Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/3fe8d737-6af0-4f49-813a-04581455d703.roa
File: 3fe8d737-6af0-4f49-813a-04581455d703.roa (raw, json)
Hash identifier: YEtvuZQiwhCh2f+9Mu3dfgdoUvBag1hKKoSCAx/Kpqo=
Subject key identifier: 72:87:C6:F3:8D:4D:EA:BE:7B:C4:33:31:6E:46:52:0F:64:4E:1C:B5
Certificate issuer: /CN=df759b5af3da6c9df033b0de998970a4e79655d0
Certificate serial: 39D2D5BCF2008ABBBEE633FA86F44DCFE5B66D43
Authority key identifier: DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/3fe8d737-6af0-4f49-813a-04581455d703.roa
Signing time: Mon 11 May 2026 01:30:13 +0000
ROA not before: Mon 11 May 2026 01:30:13 +0000
ROA not after: Sun 09 Aug 2026 23:59:59 +0000
asID: 16509
IP address blocks: 2001:3fc5:8800::/40 maxlen: 40
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.mft
rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 13 May 2026 14:18:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
39:d2:d5:bc:f2:00:8a:bb:be:e6:33:fa:86:f4:4d:cf:e5:b6:6d:43
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=df759b5af3da6c9df033b0de998970a4e79655d0
Validity
Not Before: May 11 01:30:13 2026 GMT
Not After : Aug 9 23:59:59 2026 GMT
Subject: serialNumber=26bce7935c6f00de00fb13e5ade35936dd1a197d1cf988f53eb74784d728ee56, CN=98d67deb-bb75-4e77-b1a0-36016b2d6350
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f1:b2:8b:19:97:74:98:30:c2:1a:a0:51:88:2a:
e9:8f:a3:50:47:24:c0:50:c8:0d:e6:92:3b:c6:bf:
02:b1:56:d7:dc:5d:ec:c2:9a:45:c5:0e:2c:0c:5e:
2a:0a:97:66:32:f6:99:a4:04:45:83:d1:da:58:ab:
0d:a5:55:9b:90:bf:60:61:f1:1a:18:69:8c:03:3e:
54:fc:4c:db:52:32:eb:f6:ba:0b:97:8e:8d:9e:72:
45:bd:39:06:58:83:d3:9c:cb:ba:5e:9e:d5:f6:7e:
9d:ed:70:38:f9:88:41:64:57:f4:16:fa:c5:fc:4a:
0a:f7:1d:42:6a:a9:74:7e:35:07:24:4e:02:71:a9:
f5:f4:d3:cf:89:5d:4e:7e:67:58:1b:49:52:66:5f:
b3:b3:5b:0a:3d:e2:47:8e:22:69:bf:d2:b8:26:8d:
12:13:e7:1b:65:ab:cb:e5:05:e8:cd:10:e5:1d:f6:
60:93:d0:7b:da:a8:cb:1c:29:fc:f3:97:dd:4e:f1:
e2:e7:03:c7:4a:be:97:74:3d:87:53:7c:8b:28:ba:
e8:d1:c9:0e:c1:fe:ef:e6:65:ad:8f:17:57:84:d1:
4f:e7:6c:9d:b1:c3:4f:1b:f9:88:56:81:f9:1a:47:
ea:00:4e:58:98:d7:e9:83:fb:04:13:53:db:01:1b:
e9:41
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
72:87:C6:F3:8D:4D:EA:BE:7B:C4:33:31:6E:46:52:0F:64:4E:1C:B5
X509v3 Authority Key Identifier:
keyid:DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/3fe8d737-6af0-4f49-813a-04581455d703.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:3fc5:8800::/40
Signature Algorithm: sha256WithRSAEncryption
c9:84:91:89:be:0c:99:1b:b3:9d:46:59:48:b0:a6:c6:03:9e:
ff:f1:71:5d:7b:b5:2e:f4:4e:ba:49:8f:41:4e:d4:0c:58:60:
09:13:88:19:77:a7:7f:7d:a6:68:f1:26:b8:6b:a1:66:56:ba:
0d:5e:40:42:c3:b4:8a:ba:3c:11:ae:ce:8b:a5:2e:50:a6:21:
86:8a:af:92:f3:f0:c3:19:01:e3:02:01:0d:44:38:0a:fc:a7:
a0:8f:2d:a2:13:cc:8b:d9:e0:9e:aa:fc:83:5d:9d:eb:9c:8b:
71:de:82:ce:94:4c:83:0c:dd:ba:ac:15:95:67:b0:2c:28:cc:
05:f3:db:ee:52:ce:1b:87:9c:36:e4:44:af:0c:a5:33:06:4a:
ef:fc:d3:24:f3:b9:b6:f2:33:e1:d3:d9:b0:ba:65:86:a0:dc:
91:35:99:c8:36:96:7d:24:11:bb:53:41:23:3b:b9:e8:8b:6d:
8d:bc:ca:07:d7:4b:03:a6:db:63:fa:3b:11:ab:4e:f2:07:a7:
4f:d0:f5:41:a4:d5:75:d4:a7:de:55:8f:dc:d5:23:23:59:9c:
ec:15:e3:c1:8c:5d:eb:4c:46:89:6e:c9:28:0b:4a:61:9d:c9:
e1:10:a2:1c:8c:07:17:3f:67:15:73:f8:ab:71:b7:80:c1:b5:
91:d6:4f:00
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUOdLVvPIAiru+5jP6hvRNz+W2bUMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGY3NTliNWFmM2RhNmM5ZGYwMzNiMGRlOTk4OTcwYTRl
Nzk2NTVkMDAeFw0yNjA1MTEwMTMwMTNaFw0yNjA4MDkyMzU5NTlaMHoxSTBHBgNV
BAUTQDI2YmNlNzkzNWM2ZjAwZGUwMGZiMTNlNWFkZTM1OTM2ZGQxYTE5N2QxY2Y5
ODhmNTNlYjc0Nzg0ZDcyOGVlNTYxLTArBgNVBAMTJDk4ZDY3ZGViLWJiNzUtNGU3
Ny1iMWEwLTM2MDE2YjJkNjM1MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAPGyixmXdJgwwhqgUYgq6Y+jUEckwFDIDeaSO8a/ArFW19xd7MKaRcUOLAxe
KgqXZjL2maQERYPR2lirDaVVm5C/YGHxGhhpjAM+VPxM21Iy6/a6C5eOjZ5yRb05
BliD05zLul6e1fZ+ne1wOPmIQWRX9Bb6xfxKCvcdQmqpdH41ByROAnGp9fTTz4ld
Tn5nWBtJUmZfs7NbCj3iR44iab/SuCaNEhPnG2Wry+UF6M0Q5R32YJPQe9qoyxwp
/POX3U7x4ucDx0q+l3Q9h1N8iyi66NHJDsH+7+ZlrY8XV4TRT+dsnbHDTxv5iFaB
+RpH6gBOWJjX6YP7BBNT2wEb6UECAwEAAaOCAiMwggIfMB0GA1UdDgQWBBRyh8bz
jU3qvnvEMzFuRlIPZE4ctTAfBgNVHSMEGDAWgBTfdZta89psnfAzsN6ZiXCk55ZV
0DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzMzV2JXdlBh
Ykozd003RGVtWWx3cE9lV1ZkQS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9mZTM3MzdmYi0wOTVkLTQ0NGMtOTJmNC0zZjcyMjFmYjU0NGMv
M2ZlOGQ3MzctNmFmMC00ZjQ5LTgxM2EtMDQ1ODE0NTVkNzAzLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZmUzNzM3ZmItMDk1ZC00NDRjLTkyZjQtM2Y3MjIxZmI1
NDRjLzBYRTV0WlZ5dUdlYUFfaDctMXFCcDdhWTRTby5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACABP8WI
MA0GCSqGSIb3DQEBCwUAA4IBAQDJhJGJvgyZG7OdRllIsKbGA57/8XFde7Uu9E66
SY9BTtQMWGAJE4gZd6d/faZo8Sa4a6FmVroNXkBCw7SKujwRrs6LpS5QpiGGiq+S
8/DDGQHjAgENRDgK/Kegjy2iE8yL2eCeqvyDXZ3rnItx3oLOlEyDDN26rBWVZ7As
KMwF89vuUs4bh5w25ESvDKUzBkrv/NMk87m28jPh09mwumWGoNyRNZnINpZ9JBG7
U0EjO7noi22NvMoH10sDpttj+jsRq07yB6dP0PVBpNV11KfeVY/c1SMjWZzsFePB
jF3rTEaJbskoC0phncnhEKIcjAcXP2cVc/ircbeAwbWR1k8A
-----END CERTIFICATE-----
Generated at Tue May 12 22:12:13 2026 by rpki-client