Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/2a407bd1-1674-49d7-8265-4aa9aa99f947.roa
File: 2a407bd1-1674-49d7-8265-4aa9aa99f947.roa (raw, json)
Hash identifier: MflB6j0H9zpjKYImJOKkY1UiGjtz061Fz2vfxpLFSkQ=
Subject key identifier: 88:3B:85:DE:5A:C5:D9:96:95:35:5D:59:20:A4:96:90:10:AA:80:DB
Certificate issuer: /CN=df759b5af3da6c9df033b0de998970a4e79655d0
Certificate serial: 4927AA3DB1D2249397A40F029E557E04BCE56434
Authority key identifier: DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/2a407bd1-1674-49d7-8265-4aa9aa99f947.roa
Signing time: Mon 11 May 2026 01:30:09 +0000
ROA not before: Mon 11 May 2026 01:30:09 +0000
ROA not after: Sun 09 Aug 2026 23:59:59 +0000
asID: 16509
IP address blocks: 2001:3fc5:9000::/36 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.mft
rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 13 May 2026 14:18:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
49:27:aa:3d:b1:d2:24:93:97:a4:0f:02:9e:55:7e:04:bc:e5:64:34
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=df759b5af3da6c9df033b0de998970a4e79655d0
Validity
Not Before: May 11 01:30:09 2026 GMT
Not After : Aug 9 23:59:59 2026 GMT
Subject: serialNumber=f7f651d10694233ae7c1a569267b75c8dd010a1d44d6a29468cf087a447d1886, CN=98d67deb-bb75-4e77-b1a0-36016b2d6350
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9a:41:81:72:9a:7c:4a:14:5a:f1:4e:17:09:12:
1b:f0:f4:13:cd:78:51:73:6c:fc:39:59:7d:a3:a1:
c2:3f:c7:88:0a:a1:4b:71:40:ba:9e:26:2c:fe:f4:
ae:ab:38:14:55:7c:53:f1:16:ef:b3:8d:14:c7:fa:
18:5b:6e:37:89:9c:d2:71:2f:a0:0a:d2:32:ed:0a:
93:a3:6b:7c:bf:23:54:4c:17:e9:b6:b3:9a:51:3e:
87:a5:ca:0d:8f:e2:a4:1d:7f:9e:5a:f5:36:40:ce:
bb:8e:4c:9b:7e:fa:2d:54:f8:dd:45:9e:9b:9a:67:
43:04:6a:56:94:bf:a8:28:37:45:cd:4d:43:25:27:
97:6e:2d:bc:0a:39:2d:51:b5:fd:b3:51:cd:07:43:
7e:66:c7:46:26:f5:7a:05:10:16:6e:9d:c7:00:50:
f9:62:78:2d:83:b7:a0:91:07:67:69:f3:39:e7:7a:
0c:e9:bd:cc:8d:2f:f4:02:3b:4e:7a:a0:17:1c:14:
76:ca:d5:b3:66:03:ce:21:88:b5:e3:5a:90:0d:4a:
b5:9b:b0:1a:5d:18:6d:8e:fc:09:b9:ae:cc:b4:b3:
c6:05:53:24:94:ba:97:a3:cb:d8:ed:40:b0:c7:ba:
f1:e8:de:98:0b:6b:22:99:20:c3:8d:76:91:12:73:
22:cd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
88:3B:85:DE:5A:C5:D9:96:95:35:5D:59:20:A4:96:90:10:AA:80:DB
X509v3 Authority Key Identifier:
keyid:DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/2a407bd1-1674-49d7-8265-4aa9aa99f947.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:3fc5:9000::/36
Signature Algorithm: sha256WithRSAEncryption
38:4e:63:17:10:ba:8d:08:e1:97:0d:20:69:06:6c:21:0d:49:
