Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/aab50dd8-a220-4509-8901-cb5ca23cff5f.roa
File: aab50dd8-a220-4509-8901-cb5ca23cff5f.roa (raw, json)
Hash identifier: hBycfljskZ1OVb0qTJ8rc19i23snykrp7lYZn+uBr30=
Subject key identifier: 46:71:3A:19:6A:C1:A8:DE:6F:2E:97:8C:40:AD:23:C6:FB:78:95:65
Certificate issuer: /CN=df759b5af3da6c9df033b0de998970a4e79655d0
Certificate serial: 4D410DF0DED27D79C8CC8BC81B8CBFD365286F4A
Authority key identifier: DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/aab50dd8-a220-4509-8901-cb5ca23cff5f.roa
Signing time: Mon 11 May 2026 01:40:08 +0000
ROA not before: Mon 11 May 2026 01:40:08 +0000
ROA not after: Sun 09 Aug 2026 23:59:59 +0000
asID: 16509
IP address blocks: 2001:3fc6:c::/47 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.mft
rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 13 May 2026 14:18:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
4d:41:0d:f0:de:d2:7d:79:c8:cc:8b:c8:1b:8c:bf:d3:65:28:6f:4a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=df759b5af3da6c9df033b0de998970a4e79655d0
Validity
Not Before: May 11 01:40:08 2026 GMT
Not After : Aug 9 23:59:59 2026 GMT
Subject: serialNumber=e198ff4ee807cbceb7459fe6bd33a9d2cd40102903abd34787fc4669c2c8b517, CN=98d67deb-bb75-4e77-b1a0-36016b2d6350
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:dd:b0:98:9f:16:1f:8f:ac:f4:16:52:2f:99:79:
cf:c8:3e:16:2b:7d:b3:6e:d4:78:c9:a7:79:14:0b:
8f:85:9e:cd:77:a7:ba:d0:1f:39:da:0e:92:94:30:
3f:b4:43:b9:8a:65:8f:5e:42:e3:0a:39:c9:94:f5:
40:1a:1e:c4:a9:37:9d:81:25:7a:27:be:41:38:88:
23:ef:0e:b4:b3:81:52:7a:62:2d:35:d4:88:98:a5:
76:2c:30:ab:b1:c7:40:79:59:52:61:d5:7f:82:bc:
c9:e5:44:09:1e:ad:83:91:6b:97:e1:07:7a:dd:6d:
7a:92:f1:aa:b4:98:49:ed:78:7e:60:b7:51:27:40:
fc:e9:d9:2c:c5:0e:86:40:b8:b0:6d:08:2f:38:95:
d5:85:e0:c6:8e:66:99:55:00:a4:fd:45:4f:60:7f:
9d:1e:63:d1:99:63:20:e9:71:98:63:52:ac:d6:7c:
c1:fa:2d:f7:eb:67:82:cd:53:1e:77:8a:1f:64:a0:
56:7c:12:69:e7:0b:c0:6d:8e:03:a7:46:ea:60:a1:
f7:7c:92:22:2b:92:3f:7a:2b:17:64:4a:e5:4d:d7:
f5:ba:d9:24:8b:ee:99:b3:c3:d8:83:65:05:8f:47:
7d:8f:b3:2e:c3:97:b5:9f:ac:ac:03:73:f1:f2:ad:
ca:f9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
46:71:3A:19:6A:C1:A8:DE:6F:2E:97:8C:40:AD:23:C6:FB:78:95:65
X509v3 Authority Key Identifier:
keyid:DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/aab50dd8-a220-4509-8901-cb5ca23cff5f.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:3fc6:c::/47
Signature Algorithm: sha256WithRSAEncryption
a5:09:6f:6e:25:b9:03:42:8f:01:bb:ca:48:9f:96:4e:6e:ff:
