Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/a217acb6-25db-4f7f-bed2-0251978424c1.roa
File: a217acb6-25db-4f7f-bed2-0251978424c1.roa (raw, json)
Hash identifier: VTzbRtEhDkGHCR7qbbLUwydZeMDksyR+wOPQSkpgQwg=
Subject key identifier: 66:F2:B5:DA:CA:56:F8:E7:A3:0E:FA:A5:87:C7:50:A2:36:F6:B1:44
Certificate issuer: /CN=df759b5af3da6c9df033b0de998970a4e79655d0
Certificate serial: 65CA4D5B000EC392C89D82C1026743841D6CB3C6
Authority key identifier: DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/a217acb6-25db-4f7f-bed2-0251978424c1.roa
Signing time: Mon 11 May 2026 01:30:28 +0000
ROA not before: Mon 11 May 2026 01:30:28 +0000
ROA not after: Sun 09 Aug 2026 23:59:59 +0000
asID: 16509
IP address blocks: 2001:3fc0:840::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.mft
rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 13 May 2026 14:18:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
65:ca:4d:5b:00:0e:c3:92:c8:9d:82:c1:02:67:43:84:1d:6c:b3:c6
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=df759b5af3da6c9df033b0de998970a4e79655d0
Validity
Not Before: May 11 01:30:28 2026 GMT
Not After : Aug 9 23:59:59 2026 GMT
Subject: serialNumber=0bfab0536b90632e2d8394e239242f5e27c155621a557a4b25e135f6dd244c80, CN=98d67deb-bb75-4e77-b1a0-36016b2d6350
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:90:c0:59:19:38:61:5d:e1:0a:5f:ce:5a:3b:81:
bb:f9:b4:16:c5:6a:a4:60:63:cf:61:c9:21:48:e2:
c5:b9:34:bc:c9:27:97:89:f6:27:9b:cb:62:27:fc:
fb:57:bf:72:07:c4:35:46:b3:35:86:99:00:10:55:
12:9b:34:18:d6:4e:53:5f:d1:38:f8:15:5a:34:03:
67:be:ef:ba:0d:38:c3:2b:7a:8b:12:2f:fc:80:94:
8c:e3:2c:07:5b:98:f9:13:01:3f:aa:80:88:4f:9a:
09:b0:99:ee:2e:a5:a0:4a:c5:70:d6:99:d0:d7:41:
4c:43:aa:e0:80:9f:06:df:15:7a:9e:5d:7e:ba:2a:
e5:19:54:0b:d8:7b:27:c1:8c:6e:20:cc:85:39:fb:
5e:0c:67:a7:e0:fe:7b:c3:09:75:93:6d:93:17:8c:
50:52:06:fc:47:a9:27:4e:54:2a:8d:ef:81:0b:4c:
d3:b3:84:48:b2:b1:22:70:a5:73:a0:0d:07:56:27:
bb:b9:b5:3b:a6:1d:4e:ef:94:27:76:a2:b6:c1:f4:
82:f1:ba:7e:7f:9d:04:c4:64:64:34:77:ed:46:8c:
4e:eb:b8:bd:9c:88:39:3d:65:68:7f:99:b4:e4:1f:
51:b6:c9:2a:15:66:45:4d:f2:4b:2a:cc:81:d2:31:
11:47
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
66:F2:B5:DA:CA:56:F8:E7:A3:0E:FA:A5:87:C7:50:A2:36:F6:B1:44
X509v3 Authority Key Identifier:
keyid:DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/a217acb6-25db-4f7f-bed2-0251978424c1.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:3fc0:840::/48
Signature Algorithm: sha256WithRSAEncryption
be:13:b4:96:a2:ce:e2:3a:55:91:7f:87:a9:8a:da:57:88:d5:
eb:17:7a:f8:9d:53:a5:52:d3:59:59:a6:f5:30:c6:56:ec:18:
66:df:41:68:af:29:b4:0a:89:11:40:47:67:6b:82:99:65:a2:
52:5f:91:2b:5f:5f:0d:d0:03:1c:1c:26:c9:e1:93:71:21:4d:
d4:04:2f:8b:a3:09:11:03:d2:a8:31:bc:31:87:2d:a4:ef:64:
4f:6d:75:39:55:38:52:99:4a:58:f6:94:71:a5:ed:4b:bd:6a:
71:dc:b7:2a:40:bd:75:19:98:d4:54:56:84:5e:af:a7:7b:f8:
42:e5:5d:50:c4:88:9b:b0:0d:e8:1c:30:7c:af:e6:4f:93:b2:
f3:9f:f6:73:73:0a:fa:82:a0:32:fd:a3:45:2a:1b:65:d2:33:
fd:b4:41:1e:ea:02:03:0e:88:be:42:ec:a2:77:75:68:f3:4d:
d0:84:ac:e9:39:cc:b2:eb:09:ae:9f:4d:a3:e9:bf:34:40:14:
e4:87:00:48:e8:0f:11:c7:15:49:63:03:80:5f:08:50:1d:da:
d7:c0:47:cd:4a:03:93:a7:78:2c:ef:7d:43:24:34:0c:83:79:
8b:57:ea:41:c3:07:61:30:55:9d:02:de:9e:f1:80:2b:6a:f5:
ef:a8:e8:bc
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUZcpNWwAOw5LInYLBAmdDhB1ss8YwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGY3NTliNWFmM2RhNmM5ZGYwMzNiMGRlOTk4OTcwYTRl
Nzk2NTVkMDAeFw0yNjA1MTEwMTMwMjhaFw0yNjA4MDkyMzU5NTlaMHoxSTBHBgNV
BAUTQDBiZmFiMDUzNmI5MDYzMmUyZDgzOTRlMjM5MjQyZjVlMjdjMTU1NjIxYTU1
N2E0YjI1ZTEzNWY2ZGQyNDRjODAxLTArBgNVBAMTJDk4ZDY3ZGViLWJiNzUtNGU3
Ny1iMWEwLTM2MDE2YjJkNjM1MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJDAWRk4YV3hCl/OWjuBu/m0FsVqpGBjz2HJIUjixbk0vMknl4n2J5vLYif8
+1e/cgfENUazNYaZABBVEps0GNZOU1/ROPgVWjQDZ77vug04wyt6ixIv/ICUjOMs
B1uY+RMBP6qAiE+aCbCZ7i6loErFcNaZ0NdBTEOq4ICfBt8Vep5dfroq5RlUC9h7
J8GMbiDMhTn7Xgxnp+D+e8MJdZNtkxeMUFIG/EepJ05UKo3vgQtM07OESLKxInCl
c6ANB1Ynu7m1O6YdTu+UJ3aitsH0gvG6fn+dBMRkZDR37UaMTuu4vZyIOT1laH+Z
tOQfUbbJKhVmRU3ySyrMgdIxEUcCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBRm8rXa
ylb456MO+qWHx1CiNvaxRDAfBgNVHSMEGDAWgBTfdZta89psnfAzsN6ZiXCk55ZV
0DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzMzV2JXdlBh
Ykozd003RGVtWWx3cE9lV1ZkQS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9mZTM3MzdmYi0wOTVkLTQ0NGMtOTJmNC0zZjcyMjFmYjU0NGMv
YTIxN2FjYjYtMjVkYi00ZjdmLWJlZDItMDI1MTk3ODQyNGMxLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZmUzNzM3ZmItMDk1ZC00NDRjLTkyZjQtM2Y3MjIxZmI1
NDRjLzBYRTV0WlZ5dUdlYUFfaDctMXFCcDdhWTRTby5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACABP8AI
QDANBgkqhkiG9w0BAQsFAAOCAQEAvhO0lqLO4jpVkX+HqYraV4jV6xd6+J1TpVLT
WVmm9TDGVuwYZt9BaK8ptAqJEUBHZ2uCmWWiUl+RK19fDdADHBwmyeGTcSFN1AQv
i6MJEQPSqDG8MYctpO9kT211OVU4UplKWPaUcaXtS71qcdy3KkC9dRmY1FRWhF6v
p3v4QuVdUMSIm7AN6BwwfK/mT5Oy85/2c3MK+oKgMv2jRSobZdIz/bRBHuoCAw6I
vkLsond1aPNN0ISs6TnMsusJrp9No+m/NEAU5IcASOgPEccVSWMDgF8IUB3a18BH
zUoDk6d4LO99QyQ0DIN5i1fqQcMHYTBVnQLenvGAK2r176jovA==
-----END CERTIFICATE-----
Generated at Tue May 12 22:18:19 2026 by rpki-client