Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/a9974ff0-62d1-4203-bf68-04eb8602d197.roa
File: a9974ff0-62d1-4203-bf68-04eb8602d197.roa (raw, json)
Hash identifier: yK0fiFas8FJynlb0CQCr/Mnt7W3DCSQ3F3AyzmlHCqU=
Subject key identifier: 19:5C:11:9A:C4:6E:C4:31:AB:B8:D9:1D:02:23:BB:E5:3F:B4:A2:8D
Certificate issuer: /CN=df759b5af3da6c9df033b0de998970a4e79655d0
Certificate serial: 68643B4C91094CD5DA8122148DC147ADBBCDE0CC
Authority key identifier: DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/a9974ff0-62d1-4203-bf68-04eb8602d197.roa
Signing time: Mon 11 May 2026 01:30:26 +0000
ROA not before: Mon 11 May 2026 01:30:26 +0000
ROA not after: Sun 09 Aug 2026 23:59:59 +0000
asID: 16509
IP address blocks: 2001:3fc7:7000::/36 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.mft
rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 13 May 2026 14:18:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
68:64:3b:4c:91:09:4c:d5:da:81:22:14:8d:c1:47:ad:bb:cd:e0:cc
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=df759b5af3da6c9df033b0de998970a4e79655d0
Validity
Not Before: May 11 01:30:26 2026 GMT
Not After : Aug 9 23:59:59 2026 GMT
Subject: serialNumber=7fab250f236422c4c03211ca04f03da65f5058d240705643d6efecdec979c4ab, CN=98d67deb-bb75-4e77-b1a0-36016b2d6350
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d7:63:b5:6e:59:04:b0:f5:71:79:2a:e1:ca:63:
24:92:c1:bc:25:17:85:34:b7:2d:17:89:4a:cc:3b:
9f:82:2b:1c:db:9b:b8:3e:14:c0:10:77:32:92:bd:
80:1b:da:6c:da:84:4f:da:78:fa:c1:63:ab:07:f3:
33:70:73:39:3d:69:54:d9:06:95:96:80:d9:5b:47:
75:af:e6:b6:e9:1e:e5:4e:83:c4:65:a9:cf:21:0b:
49:e8:36:c9:b9:c9:6b:15:b0:b1:73:63:ec:51:62:
c9:e9:6c:46:28:bc:8d:57:04:13:24:dd:b1:56:79:
a9:c8:b2:62:75:05:89:39:36:54:8c:62:2c:b7:7d:
d8:35:6d:5f:88:80:9b:20:18:db:fb:aa:20:9a:62:
a2:df:b7:3c:5f:4e:a8:8c:bd:00:ea:6a:06:49:b0:
d8:7b:ae:b7:28:63:7b:56:d9:a7:b2:d7:87:ab:43:
a0:9b:da:a7:65:68:97:c4:02:20:90:2e:b2:21:39:
7a:f7:b4:d3:89:cd:af:0e:43:ac:45:f3:81:3e:70:
6e:b4:79:dc:6e:bb:8b:c0:82:52:b6:6a:f0:95:83:
84:3e:f9:21:1f:a1:f6:c1:96:3e:34:f1:10:19:9a:
2c:79:17:bf:87:e5:5e:25:ea:bd:8a:5d:a6:1f:c7:
ce:93
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
19:5C:11:9A:C4:6E:C4:31:AB:B8:D9:1D:02:23:BB:E5:3F:B4:A2:8D
X509v3 Authority Key Identifier:
keyid:DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/a9974ff0-62d1-4203-bf68-04eb8602d197.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:3fc7:7000::/36
Signature Algorithm: sha256WithRSAEncryption
85:5d:f0:ac:9d:ca:2e:82:80:6f:21:9b:a4:b9:fc:69:75:07:
7b:1c:64:4e:33:fa:b8:56:64:c1:9f:bd:f4:73:a6:34:b4:3f:
fd:c6:11:6e:e3:cf:95:2d:12:d3:5f:c3:90:7e:25:b0:c1:9c:
66:a5:80:d5:b7:17:d0:58:20:74:6c:d3:62:39:c7:5c:75:af:
7c:8e:44:c5:de:11:87:9e:a9:17:e6:fd:8e:c8:5a:c8:d1:34:
21:ed:bd:71:bb:4c:6e:bd:98:dc:9a:44:80:41:cd:16:86:20:
36:6a:c9:6c:64:37:fd:80:cc:f5:21:b0:ea:3d:1f:e5:c3:dc:
9c:8b:50:a1:34:b4:6b:a9:ac:ae:70:35:ba:f1:6b:1b:f6:9d:
9e:85:73:ea:5f:8b:ee:ca:42:02:ae:e6:12:c8:86:41:22:b1:
97:f1:cc:83:00:f9:85:a2:78:0a:de:5b:c5:ff:93:46:df:8e:
e6:1b:0a:c4:f4:2d:8b:26:44:9e:ec:4d:9a:b5:1c:ba:e4:9b:
48:91:ba:ef:5e:0b:d8:d8:9e:af:37:6b:5e:65:8c:91:01:d5:
3f:57:cc:ce:7b:4a:0a:31:c8:09:d3:c3:fb:2e:a7:f4:f1:71:
a9:d8:e3:3e:c5:fa:08:c7:94:ce:c0:55:ff:1a:80:23:16:c8:
5f:49:76:76
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUaGQ7TJEJTNXagSIUjcFHrbvN4MwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGY3NTliNWFmM2RhNmM5ZGYwMzNiMGRlOTk4OTcwYTRl
Nzk2NTVkMDAeFw0yNjA1MTEwMTMwMjZaFw0yNjA4MDkyMzU5NTlaMHoxSTBHBgNV
BAUTQDdmYWIyNTBmMjM2NDIyYzRjMDMyMTFjYTA0ZjAzZGE2NWY1MDU4ZDI0MDcw
NTY0M2Q2ZWZlY2RlYzk3OWM0YWIxLTArBgNVBAMTJDk4ZDY3ZGViLWJiNzUtNGU3
Ny1iMWEwLTM2MDE2YjJkNjM1MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANdjtW5ZBLD1cXkq4cpjJJLBvCUXhTS3LReJSsw7n4IrHNubuD4UwBB3MpK9
gBvabNqET9p4+sFjqwfzM3BzOT1pVNkGlZaA2VtHda/mtuke5U6DxGWpzyELSeg2
ybnJaxWwsXNj7FFiyelsRii8jVcEEyTdsVZ5qciyYnUFiTk2VIxiLLd92DVtX4iA
myAY2/uqIJpiot+3PF9OqIy9AOpqBkmw2Huutyhje1bZp7LXh6tDoJvap2Vol8QC
IJAusiE5eve004nNrw5DrEXzgT5wbrR53G67i8CCUrZq8JWDhD75IR+h9sGWPjTx
EBmaLHkXv4flXiXqvYpdph/HzpMCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBQZXBGa
xG7EMau42R0CI7vlP7SijTAfBgNVHSMEGDAWgBTfdZta89psnfAzsN6ZiXCk55ZV
0DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzMzV2JXdlBh
Ykozd003RGVtWWx3cE9lV1ZkQS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9mZTM3MzdmYi0wOTVkLTQ0NGMtOTJmNC0zZjcyMjFmYjU0NGMv
YTk5NzRmZjAtNjJkMS00MjAzLWJmNjgtMDRlYjg2MDJkMTk3LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZmUzNzM3ZmItMDk1ZC00NDRjLTkyZjQtM2Y3MjIxZmI1
NDRjLzBYRTV0WlZ5dUdlYUFfaDctMXFCcDdhWTRTby5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGBCABP8dw
MA0GCSqGSIb3DQEBCwUAA4IBAQCFXfCsncougoBvIZukufxpdQd7HGROM/q4VmTB
n730c6Y0tD/9xhFu48+VLRLTX8OQfiWwwZxmpYDVtxfQWCB0bNNiOcdcda98jkTF
3hGHnqkX5v2OyFrI0TQh7b1xu0xuvZjcmkSAQc0WhiA2aslsZDf9gMz1IbDqPR/l
w9yci1ChNLRrqayucDW68Wsb9p2ehXPqX4vuykICruYSyIZBIrGX8cyDAPmFongK
3lvF/5NG347mGwrE9C2LJkSe7E2atRy65JtIkbrvXgvY2J6vN2teZYyRAdU/V8zO
e0oKMcgJ08P7Lqf08XGp2OM+xfoIx5TOwFX/GoAjFshfSXZ2
-----END CERTIFICATE-----
Generated at Tue May 12 23:19:50 2026 by rpki-client