Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/8e7191ef-ffa8-4cd3-86b5-7fb6a442355d.roa
File: 8e7191ef-ffa8-4cd3-86b5-7fb6a442355d.roa (raw, json)
Hash identifier: 7zwKhljdmGaJ72wAcsdQ9zm6G3H8w4rnzsXCEVvPGMQ=
Subject key identifier: 20:16:F9:FA:08:F2:E0:47:2E:E1:C4:83:E8:BB:2E:16:24:41:6B:56
Certificate issuer: /CN=df759b5af3da6c9df033b0de998970a4e79655d0
Certificate serial: 3C7D90E8041F80623402AA8850B4C9371176C532
Authority key identifier: DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/8e7191ef-ffa8-4cd3-86b5-7fb6a442355d.roa
Signing time: Wed 06 May 2026 20:32:12 +0000
ROA not before: Wed 06 May 2026 20:32:12 +0000
ROA not after: Tue 04 Aug 2026 23:59:59 +0000
asID: 16509
IP address blocks: 2001:3fc5:1020::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.mft
rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 13 May 2026 14:18:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
3c:7d:90:e8:04:1f:80:62:34:02:aa:88:50:b4:c9:37:11:76:c5:32
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=df759b5af3da6c9df033b0de998970a4e79655d0
Validity
Not Before: May 6 20:32:12 2026 GMT
Not After : Aug 4 23:59:59 2026 GMT
Subject: serialNumber=13a8e1756441a8901bd97802c29cbc59f126c685c3cde706a213cc5162339355, CN=98d67deb-bb75-4e77-b1a0-36016b2d6350
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:dc:7f:ce:45:73:7b:04:26:e8:bf:18:0b:25:dd:
6e:6c:20:b7:aa:11:fb:ed:27:a2:8f:83:3a:b7:1f:
95:83:db:36:01:ea:71:df:07:26:df:ed:18:6f:8a:
06:61:00:f2:cb:67:5f:a3:03:70:b1:12:1a:fa:23:
a3:96:e9:84:ce:a2:c4:63:ea:94:d2:91:b1:a6:d1:
85:78:bb:9e:18:bd:73:e9:43:d3:15:c9:15:50:3c:
7c:2a:fa:ca:a1:bc:b5:62:f5:5c:5b:e6:1d:6b:4b:
98:fd:2a:33:bf:d8:7e:a6:27:fb:dd:97:0d:a8:cd:
eb:7c:6b:fd:96:1b:03:79:4a:97:74:75:6f:d6:f2:
cb:e1:01:21:88:51:69:7b:25:02:17:44:66:41:cf:
65:8f:8e:08:9e:4f:a8:f1:30:0e:0b:b7:2d:e0:61:
e3:53:5e:44:75:df:e1:6d:ce:4a:2e:0e:15:e5:ca:
62:34:27:a5:40:a1:b4:88:d8:ef:52:02:d6:03:cc:
07:61:34:5a:1c:8f:58:a9:52:cb:05:76:23:93:78:
c6:53:03:87:5d:40:43:1e:ca:53:04:de:61:86:2b:
5c:87:4f:3c:62:a2:62:c5:d8:b5:64:b3:27:b4:0f:
fd:12:9b:77:36:92:ce:f3:8a:29:50:a0:b1:2a:22:
79:17
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
20:16:F9:FA:08:F2:E0:47:2E:E1:C4:83:E8:BB:2E:16:24:41:6B:56
X509v3 Authority Key Identifier:
keyid:DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/8e7191ef-ffa8-4cd3-86b5-7fb6a442355d.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:3fc5:1020::/48
Signature Algorithm: sha256WithRSAEncryption
33:ce:18:43:3d:6f:80:66:f3:9d:27:9c:02:17:68:5e:23:fd:
f6:c9:1a:4d:0d:de:34:20:f9:9c:e5:ba:71:3d:86:1c:92:27:
7a:c8:62:03:ce:03:d5:45:36:1b:9c:1b:98:11:14:30:61:a4:
1d:40:bb:51:5c:c0:98:50:2f:4a:9e:bc:e9:41:6f:2e:bb:8f:
24:76:3f:e7:87:90:ec:1b:29:fd:03:d3:84:98:6b:15:54:4f:
89:9a:cb:c1:a0:05:46:1d:9d:b7:57:e8:88:db:c9:73:02:d9:
f0:83:ca:d1:f1:ea:e4:41:97:1b:0d:41:5e:01:63:d0:28:ec:
a0:29:08:3e:c5:20:f1:c0:ae:ec:ff:e9:aa:e0:0b:e8:0c:86:
ff:1d:cf:21:04:1a:6c:7a:f1:02:85:ba:07:b8:1c:22:69:7c:
73:97:0c:2c:d1:bb:f2:cf:8b:9d:3c:c4:53:f0:b2:b8:31:ea:
13:85:79:56:71:d8:7b:60:57:11:0f:eb:a7:04:ca:ea:8e:f9:
40:a6:dd:31:aa:15:0c:a4:28:59:4e:0b:8c:e2:98:6e:40:dc:
3b:c2:9a:35:9e:62:3c:2d:29:86:96:e2:de:00:22:bc:c5:ce:
8e:64:b8:a2:84:4a:73:c7:51:30:8c:09:2c:6f:57:21:a6:ba:
9f:0b:71:b7
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUPH2Q6AQfgGI0AqqIULTJNxF2xTIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGY3NTliNWFmM2RhNmM5ZGYwMzNiMGRlOTk4OTcwYTRl
Nzk2NTVkMDAeFw0yNjA1MDYyMDMyMTJaFw0yNjA4MDQyMzU5NTlaMHoxSTBHBgNV
BAUTQDEzYThlMTc1NjQ0MWE4OTAxYmQ5NzgwMmMyOWNiYzU5ZjEyNmM2ODVjM2Nk
ZTcwNmEyMTNjYzUxNjIzMzkzNTUxLTArBgNVBAMTJDk4ZDY3ZGViLWJiNzUtNGU3
Ny1iMWEwLTM2MDE2YjJkNjM1MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANx/zkVzewQm6L8YCyXdbmwgt6oR++0noo+DOrcflYPbNgHqcd8HJt/tGG+K
BmEA8stnX6MDcLESGvojo5bphM6ixGPqlNKRsabRhXi7nhi9c+lD0xXJFVA8fCr6
yqG8tWL1XFvmHWtLmP0qM7/YfqYn+92XDajN63xr/ZYbA3lKl3R1b9byy+EBIYhR
aXslAhdEZkHPZY+OCJ5PqPEwDgu3LeBh41NeRHXf4W3OSi4OFeXKYjQnpUChtIjY
71IC1gPMB2E0WhyPWKlSywV2I5N4xlMDh11AQx7KUwTeYYYrXIdPPGKiYsXYtWSz
J7QP/RKbdzaSzvOKKVCgsSoieRcCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBQgFvn6
CPLgRy7hxIPouy4WJEFrVjAfBgNVHSMEGDAWgBTfdZta89psnfAzsN6ZiXCk55ZV
0DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzMzV2JXdlBh
Ykozd003RGVtWWx3cE9lV1ZkQS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9mZTM3MzdmYi0wOTVkLTQ0NGMtOTJmNC0zZjcyMjFmYjU0NGMv
OGU3MTkxZWYtZmZhOC00Y2QzLTg2YjUtN2ZiNmE0NDIzNTVkLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZmUzNzM3ZmItMDk1ZC00NDRjLTkyZjQtM2Y3MjIxZmI1
NDRjLzBYRTV0WlZ5dUdlYUFfaDctMXFCcDdhWTRTby5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACABP8UQ
IDANBgkqhkiG9w0BAQsFAAOCAQEAM84YQz1vgGbznSecAhdoXiP99skaTQ3eNCD5
nOW6cT2GHJIneshiA84D1UU2G5wbmBEUMGGkHUC7UVzAmFAvSp686UFvLruPJHY/
54eQ7Bsp/QPThJhrFVRPiZrLwaAFRh2dt1foiNvJcwLZ8IPK0fHq5EGXGw1BXgFj
0CjsoCkIPsUg8cCu7P/pquAL6AyG/x3PIQQabHrxAoW6B7gcIml8c5cMLNG78s+L
nTzEU/CyuDHqE4V5VnHYe2BXEQ/rpwTK6o75QKbdMaoVDKQoWU4LjOKYbkDcO8Ka
NZ5iPC0phpbi3gAivMXOjmS4ooRKc8dRMIwJLG9XIaa6nwtxtw==
-----END CERTIFICATE-----
Generated at Tue May 12 21:54:00 2026 by rpki-client