Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/7ce56587-daa1-4400-bed4-6204cfafd220.roa
File: 7ce56587-daa1-4400-bed4-6204cfafd220.roa (raw, json)
Hash identifier: qwWWzMN7DojYQEAMKjJLx/bs+O10U/s094X4/ljVgqs=
Subject key identifier: 53:78:9B:97:71:1C:C0:A5:29:6A:B2:12:85:70:6F:35:0D:27:AD:66
Certificate issuer: /CN=df759b5af3da6c9df033b0de998970a4e79655d0
Certificate serial: 1E7F9BE57DE1D3623925526ED168DA7DF4AD7746
Authority key identifier: DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/7ce56587-daa1-4400-bed4-6204cfafd220.roa
Signing time: Mon 11 May 2026 01:40:07 +0000
ROA not before: Mon 11 May 2026 01:40:07 +0000
ROA not after: Sun 09 Aug 2026 23:59:59 +0000
asID: 16509
IP address blocks: 2001:3fc3:2000::/36 maxlen: 36
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.mft
rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 13 May 2026 14:18:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
1e:7f:9b:e5:7d:e1:d3:62:39:25:52:6e:d1:68:da:7d:f4:ad:77:46
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=df759b5af3da6c9df033b0de998970a4e79655d0
Validity
Not Before: May 11 01:40:07 2026 GMT
Not After : Aug 9 23:59:59 2026 GMT
Subject: serialNumber=381dc2bcb522b0b29a8a02b4ed30272603f022dac50be6a8bc162c4770a04b38, CN=98d67deb-bb75-4e77-b1a0-36016b2d6350
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b4:b2:08:b1:92:45:70:8a:00:83:1f:4b:7c:11:
c6:91:61:45:75:71:72:85:1a:56:d0:9c:69:e8:86:
33:72:d9:51:44:91:84:6c:ff:1d:51:df:c2:67:46:
bb:b9:bb:a5:17:4f:57:9e:23:b8:89:ef:c1:fe:78:
10:7b:47:e3:5b:d0:ca:08:77:f3:27:ba:5d:92:44:
56:30:4b:76:88:1a:1c:4e:88:d5:91:1b:ea:fd:7d:
56:7a:4e:83:94:cb:43:c3:0b:11:f4:d2:b1:cf:08:
a6:96:d7:9e:d2:77:bb:fe:79:5b:74:1c:4e:91:b1:
cd:b9:41:76:f0:3a:86:15:76:02:f9:48:bd:75:3c:
77:40:fe:8b:40:d2:72:12:cf:d2:f2:05:f8:a7:10:
f0:68:28:0b:39:a5:4f:bd:a2:4b:d1:27:d7:58:b0:
5a:e5:8a:99:ad:9b:40:c5:64:b9:ec:97:c4:0c:f9:
e2:0e:50:98:ee:a5:14:91:ec:b9:0f:c3:32:e8:06:
32:72:30:7f:ba:da:82:7f:a3:ee:4b:24:58:e3:84:
1a:d0:8d:a1:d1:02:5d:0e:9e:32:1b:99:76:d7:9a:
86:cf:8a:28:1f:ad:1c:98:14:6f:fa:44:74:55:2d:
7a:80:03:ad:2b:59:4e:16:c7:da:d4:ec:81:ee:ac:
cb:51
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
53:78:9B:97:71:1C:C0:A5:29:6A:B2:12:85:70:6F:35:0D:27:AD:66
X509v3 Authority Key Identifier:
keyid:DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/7ce56587-daa1-4400-bed4-6204cfafd220.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:3fc3:2000::/36
Signature Algorithm: sha256WithRSAEncryption
15:2d:6a:68:6b:32:3d:78:25:41:d9:99:f8:c9:91:54:70:d2:
3f:cf:79:2a:8b:bf:e8:da:1b:bb:e3:5d:1a:48:e4:41:6c:ae:
04:02:1e:66:89:dc:a1:de:18:2a:4a:fa:f3:1d:ee:6f:07:d7:
68:45:b2:c3:42:df:46:ce:42:64:6c:14:4b:c8:8a:6b:91:01:
67:f7:ba:2c:98:a8:21:0c:44:b3:f9:b1:02:ab:15:30:f0:1d:
5a:2a:bb:2b:b8:e4:3e:12:5c:c0:54:60:bf:e8:e6:47:ea:30:
05:2f:e9:e2:db:93:40:89:43:00:50:43:ab:0f:f4:2d:47:d1:
27:34:c9:49:93:5a:dd:1e:ae:a7:c7:32:02:55:f6:8d:ab:9b:
ba:40:17:09:e9:de:1f:a6:1f:02:82:1f:19:db:68:67:1c:b4:
94:6c:23:dc:6d:2c:72:d6:12:75:23:a3:72:2a:79:af:57:68:
43:c5:3d:32:d4:eb:9f:a2:bd:dd:ca:d2:21:d9:9b:da:f9:87:
f5:50:de:e4:3e:8e:7b:bb:fb:1b:df:9b:f4:25:53:ae:aa:0c:
74:2f:8f:57:fd:dd:a2:f7:0b:0d:8d:85:ef:d4:4b:e5:a2:0e:
72:94:a7:20:68:d5:6c:7e:83:3c:57:ef:30:88:05:e1:08:34:
f8:5a:c4:8d
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUHn+b5X3h02I5JVJu0WjaffStd0YwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGY3NTliNWFmM2RhNmM5ZGYwMzNiMGRlOTk4OTcwYTRl
Nzk2NTVkMDAeFw0yNjA1MTEwMTQwMDdaFw0yNjA4MDkyMzU5NTlaMHoxSTBHBgNV
BAUTQDM4MWRjMmJjYjUyMmIwYjI5YThhMDJiNGVkMzAyNzI2MDNmMDIyZGFjNTBi
ZTZhOGJjMTYyYzQ3NzBhMDRiMzgxLTArBgNVBAMTJDk4ZDY3ZGViLWJiNzUtNGU3
Ny1iMWEwLTM2MDE2YjJkNjM1MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALSyCLGSRXCKAIMfS3wRxpFhRXVxcoUaVtCcaeiGM3LZUUSRhGz/HVHfwmdG
u7m7pRdPV54juInvwf54EHtH41vQygh38ye6XZJEVjBLdogaHE6I1ZEb6v19VnpO
g5TLQ8MLEfTSsc8IppbXntJ3u/55W3QcTpGxzblBdvA6hhV2AvlIvXU8d0D+i0DS
chLP0vIF+KcQ8GgoCzmlT72iS9En11iwWuWKma2bQMVkueyXxAz54g5QmO6lFJHs
uQ/DMugGMnIwf7ragn+j7kskWOOEGtCNodECXQ6eMhuZdteahs+KKB+tHJgUb/pE
dFUteoADrStZThbH2tTsge6sy1ECAwEAAaOCAiMwggIfMB0GA1UdDgQWBBRTeJuX
cRzApSlqshKFcG81DSetZjAfBgNVHSMEGDAWgBTfdZta89psnfAzsN6ZiXCk55ZV
0DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzMzV2JXdlBh
Ykozd003RGVtWWx3cE9lV1ZkQS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9mZTM3MzdmYi0wOTVkLTQ0NGMtOTJmNC0zZjcyMjFmYjU0NGMv
N2NlNTY1ODctZGFhMS00NDAwLWJlZDQtNjIwNGNmYWZkMjIwLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZmUzNzM3ZmItMDk1ZC00NDRjLTkyZjQtM2Y3MjIxZmI1
NDRjLzBYRTV0WlZ5dUdlYUFfaDctMXFCcDdhWTRTby5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGBCABP8Mg
MA0GCSqGSIb3DQEBCwUAA4IBAQAVLWpoazI9eCVB2Zn4yZFUcNI/z3kqi7/o2hu7
410aSORBbK4EAh5midyh3hgqSvrzHe5vB9doRbLDQt9GzkJkbBRLyIprkQFn97os
mKghDESz+bECqxUw8B1aKrsruOQ+ElzAVGC/6OZH6jAFL+ni25NAiUMAUEOrD/Qt
R9EnNMlJk1rdHq6nxzICVfaNq5u6QBcJ6d4fph8Cgh8Z22hnHLSUbCPcbSxy1hJ1
I6NyKnmvV2hDxT0y1Oufor3dytIh2Zva+Yf1UN7kPo57u/sb35v0JVOuqgx0L49X
/d2i9wsNjYXv1Evlog5ylKcgaNVsfoM8V+8wiAXhCDT4WsSN
-----END CERTIFICATE-----
Generated at Tue May 12 22:01:49 2026 by rpki-client