02:39:37:bc:5f:ed:d2:9e:06:a9:33:ec:3e:13:7c:20:da:1e:
27:db:27:16:8a:9a:d4:70:71:50:21:58:e8:da:11:32:24:31:
e2:ee:0b:9e:74:00:67:fb:a3:78:c3:32:a3:f5:0d:61:89:40:
e1:c8:21:2e:e4:8c:66:3f:db:20:59:f0:3c:48:59:f8:aa:7b:
de:c7:73:09:cc:ca:62:aa:e4:67:ce:8a:2b:d3:2b:36:7a:60:
26:80:a9:58:05:4b:06:a4:e9:e6:b5:02:47:3f:98:83:8d:0b:
70:d4:44:ae:62:d3:f8:db:bd:0a:10:6e:8d:74:26:f8:0c:00:
34:6a:7b:78:c7:29:4f:90:0f:af:7e:72:16:a1:4d:66:07:13:
c1:a5:1a:1a:71:34:fc:8c:e0:9f:51:7e:5e:c3:71:34:b7:5b:
ad:c8:d6:1a:4c:9b:7a:fd:a3:40:0b:8e:60:a6:95:7b:77:7d:
ae:6d:e9:69:c9:9f:31:60:1c:e4:86:57:b5:fb:73:64:59:79:
1f:9a:77:32:ac:c0:cb:1f:1f:e6:9c:8f:45:12:c9:8a:22:d7:
62:2f:ad:14:ed:1f:c2:2d:30:74:5d:5e:ef:bb:13:89:bb:0f:
35:ef:80:32
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUSSeqPbHSJJOXpA8CnlV+BLzlZDQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGY3NTliNWFmM2RhNmM5ZGYwMzNiMGRlOTk4OTcwYTRl
Nzk2NTVkMDAeFw0yNjA1MTEwMTMwMDlaFw0yNjA4MDkyMzU5NTlaMHoxSTBHBgNV
BAUTQGY3ZjY1MWQxMDY5NDIzM2FlN2MxYTU2OTI2N2I3NWM4ZGQwMTBhMWQ0NGQ2
YTI5NDY4Y2YwODdhNDQ3ZDE4ODYxLTArBgNVBAMTJDk4ZDY3ZGViLWJiNzUtNGU3
Ny1iMWEwLTM2MDE2YjJkNjM1MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJpBgXKafEoUWvFOFwkSG/D0E814UXNs/DlZfaOhwj/HiAqhS3FAup4mLP70
rqs4FFV8U/EW77ONFMf6GFtuN4mc0nEvoArSMu0Kk6NrfL8jVEwX6bazmlE+h6XK
DY/ipB1/nlr1NkDOu45Mm376LVT43UWem5pnQwRqVpS/qCg3Rc1NQyUnl24tvAo5
LVG1/bNRzQdDfmbHRib1egUQFm6dxwBQ+WJ4LYO3oJEHZ2nzOed6DOm9zI0v9AI7
TnqgFxwUdsrVs2YDziGIteNakA1KtZuwGl0YbY78CbmuzLSzxgVTJJS6l6PL2O1A
sMe68ejemAtrIpkgw412kRJzIs0CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBSIO4Xe
WsXZlpU1XVkgpJaQEKqA2zAfBgNVHSMEGDAWgBTfdZta89psnfAzsN6ZiXCk55ZV
0DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzMzV2JXdlBh
Ykozd003RGVtWWx3cE9lV1ZkQS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9mZTM3MzdmYi0wOTVkLTQ0NGMtOTJmNC0zZjcyMjFmYjU0NGMv
MmE0MDdiZDEtMTY3NC00OWQ3LTgyNjUtNGFhOWFhOTlmOTQ3LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZmUzNzM3ZmItMDk1ZC00NDRjLTkyZjQtM2Y3MjIxZmI1
NDRjLzBYRTV0WlZ5dUdlYUFfaDctMXFCcDdhWTRTby5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGBCABP8WQ
MA0GCSqGSIb3DQEBCwUAA4IBAQA4TmMXELqNCOGXDSBpBmwhDUkCOTe8X+3Sngap
M+w+E3wg2h4n2ycWiprUcHFQIVjo2hEyJDHi7guedABn+6N4wzKj9Q1hiUDhyCEu
5IxmP9sgWfA8SFn4qnvex3MJzMpiquRnzoor0ys2emAmgKlYBUsGpOnmtQJHP5iD
jQtw1ESuYtP4270KEG6NdCb4DAA0ant4xylPkA+vfnIWoU1mBxPBpRoacTT8jOCf
UX5ew3E0t1utyNYaTJt6/aNAC45gppV7d32ubelpyZ8xYBzkhle1+3NkWXkfmncy
rMDLHx/mnI9FEsmKItdiL60U7R/CLTB0XV7vuxOJuw8174Ay
-----END CERTIFICATE-----
Generated at Tue May 12 22:44:56 2026 by rpki-client