Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/a0285121-a068-4bba-9eaa-0bf4b963158a.roa
File: a0285121-a068-4bba-9eaa-0bf4b963158a.roa (raw, json)
Hash identifier: R/ds0y/iOTQ37C2OzsaLsAwl1iImrpO0y5UwS5z3UGQ=
Subject key identifier: 0F:BE:1B:21:B2:3D:C6:6B:5D:EB:DF:C5:73:12:59:0A:50:B2:AE:2A
Certificate issuer: /CN=df759b5af3da6c9df033b0de998970a4e79655d0
Certificate serial: 3DFCD54663AFFCC869601912910E0208E99FE3A3
Authority key identifier: DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/a0285121-a068-4bba-9eaa-0bf4b963158a.roa
Signing time: Mon 11 May 2026 01:40:53 +0000
ROA not before: Mon 11 May 2026 01:40:53 +0000
ROA not after: Sun 09 Aug 2026 23:59:59 +0000
asID: 16509
IP address blocks: 2001:3fc6:100::/44 maxlen: 44
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.mft
rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 13 May 2026 14:18:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
3d:fc:d5:46:63:af:fc:c8:69:60:19:12:91:0e:02:08:e9:9f:e3:a3
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=df759b5af3da6c9df033b0de998970a4e79655d0
Validity
Not Before: May 11 01:40:53 2026 GMT
Not After : Aug 9 23:59:59 2026 GMT
Subject: serialNumber=4431576ddceb351cfb08c1f4f1fd8a974e3e2da52c394c7ae2a2269213ac17b7, CN=98d67deb-bb75-4e77-b1a0-36016b2d6350
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c6:af:6f:c6:ae:11:af:f7:10:42:41:c8:75:87:
eb:ba:10:eb:aa:f3:1b:88:aa:28:d5:2e:0c:b6:7b:
f7:72:29:2f:87:3f:11:6d:e5:b5:b3:e6:d8:22:75:
08:8b:9d:46:44:2d:9c:b0:7c:c7:14:41:8d:78:43:
f0:2b:9a:8a:7d:1c:72:4a:5e:a6:1f:98:1c:13:b5:
bb:d7:ef:b6:30:65:ec:e3:d5:8b:33:5a:5b:c6:da:
9b:df:72:a8:96:89:83:be:87:a7:b3:ba:6c:f4:22:
46:27:cb:e1:a8:e3:48:a8:2b:61:d0:b4:30:a9:85:
8d:39:4e:ed:93:5e:fc:06:7e:95:59:af:00:57:de:
10:71:06:aa:72:a9:16:ba:0c:36:c3:38:f4:4f:53:
d1:79:c0:e7:a9:ef:2b:1d:2d:bb:85:49:78:de:6f:
c6:8e:45:1e:22:bd:53:74:d2:b5:bd:01:73:ba:87:
0b:8b:1a:4d:3e:8c:7e:b5:43:6b:bd:94:0e:9d:56:
0d:ef:fa:5d:e2:0f:b3:85:bd:4a:68:7d:2a:14:19:
33:0f:77:3f:05:c2:4e:c0:11:36:e2:a5:37:ab:33:
97:46:e6:92:1b:3b:10:fd:7a:29:fd:23:44:b5:ff:
b5:3d:01:ec:59:06:d4:c0:36:0e:2f:ef:dc:8f:3f:
c0:01
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0F:BE:1B:21:B2:3D:C6:6B:5D:EB:DF:C5:73:12:59:0A:50:B2:AE:2A
X509v3 Authority Key Identifier:
keyid:DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/a0285121-a068-4bba-9eaa-0bf4b963158a.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:3fc6:100::/44
Signature Algorithm: sha256WithRSAEncryption
c6:fc:b2:a1:18:dc:21:fc:12:87:aa:43:7e:11:b8:f8:b4:d5:
0e:25:eb:3b:ee:b7:b1:38:21:ed:08:44:64:06:80:dd:c1:7a:
a4:e6:fc:6d:4b:cc:72:e8:7c:d1:69:9c:cd:92:ec:1e:9b:2c:
16:0e:45:4d:2c:5d:07:5a:48:c7:a9:32:6e:d0:7a:4a:8f:55:
d0:80:85:35:93:f9:cc:3b:f1:2d:e5:5d:81:d9:8f:a9:f7:94:
0d:db:91:85:f8:3d:2c:d6:a3:d0:2e:69:47:db:55:ad:52:98:
64:68:7b:16:4d:dd:6b:b7:f1:96:51:17:62:7f:19:8e:08:89:
96:e8:9b:55:aa:f1:ff:45:7f:0f:84:0a:e4:0d:60:f3:13:da:
e9:90:2e:e3:62:8a:d6:f3:03:5b:1d:6c:a0:f4:94:70:6f:63:
86:7d:1d:14:ac:3a:10:6a:3a:3b:33:71:c5:1c:a8:ef:92:05:
42:0d:86:1f:46:3f:21:6a:ab:79:33:90:d4:85:0b:b6:1b:ad:
0a:88:06:c9:fd:2a:e3:74:7c:95:5a:8d:eb:32:8f:8e:1b:6e:
93:d0:25:53:fe:4e:32:0f:68:34:5c:10:ee:3b:ec:84:62:35:
c3:2f:58:07:8f:e2:6e:63:f1:07:5c:e9:3b:26:2b:bf:3a:4c:
c4:2c:6b:01
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUPfzVRmOv/MhpYBkSkQ4CCOmf46MwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGY3NTliNWFmM2RhNmM5ZGYwMzNiMGRlOTk4OTcwYTRl
Nzk2NTVkMDAeFw0yNjA1MTEwMTQwNTNaFw0yNjA4MDkyMzU5NTlaMHoxSTBHBgNV
BAUTQDQ0MzE1NzZkZGNlYjM1MWNmYjA4YzFmNGYxZmQ4YTk3NGUzZTJkYTUyYzM5
NGM3YWUyYTIyNjkyMTNhYzE3YjcxLTArBgNVBAMTJDk4ZDY3ZGViLWJiNzUtNGU3
Ny1iMWEwLTM2MDE2YjJkNjM1MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMavb8auEa/3EEJByHWH67oQ66rzG4iqKNUuDLZ793IpL4c/EW3ltbPm2CJ1
CIudRkQtnLB8xxRBjXhD8Cuain0cckpeph+YHBO1u9fvtjBl7OPVizNaW8bam99y
qJaJg76Hp7O6bPQiRifL4ajjSKgrYdC0MKmFjTlO7ZNe/AZ+lVmvAFfeEHEGqnKp
FroMNsM49E9T0XnA56nvKx0tu4VJeN5vxo5FHiK9U3TStb0Bc7qHC4saTT6MfrVD
a72UDp1WDe/6XeIPs4W9Smh9KhQZMw93PwXCTsARNuKlN6szl0bmkhs7EP16Kf0j
RLX/tT0B7FkG1MA2Di/v3I8/wAECAwEAAaOCAiQwggIgMB0GA1UdDgQWBBQPvhsh
sj3Ga13r38VzElkKULKuKjAfBgNVHSMEGDAWgBTfdZta89psnfAzsN6ZiXCk55ZV
0DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzMzV2JXdlBh
Ykozd003RGVtWWx3cE9lV1ZkQS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9mZTM3MzdmYi0wOTVkLTQ0NGMtOTJmNC0zZjcyMjFmYjU0NGMv
YTAyODUxMjEtYTA2OC00YmJhLTllYWEtMGJmNGI5NjMxNThhLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZmUzNzM3ZmItMDk1ZC00NDRjLTkyZjQtM2Y3MjIxZmI1
NDRjLzBYRTV0WlZ5dUdlYUFfaDctMXFCcDdhWTRTby5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHBCABP8YB
ADANBgkqhkiG9w0BAQsFAAOCAQEAxvyyoRjcIfwSh6pDfhG4+LTVDiXrO+63sTgh
7QhEZAaA3cF6pOb8bUvMcuh80WmczZLsHpssFg5FTSxdB1pIx6kybtB6So9V0ICF
NZP5zDvxLeVdgdmPqfeUDduRhfg9LNaj0C5pR9tVrVKYZGh7Fk3da7fxllEXYn8Z
jgiJluibVarx/0V/D4QK5A1g8xPa6ZAu42KK1vMDWx1soPSUcG9jhn0dFKw6EGo6
OzNxxRyo75IFQg2GH0Y/IWqreTOQ1IULthutCogGyf0q43R8lVqN6zKPjhtuk9Al
U/5OMg9oNFwQ7jvshGI1wy9YB4/ibmPxB1zpOyYrvzpMxCxrAQ==
-----END CERTIFICATE-----
Generated at Tue May 12 22:22:25 2026 by rpki-client