Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/4251c6ee-a4b0-4746-967f-94d2557ebf12.roa
File: 4251c6ee-a4b0-4746-967f-94d2557ebf12.roa (raw, json)
Hash identifier: s+QWEPxm/A7gG8tpFKTOn1YL07ROzwVRL0+gYNV294s=
Subject key identifier: 42:9F:5A:E8:01:07:7A:77:9C:23:A7:74:60:36:FC:83:44:11:79:06
Certificate issuer: /CN=df759b5af3da6c9df033b0de998970a4e79655d0
Certificate serial: 06823E010523708AC563860413AF92028CF05A54
Authority key identifier: DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/4251c6ee-a4b0-4746-967f-94d2557ebf12.roa
Signing time: Mon 11 May 2026 01:30:10 +0000
ROA not before: Mon 11 May 2026 01:30:10 +0000
ROA not after: Sun 09 Aug 2026 23:59:59 +0000
asID: 16509
IP address blocks: 2001:3fc0:880::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.mft
rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 13 May 2026 14:18:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
06:82:3e:01:05:23:70:8a:c5:63:86:04:13:af:92:02:8c:f0:5a:54
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=df759b5af3da6c9df033b0de998970a4e79655d0
Validity
Not Before: May 11 01:30:10 2026 GMT
Not After : Aug 9 23:59:59 2026 GMT
Subject: serialNumber=4b7c243480545ca33b416397efdf4a54bde592e8c5f087b305cfe30fb5425a73, CN=98d67deb-bb75-4e77-b1a0-36016b2d6350
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bd:4b:6b:b5:05:ce:1e:58:7e:7a:7b:44:89:a6:
0e:c8:de:70:08:96:7c:5a:aa:28:bc:66:b6:14:73:
c9:1f:4c:0f:13:e1:4a:8f:b5:c4:13:60:d5:3b:73:
dc:80:84:fb:12:d4:75:54:11:07:d4:ad:75:6f:4c:
02:62:56:a4:77:6c:a8:2b:ee:93:2f:bf:b3:91:95:
00:56:8d:96:e2:d1:69:84:4e:95:be:4e:3c:1c:df:
66:09:4f:bd:ad:c1:bf:b4:3c:65:57:1d:f4:89:08:
ec:db:a0:7d:12:6b:ea:c1:57:cd:9f:17:53:d4:da:
96:e9:ae:e7:a0:2f:6b:47:df:6e:0c:98:97:e6:2c:
39:7d:e3:1f:32:dd:87:e7:05:90:26:cd:9d:ae:d5:
f9:8f:a8:80:b0:19:a0:70:fb:58:2f:ba:5f:2e:a8:
6d:34:01:64:e0:37:e4:a0:ee:16:0f:e0:fb:12:9f:
36:49:9c:b0:29:7d:38:86:c4:bd:6f:4c:25:45:cd:
65:6c:e4:dc:09:b6:fa:b6:00:d1:12:8b:e1:d0:8e:
9e:11:a7:64:33:c1:09:35:0b:9a:8c:09:2d:cd:ef:
23:a0:f1:d9:67:6d:74:f4:29:e0:d6:6e:35:9b:42:
3a:83:af:80:26:57:25:f7:23:45:a2:d6:1f:15:43:
65:05
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
42:9F:5A:E8:01:07:7A:77:9C:23:A7:74:60:36:FC:83:44:11:79:06
X509v3 Authority Key Identifier:
keyid:DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/4251c6ee-a4b0-4746-967f-94d2557ebf12.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:3fc0:880::/48
Signature Algorithm: sha256WithRSAEncryption
2f:c6:6e:5f:6c:9a:cd:5d:de:38:d4:f9:4a:00:d6:50:7c:c1:
