Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/3a33d844-426b-41b8-aa8c-f4ab26a66ff2.roa
File: 3a33d844-426b-41b8-aa8c-f4ab26a66ff2.roa (raw, json)
Hash identifier: PkRLQOJOifQjPzHTYFK3wKEomwsrVaCK+a8lPSaKGLA=
Subject key identifier: 57:FD:94:E8:CF:9E:50:F9:8F:3D:B1:5A:EE:CC:E0:63:A1:24:03:5F
Certificate issuer: /CN=df759b5af3da6c9df033b0de998970a4e79655d0
Certificate serial: 52A495117D8747EB23CACF9915917521EADF0195
Authority key identifier: DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/3a33d844-426b-41b8-aa8c-f4ab26a66ff2.roa
Signing time: Mon 11 May 2026 01:40:06 +0000
ROA not before: Mon 11 May 2026 01:40:06 +0000
ROA not after: Sun 09 Aug 2026 23:59:59 +0000
asID: 16509
IP address blocks: 2001:3fc5:8000::/36 maxlen: 36
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.mft
rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 13 May 2026 14:18:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
52:a4:95:11:7d:87:47:eb:23:ca:cf:99:15:91:75:21:ea:df:01:95
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=df759b5af3da6c9df033b0de998970a4e79655d0
Validity
Not Before: May 11 01:40:06 2026 GMT
Not After : Aug 9 23:59:59 2026 GMT
Subject: serialNumber=727b2f4cfc4b19743d94bc234ecdb8d28f6d038be5ca54efc55459693ee93d40, CN=98d67deb-bb75-4e77-b1a0-36016b2d6350
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a9:9f:d7:95:24:8e:c2:f3:56:af:22:21:fd:1c:
05:16:17:38:7f:25:0e:43:58:d8:dc:2b:80:4e:18:
29:c6:07:bb:c6:24:b9:49:85:97:67:3b:d2:40:59:
bc:e8:73:82:4f:cf:81:17:bc:37:95:b4:9a:4d:ae:
a1:d5:68:ce:dd:af:3e:57:42:2c:d9:41:3c:77:d2:
f7:50:6e:0f:6c:d9:da:08:07:3b:ee:9a:04:e2:fd:
3a:3a:5c:4d:66:a6:34:4d:e1:b6:c8:80:7c:4d:6e:
fe:6a:80:90:91:05:93:2c:e9:77:07:08:c0:fc:75:
61:a5:23:3a:f2:55:0e:91:49:0d:0b:50:56:1b:b0:
8b:d8:e9:63:64:be:ec:3d:aa:6d:a6:24:25:8b:ab:
35:23:69:4c:50:2a:85:50:dc:e5:8e:f1:fe:f5:5b:
86:a0:6d:ff:99:18:13:a2:ff:f5:ac:4d:0b:52:58:
74:39:f7:e8:8c:08:a4:49:b9:ee:82:37:4a:57:be:
1f:a5:81:84:c1:7f:a2:53:51:eb:6a:6f:75:05:7a:
a9:99:48:82:cf:86:42:d1:d4:23:a1:a4:d0:82:7a:
14:28:13:7f:8f:e4:22:e7:e3:e1:46:c9:ac:64:57:
da:ef:83:76:2b:14:27:5d:ed:c9:ef:36:06:93:57:
b8:93
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
57:FD:94:E8:CF:9E:50:F9:8F:3D:B1:5A:EE:CC:E0:63:A1:24:03:5F
X509v3 Authority Key Identifier:
keyid:DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/3a33d844-426b-41b8-aa8c-f4ab26a66ff2.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:3fc5:8000::/36
Signature Algorithm: sha256WithRSAEncryption
b6:78:00:9c:66:2f:e2:ce:b0:f4:aa:21:ae:c8:83:a7:f9:50:
