Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/932067a7-3440-4f62-98a4-f23b9058ac95.roa
File: 932067a7-3440-4f62-98a4-f23b9058ac95.roa (raw, json)
Hash identifier: V5wv8JiDykANzDCUsnSyKZXG9hNZQa69OYub09KjeeQ=
Subject key identifier: 74:AD:E0:C2:79:62:8B:AD:34:B7:3A:04:5E:69:29:1E:28:7D:41:1A
Certificate issuer: /CN=df759b5af3da6c9df033b0de998970a4e79655d0
Certificate serial: 647C6C59B00DD4ABB43688CFE9519C98A3DAD973
Authority key identifier: DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/932067a7-3440-4f62-98a4-f23b9058ac95.roa
Signing time: Mon 11 May 2026 01:30:21 +0000
ROA not before: Mon 11 May 2026 01:30:21 +0000
ROA not after: Sun 09 Aug 2026 23:59:59 +0000
asID: 16509
IP address blocks: 2001:3fc6::/40 maxlen: 40
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.mft
rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 13 May 2026 14:18:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
64:7c:6c:59:b0:0d:d4:ab:b4:36:88:cf:e9:51:9c:98:a3:da:d9:73
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=df759b5af3da6c9df033b0de998970a4e79655d0
Validity
Not Before: May 11 01:30:21 2026 GMT
Not After : Aug 9 23:59:59 2026 GMT
Subject: serialNumber=0c0e1403dd3a169f915672227605e01e874a96dc6b5a4f2283f38ca3a7d315f0, CN=98d67deb-bb75-4e77-b1a0-36016b2d6350
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ac:9f:b8:5b:38:5f:9f:07:25:f7:95:70:46:1d:
d8:63:cd:5b:8b:ae:45:80:54:fd:be:73:24:48:40:
8a:69:37:18:3e:3f:21:ef:08:f6:b6:d1:3d:ab:dd:
a9:33:78:0e:5d:19:12:bf:d2:ca:97:e3:2e:7e:2e:
49:5a:15:24:5c:5f:45:72:1b:51:b9:cd:e5:dd:e9:
2e:c3:fc:fa:26:2a:1f:0b:6e:8d:80:4f:11:35:61:
f8:be:7b:3b:69:77:45:9f:2e:8a:b9:63:ac:f7:1a:
18:8a:0e:f8:a1:1a:a6:93:89:89:aa:94:cd:c4:69:
26:03:3a:10:0f:34:c7:1a:96:3d:e7:5c:08:f6:b2:
13:f7:67:05:d0:31:fe:53:7e:9a:26:86:c0:b7:28:
22:39:74:1b:93:d3:71:a1:99:81:a1:cd:e1:2d:f0:
21:d0:d5:33:2f:71:c0:d3:30:8e:72:ee:0c:a2:17:
57:fd:13:3a:03:e9:c2:80:fe:59:11:bf:54:cd:8e:
58:45:9d:f6:fd:43:95:96:6b:aa:b4:b9:cf:39:8f:
34:e9:71:fb:4e:64:3f:f1:8d:dd:2b:64:e0:e1:75:
30:88:71:8a:86:1b:74:15:38:6b:fa:56:20:98:82:
5b:7b:87:09:c3:fc:03:b6:4e:e1:fa:0e:96:d6:57:
1f:7d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
74:AD:E0:C2:79:62:8B:AD:34:B7:3A:04:5E:69:29:1E:28:7D:41:1A
X509v3 Authority Key Identifier:
keyid:DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/932067a7-3440-4f62-98a4-f23b9058ac95.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:3fc6::/40
Signature Algorithm: sha256WithRSAEncryption
2f:57:99:01:f7:fa:21:f6:2a:20:75:43:eb:27:62:33:54:f7:
92:dd:32:df:59:05:32:25:6d:e0:f1:0c:06:e3:e9:bc:8d:b9:
b9:09:51:ac:78:03:f0:c2:cb:f9:c7:39:a5:4a:19:77:ee:3b:
e5:9e:d2:1b:5e:1e:7d:d1:e3:d4:92:90:44:40:7f:8c:35:e5:
f2:9a:4a:db:c4:a5:d7:ec:14:f5:8a:a5:70:8a:9a:cd:f6:51:
73:0f:86:2f:b9:73:72:de:42:9d:c1:a8:9a:7a:7c:6f:51:e4:
95:53:b0:81:cc:de:eb:01:07:4b:85:e0:89:49:16:fe:02:bf:
8f:a3:b2:15:42:bb:1b:d5:b3:5c:e8:cf:bb:ff:5f:12:a9:7a:
eb:ec:aa:cb:c5:18:84:95:ba:df:d2:0b:7e:33:ec:83:94:32:
0b:3e:7f:13:d1:96:fe:12:e3:55:c2:f3:5a:60:9a:1e:ca:2f:
2e:1f:bf:94:b0:b2:b9:03:0b:10:59:bd:b1:45:81:3b:de:1d:
a2:ef:d3:36:07:65:d6:00:0b:f5:28:cb:7d:83:b5:da:32:8a:
39:33:c5:7c:42:82:f1:dd:bd:1b:5e:dc:ba:5c:fe:62:ce:d4:
6b:44:97:20:40:77:51:b2:00:72:ce:26:8b:e0:26:a1:a7:cd:
97:dd:c9:b9
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUZHxsWbAN1Ku0NojP6VGcmKPa2XMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGY3NTliNWFmM2RhNmM5ZGYwMzNiMGRlOTk4OTcwYTRl
Nzk2NTVkMDAeFw0yNjA1MTEwMTMwMjFaFw0yNjA4MDkyMzU5NTlaMHoxSTBHBgNV
BAUTQDBjMGUxNDAzZGQzYTE2OWY5MTU2NzIyMjc2MDVlMDFlODc0YTk2ZGM2YjVh
NGYyMjgzZjM4Y2EzYTdkMzE1ZjAxLTArBgNVBAMTJDk4ZDY3ZGViLWJiNzUtNGU3
Ny1iMWEwLTM2MDE2YjJkNjM1MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKyfuFs4X58HJfeVcEYd2GPNW4uuRYBU/b5zJEhAimk3GD4/Ie8I9rbRPavd
qTN4Dl0ZEr/SypfjLn4uSVoVJFxfRXIbUbnN5d3pLsP8+iYqHwtujYBPETVh+L57
O2l3RZ8uirljrPcaGIoO+KEappOJiaqUzcRpJgM6EA80xxqWPedcCPayE/dnBdAx
/lN+miaGwLcoIjl0G5PTcaGZgaHN4S3wIdDVMy9xwNMwjnLuDKIXV/0TOgPpwoD+
WRG/VM2OWEWd9v1DlZZrqrS5zzmPNOlx+05kP/GN3Stk4OF1MIhxioYbdBU4a/pW
IJiCW3uHCcP8A7ZO4foOltZXH30CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBR0reDC
eWKLrTS3OgReaSkeKH1BGjAfBgNVHSMEGDAWgBTfdZta89psnfAzsN6ZiXCk55ZV
0DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzMzV2JXdlBh
Ykozd003RGVtWWx3cE9lV1ZkQS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9mZTM3MzdmYi0wOTVkLTQ0NGMtOTJmNC0zZjcyMjFmYjU0NGMv
OTMyMDY3YTctMzQ0MC00ZjYyLTk4YTQtZjIzYjkwNThhYzk1LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZmUzNzM3ZmItMDk1ZC00NDRjLTkyZjQtM2Y3MjIxZmI1
NDRjLzBYRTV0WlZ5dUdlYUFfaDctMXFCcDdhWTRTby5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACABP8YA
MA0GCSqGSIb3DQEBCwUAA4IBAQAvV5kB9/oh9iogdUPrJ2IzVPeS3TLfWQUyJW3g
8QwG4+m8jbm5CVGseAPwwsv5xzmlShl37jvlntIbXh590ePUkpBEQH+MNeXymkrb
xKXX7BT1iqVwiprN9lFzD4YvuXNy3kKdwaiaenxvUeSVU7CBzN7rAQdLheCJSRb+
Ar+Po7IVQrsb1bNc6M+7/18SqXrr7KrLxRiElbrf0gt+M+yDlDILPn8T0Zb+EuNV
wvNaYJoeyi8uH7+UsLK5AwsQWb2xRYE73h2i79M2B2XWAAv1KMt9g7XaMoo5M8V8
QoLx3b0bXty6XP5iztRrRJcgQHdRsgByziaL4Cahp82X3cm5
-----END CERTIFICATE-----
Generated at Tue May 12 21:55:45 2026 by rpki-client