2b:12:1e:dd:dc:95:a8:e9:1e:63:76:09:07:27:46:db:b4:a7:
92:d5:72:a9:6d:60:4e:4e:b8:06:44:75:45:ed:fe:fb:9e:43:
40:0f:d3:44:8a:c2:0e:5a:7e:9a:48:93:40:89:ff:73:5a:5f:
d4:79:8d:a3:44:fc:20:56:82:44:1d:71:35:a5:41:36:13:39:
fc:be:af:78:91:5b:85:b5:95:2b:e3:50:f0:e6:0c:5e:7f:16:
97:5a:ed:03:34:b6:d9:6a:fc:7f:39:fc:06:24:6e:bd:57:48:
0f:0a:6c:ef:4a:bb:fd:33:90:1b:55:55:f6:da:e4:a6:7d:16:
4b:d7:a2:b7:a0:07:48:00:b4:70:f7:5b:79:67:af:1c:2e:5c:
e6:46:51:f4:a0:7d:6b:fe:c2:7e:5b:e7:6b:7b:cf:65:ff:e2:
46:3e:f3:03:d4:b5:58:dd:a4:f7:ab:b3:d8:9e:e0:ec:42:6e:
ca:c0:85:4d:d7:aa:2a:1c:b2:10:f4:35:5e:e6:30:52:28:95:
59:89:d4:d1:23:fc:22:b6:76:ed:bb:81:d3:70:51:07:09:d6:
e7:54:44:08:1b:1b:d0:b3:6a:87:ba:ca:e6:56:8d:4d:45:ed:
da:59:4c:b1
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUBoI+AQUjcIrFY4YEE6+SAozwWlQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGY3NTliNWFmM2RhNmM5ZGYwMzNiMGRlOTk4OTcwYTRl
Nzk2NTVkMDAeFw0yNjA1MTEwMTMwMTBaFw0yNjA4MDkyMzU5NTlaMHoxSTBHBgNV
BAUTQDRiN2MyNDM0ODA1NDVjYTMzYjQxNjM5N2VmZGY0YTU0YmRlNTkyZThjNWYw
ODdiMzA1Y2ZlMzBmYjU0MjVhNzMxLTArBgNVBAMTJDk4ZDY3ZGViLWJiNzUtNGU3
Ny1iMWEwLTM2MDE2YjJkNjM1MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAL1La7UFzh5Yfnp7RImmDsjecAiWfFqqKLxmthRzyR9MDxPhSo+1xBNg1Ttz
3ICE+xLUdVQRB9StdW9MAmJWpHdsqCvuky+/s5GVAFaNluLRaYROlb5OPBzfZglP
va3Bv7Q8ZVcd9IkI7NugfRJr6sFXzZ8XU9Talumu56Ava0ffbgyYl+YsOX3jHzLd
h+cFkCbNna7V+Y+ogLAZoHD7WC+6Xy6obTQBZOA35KDuFg/g+xKfNkmcsCl9OIbE
vW9MJUXNZWzk3Am2+rYA0RKL4dCOnhGnZDPBCTULmowJLc3vI6Dx2WdtdPQp4NZu
NZtCOoOvgCZXJfcjRaLWHxVDZQUCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBRCn1ro
AQd6d5wjp3RgNvyDRBF5BjAfBgNVHSMEGDAWgBTfdZta89psnfAzsN6ZiXCk55ZV
0DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzMzV2JXdlBh
Ykozd003RGVtWWx3cE9lV1ZkQS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9mZTM3MzdmYi0wOTVkLTQ0NGMtOTJmNC0zZjcyMjFmYjU0NGMv
NDI1MWM2ZWUtYTRiMC00NzQ2LTk2N2YtOTRkMjU1N2ViZjEyLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZmUzNzM3ZmItMDk1ZC00NDRjLTkyZjQtM2Y3MjIxZmI1
NDRjLzBYRTV0WlZ5dUdlYUFfaDctMXFCcDdhWTRTby5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACABP8AI
gDANBgkqhkiG9w0BAQsFAAOCAQEAL8ZuX2yazV3eONT5SgDWUHzBKxIe3dyVqOke
Y3YJBydG27SnktVyqW1gTk64BkR1Re3++55DQA/TRIrCDlp+mkiTQIn/c1pf1HmN
o0T8IFaCRB1xNaVBNhM5/L6veJFbhbWVK+NQ8OYMXn8Wl1rtAzS22Wr8fzn8BiRu
vVdIDwps70q7/TOQG1VV9trkpn0WS9eit6AHSAC0cPdbeWevHC5c5kZR9KB9a/7C
flvna3vPZf/iRj7zA9S1WN2k96uz2J7g7EJuysCFTdeqKhyyEPQ1XuYwUiiVWYnU
0SP8IrZ27buB03BRBwnW51RECBsb0LNqh7rK5laNTUXt2llMsQ==
-----END CERTIFICATE-----
Generated at Tue May 12 22:18:50 2026 by rpki-client