d9:a1:10:41:67:79:5c:42:71:be:95:c7:52:ac:86:5b:94:65:
90:e9:7f:5e:e3:86:1d:32:04:18:cb:9f:cb:64:3f:98:e5:58:
1e:03:3f:70:51:8b:f7:a4:e3:05:db:61:cc:1e:fb:d9:5e:b7:
81:db:f9:d2:95:fa:4c:d2:f0:c6:59:5e:3c:53:2c:15:b8:04:
56:e6:bd:c6:79:99:e0:bc:24:1f:a6:8f:e5:84:0c:db:07:e5:
c7:5d:4d:92:9e:ff:ab:81:42:74:26:88:1f:1a:fb:01:f8:32:
b2:18:66:1b:22:35:d2:aa:3d:41:d1:97:2f:98:1c:f4:d0:40:
78:5b:bb:87:8b:e8:f7:79:d1:ab:61:93:fe:28:e3:ae:b8:ad:
c4:39:0f:d7:7c:5e:39:28:fb:81:2a:50:62:16:ca:38:65:0f:
aa:7a:5d:e4:a2:1b:b8:1b:b9:6a:01:e3:07:83:ee:31:df:c8:
38:89:5b:fa:06:5e:36:47:7c:ff:43:d9:3d:ad:d7:a0:b6:01:
2b:c3:48:77:a4:71:a6:f6:f9:b5:93:ab:95:cf:94:22:83:df:
71:04:ae:da:56:c7:15:17:a2:f1:35:c4:7c:4f:ba:64:0f:f1:
1d:0b:aa:c0
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUUqSVEX2HR+sjys+ZFZF1IerfAZUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGY3NTliNWFmM2RhNmM5ZGYwMzNiMGRlOTk4OTcwYTRl
Nzk2NTVkMDAeFw0yNjA1MTEwMTQwMDZaFw0yNjA4MDkyMzU5NTlaMHoxSTBHBgNV
BAUTQDcyN2IyZjRjZmM0YjE5NzQzZDk0YmMyMzRlY2RiOGQyOGY2ZDAzOGJlNWNh
NTRlZmM1NTQ1OTY5M2VlOTNkNDAxLTArBgNVBAMTJDk4ZDY3ZGViLWJiNzUtNGU3
Ny1iMWEwLTM2MDE2YjJkNjM1MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKmf15UkjsLzVq8iIf0cBRYXOH8lDkNY2NwrgE4YKcYHu8YkuUmFl2c70kBZ
vOhzgk/PgRe8N5W0mk2uodVozt2vPldCLNlBPHfS91BuD2zZ2ggHO+6aBOL9Ojpc
TWamNE3htsiAfE1u/mqAkJEFkyzpdwcIwPx1YaUjOvJVDpFJDQtQVhuwi9jpY2S+
7D2qbaYkJYurNSNpTFAqhVDc5Y7x/vVbhqBt/5kYE6L/9axNC1JYdDn36IwIpEm5
7oI3Sle+H6WBhMF/olNR62pvdQV6qZlIgs+GQtHUI6Gk0IJ6FCgTf4/kIufj4UbJ
rGRX2u+DdisUJ13tye82BpNXuJMCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBRX/ZTo
z55Q+Y89sVruzOBjoSQDXzAfBgNVHSMEGDAWgBTfdZta89psnfAzsN6ZiXCk55ZV
0DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzMzV2JXdlBh
Ykozd003RGVtWWx3cE9lV1ZkQS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9mZTM3MzdmYi0wOTVkLTQ0NGMtOTJmNC0zZjcyMjFmYjU0NGMv
M2EzM2Q4NDQtNDI2Yi00MWI4LWFhOGMtZjRhYjI2YTY2ZmYyLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZmUzNzM3ZmItMDk1ZC00NDRjLTkyZjQtM2Y3MjIxZmI1
NDRjLzBYRTV0WlZ5dUdlYUFfaDctMXFCcDdhWTRTby5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGBCABP8WA
MA0GCSqGSIb3DQEBCwUAA4IBAQC2eACcZi/izrD0qiGuyIOn+VDZoRBBZ3lcQnG+
lcdSrIZblGWQ6X9e44YdMgQYy5/LZD+Y5VgeAz9wUYv3pOMF22HMHvvZXreB2/nS
lfpM0vDGWV48UywVuARW5r3GeZngvCQfpo/lhAzbB+XHXU2Snv+rgUJ0JogfGvsB
+DKyGGYbIjXSqj1B0ZcvmBz00EB4W7uHi+j3edGrYZP+KOOuuK3EOQ/XfF45KPuB
KlBiFso4ZQ+qel3kohu4G7lqAeMHg+4x38g4iVv6Bl42R3z/Q9k9rdegtgErw0h3
pHGm9vm1k6uVz5Qig99xBK7aVscVF6LxNcR8T7pkD/EdC6rA
-----END CERTIFICATE-----
Generated at Tue May 12 23:06:22 2026 by rpki-client