Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/3adb09a8-6887-4e26-acd9-71256c2c7434.roa
File: 3adb09a8-6887-4e26-acd9-71256c2c7434.roa (raw, json)
Hash identifier: bGFZ5HlXcjsF4iCfHmPtc7W/LaSKeCu4kd9LsAzQI6U=
Subject key identifier: EA:37:B0:F5:3C:3C:48:16:F7:95:D0:7D:CB:28:48:37:AE:CE:4F:40
Certificate issuer: /CN=df759b5af3da6c9df033b0de998970a4e79655d0
Certificate serial: 7B5C6A8B0C8A406856935A4BEC2284789F3AF173
Authority key identifier: DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/3adb09a8-6887-4e26-acd9-71256c2c7434.roa
Signing time: Thu 07 May 2026 13:47:12 +0000
ROA not before: Thu 07 May 2026 13:47:12 +0000
ROA not after: Wed 05 Aug 2026 23:59:59 +0000
asID: 16509
IP address blocks: 2001:3fc5:2000::/36 maxlen: 36
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.mft
rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 13 May 2026 14:18:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
7b:5c:6a:8b:0c:8a:40:68:56:93:5a:4b:ec:22:84:78:9f:3a:f1:73
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=df759b5af3da6c9df033b0de998970a4e79655d0
Validity
Not Before: May 7 13:47:12 2026 GMT
Not After : Aug 5 23:59:59 2026 GMT
Subject: serialNumber=61e414088209253754bcc039e14aa0087f40d18c70c2600d2564d8c9557bc0d0, CN=98d67deb-bb75-4e77-b1a0-36016b2d6350
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b2:2f:df:3b:69:b5:ed:87:ba:9d:c5:a1:e0:e5:
ff:df:3a:9a:65:66:9b:84:86:60:11:ca:9e:10:1b:
29:ca:09:d1:d8:72:90:16:8e:6e:a5:58:91:c0:14:
bd:0a:7a:80:07:6b:f4:6c:87:ee:87:0a:b2:7f:e7:
c2:bb:da:b7:36:22:6f:dd:e4:0e:4e:ed:61:18:c7:
98:4e:ea:72:9e:b4:35:12:70:56:90:ac:db:dd:f3:
4a:98:a9:77:ec:36:fc:3c:70:27:97:9c:24:8d:d8:
ef:67:ee:80:67:67:6f:40:a0:53:1b:1b:78:c6:2d:
5f:b5:a2:95:aa:b9:9f:10:35:8a:91:68:cf:af:3a:
69:e8:91:37:7b:f5:ec:ff:df:f5:1f:a7:4f:2f:91:
19:94:99:0a:60:42:97:0a:b2:11:b7:9e:9c:98:bd:
d3:82:47:7b:9a:bc:85:3a:1c:a6:5e:03:51:f3:d6:
eb:87:20:2f:39:39:1f:db:2c:d3:7b:9a:b2:43:93:
56:72:fd:7b:7b:80:b6:b9:31:e3:f4:a5:32:60:1a:
0f:d0:30:2c:68:ca:c2:0c:47:e5:16:b5:c3:f1:dd:
5b:bb:d4:02:08:99:1d:36:ce:d5:80:0c:fc:2b:7d:
91:53:82:17:5a:70:0d:24:5c:32:32:8d:79:21:d5:
bd:39
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
EA:37:B0:F5:3C:3C:48:16:F7:95:D0:7D:CB:28:48:37:AE:CE:4F:40
X509v3 Authority Key Identifier:
keyid:DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/3adb09a8-6887-4e26-acd9-71256c2c7434.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:3fc5:2000::/36
Signature Algorithm: sha256WithRSAEncryption
12:1c:be:62:b7:2e:96:63:b7:7f:f2:a0:c6:23:91:e8:bb:9a:
cc:36:30:4a:1c:9a:42:0d:ff:4e:db:c6:e0:20:ea:be:03:d7:
f5:50:1f:a9:32:73:50:23:69:aa:b4:d3:db:83:1c:2d:19:5d:
d8:94:97:7f:b0:9d:3b:d0:36:15:56:5c:59:2b:b9:a1:53:38:
87:25:07:b4:54:ca:ee:31:07:73:68:e6:84:15:16:aa:ed:16:
42:b5:87:aa:b4:29:9e:54:ac:5c:e4:9d:bf:6c:0a:11:39:be:
5b:9e:5f:0f:a5:30:9b:f2:11:31:f9:89:73:2c:82:3b:79:f9:
78:bf:74:04:5f:c5:62:e0:10:ff:2b:46:51:2f:6b:07:46:86:
78:7b:04:9b:5c:b7:cc:6b:e1:ac:98:f7:ec:28:84:27:8e:3f:
7a:1b:d4:0a:2e:4a:2d:eb:13:ee:5f:fc:e5:75:2d:3c:04:d7:
db:27:34:df:14:92:51:7a:2a:09:9b:54:b3:c2:24:44:d2:51:
82:e8:77:17:c4:e2:f8:8c:13:f4:ca:62:16:85:de:93:4e:a9:
d5:6a:e0:3a:e1:d7:9a:e0:91:82:0e:85:e9:41:f8:03:57:d7:
6f:b7:06:7c:9a:6a:ff:7c:7b:40:71:d3:2e:fe:1b:c5:7a:ca:
14:2c:a1:46
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUe1xqiwyKQGhWk1pL7CKEeJ868XMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGY3NTliNWFmM2RhNmM5ZGYwMzNiMGRlOTk4OTcwYTRl
Nzk2NTVkMDAeFw0yNjA1MDcxMzQ3MTJaFw0yNjA4MDUyMzU5NTlaMHoxSTBHBgNV
BAUTQDYxZTQxNDA4ODIwOTI1Mzc1NGJjYzAzOWUxNGFhMDA4N2Y0MGQxOGM3MGMy
NjAwZDI1NjRkOGM5NTU3YmMwZDAxLTArBgNVBAMTJDk4ZDY3ZGViLWJiNzUtNGU3
Ny1iMWEwLTM2MDE2YjJkNjM1MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALIv3ztpte2Hup3FoeDl/986mmVmm4SGYBHKnhAbKcoJ0dhykBaObqVYkcAU
vQp6gAdr9GyH7ocKsn/nwrvatzYib93kDk7tYRjHmE7qcp60NRJwVpCs293zSpip
d+w2/DxwJ5ecJI3Y72fugGdnb0CgUxsbeMYtX7Wilaq5nxA1ipFoz686aeiRN3v1
7P/f9R+nTy+RGZSZCmBClwqyEbeenJi904JHe5q8hTocpl4DUfPW64cgLzk5H9ss
03uaskOTVnL9e3uAtrkx4/SlMmAaD9AwLGjKwgxH5Ra1w/HdW7vUAgiZHTbO1YAM
/Ct9kVOCF1pwDSRcMjKNeSHVvTkCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBTqN7D1
PDxIFveV0H3LKEg3rs5PQDAfBgNVHSMEGDAWgBTfdZta89psnfAzsN6ZiXCk55ZV
0DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzMzV2JXdlBh
Ykozd003RGVtWWx3cE9lV1ZkQS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9mZTM3MzdmYi0wOTVkLTQ0NGMtOTJmNC0zZjcyMjFmYjU0NGMv
M2FkYjA5YTgtNjg4Ny00ZTI2LWFjZDktNzEyNTZjMmM3NDM0LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZmUzNzM3ZmItMDk1ZC00NDRjLTkyZjQtM2Y3MjIxZmI1
NDRjLzBYRTV0WlZ5dUdlYUFfaDctMXFCcDdhWTRTby5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGBCABP8Ug
MA0GCSqGSIb3DQEBCwUAA4IBAQASHL5ity6WY7d/8qDGI5Hou5rMNjBKHJpCDf9O
28bgIOq+A9f1UB+pMnNQI2mqtNPbgxwtGV3YlJd/sJ070DYVVlxZK7mhUziHJQe0
VMruMQdzaOaEFRaq7RZCtYeqtCmeVKxc5J2/bAoROb5bnl8PpTCb8hEx+YlzLII7
efl4v3QEX8Vi4BD/K0ZRL2sHRoZ4ewSbXLfMa+GsmPfsKIQnjj96G9QKLkot6xPu
X/zldS08BNfbJzTfFJJReioJm1SzwiRE0lGC6HcXxOL4jBP0ymIWhd6TTqnVauA6
4dea4JGCDoXpQfgDV9dvtwZ8mmr/fHtAcdMu/hvFesoULKFG
-----END CERTIFICATE-----
Generated at Tue May 12 21:53:48 2026 by rpki-client