Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/6b104617-be96-4130-b1b4-dbe8facd0109.roa
File: 6b104617-be96-4130-b1b4-dbe8facd0109.roa (raw, json)
Hash identifier: 6tj1jcJlqJEQDlF6MeL+fsML6Ak7yRJMn9AhAGXUoYA=
Subject key identifier: 50:17:0C:E3:8D:69:9F:32:23:82:97:F2:EB:B6:E1:A7:7F:CD:29:CA
Certificate issuer: /CN=df759b5af3da6c9df033b0de998970a4e79655d0
Certificate serial: 20DFE0F1989E61DD97226D3D0D28DC1BFA016908
Authority key identifier: DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/6b104617-be96-4130-b1b4-dbe8facd0109.roa
Signing time: Mon 11 May 2026 01:30:23 +0000
ROA not before: Mon 11 May 2026 01:30:23 +0000
ROA not after: Sun 09 Aug 2026 23:59:59 +0000
asID: 16509
IP address blocks: 2001:3fc7:c000::/36 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.mft
rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 13 May 2026 14:18:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
20:df:e0:f1:98:9e:61:dd:97:22:6d:3d:0d:28:dc:1b:fa:01:69:08
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=df759b5af3da6c9df033b0de998970a4e79655d0
Validity
Not Before: May 11 01:30:23 2026 GMT
Not After : Aug 9 23:59:59 2026 GMT
Subject: serialNumber=ac8d489686661dcaf7839172a805e6cc0bae6bd59f5b9010a1817dfff3023534, CN=98d67deb-bb75-4e77-b1a0-36016b2d6350
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d4:73:f4:72:6e:08:04:5c:cc:38:6e:e1:74:38:
ba:43:b9:45:fa:48:68:73:9a:7a:3d:43:ed:74:79:
82:df:6a:cb:41:e7:53:aa:45:c9:01:cf:5c:72:b8:
cc:5b:1a:45:9e:a0:03:09:50:4e:1e:d8:03:36:4e:
fc:e5:52:8d:84:c5:fd:87:ae:1d:13:02:a8:c0:7e:
10:9c:7d:9b:b5:e5:be:9e:de:5f:1f:1a:6c:a9:99:
f5:09:52:ff:cb:a6:98:3c:af:05:f5:65:d9:01:48:
8f:5f:45:75:a3:f8:78:6c:97:4a:c0:16:74:36:5b:
23:cb:c1:0a:a4:41:68:94:b1:27:30:1e:55:7e:82:
bc:8c:dd:31:71:9e:2b:e8:84:16:46:6a:ed:11:b2:
3c:6f:e4:b1:ac:dd:0a:cd:89:55:83:17:5c:ba:d6:
f6:46:d6:a7:aa:4b:52:c2:88:42:88:6d:1b:5c:83:
b4:0c:be:88:fb:84:99:1d:d1:46:a7:ec:78:c2:1e:
35:a1:e0:39:db:4d:18:5d:21:14:df:59:81:24:33:
fe:81:01:b9:91:cc:cb:8b:97:ed:a5:b8:83:50:21:
ed:57:24:f8:b7:5b:2e:c1:03:49:8d:92:b3:01:86:
d6:3d:1a:cc:f9:cc:eb:41:8c:c0:84:cf:3d:79:81:
3a:79
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
50:17:0C:E3:8D:69:9F:32:23:82:97:F2:EB:B6:E1:A7:7F:CD:29:CA
X509v3 Authority Key Identifier:
keyid:DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/6b104617-be96-4130-b1b4-dbe8facd0109.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:3fc7:c000::/36
Signature Algorithm: sha256WithRSAEncryption
4f:bd:49:c5:54:05:15:0a:7a:b3:fd:e1:f6:d3:f7:2f:6b:8f:
73:28:a6:da:d0:67:8f:80:14:56:06:0c:1d:7a:5b:78:62:66:
bd:bf:ae:fd:24:c4:8b:cb:ce:4a:a6:38:0b:7a:87:f1:03:4c:
59:bc:3f:bc:94:f8:a7:8b:e2:ab:f0:fe:2d:18:4a:f3:82:7d:
74:c3:05:e9:a4:4b:85:60:5d:84:ea:eb:61:7c:25:ba:f2:f2:
66:11:14:ee:32:ea:27:dc:54:d0:4c:7a:13:72:33:ac:c4:8b:
6c:52:ba:3e:5f:81:c8:9d:db:3f:c2:4b:e4:df:bc:c0:88:d2:
98:e4:51:86:f6:13:54:4d:f6:b5:84:8a:4b:b8:ef:6a:b4:c1:
96:53:b5:c3:2f:eb:5c:4f:a4:7f:bb:9a:40:2d:b1:e5:8b:9a:
3e:db:ef:8f:ac:07:67:0f:29:65:23:cf:d2:83:52:32:a9:76:
ea:af:2f:9b:1a:b5:02:bf:38:fe:ac:ed:c1:4e:c3:ea:ce:bf:
46:f2:96:ac:ef:7c:c4:2a:cf:81:21:17:4c:85:11:89:fc:97:
6f:cb:14:18:7d:f7:a7:21:0a:ab:b2:02:22:4d:1c:d9:8b:f1:
31:6f:70:5d:5d:e8:cf:fe:90:54:08:6a:e9:d9:fc:27:95:a7:
37:bc:97:ce
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUIN/g8ZieYd2XIm09DSjcG/oBaQgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGY3NTliNWFmM2RhNmM5ZGYwMzNiMGRlOTk4OTcwYTRl
Nzk2NTVkMDAeFw0yNjA1MTEwMTMwMjNaFw0yNjA4MDkyMzU5NTlaMHoxSTBHBgNV
BAUTQGFjOGQ0ODk2ODY2NjFkY2FmNzgzOTE3MmE4MDVlNmNjMGJhZTZiZDU5ZjVi
OTAxMGExODE3ZGZmZjMwMjM1MzQxLTArBgNVBAMTJDk4ZDY3ZGViLWJiNzUtNGU3
Ny1iMWEwLTM2MDE2YjJkNjM1MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANRz9HJuCARczDhu4XQ4ukO5RfpIaHOaej1D7XR5gt9qy0HnU6pFyQHPXHK4
zFsaRZ6gAwlQTh7YAzZO/OVSjYTF/YeuHRMCqMB+EJx9m7Xlvp7eXx8abKmZ9QlS
/8ummDyvBfVl2QFIj19FdaP4eGyXSsAWdDZbI8vBCqRBaJSxJzAeVX6CvIzdMXGe
K+iEFkZq7RGyPG/ksazdCs2JVYMXXLrW9kbWp6pLUsKIQohtG1yDtAy+iPuEmR3R
RqfseMIeNaHgOdtNGF0hFN9ZgSQz/oEBuZHMy4uX7aW4g1Ah7Vck+LdbLsEDSY2S
swGG1j0azPnM60GMwITPPXmBOnkCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBRQFwzj
jWmfMiOCl/LrtuGnf80pyjAfBgNVHSMEGDAWgBTfdZta89psnfAzsN6ZiXCk55ZV
0DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzMzV2JXdlBh
Ykozd003RGVtWWx3cE9lV1ZkQS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9mZTM3MzdmYi0wOTVkLTQ0NGMtOTJmNC0zZjcyMjFmYjU0NGMv
NmIxMDQ2MTctYmU5Ni00MTMwLWIxYjQtZGJlOGZhY2QwMTA5LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZmUzNzM3ZmItMDk1ZC00NDRjLTkyZjQtM2Y3MjIxZmI1
NDRjLzBYRTV0WlZ5dUdlYUFfaDctMXFCcDdhWTRTby5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGBCABP8fA
MA0GCSqGSIb3DQEBCwUAA4IBAQBPvUnFVAUVCnqz/eH20/cva49zKKba0GePgBRW
Bgwdelt4Yma9v679JMSLy85KpjgLeofxA0xZvD+8lPini+Kr8P4tGErzgn10wwXp
pEuFYF2E6uthfCW68vJmERTuMuon3FTQTHoTcjOsxItsUro+X4HInds/wkvk37zA
iNKY5FGG9hNUTfa1hIpLuO9qtMGWU7XDL+tcT6R/u5pALbHli5o+2++PrAdnDyll
I8/Sg1IyqXbqry+bGrUCvzj+rO3BTsPqzr9G8pas73zEKs+BIRdMhRGJ/JdvyxQY
ffenIQqrsgIiTRzZi/Exb3BdXejP/pBUCGrp2fwnlac3vJfO
-----END CERTIFICATE-----
Generated at Tue May 12 22:02:21 2026 by rpki-client