Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/2641e322-b5af-4c2e-a319-933fc59a77ac.roa
File: 2641e322-b5af-4c2e-a319-933fc59a77ac.roa (raw, json)
Hash identifier: AxW3ToecuL4b7sFRAAEyTzVUITFfPFYo6B5Dj2NQ8UI=
Subject key identifier: 0D:D4:36:77:22:45:A6:53:9C:21:06:36:F3:63:C3:C0:A2:C7:6F:ED
Certificate issuer: /CN=df759b5af3da6c9df033b0de998970a4e79655d0
Certificate serial: 223ECFDB2DC4EC8BD846206FD299C82E53C138FD
Authority key identifier: DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/2641e322-b5af-4c2e-a319-933fc59a77ac.roa
Signing time: Wed 06 May 2026 20:32:13 +0000
ROA not before: Wed 06 May 2026 20:32:13 +0000
ROA not after: Tue 04 Aug 2026 23:59:59 +0000
asID: 16509
IP address blocks: 2001:3fc5:1080::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.mft
rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 13 May 2026 14:18:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
22:3e:cf:db:2d:c4:ec:8b:d8:46:20:6f:d2:99:c8:2e:53:c1:38:fd
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=df759b5af3da6c9df033b0de998970a4e79655d0
Validity
Not Before: May 6 20:32:13 2026 GMT
Not After : Aug 4 23:59:59 2026 GMT
Subject: serialNumber=be910037e87ee3023ec168550644bb33b9019e56798027f6a4ac59b69dffeae8, CN=98d67deb-bb75-4e77-b1a0-36016b2d6350
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bd:fb:d2:d6:b0:92:9d:02:14:f6:db:d2:5c:e5:
3a:cd:44:78:e3:23:3e:ed:c5:d7:c7:87:f4:51:34:
6b:a2:20:5f:ec:5c:08:3b:b4:9d:c7:56:76:f5:28:
45:6f:87:2c:11:69:5b:fc:2b:43:af:42:1f:ac:39:
8a:7c:ea:ab:83:76:31:e6:41:85:b5:97:9e:78:99:
0e:25:da:19:79:03:5f:8d:f9:33:63:12:d1:cf:56:
ae:13:bd:45:9c:d2:cd:f5:02:a8:1a:97:73:b9:74:
9c:b2:71:71:9e:b7:f3:29:7b:64:83:f9:5f:cd:db:
e3:e3:d0:9c:c5:32:74:3d:89:b3:e8:f1:08:13:be:
3a:91:94:07:c9:95:01:96:43:82:42:2f:03:25:48:
b4:be:08:e8:6d:48:50:a3:90:88:28:5e:05:92:43:
7c:12:f7:63:ba:5f:9d:6b:7f:ec:5c:a7:cf:73:b9:
01:a6:4d:41:c5:d2:70:8d:f1:e3:78:a9:b4:2f:d4:
f4:c5:55:61:2a:d7:4d:08:0f:9f:8d:c1:aa:66:9e:
9b:6b:0f:75:b0:d9:d3:04:af:18:2f:c4:57:72:db:
88:2a:39:69:3e:6c:d6:f5:3e:9b:6b:48:af:bf:5b:
70:49:98:30:c8:c4:3f:2b:3c:a8:6d:61:0c:29:1a:
72:fb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0D:D4:36:77:22:45:A6:53:9C:21:06:36:F3:63:C3:C0:A2:C7:6F:ED
X509v3 Authority Key Identifier:
keyid:DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/2641e322-b5af-4c2e-a319-933fc59a77ac.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:3fc5:1080::/48
Signature Algorithm: sha256WithRSAEncryption
7e:f2:ca:74:e2:dd:f0:52:dd:f3:cc:4d:41:72:19:3f:7f:e7:
b5:19:4f:3e:2c:34:1f:21:b4:cd:10:71:44:ad:4a:e1:32:f9:
fa:83:f7:8f:ac:5d:27:fc:77:8e:7d:4e:e0:6d:94:3a:a8:07:
ac:f0:78:21:69:3a:be:64:06:6d:68:ef:cb:4b:22:4d:4d:46:
66:25:cb:0b:4e:81:82:9a:bd:05:8e:10:f5:85:d3:42:a9:d8:
58:40:55:71:bb:e8:18:82:11:dd:2b:23:91:78:c5:42:86:3b:
97:92:18:3e:f3:c6:7b:a9:4a:5b:8e:26:ef:1b:5a:bb:4e:2e:
4e:4c:43:58:9b:a2:07:00:25:ae:49:45:eb:1b:da:02:79:16:
75:76:c1:d8:33:fb:8b:37:7e:4b:0b:8f:67:ed:0c:2d:42:7b:
b1:14:d9:f5:d9:f3:f3:52:e7:a6:9b:2a:70:a3:ba:36:e1:02:
61:58:c0:f1:f1:19:ad:cf:1e:17:be:a3:f2:c3:e1:83:1f:1f:
13:5d:21:84:b9:54:5d:31:e2:d0:db:b2:be:a3:2c:9b:43:f1:
e7:2f:b0:f6:7a:4f:fc:e7:e9:23:64:e6:94:62:17:56:aa:1d:
a4:30:04:b9:2e:2a:29:d7:00:d0:32:4e:87:ec:04:1f:7a:a6:
54:08:ce:3a
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUIj7P2y3E7IvYRiBv0pnILlPBOP0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGY3NTliNWFmM2RhNmM5ZGYwMzNiMGRlOTk4OTcwYTRl
Nzk2NTVkMDAeFw0yNjA1MDYyMDMyMTNaFw0yNjA4MDQyMzU5NTlaMHoxSTBHBgNV
BAUTQGJlOTEwMDM3ZTg3ZWUzMDIzZWMxNjg1NTA2NDRiYjMzYjkwMTllNTY3OTgw
MjdmNmE0YWM1OWI2OWRmZmVhZTgxLTArBgNVBAMTJDk4ZDY3ZGViLWJiNzUtNGU3
Ny1iMWEwLTM2MDE2YjJkNjM1MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAL370tawkp0CFPbb0lzlOs1EeOMjPu3F18eH9FE0a6IgX+xcCDu0ncdWdvUo
RW+HLBFpW/wrQ69CH6w5inzqq4N2MeZBhbWXnniZDiXaGXkDX435M2MS0c9WrhO9
RZzSzfUCqBqXc7l0nLJxcZ638yl7ZIP5X83b4+PQnMUydD2Js+jxCBO+OpGUB8mV
AZZDgkIvAyVItL4I6G1IUKOQiCheBZJDfBL3Y7pfnWt/7Fynz3O5AaZNQcXScI3x
43iptC/U9MVVYSrXTQgPn43Bqmaem2sPdbDZ0wSvGC/EV3LbiCo5aT5s1vU+m2tI
r79bcEmYMMjEPys8qG1hDCkacvsCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBQN1DZ3
IkWmU5whBjbzY8PAosdv7TAfBgNVHSMEGDAWgBTfdZta89psnfAzsN6ZiXCk55ZV
0DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzMzV2JXdlBh
Ykozd003RGVtWWx3cE9lV1ZkQS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9mZTM3MzdmYi0wOTVkLTQ0NGMtOTJmNC0zZjcyMjFmYjU0NGMv
MjY0MWUzMjItYjVhZi00YzJlLWEzMTktOTMzZmM1OWE3N2FjLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZmUzNzM3ZmItMDk1ZC00NDRjLTkyZjQtM2Y3MjIxZmI1
NDRjLzBYRTV0WlZ5dUdlYUFfaDctMXFCcDdhWTRTby5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACABP8UQ
gDANBgkqhkiG9w0BAQsFAAOCAQEAfvLKdOLd8FLd88xNQXIZP3/ntRlPPiw0HyG0
zRBxRK1K4TL5+oP3j6xdJ/x3jn1O4G2UOqgHrPB4IWk6vmQGbWjvy0siTU1GZiXL
C06Bgpq9BY4Q9YXTQqnYWEBVcbvoGIIR3SsjkXjFQoY7l5IYPvPGe6lKW44m7xta
u04uTkxDWJuiBwAlrklF6xvaAnkWdXbB2DP7izd+SwuPZ+0MLUJ7sRTZ9dnz81Ln
ppsqcKO6NuECYVjA8fEZrc8eF76j8sPhgx8fE10hhLlUXTHi0NuyvqMsm0Px5y+w
9npP/OfpI2TmlGIXVqodpDAEuS4qKdcA0DJOh+wEH3qmVAjOOg==
-----END CERTIFICATE-----
Generated at Tue May 12 21:53:48 2026 by rpki-client