Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/a58b6238-ef14-49df-aad0-16d332405e96.roa
File: a58b6238-ef14-49df-aad0-16d332405e96.roa (raw, json)
Hash identifier: qkXWPcHw2p4idwMORQCoVX6KPUCa5W2k00HkZDuBs9c=
Subject key identifier: 92:38:50:5E:60:D4:6F:72:03:E8:69:6D:76:3C:7E:7E:6E:43:ED:36
Certificate issuer: /CN=df759b5af3da6c9df033b0de998970a4e79655d0
Certificate serial: 0BAA13AE161059E2F492D727763A3660B6F29782
Authority key identifier: DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/a58b6238-ef14-49df-aad0-16d332405e96.roa
Signing time: Mon 11 May 2026 01:30:11 +0000
ROA not before: Mon 11 May 2026 01:30:11 +0000
ROA not after: Sun 09 Aug 2026 23:59:59 +0000
asID: 16509
IP address blocks: 2001:3fc7:1000::/36 maxlen: 36
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.mft
rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 13 May 2026 14:18:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
0b:aa:13:ae:16:10:59:e2:f4:92:d7:27:76:3a:36:60:b6:f2:97:82
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=df759b5af3da6c9df033b0de998970a4e79655d0
Validity
Not Before: May 11 01:30:11 2026 GMT
Not After : Aug 9 23:59:59 2026 GMT
Subject: serialNumber=7a50c0278f089602c152b618b08082fff6fb43f38f092b6d7e5fa28de54cc9e5, CN=98d67deb-bb75-4e77-b1a0-36016b2d6350
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d2:4f:43:49:51:e5:0d:1f:d0:ca:90:85:12:bd:
f6:a0:8b:b4:e0:ee:a4:f6:2d:79:06:22:84:1f:27:
03:35:64:da:97:5b:a5:4a:04:b8:85:64:b8:27:f3:
6a:85:df:f8:f7:95:7c:e0:24:ff:57:49:6d:a6:66:
d8:5c:6e:ac:c9:88:c0:ff:ee:eb:af:cd:67:2e:df:
02:9d:f7:8f:e2:4a:2f:e6:0e:24:98:db:3e:8b:72:
02:74:63:52:07:79:53:cc:c9:14:df:b4:29:19:4b:
9f:da:73:91:51:77:ff:17:f3:07:e5:3a:e4:e8:4d:
6c:c6:a1:f2:72:4b:7c:65:b1:13:76:bd:62:bc:7a:
d0:a3:e1:a8:df:c3:5c:07:85:83:bc:86:d3:bc:c6:
70:0e:e0:95:c7:51:f4:78:03:1c:45:c7:cd:92:4e:
d3:2f:47:2d:25:e2:e0:36:e5:7a:d8:6f:50:5a:0a:
d4:6e:9d:4f:e7:94:7f:7b:78:93:31:5a:72:22:a1:
16:c1:fe:49:b0:12:a0:05:63:b7:18:1b:4c:2b:f8:
e9:61:e1:e7:4f:1a:f1:f9:fd:49:97:da:b8:9b:f8:
40:13:31:9a:d9:c8:6b:ab:cb:9d:17:60:02:a6:88:
0e:c2:a3:54:f7:6c:14:3b:19:45:75:90:2b:12:8e:
14:6b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
92:38:50:5E:60:D4:6F:72:03:E8:69:6D:76:3C:7E:7E:6E:43:ED:36
X509v3 Authority Key Identifier:
keyid:DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/a58b6238-ef14-49df-aad0-16d332405e96.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:3fc7:1000::/36
Signature Algorithm: sha256WithRSAEncryption
66:ee:4d:ef:76:d9:6e:e3:16:89:6e:45:86:eb:af:db:a7:a3:
ce:e3:66:a8:11:e7:14:60:f1:c0:24:2c:66:49:8a:d5:b3:e3:
53:f5:3d:08:f3:49:af:0d:db:46:fb:22:1d:f4:74:77:31:fc:
40:29:4b:b4:f4:57:b4:2b:fe:64:c6:a0:22:a6:16:69:e7:f7:
c2:96:a4:69:c6:d7:83:9a:3a:34:90:32:2c:3b:af:6f:e7:eb:
f0:6b:bf:2e:a3:75:e0:7a:87:5f:f9:0a:f0:a8:a5:cc:e5:25:
86:09:df:5b:6f:aa:a7:05:8c:5f:e9:66:8e:1d:87:00:97:ed:
a0:6a:eb:ea:4c:f6:61:0b:93:35:53:9a:19:c2:b1:e2:ed:af:
34:7c:a3:4c:2e:d2:7d:42:99:b3:af:7e:53:8a:d1:64:33:45:
5f:35:51:e8:cb:17:37:30:9a:f7:0f:0c:2a:43:50:65:ab:d2:
c0:82:ea:2b:37:15:37:3c:2a:82:b6:a8:41:13:f9:0b:b9:5f:
58:d4:ea:da:1b:ce:8f:8e:c3:b5:fe:18:d4:8c:1d:07:be:bd:
5c:63:c2:1b:9c:74:70:1c:f8:8e:2e:1c:22:c5:30:91:3a:89:
0b:06:1a:69:4c:60:6e:bb:91:3a:65:98:d2:55:44:dd:41:e2:
98:31:b2:8a
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUC6oTrhYQWeL0ktcndjo2YLbyl4IwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGY3NTliNWFmM2RhNmM5ZGYwMzNiMGRlOTk4OTcwYTRl
Nzk2NTVkMDAeFw0yNjA1MTEwMTMwMTFaFw0yNjA4MDkyMzU5NTlaMHoxSTBHBgNV
BAUTQDdhNTBjMDI3OGYwODk2MDJjMTUyYjYxOGIwODA4MmZmZjZmYjQzZjM4ZjA5
MmI2ZDdlNWZhMjhkZTU0Y2M5ZTUxLTArBgNVBAMTJDk4ZDY3ZGViLWJiNzUtNGU3
Ny1iMWEwLTM2MDE2YjJkNjM1MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANJPQ0lR5Q0f0MqQhRK99qCLtODupPYteQYihB8nAzVk2pdbpUoEuIVkuCfz
aoXf+PeVfOAk/1dJbaZm2FxurMmIwP/u66/NZy7fAp33j+JKL+YOJJjbPotyAnRj
Ugd5U8zJFN+0KRlLn9pzkVF3/xfzB+U65OhNbMah8nJLfGWxE3a9Yrx60KPhqN/D
XAeFg7yG07zGcA7glcdR9HgDHEXHzZJO0y9HLSXi4DblethvUFoK1G6dT+eUf3t4
kzFaciKhFsH+SbASoAVjtxgbTCv46WHh508a8fn9SZfauJv4QBMxmtnIa6vLnRdg
AqaIDsKjVPdsFDsZRXWQKxKOFGsCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBSSOFBe
YNRvcgPoaW12PH5+bkPtNjAfBgNVHSMEGDAWgBTfdZta89psnfAzsN6ZiXCk55ZV
0DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzMzV2JXdlBh
Ykozd003RGVtWWx3cE9lV1ZkQS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9mZTM3MzdmYi0wOTVkLTQ0NGMtOTJmNC0zZjcyMjFmYjU0NGMv
YTU4YjYyMzgtZWYxNC00OWRmLWFhZDAtMTZkMzMyNDA1ZTk2LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZmUzNzM3ZmItMDk1ZC00NDRjLTkyZjQtM2Y3MjIxZmI1
NDRjLzBYRTV0WlZ5dUdlYUFfaDctMXFCcDdhWTRTby5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGBCABP8cQ
MA0GCSqGSIb3DQEBCwUAA4IBAQBm7k3vdtlu4xaJbkWG66/bp6PO42aoEecUYPHA
JCxmSYrVs+NT9T0I80mvDdtG+yId9HR3MfxAKUu09Fe0K/5kxqAiphZp5/fClqRp
xteDmjo0kDIsO69v5+vwa78uo3Xgeodf+QrwqKXM5SWGCd9bb6qnBYxf6WaOHYcA
l+2gauvqTPZhC5M1U5oZwrHi7a80fKNMLtJ9Qpmzr35TitFkM0VfNVHoyxc3MJr3
DwwqQ1Blq9LAguorNxU3PCqCtqhBE/kLuV9Y1OraG86PjsO1/hjUjB0Hvr1cY8Ib
nHRwHPiOLhwixTCROokLBhppTGBuu5E6ZZjSVUTdQeKYMbKK
-----END CERTIFICATE-----
Generated at Tue May 12 22:17:34 2026 by rpki-client