Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/346959dd-64e1-47f4-a247-4a19fe4282cf.roa
File: 346959dd-64e1-47f4-a247-4a19fe4282cf.roa (raw, json)
Hash identifier: mHRxA51fV0ceOL18xJN3IBS3MmXoKYGI8gyTPAfGx6c=
Subject key identifier: D5:E9:E6:70:07:05:18:08:0A:8A:96:9E:8A:22:A7:A7:AE:C6:97:5B
Certificate issuer: /CN=df759b5af3da6c9df033b0de998970a4e79655d0
Certificate serial: 4F1061866C60A09BD93E7B09798DDECFB48CCE2D
Authority key identifier: DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/346959dd-64e1-47f4-a247-4a19fe4282cf.roa
Signing time: Mon 11 May 2026 01:40:54 +0000
ROA not before: Mon 11 May 2026 01:40:54 +0000
ROA not after: Sun 09 Aug 2026 23:59:59 +0000
asID: 16509
IP address blocks: 2001:3fc1::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.mft
rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 13 May 2026 14:18:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
4f:10:61:86:6c:60:a0:9b:d9:3e:7b:09:79:8d:de:cf:b4:8c:ce:2d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=df759b5af3da6c9df033b0de998970a4e79655d0
Validity
Not Before: May 11 01:40:54 2026 GMT
Not After : Aug 9 23:59:59 2026 GMT
Subject: serialNumber=dbb25a9faeae2ff4b4baea0088f5400cce7ae70be45ff520d6de5cf85f9319a9, CN=98d67deb-bb75-4e77-b1a0-36016b2d6350
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b9:66:e1:69:3a:07:36:7e:34:95:0f:55:42:3a:
3c:d4:d3:c4:c4:3b:ef:b7:26:dc:02:73:43:7e:54:
66:92:1f:1a:0a:23:a8:b9:dd:35:1a:6e:68:d0:6e:
49:f8:3b:95:ca:ce:f0:80:bb:56:41:90:5a:37:8c:
5f:59:4f:04:1a:6c:32:6b:36:85:63:b4:e9:31:41:
ca:5a:ed:f9:33:e7:1d:37:dc:63:8c:75:1f:12:91:
da:6a:18:f2:14:04:6a:90:ff:ae:fe:9a:ca:fa:66:
0e:ec:d6:fc:76:10:d0:dd:5e:f3:1a:8c:c7:c3:47:
24:ab:0b:ed:eb:f4:95:62:ca:a8:1d:24:5e:10:49:
45:e1:e9:9b:f1:b0:f1:02:1e:5f:d3:f6:52:d1:8f:
8f:6f:53:a9:d2:48:fc:1b:6c:f5:af:d7:2a:56:14:
4e:47:12:d7:af:9c:93:4a:bc:c6:83:ae:6f:f1:cd:
ac:a8:c3:6f:42:c9:fd:c3:08:c6:29:fd:e3:c1:c1:
ff:49:70:d0:c3:c9:17:56:97:73:dc:a4:d2:09:9d:
f6:68:bc:84:60:d2:04:26:fb:7f:aa:82:87:c3:73:
2b:3f:fc:82:ec:d6:dd:6d:ef:4d:32:18:4c:dd:4f:
eb:ca:aa:95:3c:cb:1f:ab:4c:b6:9d:11:1c:4a:b1:
1e:f5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D5:E9:E6:70:07:05:18:08:0A:8A:96:9E:8A:22:A7:A7:AE:C6:97:5B
X509v3 Authority Key Identifier:
keyid:DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/346959dd-64e1-47f4-a247-4a19fe4282cf.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:3fc1::/32
Signature Algorithm: sha256WithRSAEncryption
a7:4c:f2:4e:eb:cf:9a:23:c5:0e:24:2f:20:1e:22:98:5e:f7:
