Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/661f769e-2a06-4615-bc32-942a112d13ee.roa
File: 661f769e-2a06-4615-bc32-942a112d13ee.roa (raw, json)
Hash identifier: YQn9ShCyBprzCQCElUjydNJPzGzM6at6aXewHjF1z5c=
Subject key identifier: F2:F7:F2:B9:05:FA:F7:CA:D7:25:3F:B1:1B:C5:2C:53:70:06:B4:F8
Certificate issuer: /CN=df759b5af3da6c9df033b0de998970a4e79655d0
Certificate serial: 25FD4169DC548D0D2F6557670CBF588684E912BA
Authority key identifier: DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/661f769e-2a06-4615-bc32-942a112d13ee.roa
Signing time: Thu 07 May 2026 13:47:11 +0000
ROA not before: Thu 07 May 2026 13:47:11 +0000
ROA not after: Wed 05 Aug 2026 23:59:59 +0000
asID: 16509
IP address blocks: 2001:3fc5:2040::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.mft
rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 13 May 2026 14:18:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
25:fd:41:69:dc:54:8d:0d:2f:65:57:67:0c:bf:58:86:84:e9:12:ba
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=df759b5af3da6c9df033b0de998970a4e79655d0
Validity
Not Before: May 7 13:47:11 2026 GMT
Not After : Aug 5 23:59:59 2026 GMT
Subject: serialNumber=2f154246f3fd55139d732075aaca8eeb9566a2eafa115c13d5a2567c447ab8dd, CN=98d67deb-bb75-4e77-b1a0-36016b2d6350
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c3:dd:14:90:f3:20:f6:01:18:e5:09:82:98:da:
aa:b6:80:89:63:cf:2b:72:7a:6c:f4:89:a6:1a:70:
c6:59:2f:d0:80:f9:fd:bc:90:5b:fd:59:1e:75:2d:
eb:8c:08:f5:7a:a5:59:1c:1f:6e:92:57:46:cb:9f:
b3:1e:df:ff:0c:a3:8a:82:62:e6:df:d9:b3:17:9f:
b1:ff:b8:03:0b:a3:a2:4d:90:8b:70:fd:35:79:2f:
86:9b:e0:35:e8:b1:c4:23:be:a2:90:50:c5:57:ac:
ad:dc:67:25:b1:f3:2a:94:1e:87:09:7b:be:52:8c:
d9:4a:20:28:e7:94:ec:fb:3e:53:3f:09:e2:a3:c7:
ef:bc:fd:3c:cc:61:55:5e:56:14:f5:3a:1d:61:43:
64:46:54:b5:32:91:33:ba:3f:3c:70:2c:ba:13:a0:
e0:20:a7:46:c7:47:bb:c6:0e:78:78:7b:03:a1:e8:
04:66:13:69:3a:bf:1d:f6:ee:24:fa:d5:ee:41:fd:
90:20:51:f5:c7:53:37:c6:13:21:13:ef:fa:5a:13:
00:2c:a0:78:06:c0:6b:88:ac:08:b0:01:c3:4e:e1:
59:c3:2d:57:68:42:bf:60:76:b0:31:b2:c3:3a:ed:
f0:92:93:9b:e7:06:f7:0a:88:3e:c1:54:6d:4b:a3:
d5:29
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F2:F7:F2:B9:05:FA:F7:CA:D7:25:3F:B1:1B:C5:2C:53:70:06:B4:F8
X509v3 Authority Key Identifier:
keyid:DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/661f769e-2a06-4615-bc32-942a112d13ee.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:3fc5:2040::/48
Signature Algorithm: sha256WithRSAEncryption
2c:c2:7b:f9:ef:0a:92:d7:13:cb:27:ab:fc:e4:95:a2:96:d8:
eb:ed:81:eb:dd:5f:36:f7:3d:05:3e:4a:ce:ed:e2:5f:7b:36:
47:e7:bf:c4:2f:69:13:85:ea:38:42:0a:58:2d:66:a6:6e:7e:
0b:ac:ec:3c:99:ef:07:98:c2:0d:8e:e8:27:09:84:d7:eb:86:
bb:b7:fd:0b:e8:a9:4e:d7:5a:e7:1a:c9:85:93:af:13:60:4a:
3b:35:eb:57:6e:b8:8e:e0:c9:29:9a:6c:37:e8:1a:ff:b5:e8:
73:ef:9c:a8:0d:6c:55:0e:a7:a8:6b:08:78:7a:3b:31:03:70:
56:3c:2a:66:4b:b4:de:2e:b0:a4:95:ee:b1:4b:db:2e:b8:d1:
c6:59:54:62:22:c6:02:be:9d:bc:40:02:bd:f0:ef:63:f2:68:
4b:75:27:da:77:fd:6f:3d:48:cb:db:df:67:89:f5:81:ea:07:
4b:03:50:57:5c:eb:11:dd:f4:cc:3c:90:6f:13:5a:fb:32:65:
58:a1:07:46:c7:b5:92:00:de:46:92:94:e6:08:76:75:68:3b:
e3:b0:62:c4:0b:0e:b7:38:ee:f4:bf:4e:b6:34:31:80:8d:03:
cf:70:e5:eb:fb:ef:14:cd:29:33:4b:f6:cf:c7:e4:67:ff:b4:
2d:aa:df:35
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUJf1BadxUjQ0vZVdnDL9YhoTpErowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGY3NTliNWFmM2RhNmM5ZGYwMzNiMGRlOTk4OTcwYTRl
Nzk2NTVkMDAeFw0yNjA1MDcxMzQ3MTFaFw0yNjA4MDUyMzU5NTlaMHoxSTBHBgNV
BAUTQDJmMTU0MjQ2ZjNmZDU1MTM5ZDczMjA3NWFhY2E4ZWViOTU2NmEyZWFmYTEx
NWMxM2Q1YTI1NjdjNDQ3YWI4ZGQxLTArBgNVBAMTJDk4ZDY3ZGViLWJiNzUtNGU3
Ny1iMWEwLTM2MDE2YjJkNjM1MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMPdFJDzIPYBGOUJgpjaqraAiWPPK3J6bPSJphpwxlkv0ID5/byQW/1ZHnUt
64wI9XqlWRwfbpJXRsufsx7f/wyjioJi5t/Zsxefsf+4Awujok2Qi3D9NXkvhpvg
NeixxCO+opBQxVesrdxnJbHzKpQehwl7vlKM2UogKOeU7Ps+Uz8J4qPH77z9PMxh
VV5WFPU6HWFDZEZUtTKRM7o/PHAsuhOg4CCnRsdHu8YOeHh7A6HoBGYTaTq/Hfbu
JPrV7kH9kCBR9cdTN8YTIRPv+loTACygeAbAa4isCLABw07hWcMtV2hCv2B2sDGy
wzrt8JKTm+cG9wqIPsFUbUuj1SkCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBTy9/K5
Bfr3ytclP7EbxSxTcAa0+DAfBgNVHSMEGDAWgBTfdZta89psnfAzsN6ZiXCk55ZV
0DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzMzV2JXdlBh
Ykozd003RGVtWWx3cE9lV1ZkQS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9mZTM3MzdmYi0wOTVkLTQ0NGMtOTJmNC0zZjcyMjFmYjU0NGMv
NjYxZjc2OWUtMmEwNi00NjE1LWJjMzItOTQyYTExMmQxM2VlLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZmUzNzM3ZmItMDk1ZC00NDRjLTkyZjQtM2Y3MjIxZmI1
NDRjLzBYRTV0WlZ5dUdlYUFfaDctMXFCcDdhWTRTby5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACABP8Ug
QDANBgkqhkiG9w0BAQsFAAOCAQEALMJ7+e8KktcTyyer/OSVopbY6+2B691fNvc9
BT5Kzu3iX3s2R+e/xC9pE4XqOEIKWC1mpm5+C6zsPJnvB5jCDY7oJwmE1+uGu7f9
C+ipTtda5xrJhZOvE2BKOzXrV264juDJKZpsN+ga/7Xoc++cqA1sVQ6nqGsIeHo7
MQNwVjwqZku03i6wpJXusUvbLrjRxllUYiLGAr6dvEACvfDvY/JoS3Un2nf9bz1I
y9vfZ4n1geoHSwNQV1zrEd30zDyQbxNa+zJlWKEHRse1kgDeRpKU5gh2dWg747Bi
xAsOtzju9L9OtjQxgI0Dz3Dl6/vvFM0pM0v2z8fkZ/+0LarfNQ==
-----END CERTIFICATE-----
Generated at Tue May 12 21:53:49 2026 by rpki-client