Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/1da9e970-b050-44d0-83e9-f0e83f98a196.roa
File: 1da9e970-b050-44d0-83e9-f0e83f98a196.roa (raw, json)
Hash identifier: 4xGMbEmN8b2ydors/iabQVS7wDxD22DdQY5k/14rpc0=
Subject key identifier: 8D:01:9E:72:C8:A8:41:3D:7F:3F:7F:D4:80:EE:A4:BD:11:A5:9A:7A
Certificate issuer: /CN=df759b5af3da6c9df033b0de998970a4e79655d0
Certificate serial: 2471C6961EB607FC9457BA2F15ED17D690F38135
Authority key identifier: DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/1da9e970-b050-44d0-83e9-f0e83f98a196.roa
Signing time: Mon 11 May 2026 01:30:14 +0000
ROA not before: Mon 11 May 2026 01:30:14 +0000
ROA not after: Sun 09 Aug 2026 23:59:59 +0000
asID: 14618
IP address blocks: 2001:3fc4::/36 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.mft
rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 13 May 2026 14:18:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
24:71:c6:96:1e:b6:07:fc:94:57:ba:2f:15:ed:17:d6:90:f3:81:35
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=df759b5af3da6c9df033b0de998970a4e79655d0
Validity
Not Before: May 11 01:30:14 2026 GMT
Not After : Aug 9 23:59:59 2026 GMT
Subject: serialNumber=989a71aaa765029cc3af4a0e6e2c8181fc09c8f1905e2a2c0612bc87c2c87dd1, CN=98d67deb-bb75-4e77-b1a0-36016b2d6350
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ce:20:b9:74:9d:70:8b:d9:8e:69:8d:b1:a2:ee:
ac:6e:b3:56:55:ec:1a:ac:a8:24:6a:2e:80:c7:8c:
c9:2d:71:17:8f:e9:af:90:39:f7:6f:3c:e9:d3:c4:
2d:0e:04:60:e1:8e:82:32:9b:f9:26:a4:fe:af:9d:
6a:82:79:f9:4a:ea:3e:40:3e:ba:d6:e2:25:04:be:
c0:1d:17:d0:1c:a9:48:e0:54:83:51:28:e7:d3:7a:
88:ba:bc:3a:ea:f7:e6:5c:32:44:b2:52:39:a1:d5:
33:69:c7:bc:ba:01:ac:7a:31:58:ea:c7:09:0c:24:
56:28:d1:74:49:48:a0:63:f6:34:76:55:b8:d5:dc:
52:2a:2a:7b:b1:08:84:6b:c4:7a:87:c3:12:55:dd:
d7:cd:8d:c0:07:5e:72:61:e0:f5:ce:4b:85:38:1c:
6d:16:4e:ff:20:b0:8a:26:65:df:21:14:d6:a1:32:
5c:95:17:c7:52:72:2a:ac:9a:62:f4:51:b7:f0:b5:
88:89:a3:2d:92:85:d0:de:93:50:52:9f:76:cc:7d:
4d:a8:b3:01:60:30:5b:b5:fd:ca:c8:a0:1c:5d:d4:
0d:2b:9b:5f:18:43:97:f1:40:ef:3b:e2:f5:d9:d6:
41:a8:5c:ba:3a:b7:91:13:37:84:e4:6c:e4:e7:e9:
0c:ab
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8D:01:9E:72:C8:A8:41:3D:7F:3F:7F:D4:80:EE:A4:BD:11:A5:9A:7A
X509v3 Authority Key Identifier:
keyid:DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/1da9e970-b050-44d0-83e9-f0e83f98a196.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:3fc4::/36
Signature Algorithm: sha256WithRSAEncryption
82:ad:37:b8:f9:af:6f:80:e2:ed:81:d7:df:76:f3:82:bb:a6:
