Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/4f80fda1-9681-4549-9269-31023c00bc49.roa
File: 4f80fda1-9681-4549-9269-31023c00bc49.roa (raw, json)
Hash identifier: T6brtHPJG7MfsYZnVyble+NzKGZw+I+iOUNU4jXrdwI=
Subject key identifier: 38:19:B6:D5:A3:19:0D:2E:E9:29:F2:F9:6C:90:53:EE:3C:60:71:CE
Certificate issuer: /CN=df759b5af3da6c9df033b0de998970a4e79655d0
Certificate serial: 2C75DC7F9FD3B0B7E33C35CC432611CD93611D0B
Authority key identifier: DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/4f80fda1-9681-4549-9269-31023c00bc49.roa
Signing time: Mon 11 May 2026 01:30:23 +0000
ROA not before: Mon 11 May 2026 01:30:23 +0000
ROA not after: Sun 09 Aug 2026 23:59:59 +0000
asID: 14618
IP address blocks: 2001:3fc3:800::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.mft
rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 13 May 2026 14:18:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
2c:75:dc:7f:9f:d3:b0:b7:e3:3c:35:cc:43:26:11:cd:93:61:1d:0b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=df759b5af3da6c9df033b0de998970a4e79655d0
Validity
Not Before: May 11 01:30:23 2026 GMT
Not After : Aug 9 23:59:59 2026 GMT
Subject: serialNumber=282c7758edf68a849d22e57baa66aadf6988e8ab39a69f64def0bd8d99740053, CN=98d67deb-bb75-4e77-b1a0-36016b2d6350
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d9:77:0f:f4:34:8f:87:c8:ad:45:ae:c0:8e:8b:
af:a1:0d:9a:ad:9f:5f:13:f5:16:62:98:b8:23:39:
1e:20:44:ac:a7:df:7e:33:31:63:c1:01:73:4b:e6:
65:c0:80:77:5a:34:7f:1b:31:90:b1:82:15:bc:88:
c5:ab:1e:81:aa:54:e9:89:51:e7:24:f3:c4:df:d8:
c6:e8:fd:8f:71:e3:f9:9b:30:e3:05:9d:ed:5b:9e:
35:2c:4b:99:0f:de:8f:45:3b:86:d3:f1:89:f1:48:
0a:84:86:70:9a:ce:03:40:f8:10:90:f2:fb:5f:c1:
9f:56:c1:00:29:2c:1d:ab:74:7a:48:c4:2c:42:a8:
b5:b3:5d:39:91:77:fa:bc:6d:7a:71:82:f3:64:15:
89:e5:e7:54:ce:2b:93:d6:df:a2:6b:44:58:f8:fa:
5f:d0:38:8d:2c:b3:39:0b:64:ba:b0:54:df:af:b0:
94:9e:a3:3c:c7:b8:98:07:19:74:18:71:4b:05:8c:
94:c8:75:18:a4:02:bc:aa:d3:63:23:01:59:b9:79:
ab:e3:db:8f:fb:70:2a:a7:19:a3:37:57:d3:e2:0a:
d1:60:cf:84:21:ad:eb:8a:ce:4d:ad:89:28:ef:2f:
26:41:cd:25:84:0b:73:e0:61:a2:dd:b1:88:a2:de:
4b:e5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
38:19:B6:D5:A3:19:0D:2E:E9:29:F2:F9:6C:90:53:EE:3C:60:71:CE
X509v3 Authority Key Identifier:
keyid:DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/4f80fda1-9681-4549-9269-31023c00bc49.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:3fc3:800::/40
Signature Algorithm: sha256WithRSAEncryption
a0:b9:26:fa:35:d2:5f:76:b6:e3:dc:07:d2:d9:f0:3b:4b:31:
e4:9f:b1:31:c0:cf:39:00:bc:87:b3:19:db:bf:b2:fb:4f:09:
db:d2:88:7f:23:3c:81:d1:09:f1:8e:b4:9f:f8:69:02:a6:b0:
a0:2d:08:43:ae:aa:39:05:88:c6:a0:7f:23:6c:a1:c2:8d:02:
3b:d3:a2:58:81:fd:a6:b1:3e:88:9f:9f:8b:19:40:ad:f1:05:
53:9d:a2:15:47:6f:38:73:7f:45:c4:1e:c0:db:46:78:83:33:
27:32:fc:9a:58:ad:61:ab:ce:7d:97:81:af:25:aa:c9:13:05:
5e:ee:3c:ac:6e:ed:12:38:3f:37:58:dc:62:21:2e:d2:be:45:
2a:62:e2:f4:e1:44:bc:2a:62:90:62:b7:85:3d:58:ce:36:c4:
15:57:f0:98:0e:84:e6:3d:58:d0:20:3b:91:42:80:f3:c5:c8:
5e:88:3a:7f:e3:42:32:62:1c:ac:fe:88:75:84:ae:f9:19:48:
af:e0:3e:56:59:d3:0d:af:87:fb:e0:71:37:03:46:48:ec:f0:
18:37:41:0e:85:4b:f9:23:af:ab:b3:50:a8:b6:c3:8e:3f:5f:
3e:a2:a1:1a:54:86:e8:08:f4:b0:8a:ff:18:8b:71:3e:b9:f9:
75:73:1a:56
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIULHXcf5/TsLfjPDXMQyYRzZNhHQswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGY3NTliNWFmM2RhNmM5ZGYwMzNiMGRlOTk4OTcwYTRl
Nzk2NTVkMDAeFw0yNjA1MTEwMTMwMjNaFw0yNjA4MDkyMzU5NTlaMHoxSTBHBgNV
BAUTQDI4MmM3NzU4ZWRmNjhhODQ5ZDIyZTU3YmFhNjZhYWRmNjk4OGU4YWIzOWE2
OWY2NGRlZjBiZDhkOTk3NDAwNTMxLTArBgNVBAMTJDk4ZDY3ZGViLWJiNzUtNGU3
Ny1iMWEwLTM2MDE2YjJkNjM1MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANl3D/Q0j4fIrUWuwI6Lr6ENmq2fXxP1FmKYuCM5HiBErKfffjMxY8EBc0vm
ZcCAd1o0fxsxkLGCFbyIxasegapU6YlR5yTzxN/Yxuj9j3Hj+Zsw4wWd7VueNSxL
mQ/ej0U7htPxifFICoSGcJrOA0D4EJDy+1/Bn1bBACksHat0ekjELEKotbNdOZF3
+rxtenGC82QVieXnVM4rk9bfomtEWPj6X9A4jSyzOQtkurBU36+wlJ6jPMe4mAcZ
dBhxSwWMlMh1GKQCvKrTYyMBWbl5q+Pbj/twKqcZozdX0+IK0WDPhCGt64rOTa2J
KO8vJkHNJYQLc+Bhot2xiKLeS+UCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBQ4GbbV
oxkNLukp8vlskFPuPGBxzjAfBgNVHSMEGDAWgBTfdZta89psnfAzsN6ZiXCk55ZV
0DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzMzV2JXdlBh
Ykozd003RGVtWWx3cE9lV1ZkQS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9mZTM3MzdmYi0wOTVkLTQ0NGMtOTJmNC0zZjcyMjFmYjU0NGMv
NGY4MGZkYTEtOTY4MS00NTQ5LTkyNjktMzEwMjNjMDBiYzQ5LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZmUzNzM3ZmItMDk1ZC00NDRjLTkyZjQtM2Y3MjIxZmI1
NDRjLzBYRTV0WlZ5dUdlYUFfaDctMXFCcDdhWTRTby5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACABP8MI
MA0GCSqGSIb3DQEBCwUAA4IBAQCguSb6NdJfdrbj3AfS2fA7SzHkn7ExwM85ALyH
sxnbv7L7Twnb0oh/IzyB0QnxjrSf+GkCprCgLQhDrqo5BYjGoH8jbKHCjQI706JY
gf2msT6In5+LGUCt8QVTnaIVR284c39FxB7A20Z4gzMnMvyaWK1hq859l4GvJarJ
EwVe7jysbu0SOD83WNxiIS7SvkUqYuL04US8KmKQYreFPVjONsQVV/CYDoTmPVjQ
IDuRQoDzxcheiDp/40IyYhys/oh1hK75GUiv4D5WWdMNr4f74HE3A0ZI7PAYN0EO
hUv5I6+rs1CotsOOP18+oqEaVIboCPSwiv8Yi3E+ufl1cxpW
-----END CERTIFICATE-----
Generated at Tue May 12 23:43:13 2026 by rpki-client