f6:c5:86:ae:64:74:28:a0:66:46:67:c8:a9:67:46:be:7f:56:
aa:3b:e8:d9:6d:38:7c:6d:7a:43:3c:fd:3f:73:14:ce:0d:a6:
40:1a:16:b4:df:72:72:f7:27:5a:be:2a:03:d5:4b:77:ae:f5:
13:aa:73:4b:ff:ad:57:b0:9c:df:a0:b3:49:fa:2f:ef:ac:1b:
d2:2a:05:d5:76:85:9f:b5:0d:95:eb:04:72:1a:c7:d9:df:3d:
40:16:d7:02:c0:51:eb:64:6f:38:fa:07:be:ff:30:43:4e:62:
51:aa:a5:65:e6:6a:44:39:49:2b:12:cc:c5:d5:72:60:ed:de:
3f:01:11:49:7b:dd:94:80:d6:16:51:f8:fc:f9:0d:c1:2b:ec:
84:28:e2:31:73:3a:7f:58:95:89:cc:5c:b2:10:c7:4f:bb:4b:
5a:5b:fa:e7:ae:c9:a9:53:db:3b:92:46:34:5b:01:e3:05:9f:
c4:83:93:07:56:9b:95:7a:70:60:3a:4f:f1:00:70:4f:6e:7a:
1d:6c:f7:c5:27:10:39:2f:c5:fc:99:c2:e5:c2:a7:55:f2:cd:
e0:5b:0c:23:2d:cb:41:14:a3:82:d5:cf:2e:ec:2f:0b:60:11:
be:ec:9a:ee
-----BEGIN CERTIFICATE-----
MIIFXzCCBEegAwIBAgIUTxBhhmxgoJvZPnsJeY3ez7SMzi0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGY3NTliNWFmM2RhNmM5ZGYwMzNiMGRlOTk4OTcwYTRl
Nzk2NTVkMDAeFw0yNjA1MTEwMTQwNTRaFw0yNjA4MDkyMzU5NTlaMHoxSTBHBgNV
BAUTQGRiYjI1YTlmYWVhZTJmZjRiNGJhZWEwMDg4ZjU0MDBjY2U3YWU3MGJlNDVm
ZjUyMGQ2ZGU1Y2Y4NWY5MzE5YTkxLTArBgNVBAMTJDk4ZDY3ZGViLWJiNzUtNGU3
Ny1iMWEwLTM2MDE2YjJkNjM1MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALlm4Wk6BzZ+NJUPVUI6PNTTxMQ777cm3AJzQ35UZpIfGgojqLndNRpuaNBu
Sfg7lcrO8IC7VkGQWjeMX1lPBBpsMms2hWO06TFBylrt+TPnHTfcY4x1HxKR2moY
8hQEapD/rv6ayvpmDuzW/HYQ0N1e8xqMx8NHJKsL7ev0lWLKqB0kXhBJReHpm/Gw
8QIeX9P2UtGPj29TqdJI/Bts9a/XKlYUTkcS16+ck0q8xoOub/HNrKjDb0LJ/cMI
xin948HB/0lw0MPJF1aXc9yk0gmd9mi8hGDSBCb7f6qCh8NzKz/8guzW3W3vTTIY
TN1P68qqlTzLH6tMtp0RHEqxHvUCAwEAAaOCAiIwggIeMB0GA1UdDgQWBBTV6eZw
BwUYCAqKlp6KIqenrsaXWzAfBgNVHSMEGDAWgBTfdZta89psnfAzsN6ZiXCk55ZV
0DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzMzV2JXdlBh
Ykozd003RGVtWWx3cE9lV1ZkQS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9mZTM3MzdmYi0wOTVkLTQ0NGMtOTJmNC0zZjcyMjFmYjU0NGMv
MzQ2OTU5ZGQtNjRlMS00N2Y0LWEyNDctNGExOWZlNDI4MmNmLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZmUzNzM3ZmItMDk1ZC00NDRjLTkyZjQtM2Y3MjIxZmI1
NDRjLzBYRTV0WlZ5dUdlYUFfaDctMXFCcDdhWTRTby5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACABP8Ew
DQYJKoZIhvcNAQELBQADggEBAKdM8k7rz5ojxQ4kLyAeIphe9/bFhq5kdCigZkZn
yKlnRr5/Vqo76NltOHxtekM8/T9zFM4NpkAaFrTfcnL3J1q+KgPVS3eu9ROqc0v/
rVewnN+gs0n6L++sG9IqBdV2hZ+1DZXrBHIax9nfPUAW1wLAUetkbzj6B77/MENO
YlGqpWXmakQ5SSsSzMXVcmDt3j8BEUl73ZSA1hZR+Pz5DcEr7IQo4jFzOn9YlYnM
XLIQx0+7S1pb+ueuyalT2zuSRjRbAeMFn8SDkwdWm5V6cGA6T/EAcE9ueh1s98Un
EDkvxfyZwuXCp1XyzeBbDCMty0EUo4LVzy7sLwtgEb7smu4=
-----END CERTIFICATE-----
Generated at Tue May 12 22:19:03 2026 by rpki-client