eb:ba:b3:9f:bd:fb:b2:c0:06:08:a4:74:2b:73:9c:43:0d:2c:
25:b3:5d:17:3c:09:9b:32:7d:1c:e3:26:c6:b5:bb:a0:03:7a:
0a:c6:94:bc:2f:e5:4e:d8:f9:af:31:c3:92:e8:7e:aa:d9:46:
14:aa:8a:e7:74:f7:18:31:a4:b7:74:4a:bb:de:8e:a8:0d:94:
3d:ba:4a:93:7b:16:23:f5:f0:55:d9:e5:1d:d7:0e:f2:0f:d6:
c6:3b:06:f9:41:c7:da:b6:08:52:c0:1a:29:bd:67:0f:46:d5:
18:27:02:43:51:5d:71:1f:58:5c:d0:fe:d8:49:db:21:9d:2e:
1f:f9:0c:aa:87:4f:5d:d7:5a:5b:7a:35:03:9c:f0:40:2a:7b:
f4:fa:17:33:81:dc:67:c7:3a:40:b6:c4:fe:a8:15:77:9b:32:
d9:86:9c:0d:61:8c:b9:74:d5:6e:72:9a:30:66:04:eb:1c:d4:
eb:78:f7:c3:d6:df:07:fe:80:82:43:ba:46:b6:87:0e:79:6a:
90:fc:62:a0:70:af:d5:9f:22:10:47:63:24:a5:a6:1e:85:ec:
07:77:99:cd:9d:a9:e4:03:f6:a1:0c:d9:ff:5f:e6:7a:d9:b4:
13:91:06:59
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUTUEN8N7SfXnIzIvIG4y/02Uob0owDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGY3NTliNWFmM2RhNmM5ZGYwMzNiMGRlOTk4OTcwYTRl
Nzk2NTVkMDAeFw0yNjA1MTEwMTQwMDhaFw0yNjA4MDkyMzU5NTlaMHoxSTBHBgNV
BAUTQGUxOThmZjRlZTgwN2NiY2ViNzQ1OWZlNmJkMzNhOWQyY2Q0MDEwMjkwM2Fi
ZDM0Nzg3ZmM0NjY5YzJjOGI1MTcxLTArBgNVBAMTJDk4ZDY3ZGViLWJiNzUtNGU3
Ny1iMWEwLTM2MDE2YjJkNjM1MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAN2wmJ8WH4+s9BZSL5l5z8g+Fit9s27UeMmneRQLj4WezXenutAfOdoOkpQw
P7RDuYplj15C4wo5yZT1QBoexKk3nYEleie+QTiII+8OtLOBUnpiLTXUiJildiww
q7HHQHlZUmHVf4K8yeVECR6tg5Frl+EHet1tepLxqrSYSe14fmC3USdA/OnZLMUO
hkC4sG0ILziV1YXgxo5mmVUApP1FT2B/nR5j0ZljIOlxmGNSrNZ8wfot9+tngs1T
HneKH2SgVnwSaecLwG2OA6dG6mCh93ySIiuSP3orF2RK5U3X9brZJIvumbPD2INl
BY9HfY+zLsOXtZ+srANz8fKtyvkCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBRGcToZ
asGo3m8ul4xArSPG+3iVZTAfBgNVHSMEGDAWgBTfdZta89psnfAzsN6ZiXCk55ZV
0DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzMzV2JXdlBh
Ykozd003RGVtWWx3cE9lV1ZkQS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9mZTM3MzdmYi0wOTVkLTQ0NGMtOTJmNC0zZjcyMjFmYjU0NGMv
YWFiNTBkZDgtYTIyMC00NTA5LTg5MDEtY2I1Y2EyM2NmZjVmLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZmUzNzM3ZmItMDk1ZC00NDRjLTkyZjQtM2Y3MjIxZmI1
NDRjLzBYRTV0WlZ5dUdlYUFfaDctMXFCcDdhWTRTby5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHASABP8YA
DDANBgkqhkiG9w0BAQsFAAOCAQEApQlvbiW5A0KPAbvKSJ+WTm7/67qzn737ssAG
CKR0K3OcQw0sJbNdFzwJmzJ9HOMmxrW7oAN6CsaUvC/lTtj5rzHDkuh+qtlGFKqK
53T3GDGkt3RKu96OqA2UPbpKk3sWI/XwVdnlHdcO8g/WxjsG+UHH2rYIUsAaKb1n
D0bVGCcCQ1FdcR9YXND+2EnbIZ0uH/kMqodPXddaW3o1A5zwQCp79PoXM4HcZ8c6
QLbE/qgVd5sy2YacDWGMuXTVbnKaMGYE6xzU63j3w9bfB/6AgkO6RraHDnlqkPxi
oHCv1Z8iEEdjJKWmHoXsB3eZzZ2p5AP2oQzZ/1/metm0E5EGWQ==
-----END CERTIFICATE-----
Generated at Tue May 12 22:45:18 2026 by rpki-client