Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/4e175ead-18b1-4e23-a13e-68ba2a69c2ab.roa
File: 4e175ead-18b1-4e23-a13e-68ba2a69c2ab.roa (raw, json)
Hash identifier: uE5/OE+MyeoRjLTMRWhir+JkubSeBWJevBwLEXKrdmc=
Subject key identifier: 55:D0:9C:B3:A1:65:F4:FD:33:F5:82:EA:1F:20:9E:3E:EE:AF:51:F5
Certificate issuer: /CN=df759b5af3da6c9df033b0de998970a4e79655d0
Certificate serial: 29EC0784AE5C5F8DF5EE9CDF75C2B034AE907877
Authority key identifier: DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/4e175ead-18b1-4e23-a13e-68ba2a69c2ab.roa
Signing time: Mon 11 May 2026 01:40:09 +0000
ROA not before: Mon 11 May 2026 01:40:09 +0000
ROA not after: Sun 09 Aug 2026 23:59:59 +0000
asID: 16509
IP address blocks: 2001:3fc3:2800::/40 maxlen: 40
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.mft
rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 13 May 2026 14:18:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
29:ec:07:84:ae:5c:5f:8d:f5:ee:9c:df:75:c2:b0:34:ae:90:78:77
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=df759b5af3da6c9df033b0de998970a4e79655d0
Validity
Not Before: May 11 01:40:09 2026 GMT
Not After : Aug 9 23:59:59 2026 GMT
Subject: serialNumber=64bc1af1022201f1dc42cb12ed8bbbec13ba91f8864a717b4cd3f0119f27e796, CN=98d67deb-bb75-4e77-b1a0-36016b2d6350
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:91:71:e9:57:db:b9:fe:39:d5:e7:72:c8:93:a4:
95:8b:a3:a1:52:38:66:57:6b:67:6e:fa:0f:db:b7:
18:7d:5b:6f:16:76:d2:b0:31:3c:5a:e8:c3:ba:55:
02:1a:b4:7c:8c:1c:d4:e1:85:e6:19:f9:a8:53:c9:
f6:a0:cc:26:32:09:77:38:2a:50:8c:90:52:63:9a:
e9:ea:ce:d8:9c:8d:00:a6:60:a5:c4:b9:d3:18:93:
18:b8:17:bd:d0:20:9c:45:67:d0:fc:25:b6:74:71:
1d:27:86:f5:c2:03:f5:8b:10:5e:f5:4e:3e:40:ad:
d4:bd:35:83:2e:2b:2f:88:65:af:d2:fc:e7:34:da:
3a:8c:f7:4e:85:2a:47:7f:f4:8f:d9:9f:30:6d:94:
84:74:a2:c9:b3:bd:97:49:0c:13:bb:8e:5b:4c:0a:
fc:b8:8a:b4:39:c6:85:28:05:cf:29:91:fc:b7:57:
f9:8d:e2:5c:36:81:ec:b8:bf:5c:42:fb:39:a3:c5:
25:3c:b3:71:fc:6b:93:f1:96:a3:86:68:19:2c:72:
11:ec:ae:38:4c:ee:51:c0:05:66:80:ad:b1:7d:8d:
be:df:f9:91:6a:42:e0:39:ce:4e:db:b9:e8:3d:51:
5a:ba:bf:b2:6a:9e:66:86:5b:7a:36:6f:c6:7e:f2:
a0:77
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
55:D0:9C:B3:A1:65:F4:FD:33:F5:82:EA:1F:20:9E:3E:EE:AF:51:F5
X509v3 Authority Key Identifier:
keyid:DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/4e175ead-18b1-4e23-a13e-68ba2a69c2ab.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:3fc3:2800::/40
Signature Algorithm: sha256WithRSAEncryption
04:c6:54:9a:81:65:29:33:cf:96:5a:27:ab:39:11:9b:a6:3e:
79:6b:87:1e:94:e0:10:94:4e:47:33:08:74:62:34:f8:8c:4c:
e8:98:0d:7f:3d:b7:90:04:95:e6:5c:14:12:5f:c8:e9:b9:08:
9b:b3:a1:c1:4e:59:a4:7d:96:97:6d:58:f0:f5:17:f0:cf:46:
74:ac:3d:83:15:9e:e4:3f:4c:67:2b:2b:65:ce:d2:eb:9c:71:
ea:61:c3:74:bd:8b:b3:55:c7:11:f3:f7:b3:62:52:e3:d0:e3:
3c:52:e0:50:3f:e5:88:f3:b0:58:f0:8b:aa:93:94:bc:f2:0e:
e0:8c:bc:6d:03:df:72:ee:0c:b9:01:bb:56:83:6d:00:ff:11:
9b:80:db:d9:fe:bc:85:c7:ba:2b:55:98:6f:16:2f:21:07:0c:
c7:e3:6b:69:f6:e6:e6:e9:68:6e:48:44:78:d7:55:13:5d:b5:
b1:7f:71:6a:f1:89:42:64:b2:ef:56:e1:06:b3:ad:66:83:a9:
91:b3:80:c9:d0:4d:23:c5:9c:eb:ba:c3:19:fc:b3:6d:2c:16:
7c:89:2b:7a:42:c4:67:34:91:b2:fc:2f:3e:37:e3:4c:22:cc:
3e:db:cd:f9:72:5b:b6:3f:36:e6:19:a1:77:75:4d:d0:35:e9:
de:18:0d:2e
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUKewHhK5cX4317pzfdcKwNK6QeHcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGY3NTliNWFmM2RhNmM5ZGYwMzNiMGRlOTk4OTcwYTRl
Nzk2NTVkMDAeFw0yNjA1MTEwMTQwMDlaFw0yNjA4MDkyMzU5NTlaMHoxSTBHBgNV
BAUTQDY0YmMxYWYxMDIyMjAxZjFkYzQyY2IxMmVkOGJiYmVjMTNiYTkxZjg4NjRh
NzE3YjRjZDNmMDExOWYyN2U3OTYxLTArBgNVBAMTJDk4ZDY3ZGViLWJiNzUtNGU3
Ny1iMWEwLTM2MDE2YjJkNjM1MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJFx6Vfbuf451edyyJOklYujoVI4ZldrZ276D9u3GH1bbxZ20rAxPFrow7pV
Ahq0fIwc1OGF5hn5qFPJ9qDMJjIJdzgqUIyQUmOa6erO2JyNAKZgpcS50xiTGLgX
vdAgnEVn0PwltnRxHSeG9cID9YsQXvVOPkCt1L01gy4rL4hlr9L85zTaOoz3ToUq
R3/0j9mfMG2UhHSiybO9l0kME7uOW0wK/LiKtDnGhSgFzymR/LdX+Y3iXDaB7Li/
XEL7OaPFJTyzcfxrk/GWo4ZoGSxyEeyuOEzuUcAFZoCtsX2Nvt/5kWpC4DnOTtu5
6D1RWrq/smqeZoZbejZvxn7yoHcCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBRV0Jyz
oWX0/TP1guofIJ4+7q9R9TAfBgNVHSMEGDAWgBTfdZta89psnfAzsN6ZiXCk55ZV
0DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzMzV2JXdlBh
Ykozd003RGVtWWx3cE9lV1ZkQS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9mZTM3MzdmYi0wOTVkLTQ0NGMtOTJmNC0zZjcyMjFmYjU0NGMv
NGUxNzVlYWQtMThiMS00ZTIzLWExM2UtNjhiYTJhNjljMmFiLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZmUzNzM3ZmItMDk1ZC00NDRjLTkyZjQtM2Y3MjIxZmI1
NDRjLzBYRTV0WlZ5dUdlYUFfaDctMXFCcDdhWTRTby5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACABP8Mo
MA0GCSqGSIb3DQEBCwUAA4IBAQAExlSagWUpM8+WWierORGbpj55a4celOAQlE5H
Mwh0YjT4jEzomA1/PbeQBJXmXBQSX8jpuQibs6HBTlmkfZaXbVjw9Rfwz0Z0rD2D
FZ7kP0xnKytlztLrnHHqYcN0vYuzVccR8/ezYlLj0OM8UuBQP+WI87BY8Iuqk5S8
8g7gjLxtA99y7gy5AbtWg20A/xGbgNvZ/ryFx7orVZhvFi8hBwzH42tp9ubm6Whu
SER411UTXbWxf3Fq8YlCZLLvVuEGs61mg6mRs4DJ0E0jxZzrusMZ/LNtLBZ8iSt6
QsRnNJGy/C8+N+NMIsw+2835clu2PzbmGaF3dU3QNeneGA0u
-----END CERTIFICATE-----
Generated at Tue May 12 22:36:50 2026 by rpki-client