16:99:8a:69:4d:a7:09:0b:8e:95:95:9d:28:83:3f:07:cf:46:
cc:ae:2b:f9:6d:59:8d:8f:77:98:76:ea:06:f0:e1:e3:f9:fc:
00:1c:49:48:3a:ad:29:0c:87:5a:da:0b:a2:8d:4d:75:4e:a3:
c7:e6:e6:62:16:11:c6:9e:41:75:23:19:cb:d1:94:05:14:90:
77:ef:57:86:4f:b1:3a:36:30:e8:06:a1:9a:7f:f7:5d:f6:73:
31:89:aa:f3:77:ea:a3:2c:d2:06:4d:7e:f2:69:e9:c5:4a:5e:
eb:9a:8f:83:1e:73:44:25:48:19:11:18:3d:5b:62:e3:db:fa:
7f:55:c9:5e:81:3f:93:0a:3b:2e:fb:57:a0:19:47:04:eb:59:
bf:20:e5:b7:82:3e:d4:f9:e4:6b:b9:8d:f5:75:15:af:ba:0e:
2e:55:51:1d:ac:6d:17:28:ee:f2:1c:2a:59:e3:5c:a7:8c:d5:
99:83:a7:7e:79:8a:71:59:c1:69:bf:4c:bd:40:14:b3:a5:f9:
52:61:a7:18:de:ee:0e:12:47:18:8a:81:c9:a9:50:f8:5b:47:
c1:3f:8e:c2:c8:60:4a:6e:b2:ca:dc:69:09:2d:ea:bf:99:32:
b8:9e:10:91
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUJHHGlh62B/yUV7ovFe0X1pDzgTUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGY3NTliNWFmM2RhNmM5ZGYwMzNiMGRlOTk4OTcwYTRl
Nzk2NTVkMDAeFw0yNjA1MTEwMTMwMTRaFw0yNjA4MDkyMzU5NTlaMHoxSTBHBgNV
BAUTQDk4OWE3MWFhYTc2NTAyOWNjM2FmNGEwZTZlMmM4MTgxZmMwOWM4ZjE5MDVl
MmEyYzA2MTJiYzg3YzJjODdkZDExLTArBgNVBAMTJDk4ZDY3ZGViLWJiNzUtNGU3
Ny1iMWEwLTM2MDE2YjJkNjM1MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAM4guXSdcIvZjmmNsaLurG6zVlXsGqyoJGougMeMyS1xF4/pr5A592886dPE
LQ4EYOGOgjKb+Sak/q+daoJ5+UrqPkA+utbiJQS+wB0X0BypSOBUg1Eo59N6iLq8
Our35lwyRLJSOaHVM2nHvLoBrHoxWOrHCQwkVijRdElIoGP2NHZVuNXcUioqe7EI
hGvEeofDElXd182NwAdecmHg9c5LhTgcbRZO/yCwiiZl3yEU1qEyXJUXx1JyKqya
YvRRt/C1iImjLZKF0N6TUFKfdsx9TaizAWAwW7X9ysigHF3UDSubXxhDl/FA7zvi
9dnWQahcujq3kRM3hORs5OfpDKsCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBSNAZ5y
yKhBPX8/f9SA7qS9EaWaejAfBgNVHSMEGDAWgBTfdZta89psnfAzsN6ZiXCk55ZV
0DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzMzV2JXdlBh
Ykozd003RGVtWWx3cE9lV1ZkQS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9mZTM3MzdmYi0wOTVkLTQ0NGMtOTJmNC0zZjcyMjFmYjU0NGMv
MWRhOWU5NzAtYjA1MC00NGQwLTgzZTktZjBlODNmOThhMTk2LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZmUzNzM3ZmItMDk1ZC00NDRjLTkyZjQtM2Y3MjIxZmI1
NDRjLzBYRTV0WlZ5dUdlYUFfaDctMXFCcDdhWTRTby5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGBCABP8QA
MA0GCSqGSIb3DQEBCwUAA4IBAQCCrTe4+a9vgOLtgdffdvOCu6YWmYppTacJC46V
lZ0ogz8Hz0bMriv5bVmNj3eYduoG8OHj+fwAHElIOq0pDIda2guijU11TqPH5uZi
FhHGnkF1IxnL0ZQFFJB371eGT7E6NjDoBqGaf/dd9nMxiarzd+qjLNIGTX7yaenF
Sl7rmo+DHnNEJUgZERg9W2Lj2/p/VclegT+TCjsu+1egGUcE61m/IOW3gj7U+eRr
uY31dRWvug4uVVEdrG0XKO7yHCpZ41ynjNWZg6d+eYpxWcFpv0y9QBSzpflSYacY
3u4OEkcYioHJqVD4W0fBP47CyGBKbrLK3GkJLeq/mTK4nhCR
-----END CERTIFICATE-----
Generated at Tue May 12 22:15:02 2026 by rpki-client