Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/4a0ca7a1-00ab-48be-a825-9123b34b7077.roa
File: 4a0ca7a1-00ab-48be-a825-9123b34b7077.roa (raw, json)
Hash identifier: PEDxKVNvLTLSoREYbclh6hITq6qly08SZDnG4o6n2MA=
Subject key identifier: FB:9E:BF:AA:FD:81:79:01:64:20:FC:9D:31:19:03:00:4B:CC:FD:41
Certificate issuer: /CN=df759b5af3da6c9df033b0de998970a4e79655d0
Certificate serial: 2F2542CF110940D3F440A8ED6B6F587430643978
Authority key identifier: DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/4a0ca7a1-00ab-48be-a825-9123b34b7077.roa
Signing time: Mon 11 May 2026 01:40:11 +0000
ROA not before: Mon 11 May 2026 01:40:11 +0000
ROA not after: Sun 09 Aug 2026 23:59:59 +0000
asID: 16509
IP address blocks: 2001:3fc7:f880::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.mft
rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 13 May 2026 14:18:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
2f:25:42:cf:11:09:40:d3:f4:40:a8:ed:6b:6f:58:74:30:64:39:78
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=df759b5af3da6c9df033b0de998970a4e79655d0
Validity
Not Before: May 11 01:40:11 2026 GMT
Not After : Aug 9 23:59:59 2026 GMT
Subject: serialNumber=29e5b0b5fd4892ffe7a42eb3c7a222eaff468787aa9021650d0bbdbe58cc35db, CN=98d67deb-bb75-4e77-b1a0-36016b2d6350
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a7:64:2f:7a:57:96:bc:f2:df:6e:bc:d2:3d:ae:
ac:87:a8:cf:40:9b:97:85:ed:7e:df:16:87:f5:22:
4e:24:ec:a5:3f:5b:b4:c9:d4:65:6a:72:f9:5f:f3:
8f:09:df:54:52:07:fa:f1:83:df:f8:f1:22:d9:a3:
fa:39:74:6a:75:6a:a6:b5:6f:60:e3:c3:f5:49:0a:
a4:08:25:15:73:b1:f4:43:e8:84:f5:23:fd:88:29:
ef:87:ad:fe:64:95:f3:20:51:26:01:26:db:0d:a0:
a0:f3:5b:1d:6a:17:df:ed:a0:c5:b1:57:bf:67:cb:
eb:52:f2:36:10:7f:49:19:4f:71:e9:08:46:4b:b5:
f0:81:99:e5:03:6b:e5:7f:5c:23:ef:81:92:de:22:
e6:99:5e:45:e7:34:c9:36:d5:c1:f7:90:57:54:63:
8c:24:13:2d:a2:ea:01:31:c9:1b:af:4b:d8:9f:33:
e5:7d:08:6a:71:6a:7c:0f:15:95:3b:33:78:40:99:
ce:d5:c0:77:18:df:0a:e4:bf:8d:15:86:51:18:c4:
6f:9d:d2:6b:f1:83:36:ef:26:b2:a1:e7:90:0c:98:
b1:5b:aa:8e:10:78:82:3d:c4:8d:0e:5b:c6:53:21:
a7:4e:9b:bc:9a:c8:9a:59:5f:3f:bc:3a:0b:89:ac:
a1:0f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FB:9E:BF:AA:FD:81:79:01:64:20:FC:9D:31:19:03:00:4B:CC:FD:41
X509v3 Authority Key Identifier:
keyid:DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/4a0ca7a1-00ab-48be-a825-9123b34b7077.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:3fc7:f880::/48
Signature Algorithm: sha256WithRSAEncryption
6e:77:8a:05:f6:03:9d:90:a1:8e:38:e5:53:99:8f:1b:08:29:
e9:d4:13:8c:b3:b0:57:42:bd:a2:c0:cb:4f:4b:42:91:f5:95:
8d:f4:d3:22:dd:8e:b5:aa:83:15:57:08:4a:dc:17:c7:4a:01:
c4:f4:74:8a:cd:03:da:da:e5:9a:45:19:15:0d:7f:f8:6a:2d:
15:a3:bd:b3:89:f0:d2:80:f2:9d:15:67:bc:8e:7c:cd:a5:67:
bc:51:d0:95:5a:7c:82:9d:70:6f:54:4e:2a:8b:84:ea:52:5a:
fb:2c:c0:32:cc:27:df:9f:6c:17:96:98:9e:35:7e:ee:bd:70:
bb:17:be:5a:83:43:46:04:40:28:e7:64:63:6d:61:7d:5e:68:
79:f8:5e:cb:f8:0f:11:e7:3e:5e:99:6d:21:26:40:70:30:61:
60:32:ee:0d:ef:85:f3:59:3b:91:68:7f:d9:c6:b2:56:48:60:
7a:40:7a:2d:50:1e:8f:90:fb:38:1c:ad:d1:39:e1:06:a6:9d:
e2:13:70:6f:cf:b1:2c:cc:19:1e:32:5b:96:f7:55:78:53:4e:
d1:07:0f:2a:5f:95:27:a4:35:f7:f2:1d:1a:02:8e:e1:08:f0:
d4:02:01:b7:eb:1f:c0:b9:d0:89:00:a6:9e:af:d6:b5:cf:c0:
00:87:77:5a
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIULyVCzxEJQNP0QKjta29YdDBkOXgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGY3NTliNWFmM2RhNmM5ZGYwMzNiMGRlOTk4OTcwYTRl
Nzk2NTVkMDAeFw0yNjA1MTEwMTQwMTFaFw0yNjA4MDkyMzU5NTlaMHoxSTBHBgNV
BAUTQDI5ZTViMGI1ZmQ0ODkyZmZlN2E0MmViM2M3YTIyMmVhZmY0Njg3ODdhYTkw
MjE2NTBkMGJiZGJlNThjYzM1ZGIxLTArBgNVBAMTJDk4ZDY3ZGViLWJiNzUtNGU3
Ny1iMWEwLTM2MDE2YjJkNjM1MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKdkL3pXlrzy32680j2urIeoz0Cbl4Xtft8Wh/UiTiTspT9btMnUZWpy+V/z
jwnfVFIH+vGD3/jxItmj+jl0anVqprVvYOPD9UkKpAglFXOx9EPohPUj/Ygp74et
/mSV8yBRJgEm2w2goPNbHWoX3+2gxbFXv2fL61LyNhB/SRlPcekIRku18IGZ5QNr
5X9cI++Bkt4i5pleRec0yTbVwfeQV1RjjCQTLaLqATHJG69L2J8z5X0IanFqfA8V
lTszeECZztXAdxjfCuS/jRWGURjEb53Sa/GDNu8msqHnkAyYsVuqjhB4gj3EjQ5b
xlMhp06bvJrImllfP7w6C4msoQ8CAwEAAaOCAiQwggIgMB0GA1UdDgQWBBT7nr+q
/YF5AWQg/J0xGQMAS8z9QTAfBgNVHSMEGDAWgBTfdZta89psnfAzsN6ZiXCk55ZV
0DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzMzV2JXdlBh
Ykozd003RGVtWWx3cE9lV1ZkQS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9mZTM3MzdmYi0wOTVkLTQ0NGMtOTJmNC0zZjcyMjFmYjU0NGMv
NGEwY2E3YTEtMDBhYi00OGJlLWE4MjUtOTEyM2IzNGI3MDc3LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZmUzNzM3ZmItMDk1ZC00NDRjLTkyZjQtM2Y3MjIxZmI1
NDRjLzBYRTV0WlZ5dUdlYUFfaDctMXFCcDdhWTRTby5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACABP8f4
gDANBgkqhkiG9w0BAQsFAAOCAQEAbneKBfYDnZChjjjlU5mPGwgp6dQTjLOwV0K9
osDLT0tCkfWVjfTTIt2OtaqDFVcIStwXx0oBxPR0is0D2trlmkUZFQ1/+GotFaO9
s4nw0oDynRVnvI58zaVnvFHQlVp8gp1wb1ROKouE6lJa+yzAMswn359sF5aYnjV+
7r1wuxe+WoNDRgRAKOdkY21hfV5oefhey/gPEec+XpltISZAcDBhYDLuDe+F81k7
kWh/2cayVkhgekB6LVAej5D7OByt0TnhBqad4hNwb8+xLMwZHjJblvdVeFNO0QcP
Kl+VJ6Q19/IdGgKO4Qjw1AIBt+sfwLnQiQCmnq/Wtc/AAId3Wg==
-----END CERTIFICATE-----
Generated at Tue May 12 22:12:06 2026 by rpki-client