Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/713a22fc-9451-4d48-9d05-5cdf9c1aa161.roa
File: 713a22fc-9451-4d48-9d05-5cdf9c1aa161.roa (raw, json)
Hash identifier: DT8H0xRdaLqEObV9Hf3wrwY5zpQz3oU8yFvZIjVjx4Q=
Subject key identifier: E8:B2:85:08:C2:90:6D:A5:EC:CF:52:09:14:EC:7F:CF:C1:15:25:55
Certificate issuer: /CN=df759b5af3da6c9df033b0de998970a4e79655d0
Certificate serial: 05DE44800BDA67C47A510778E4777E623E5B8101
Authority key identifier: DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/713a22fc-9451-4d48-9d05-5cdf9c1aa161.roa
Signing time: Mon 11 May 2026 01:30:08 +0000
ROA not before: Mon 11 May 2026 01:30:08 +0000
ROA not after: Sun 09 Aug 2026 23:59:59 +0000
asID: 16509
IP address blocks: 2001:3fc7:8000::/36 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.mft
rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 13 May 2026 14:18:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
05:de:44:80:0b:da:67:c4:7a:51:07:78:e4:77:7e:62:3e:5b:81:01
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=df759b5af3da6c9df033b0de998970a4e79655d0
Validity
Not Before: May 11 01:30:08 2026 GMT
Not After : Aug 9 23:59:59 2026 GMT
Subject: serialNumber=1e4e3377ea71d4204c101c7e9637cdb1bb3865f355b3ec074f8f0f361131489c, CN=98d67deb-bb75-4e77-b1a0-36016b2d6350
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bd:28:39:bf:a7:46:5c:96:44:66:21:bf:56:f5:
50:15:a0:46:17:02:0a:de:a5:16:76:f6:fc:6f:7d:
b5:29:12:7a:4a:e0:d1:dd:71:d9:6e:b0:6f:70:20:
c3:cf:42:a1:8b:e7:c8:70:74:92:79:b0:b2:cb:b0:
87:c0:5c:b8:04:bc:45:48:f7:2a:a0:c7:a8:ab:e9:
3c:be:3f:40:37:0e:85:78:a3:4a:81:cb:bf:b8:8c:
c2:7b:7c:bb:c3:c2:3f:dc:0c:55:c0:75:e9:1f:96:
55:85:e7:dd:bc:32:b1:12:0b:f4:99:69:c5:57:34:
e1:4c:a2:87:6d:b2:76:8a:fb:76:1e:e8:ca:68:a9:
15:4b:8f:40:ff:56:e4:80:80:d4:a9:84:9a:8b:03:
70:bd:74:95:be:31:97:40:e6:02:33:fe:69:ec:d8:
d9:84:a0:df:f9:cf:ef:1f:b9:7a:2c:dc:b0:6a:ed:
d2:ce:70:6a:b4:3d:2d:48:a4:c8:3f:07:b4:c9:ab:
e1:da:8a:08:48:b0:f4:6e:9a:a6:10:de:2b:22:ff:
35:44:a3:89:aa:7a:86:2f:24:be:03:ee:47:7f:0b:
4f:d1:d1:5c:aa:30:42:0c:02:3a:d4:6b:18:20:be:
71:20:54:55:a1:82:c5:c1:3a:b4:50:ee:b4:9e:0a:
12:b3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E8:B2:85:08:C2:90:6D:A5:EC:CF:52:09:14:EC:7F:CF:C1:15:25:55
X509v3 Authority Key Identifier:
keyid:DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/713a22fc-9451-4d48-9d05-5cdf9c1aa161.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:3fc7:8000::/36
Signature Algorithm: sha256WithRSAEncryption
88:0b:77:9b:d6:2c:a5:75:a6:e9:e5:0f:d9:55:bb:43:38:d0:
1a:6b:d1:7f:57:0c:9d:bf:05:f4:f3:b5:55:d9:8e:93:12:fe:
b7:d1:5a:bb:25:ed:d2:68:77:26:c0:8d:b0:89:56:25:5b:53:
ed:59:42:2d:7e:03:cb:ce:8f:2e:8f:02:69:e7:11:9b:ea:fc:
d2:3e:62:9b:3a:ec:14:c7:b3:0e:1d:68:6b:63:31:e7:49:90:
cd:72:b3:f8:4e:4a:e7:44:e8:30:2e:f2:36:c3:8a:d1:c2:fb:
04:c8:bc:87:58:6f:01:51:62:2c:da:c3:48:70:86:99:55:8b:
60:a9:1a:34:5e:d7:8a:b7:3f:a1:9b:cb:90:3d:a6:cd:15:7b:
75:dd:6b:bf:5f:8c:06:d9:8d:ae:32:3c:49:f8:74:e0:bd:1a:
ac:22:ad:48:22:64:e7:45:56:ca:5b:44:05:43:b5:22:3d:2e:
3c:09:62:c7:d9:7c:66:2b:77:20:05:3c:17:23:e4:5a:c5:91:
28:f9:84:09:fa:07:17:f4:99:da:90:6f:43:f2:bf:d7:aa:13:
61:21:f9:bf:5e:17:11:64:c0:af:ec:79:03:14:d9:e4:66:ce:
be:a7:9d:e9:9c:01:d0:9c:57:bf:17:7b:8d:c5:c3:93:9e:74:
6d:9e:f1:5f
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUBd5EgAvaZ8R6UQd45Hd+Yj5bgQEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGY3NTliNWFmM2RhNmM5ZGYwMzNiMGRlOTk4OTcwYTRl
Nzk2NTVkMDAeFw0yNjA1MTEwMTMwMDhaFw0yNjA4MDkyMzU5NTlaMHoxSTBHBgNV
BAUTQDFlNGUzMzc3ZWE3MWQ0MjA0YzEwMWM3ZTk2MzdjZGIxYmIzODY1ZjM1NWIz
ZWMwNzRmOGYwZjM2MTEzMTQ4OWMxLTArBgNVBAMTJDk4ZDY3ZGViLWJiNzUtNGU3
Ny1iMWEwLTM2MDE2YjJkNjM1MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAL0oOb+nRlyWRGYhv1b1UBWgRhcCCt6lFnb2/G99tSkSekrg0d1x2W6wb3Ag
w89CoYvnyHB0knmwssuwh8BcuAS8RUj3KqDHqKvpPL4/QDcOhXijSoHLv7iMwnt8
u8PCP9wMVcB16R+WVYXn3bwysRIL9JlpxVc04Uyih22ydor7dh7oymipFUuPQP9W
5ICA1KmEmosDcL10lb4xl0DmAjP+aezY2YSg3/nP7x+5eizcsGrt0s5warQ9LUik
yD8HtMmr4dqKCEiw9G6aphDeKyL/NUSjiap6hi8kvgPuR38LT9HRXKowQgwCOtRr
GCC+cSBUVaGCxcE6tFDutJ4KErMCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBTosoUI
wpBtpezPUgkU7H/PwRUlVTAfBgNVHSMEGDAWgBTfdZta89psnfAzsN6ZiXCk55ZV
0DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzMzV2JXdlBh
Ykozd003RGVtWWx3cE9lV1ZkQS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9mZTM3MzdmYi0wOTVkLTQ0NGMtOTJmNC0zZjcyMjFmYjU0NGMv
NzEzYTIyZmMtOTQ1MS00ZDQ4LTlkMDUtNWNkZjljMWFhMTYxLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZmUzNzM3ZmItMDk1ZC00NDRjLTkyZjQtM2Y3MjIxZmI1
NDRjLzBYRTV0WlZ5dUdlYUFfaDctMXFCcDdhWTRTby5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGBCABP8eA
MA0GCSqGSIb3DQEBCwUAA4IBAQCIC3eb1iyldabp5Q/ZVbtDONAaa9F/VwydvwX0
87VV2Y6TEv630Vq7Je3SaHcmwI2wiVYlW1PtWUItfgPLzo8ujwJp5xGb6vzSPmKb
OuwUx7MOHWhrYzHnSZDNcrP4TkrnROgwLvI2w4rRwvsEyLyHWG8BUWIs2sNIcIaZ
VYtgqRo0XteKtz+hm8uQPabNFXt13Wu/X4wG2Y2uMjxJ+HTgvRqsIq1IImTnRVbK
W0QFQ7UiPS48CWLH2XxmK3cgBTwXI+RaxZEo+YQJ+gcX9JnakG9D8r/XqhNhIfm/
XhcRZMCv7HkDFNnkZs6+p53pnAHQnFe/F3uNxcOTnnRtnvFf
-----END CERTIFICATE-----
Generated at Tue May 12 22:43:50 2026 by rpki-client