW1B9
eyhQCXU/eH4CyCVdAzTu25zo1rcCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBSevjRJ
QJ350JzoQQF338iGalqXxzAfBgNVHSMEGDAWgBTfdZta89psnfAzsN6ZiXCk55ZV
0DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzMzV2JXdlBh
Ykozd003RGVtWWx3cE9lV1ZkQS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9mZTM3MzdmYi0wOTVkLTQ0NGMtOTJmNC0zZjcyMjFmYjU0NGMv
MTkzNGRjNWUtODIwMS00ZmUyLWI3ZDUtNmJjNWZkMTVmNzIwLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZmUzNzM3ZmItMDk1ZC00NDRjLTkyZjQtM2Y3MjIxZmI1
NDRjLzBYRTV0WlZ5dUdlYUFfaDctMXFCcDdhWTRTby5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGBCABP8Ng
MA0GCSqGSIb3DQEBCwUAA4IBAQAxIuLAxlbvz0CHri0wV72hseFdg/vIlYYaAKSM
KgFxWCBbABM6DCpZSMBHX44sNwNQ5Kb5PmCXcxpa5QoUC4HPfiNHXr9YIVlElwGb
Ek9q7UCAS5soRYxQhJuKPIfpNC6r37JF6U7x8crJKWPAUFrCn2Nen44x+FBm0kb9
CrSlKMwZOMRI4NraV/vOAZ8a66r51LJft38fH34cgwSiEonFw3kjC0qKWbxOwE+B
gvZKcoQv7Sr2VaX1259Z/PwMPltmXpX+3Uxx5EY8YXT2OlV9OlBCIwTQCqDgrZ9C
Fhy+eKegvHm3HD9nVO/2qH9xTta7s1AWjcKh2+3Zr9i/ngzB
-----END CERTIFICATE-----
Generated at Tue May 12 22:22:47 2026 by rpki-client