Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/71ecb785-83f2-49e3-899e-5a6d8098f651.roa
File: 71ecb785-83f2-49e3-899e-5a6d8098f651.roa (raw, json)
Hash identifier: gDBd1JHGeOqbib2OD5D9/gcI7Nr0M6awUZ5fVQzZLWQ=
Subject key identifier: EA:60:04:F2:90:4A:A8:89:EA:C7:13:C7:ED:EA:C7:ED:DD:88:19:46
Certificate issuer: /CN=df759b5af3da6c9df033b0de998970a4e79655d0
Certificate serial: 6E4162243E8B07994E01477F12B9A1491338A71D
Authority key identifier: DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/71ecb785-83f2-49e3-899e-5a6d8098f651.roa
Signing time: Mon 11 May 2026 01:40:54 +0000
ROA not before: Mon 11 May 2026 01:40:54 +0000
ROA not after: Sun 09 Aug 2026 23:59:59 +0000
asID: 16509
IP address blocks: 2001:3fc3:5000::/36 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.mft
rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 13 May 2026 14:18:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
6e:41:62:24:3e:8b:07:99:4e:01:47:7f:12:b9:a1:49:13:38:a7:1d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=df759b5af3da6c9df033b0de998970a4e79655d0
Validity
Not Before: May 11 01:40:54 2026 GMT
Not After : Aug 9 23:59:59 2026 GMT
Subject: serialNumber=f9943c554a8a883de62b91cfafa61c3935098026e109950a84f966d66337e19f, CN=98d67deb-bb75-4e77-b1a0-36016b2d6350
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9f:03:2c:c0:78:08:ad:0a:ec:81:dd:dc:24:22:
c2:ba:a5:e2:e8:b5:b2:ce:cb:6d:9c:2c:aa:3d:db:
26:e1:30:03:b9:d7:1b:e3:65:3c:74:03:f1:e6:3b:
d4:7e:25:78:b0:8f:46:df:65:96:17:28:0b:70:46:
17:40:33:ab:c3:e0:01:fe:93:99:c1:eb:4f:0c:30:
07:4a:87:ac:60:50:57:2b:56:5b:2d:bd:17:68:66:
df:bb:fc:b8:ff:a1:e4:5a:07:8d:bd:24:36:0d:fc:
60:95:34:50:f1:7d:eb:c4:56:d3:fa:8f:1b:ed:26:
9c:f4:f0:c1:6d:84:ef:2e:e3:f3:4f:a3:a3:22:21:
d4:55:aa:06:96:f6:30:ec:37:ef:7e:b5:d0:f0:de:
f1:2e:33:c7:d1:5e:f0:b6:f3:e2:4d:50:9f:07:2b:
23:97:2e:a9:65:25:c5:36:4b:bd:bc:47:d5:d4:16:
a6:53:bd:30:03:05:71:ac:8e:a3:a4:7a:3b:33:bb:
f4:a6:e0:e9:a7:82:42:8c:18:e1:1c:1a:95:3a:bf:
c9:9e:10:6a:50:e3:0e:d2:b6:80:2b:c8:ee:61:bb:
ea:6e:e4:8f:76:64:95:34:14:d6:5e:ae:d2:03:6a:
09:fa:87:cc:d7:16:96:f5:c4:d6:ae:2b:e0:1e:b9:
74:3b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
EA:60:04:F2:90:4A:A8:89:EA:C7:13:C7:ED:EA:C7:ED:DD:88:19:46
X509v3 Authority Key Identifier:
keyid:DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/71ecb785-83f2-49e3-899e-5a6d8098f651.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:3fc3:5000::/36
Signature Algorithm: sha256WithRSAEncryption
bf:2b:6c:b5:cd:7f:40:5f:30:ce:a2:8e:72:f6:e4:25:8e:73:
73:e3:ff:fe:64:1d:28:ff:9b:24:23:44:74:f1:81:17:00:b0:
b7:0f:03:c4:5f:fd:56:e3:15:db:ff:97:e6:50:15:13:7c:af:
7a:cb:f7:6d:6a:93:a4:d9:dd:95:dd:b5:d2:43:cb:de:46:ed:
e7:88:f7:ea:d7:4f:a2:9c:f9:b6:e8:c4:17:fb:76:bd:a9:47:
b2:d4:ab:89:bc:fd:5b:4f:8f:5e:a0:a4:1e:9e:db:04:28:af:
7d:68:c8:ff:d5:21:d0:56:12:3e:3a:03:0c:c3:1c:0e:33:11:
af:50:33:f9:f0:cc:2f:f8:f8:2f:04:fa:78:c4:d8:b5:a3:03:
14:f6:da:8f:5f:c4:23:e9:68:0e:06:7e:7e:e0:e6:78:86:b9:
92:d7:1b:56:29:ad:e2:7b:04:8f:44:ee:23:ed:2f:8d:f6:db:
88:2d:bd:23:20:5c:05:43:1e:d3:5f:ea:63:2e:4c:0b:5e:9b:
cb:b1:19:1f:38:9f:82:cd:a9:28:47:ce:f6:48:9c:80:c1:9d:
35:00:3c:e5:c2:3a:94:c8:b8:22:dc:bd:be:9a:39:5c:c4:fa:
76:1c:18:a5:77:2e:ba:d6:f8:20:50:69:9c:a4:2a:49:ff:43:
a5:23:84:bc
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUbkFiJD6LB5lOAUd/ErmhSRM4px0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGY3NTliNWFmM2RhNmM5ZGYwMzNiMGRlOTk4OTcwYTRl
Nzk2NTVkMDAeFw0yNjA1MTEwMTQwNTRaFw0yNjA4MDkyMzU5NTlaMHoxSTBHBgNV
BAUTQGY5OTQzYzU1NGE4YTg4M2RlNjJiOTFjZmFmYTYxYzM5MzUwOTgwMjZlMTA5
OTUwYTg0Zjk2NmQ2NjMzN2UxOWYxLTArBgNVBAMTJDk4ZDY3ZGViLWJiNzUtNGU3
Ny1iMWEwLTM2MDE2YjJkNjM1MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJ8DLMB4CK0K7IHd3CQiwrql4ui1ss7LbZwsqj3bJuEwA7nXG+NlPHQD8eY7
1H4leLCPRt9llhcoC3BGF0Azq8PgAf6TmcHrTwwwB0qHrGBQVytWWy29F2hm37v8
uP+h5FoHjb0kNg38YJU0UPF968RW0/qPG+0mnPTwwW2E7y7j80+joyIh1FWqBpb2
MOw373610PDe8S4zx9Fe8Lbz4k1QnwcrI5cuqWUlxTZLvbxH1dQWplO9MAMFcayO
o6R6OzO79Kbg6aeCQowY4RwalTq/yZ4QalDjDtK2gCvI7mG76m7kj3ZklTQU1l6u
0gNqCfqHzNcWlvXE1q4r4B65dDsCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBTqYATy
kEqoierHE8ft6sft3YgZRjAfBgNVHSMEGDAWgBTfdZta89psnfAzsN6ZiXCk55ZV
0DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzMzV2JXdlBh
Ykozd003RGVtWWx3cE9lV1ZkQS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9mZTM3MzdmYi0wOTVkLTQ0NGMtOTJmNC0zZjcyMjFmYjU0NGMv
NzFlY2I3ODUtODNmMi00OWUzLTg5OWUtNWE2ZDgwOThmNjUxLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZmUzNzM3ZmItMDk1ZC00NDRjLTkyZjQtM2Y3MjIxZmI1
NDRjLzBYRTV0WlZ5dUdlYUFfaDctMXFCcDdhWTRTby5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGBCABP8NQ
MA0GCSqGSIb3DQEBCwUAA4IBAQC/K2y1zX9AXzDOoo5y9uQljnNz4//+ZB0o/5sk
I0R08YEXALC3DwPEX/1W4xXb/5fmUBUTfK96y/dtapOk2d2V3bXSQ8veRu3niPfq
10+inPm26MQX+3a9qUey1KuJvP1bT49eoKQentsEKK99aMj/1SHQVhI+OgMMwxwO
MxGvUDP58Mwv+PgvBPp4xNi1owMU9tqPX8Qj6WgOBn5+4OZ4hrmS1xtWKa3iewSP
RO4j7S+N9tuILb0jIFwFQx7TX+pjLkwLXpvLsRkfOJ+CzakoR872SJyAwZ01ADzl
wjqUyLgi3L2+mjlcxPp2HBildy661vggUGmcpCpJ/0OlI4S8
-----END CERTIFICATE-----
Generated at Tue May 12 22:01:28 2026 by rpki-client