Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/541ffd81-df5c-4971-9769-a37d113c922b.roa
File: 541ffd81-df5c-4971-9769-a37d113c922b.roa (raw, json)
Hash identifier: i01yPfFW55Hd1VG09PSclDHzkpvyKqT42MFon94Emig=
Subject key identifier: AE:90:D7:17:62:F6:6A:06:10:5B:97:3C:69:3F:CD:CF:D5:F2:4B:99
Certificate issuer: /CN=df759b5af3da6c9df033b0de998970a4e79655d0
Certificate serial: 52DBFA243D116CB90EAF18B11971B27FA0F1B46F
Authority key identifier: DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/541ffd81-df5c-4971-9769-a37d113c922b.roa
Signing time: Mon 11 May 2026 01:30:25 +0000
ROA not before: Mon 11 May 2026 01:30:25 +0000
ROA not after: Sun 09 Aug 2026 23:59:59 +0000
asID: 16509
IP address blocks: 2001:3fc6:e::/47 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.mft
rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 13 May 2026 14:18:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
52:db:fa:24:3d:11:6c:b9:0e:af:18:b1:19:71:b2:7f:a0:f1:b4:6f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=df759b5af3da6c9df033b0de998970a4e79655d0
Validity
Not Before: May 11 01:30:25 2026 GMT
Not After : Aug 9 23:59:59 2026 GMT
Subject: serialNumber=5eedb90cf58394ed944d79319715ce6e220b0428f2d0d4f5c0d91fac5c778b40, CN=98d67deb-bb75-4e77-b1a0-36016b2d6350
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e8:44:8e:63:de:e1:a0:42:00:42:81:a7:f7:74:
cc:4d:e2:92:65:b4:f7:0c:53:5e:e7:85:32:d4:5f:
f6:67:bf:e2:f7:05:09:4f:a4:7e:bd:89:fb:13:c5:
6c:44:25:68:61:ce:ff:46:af:d8:98:92:88:9f:f8:
1c:be:d2:b7:02:00:08:cf:74:ef:1c:5e:cb:53:1b:
98:53:09:b8:2e:e3:32:a0:46:02:8c:a0:e7:c5:ae:
fa:e1:ab:b8:dc:4c:54:a7:1e:11:b3:b7:bc:77:c5:
73:c0:41:cd:d0:cb:24:3a:af:06:51:cb:48:59:f8:
d0:33:9a:21:21:25:38:65:d8:43:ea:03:34:ad:14:
24:d7:62:94:ac:e5:5d:ac:2a:41:25:11:7f:d8:03:
69:a0:c6:83:26:d5:04:2b:a4:c8:c3:c7:47:c5:aa:
33:55:66:19:46:a4:ca:6f:26:e6:3f:80:57:6f:5f:
96:5e:dd:c4:92:18:fa:49:e4:21:f2:cb:bb:d7:85:
4d:1c:cc:d2:08:6e:c9:d6:94:ab:a5:7a:d8:f3:f2:
13:c3:9d:cf:fa:52:98:3b:87:1d:62:a7:df:b8:51:
a3:1d:ca:63:6f:86:ee:71:d5:c8:81:d0:b1:ef:4a:
97:5f:05:11:58:02:d5:f6:5f:0d:30:8a:b1:a9:3f:
4e:a5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AE:90:D7:17:62:F6:6A:06:10:5B:97:3C:69:3F:CD:CF:D5:F2:4B:99
X509v3 Authority Key Identifier:
keyid:DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/541ffd81-df5c-4971-9769-a37d113c922b.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:3fc6:e::/47
Signature Algorithm: sha256WithRSAEncryption
29:e1:44:17:6e:b6:d8:31:2b:90:58:ac:ac:10:da:cc:fa:63:
54:1d:db:5c:2a:65:ab:70:ff:57:8b:15:a2:e4:5b:32:8c:41:
25:6e:c7:ad:8d:a9:05:c6:60:9f:ab:f7:7b:68:4b:a7:d7:db:
73:4e:71:38:1f:c8:85:4e:19:42:51:3e:90:3e:a2:84:19:a3:
12:1d:d9:b1:f5:f4:6e:c5:08:95:aa:74:f3:86:49:38:d0:bb:
81:3f:bd:65:42:19:b1:2e:94:5f:ca:23:4c:1d:0f:22:db:68:
e3:b9:a5:d0:2e:99:94:46:55:23:46:a4:49:57:e3:b3:50:8c:
fe:ec:a2:b3:d0:d9:7e:79:4e:5a:71:be:8b:3f:b9:5c:aa:43:
d8:fe:aa:2a:fa:bc:00:e1:59:43:fc:2a:d6:17:c0:7d:98:6a:
47:22:37:e1:3c:7f:6b:a7:c6:c7:2a:86:0b:c8:50:be:c7:d2:
89:8c:b8:4b:9a:a0:54:b1:60:77:00:48:b0:2e:59:3f:a6:54:
6c:ae:cf:7c:a6:9b:17:52:a1:e1:4a:56:d5:f1:d6:d8:d8:a2:
b3:55:70:c4:9e:64:0b:a2:bf:50:21:14:12:d4:cd:6f:a1:33:
f5:bf:a2:95:35:60:6e:ad:a4:f0:32:3b:a0:fa:e8:a9:c5:90:
f0:3e:65:3e
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUUtv6JD0RbLkOrxixGXGyf6DxtG8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGY3NTliNWFmM2RhNmM5ZGYwMzNiMGRlOTk4OTcwYTRl
Nzk2NTVkMDAeFw0yNjA1MTEwMTMwMjVaFw0yNjA4MDkyMzU5NTlaMHoxSTBHBgNV
BAUTQDVlZWRiOTBjZjU4Mzk0ZWQ5NDRkNzkzMTk3MTVjZTZlMjIwYjA0MjhmMmQw
ZDRmNWMwZDkxZmFjNWM3NzhiNDAxLTArBgNVBAMTJDk4ZDY3ZGViLWJiNzUtNGU3
Ny1iMWEwLTM2MDE2YjJkNjM1MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAOhEjmPe4aBCAEKBp/d0zE3ikmW09wxTXueFMtRf9me/4vcFCU+kfr2J+xPF
bEQlaGHO/0av2JiSiJ/4HL7StwIACM907xxey1MbmFMJuC7jMqBGAoyg58Wu+uGr
uNxMVKceEbO3vHfFc8BBzdDLJDqvBlHLSFn40DOaISElOGXYQ+oDNK0UJNdilKzl
XawqQSURf9gDaaDGgybVBCukyMPHR8WqM1VmGUakym8m5j+AV29fll7dxJIY+knk
IfLLu9eFTRzM0ghuydaUq6V62PPyE8Odz/pSmDuHHWKn37hRox3KY2+G7nHVyIHQ
se9Kl18FEVgC1fZfDTCKsak/TqUCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBSukNcX
YvZqBhBblzxpP83P1fJLmTAfBgNVHSMEGDAWgBTfdZta89psnfAzsN6ZiXCk55ZV
0DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzMzV2JXdlBh
Ykozd003RGVtWWx3cE9lV1ZkQS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9mZTM3MzdmYi0wOTVkLTQ0NGMtOTJmNC0zZjcyMjFmYjU0NGMv
NTQxZmZkODEtZGY1Yy00OTcxLTk3NjktYTM3ZDExM2M5MjJiLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZmUzNzM3ZmItMDk1ZC00NDRjLTkyZjQtM2Y3MjIxZmI1
NDRjLzBYRTV0WlZ5dUdlYUFfaDctMXFCcDdhWTRTby5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHASABP8YA
DjANBgkqhkiG9w0BAQsFAAOCAQEAKeFEF2622DErkFisrBDazPpjVB3bXCplq3D/
V4sVouRbMoxBJW7HrY2pBcZgn6v3e2hLp9fbc05xOB/IhU4ZQlE+kD6ihBmjEh3Z
sfX0bsUIlap084ZJONC7gT+9ZUIZsS6UX8ojTB0PItto47ml0C6ZlEZVI0akSVfj
s1CM/uyis9DZfnlOWnG+iz+5XKpD2P6qKvq8AOFZQ/wq1hfAfZhqRyI34Tx/a6fG
xyqGC8hQvsfSiYy4S5qgVLFgdwBIsC5ZP6ZUbK7PfKabF1Kh4UpW1fHW2Niis1Vw
xJ5kC6K/UCEUEtTNb6Ez9b+ilTVgbq2k8DI7oProqcWQ8D5lPg==
-----END CERTIFICATE-----
Generated at Tue May 12 22:17:39 2026 by rpki-client