Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/1eb0687e-b90a-4da4-a523-dc06e2dd8c1d.roa
File: 1eb0687e-b90a-4da4-a523-dc06e2dd8c1d.roa (raw, json)
Hash identifier: o0unihSwipQfj11mameVyTaGVWjWjMG9IceL605T390=
Subject key identifier: 57:7C:C8:59:DD:00:39:69:E1:36:43:97:7E:CE:8A:7F:18:4D:92:E2
Certificate issuer: /CN=df759b5af3da6c9df033b0de998970a4e79655d0
Certificate serial: 2B27A652EC0BAB40E0DB12D377C4DB5C90869483
Authority key identifier: DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/1eb0687e-b90a-4da4-a523-dc06e2dd8c1d.roa
Signing time: Mon 11 May 2026 01:30:11 +0000
ROA not before: Mon 11 May 2026 01:30:11 +0000
ROA not after: Sun 09 Aug 2026 23:59:59 +0000
asID: 16509
IP address blocks: 2001:3fc6:8::/47 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.mft
rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 13 May 2026 14:18:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
2b:27:a6:52:ec:0b:ab:40:e0:db:12:d3:77:c4:db:5c:90:86:94:83
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=df759b5af3da6c9df033b0de998970a4e79655d0
Validity
Not Before: May 11 01:30:11 2026 GMT
Not After : Aug 9 23:59:59 2026 GMT
Subject: serialNumber=42641ea99952c0a22a92af07fce8224389f623cf65af7d2c36debfb2fd19e614, CN=98d67deb-bb75-4e77-b1a0-36016b2d6350
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e8:bb:68:b6:dd:dc:94:df:f4:7b:14:88:8b:f0:
87:fa:3e:8d:ff:91:ef:3f:80:cf:88:5d:87:ea:d8:
b5:a6:3f:e7:8a:1e:45:e6:b3:35:f1:50:52:e5:67:
10:06:4f:87:22:3c:87:b8:c4:8a:99:dd:77:44:68:
4a:a6:e7:f7:9b:0d:c2:30:51:55:ee:0d:d6:d5:a6:
c0:5d:a0:a2:b3:b7:6a:8f:b2:b4:8e:86:cc:4b:c0:
fc:52:b4:f2:87:e9:a6:f6:d3:af:49:71:c0:0e:07:
2d:bf:fb:81:9a:0c:23:57:ee:d1:fa:7f:2e:ff:ee:
2f:47:af:8d:2f:bf:30:71:f0:91:ce:38:97:e0:15:
34:5c:2a:9c:36:d6:ab:9a:66:28:2c:8a:99:77:c1:
62:b1:1e:02:ee:c9:01:93:af:08:7e:ae:12:9a:f8:
7f:e2:d4:30:e1:fc:19:35:44:11:fe:70:aa:19:98:
98:83:19:39:ff:97:b8:7e:5c:99:d0:08:8c:76:1a:
4d:b4:0c:e4:9a:be:b4:89:8e:39:5d:34:6c:da:df:
2e:c0:65:6d:a1:0b:9d:00:1a:b4:84:98:e7:20:10:
53:60:72:bc:ea:37:97:ac:b8:91:ed:f5:bc:78:15:
a3:95:d1:3b:9c:07:bd:a3:b8:fb:91:d7:eb:a8:36:
54:75
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
57:7C:C8:59:DD:00:39:69:E1:36:43:97:7E:CE:8A:7F:18:4D:92:E2
X509v3 Authority Key Identifier:
keyid:DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/1eb0687e-b90a-4da4-a523-dc06e2dd8c1d.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:3fc6:8::/47
Signature Algorithm: sha256WithRSAEncryption
07:bd:cc:99:aa:59:fe:69:24:13:5b:39:a2:93:4f:86:bf:b0:
5e:b8:bf:33:72:29:7d:d6:a7:3f:2b:2b:2a:4d:0b:a7:f4:63:
0c:0e:21:92:ff:26:67:10:90:9d:62:be:35:33:ba:97:60:85:
e6:9d:45:d1:12:ef:d8:1a:c7:dc:e5:e5:ba:fe:51:1d:40:08:
34:48:7d:8f:94:3d:70:96:cf:97:5a:d3:74:ef:f7:06:96:83:
6e:c0:81:3d:d7:83:ab:c0:48:c4:6f:39:e8:f8:3e:62:c4:a4:
8d:17:d1:06:cf:70:a6:87:40:b4:07:75:65:7f:d4:84:77:0c:
fc:4c:66:78:00:a1:d7:1d:17:c8:00:44:43:4e:82:2c:a1:26:
ab:06:f6:b6:cb:ef:69:a6:20:47:e2:cc:d3:a1:9f:57:78:96:
09:43:d0:f5:d9:11:a8:3b:30:e0:25:73:a3:11:b8:5e:05:2d:
15:ac:45:d0:15:67:4c:38:7b:52:2b:41:03:84:51:e4:69:87:
2a:ac:e7:ad:98:aa:77:cb:95:b4:f0:60:80:b1:73:0f:3f:ce:
b9:0f:2e:59:71:f4:ee:47:97:35:e5:54:8d:3a:ef:b9:9a:ee:
47:47:bc:bb:50:a2:f7:83:2d:3d:72:6c:00:e6:05:a3:f1:09:
ce:df:18:1d
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUKyemUuwLq0Dg2xLTd8TbXJCGlIMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGY3NTliNWFmM2RhNmM5ZGYwMzNiMGRlOTk4OTcwYTRl
Nzk2NTVkMDAeFw0yNjA1MTEwMTMwMTFaFw0yNjA4MDkyMzU5NTlaMHoxSTBHBgNV
BAUTQDQyNjQxZWE5OTk1MmMwYTIyYTkyYWYwN2ZjZTgyMjQzODlmNjIzY2Y2NWFm
N2QyYzM2ZGViZmIyZmQxOWU2MTQxLTArBgNVBAMTJDk4ZDY3ZGViLWJiNzUtNGU3
Ny1iMWEwLTM2MDE2YjJkNjM1MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAOi7aLbd3JTf9HsUiIvwh/o+jf+R7z+Az4hdh+rYtaY/54oeReazNfFQUuVn
EAZPhyI8h7jEipndd0RoSqbn95sNwjBRVe4N1tWmwF2gorO3ao+ytI6GzEvA/FK0
8ofppvbTr0lxwA4HLb/7gZoMI1fu0fp/Lv/uL0evjS+/MHHwkc44l+AVNFwqnDbW
q5pmKCyKmXfBYrEeAu7JAZOvCH6uEpr4f+LUMOH8GTVEEf5wqhmYmIMZOf+XuH5c
mdAIjHYaTbQM5Jq+tImOOV00bNrfLsBlbaELnQAatISY5yAQU2ByvOo3l6y4ke31
vHgVo5XRO5wHvaO4+5HX66g2VHUCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBRXfMhZ
3QA5aeE2Q5d+zop/GE2S4jAfBgNVHSMEGDAWgBTfdZta89psnfAzsN6ZiXCk55ZV
0DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzMzV2JXdlBh
Ykozd003RGVtWWx3cE9lV1ZkQS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9mZTM3MzdmYi0wOTVkLTQ0NGMtOTJmNC0zZjcyMjFmYjU0NGMv
MWViMDY4N2UtYjkwYS00ZGE0LWE1MjMtZGMwNmUyZGQ4YzFkLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZmUzNzM3ZmItMDk1ZC00NDRjLTkyZjQtM2Y3MjIxZmI1
NDRjLzBYRTV0WlZ5dUdlYUFfaDctMXFCcDdhWTRTby5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHASABP8YA
CDANBgkqhkiG9w0BAQsFAAOCAQEAB73MmapZ/mkkE1s5opNPhr+wXri/M3Ipfdan
PysrKk0Lp/RjDA4hkv8mZxCQnWK+NTO6l2CF5p1F0RLv2BrH3OXluv5RHUAINEh9
j5Q9cJbPl1rTdO/3BpaDbsCBPdeDq8BIxG856Pg+YsSkjRfRBs9wpodAtAd1ZX/U
hHcM/ExmeACh1x0XyABEQ06CLKEmqwb2tsvvaaYgR+LM06GfV3iWCUPQ9dkRqDsw
4CVzoxG4XgUtFaxF0BVnTDh7UitBA4RR5GmHKqznrZiqd8uVtPBggLFzDz/OuQ8u
WXH07keXNeVUjTrvuZruR0e8u1Ci94MtPXJsAOYFo/EJzt8YHQ==
-----END CERTIFICATE-----
Generated at Tue May 12 22:22:53 2026 by rpki-client