Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/9387863c-57eb-495e-863a-5f309d45c90f.roa
File: 9387863c-57eb-495e-863a-5f309d45c90f.roa (raw, json)
Hash identifier: q/WQRTjTz7dteGA7Muq8DRJL4msU/5vZju2p77wCgYM=
Subject key identifier: 5E:45:01:7A:4C:B6:97:32:06:DC:94:0E:23:5D:89:72:82:EF:AB:10
Certificate issuer: /CN=df759b5af3da6c9df033b0de998970a4e79655d0
Certificate serial: 553068109E76FBB593F85DF287574FEDAACB5388
Authority key identifier: DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/9387863c-57eb-495e-863a-5f309d45c90f.roa
Signing time: Mon 11 May 2026 01:40:07 +0000
ROA not before: Mon 11 May 2026 01:40:07 +0000
ROA not after: Sun 09 Aug 2026 23:59:59 +0000
asID: 16509
IP address blocks: 2001:3fc7:6800::/40 maxlen: 40
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.mft
rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 13 May 2026 14:18:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
55:30:68:10:9e:76:fb:b5:93:f8:5d:f2:87:57:4f:ed:aa:cb:53:88
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=df759b5af3da6c9df033b0de998970a4e79655d0
Validity
Not Before: May 11 01:40:07 2026 GMT
Not After : Aug 9 23:59:59 2026 GMT
Subject: serialNumber=f2509c202ba50a463c4b362039ca5ba0143d18b5192bd9c430dea7e10710958c, CN=98d67deb-bb75-4e77-b1a0-36016b2d6350
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:92:aa:51:8e:9a:59:52:7d:30:22:b1:87:8e:65:
a1:15:87:f0:93:1e:e1:cb:b1:97:5a:ea:c2:fd:10:
bb:c3:e4:f0:36:da:dc:38:b7:89:cd:c7:95:4c:bb:
a8:ce:88:6a:4b:d4:92:7e:34:24:8f:4e:9d:d7:cd:
26:3c:f1:8d:77:48:4a:c8:07:95:5a:78:ea:10:21:
53:e1:ec:c8:34:8d:17:31:d3:fc:e2:43:0c:ab:5d:
e3:84:a7:ba:b6:64:bd:37:2f:18:c9:14:4e:70:cb:
d9:e6:7c:96:30:31:25:dc:69:d9:b3:c7:18:24:e2:
c9:8a:c4:83:e7:a1:e1:26:54:01:5a:a7:ec:9e:a6:
55:6b:cd:1b:35:5f:12:c0:e8:29:53:91:b4:eb:25:
b1:60:8c:d1:ee:a8:22:2a:d2:db:fc:0b:24:d4:5f:
35:1d:bc:77:28:03:cb:b2:dc:44:94:96:d3:a2:62:
9c:27:28:6f:82:32:dd:ac:06:3a:97:27:39:29:fc:
89:bc:c7:f3:1d:72:da:4a:e9:98:e3:ac:37:35:db:
74:66:32:52:6f:22:41:b9:56:f8:fe:e8:14:5c:e7:
77:f5:fb:78:c2:ba:6e:18:12:20:6f:46:f7:3e:a2:
1e:96:7c:be:99:8a:ca:2f:8b:07:42:15:93:d9:14:
8a:1f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5E:45:01:7A:4C:B6:97:32:06:DC:94:0E:23:5D:89:72:82:EF:AB:10
X509v3 Authority Key Identifier:
keyid:DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/9387863c-57eb-495e-863a-5f309d45c90f.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:3fc7:6800::/40
Signature Algorithm: sha256WithRSAEncryption
62:eb:c1:bd:74:d7:60:2b:84:ec:8b:04:c2:c5:d4:f3:32:d4:
1e:c7:37:98:73:24:db:c6:f7:70:5b:3c:77:dd:a8:ad:bc:83:
40:06:09:44:3a:ab:be:0c:13:fb:2d:7e:46:ea:ae:84:c3:25:
76:c1:46:9f:8f:08:c4:b4:d6:d7:bc:92:4d:f1:24:52:9c:41:
5a:ce:8e:4a:3b:45:a7:8f:5b:b5:ef:85:7d:aa:97:30:2f:e3:
f1:57:25:76:3d:6f:cb:eb:7f:eb:f8:01:da:05:9a:0c:62:7d:
19:3f:f5:db:ab:6b:95:66:5d:60:64:7b:1f:93:2b:e8:47:8b:
ab:60:71:55:73:ce:44:96:6c:40:45:9f:22:7f:5d:bf:aa:1b:
bb:06:98:23:5e:c8:96:8f:0d:be:c6:d6:18:f9:e0:82:f3:7d:
56:22:cb:7a:e8:12:01:93:38:f3:8a:35:3e:fa:07:d7:3c:bc:
62:f7:37:0e:2b:7d:17:47:82:27:33:0c:7b:53:9a:16:07:78:
a3:30:9e:56:f4:66:4c:ec:25:3c:c6:5c:ae:98:22:4c:a6:c8:
41:28:01:93:ac:99:4d:4b:b0:3c:84:e7:20:28:8c:28:5a:d0:
7b:89:22:0a:50:2c:19:d6:e0:05:e8:ea:d8:ad:82:14:2a:04:
45:16:d8:d8
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUVTBoEJ52+7WT+F3yh1dP7arLU4gwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGY3NTliNWFmM2RhNmM5ZGYwMzNiMGRlOTk4OTcwYTRl
Nzk2NTVkMDAeFw0yNjA1MTEwMTQwMDdaFw0yNjA4MDkyMzU5NTlaMHoxSTBHBgNV
BAUTQGYyNTA5YzIwMmJhNTBhNDYzYzRiMzYyMDM5Y2E1YmEwMTQzZDE4YjUxOTJi
ZDljNDMwZGVhN2UxMDcxMDk1OGMxLTArBgNVBAMTJDk4ZDY3ZGViLWJiNzUtNGU3
Ny1iMWEwLTM2MDE2YjJkNjM1MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJKqUY6aWVJ9MCKxh45loRWH8JMe4cuxl1rqwv0Qu8Pk8Dba3Di3ic3HlUy7
qM6IakvUkn40JI9OndfNJjzxjXdISsgHlVp46hAhU+HsyDSNFzHT/OJDDKtd44Sn
urZkvTcvGMkUTnDL2eZ8ljAxJdxp2bPHGCTiyYrEg+eh4SZUAVqn7J6mVWvNGzVf
EsDoKVORtOslsWCM0e6oIirS2/wLJNRfNR28dygDy7LcRJSW06JinCcob4Iy3awG
OpcnOSn8ibzH8x1y2krpmOOsNzXbdGYyUm8iQblW+P7oFFznd/X7eMK6bhgSIG9G
9z6iHpZ8vpmKyi+LB0IVk9kUih8CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBReRQF6
TLaXMgbclA4jXYlygu+rEDAfBgNVHSMEGDAWgBTfdZta89psnfAzsN6ZiXCk55ZV
0DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzMzV2JXdlBh
Ykozd003RGVtWWx3cE9lV1ZkQS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9mZTM3MzdmYi0wOTVkLTQ0NGMtOTJmNC0zZjcyMjFmYjU0NGMv
OTM4Nzg2M2MtNTdlYi00OTVlLTg2M2EtNWYzMDlkNDVjOTBmLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZmUzNzM3ZmItMDk1ZC00NDRjLTkyZjQtM2Y3MjIxZmI1
NDRjLzBYRTV0WlZ5dUdlYUFfaDctMXFCcDdhWTRTby5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACABP8do
MA0GCSqGSIb3DQEBCwUAA4IBAQBi68G9dNdgK4TsiwTCxdTzMtQexzeYcyTbxvdw
Wzx33aitvINABglEOqu+DBP7LX5G6q6EwyV2wUafjwjEtNbXvJJN8SRSnEFazo5K
O0Wnj1u174V9qpcwL+PxVyV2PW/L63/r+AHaBZoMYn0ZP/Xbq2uVZl1gZHsfkyvo
R4urYHFVc85ElmxARZ8if12/qhu7BpgjXsiWjw2+xtYY+eCC831WIst66BIBkzjz
ijU++gfXPLxi9zcOK30XR4InMwx7U5oWB3ijMJ5W9GZM7CU8xlyumCJMpshBKAGT
rJlNS7A8hOcgKIwoWtB7iSIKUCwZ1uAF6OrYrYIUKgRFFtjY
-----END CERTIFICATE-----
Generated at Tue May 12 22:12:15 2026 by rpki-client