Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/ae013680-e4f4-449c-9a2c-715867c85a51.roa
File: ae013680-e4f4-449c-9a2c-715867c85a51.roa (raw, json)
Hash identifier: EmQgWhcy1cz3bHrOU/z9tVV/csRplezwsgdfJERfG3Y=
Subject key identifier: 13:E1:56:00:2E:52:09:77:73:D5:08:C5:E8:78:57:5C:EE:CA:ED:2B
Certificate issuer: /CN=df759b5af3da6c9df033b0de998970a4e79655d0
Certificate serial: 40BF8A4D65F69A319DB41B45B85DFE2658DEC142
Authority key identifier: DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/ae013680-e4f4-449c-9a2c-715867c85a51.roa
Signing time: Mon 11 May 2026 01:40:55 +0000
ROA not before: Mon 11 May 2026 01:40:55 +0000
ROA not after: Sun 09 Aug 2026 23:59:59 +0000
asID: 16509
IP address blocks: 2001:3fc6:8::/45 maxlen: 45
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.mft
rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 13 May 2026 14:18:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
40:bf:8a:4d:65:f6:9a:31:9d:b4:1b:45:b8:5d:fe:26:58:de:c1:42
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=df759b5af3da6c9df033b0de998970a4e79655d0
Validity
Not Before: May 11 01:40:55 2026 GMT
Not After : Aug 9 23:59:59 2026 GMT
Subject: serialNumber=2d70cf1b4cc9e45f8e8d8e21001d9ef3823a8e528719a43f3dc1d3737e79ac6f, CN=98d67deb-bb75-4e77-b1a0-36016b2d6350
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9e:c7:86:41:f1:5c:20:a4:35:00:1c:78:03:78:
da:cf:94:df:71:59:c9:23:2d:f6:a4:55:ab:9b:37:
ed:75:6f:2b:1d:12:34:b3:b0:df:72:b4:2c:de:ec:
dc:89:f7:a9:e6:29:77:3a:65:dc:e5:99:34:9e:77:
e2:94:7d:8d:17:6c:f9:d1:6e:ee:7e:d0:14:14:49:
4f:87:19:1e:68:c4:8b:a0:ec:ea:8e:3a:1a:c7:ed:
75:7e:7c:b4:61:70:17:07:f7:d6:50:00:fa:8e:a8:
2a:89:cc:d4:73:87:cb:0d:d2:91:f3:15:f4:7d:61:
9a:e7:f8:43:d5:32:19:7a:31:ee:ba:eb:ed:2b:b8:
5a:11:ca:26:4f:fd:2b:49:a4:23:52:5a:09:b0:20:
8e:b2:73:c9:aa:d3:5a:49:83:43:68:2c:5d:5e:13:
29:54:b2:be:ce:36:99:65:ad:b8:ec:1b:16:79:2c:
d5:0a:c6:9c:b6:4a:23:84:a5:63:df:0f:65:b9:4b:
86:dd:4c:ea:63:5a:ea:72:7f:a1:e6:32:b9:a1:7b:
88:65:db:f8:0e:b9:21:ac:22:88:f5:90:88:d2:b2:
26:f6:60:89:47:45:92:15:9e:51:65:82:5b:be:66:
f6:2f:46:dc:14:17:18:c6:ed:dd:e1:4f:35:51:34:
98:45
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
13:E1:56:00:2E:52:09:77:73:D5:08:C5:E8:78:57:5C:EE:CA:ED:2B
X509v3 Authority Key Identifier:
keyid:DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/ae013680-e4f4-449c-9a2c-715867c85a51.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:3fc6:8::/45
Signature Algorithm: sha256WithRSAEncryption
6d:25:75:d0:25:c6:9b:63:a1:72:aa:2e:ba:af:29:66:9c:1c:
2d:88:22:0e:ec:ff:0d:4e:2e:11:3c:40:f6:21:35:4e:52:71:
3b:38:1a:46:37:aa:dd:6c:79:76:52:2c:81:bc:b0:47:a9:c9:
94:56:b9:e5:34:4a:07:67:95:08:b4:98:42:05:54:09:54:4e:
27:06:da:f7:ac:47:9d:81:c9:5d:91:c6:c3:ee:cd:57:f1:25:
32:b6:bb:2d:3a:ae:9f:c0:e2:f9:62:1a:9a:45:37:12:f9:6e:
f7:67:19:eb:8f:45:5c:f9:27:60:5b:ea:6d:6d:25:b3:4f:00:
c2:ca:d7:94:db:30:71:5b:f2:08:de:2a:1a:51:5a:a3:21:e3:
eb:40:94:d6:9d:18:09:46:42:a9:dd:f9:d7:a5:75:89:e1:95:
1d:15:f6:bd:33:01:2d:ef:42:ce:aa:05:c7:b7:f4:bc:a0:22:
4f:4c:ed:fe:ac:99:6a:7e:cf:00:b2:28:89:59:22:65:b0:c5:
65:b0:90:eb:8c:9b:6e:7f:de:db:26:fa:a8:ed:6c:82:e3:64:
29:a6:1c:6c:77:47:5c:34:31:60:04:fe:3d:d7:96:0a:34:c0:
59:42:98:33:9a:b4:0a:c5:8f:51:75:32:a9:57:69:62:2b:85:
01:d7:f8:03
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUQL+KTWX2mjGdtBtFuF3+JljewUIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGY3NTliNWFmM2RhNmM5ZGYwMzNiMGRlOTk4OTcwYTRl
Nzk2NTVkMDAeFw0yNjA1MTEwMTQwNTVaFw0yNjA4MDkyMzU5NTlaMHoxSTBHBgNV
BAUTQDJkNzBjZjFiNGNjOWU0NWY4ZThkOGUyMTAwMWQ5ZWYzODIzYThlNTI4NzE5
YTQzZjNkYzFkMzczN2U3OWFjNmYxLTArBgNVBAMTJDk4ZDY3ZGViLWJiNzUtNGU3
Ny1iMWEwLTM2MDE2YjJkNjM1MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJ7HhkHxXCCkNQAceAN42s+U33FZySMt9qRVq5s37XVvKx0SNLOw33K0LN7s
3In3qeYpdzpl3OWZNJ534pR9jRds+dFu7n7QFBRJT4cZHmjEi6Ds6o46GsftdX58
tGFwFwf31lAA+o6oKonM1HOHyw3SkfMV9H1hmuf4Q9UyGXox7rrr7Su4WhHKJk/9
K0mkI1JaCbAgjrJzyarTWkmDQ2gsXV4TKVSyvs42mWWtuOwbFnks1QrGnLZKI4Sl
Y98PZblLht1M6mNa6nJ/oeYyuaF7iGXb+A65IawiiPWQiNKyJvZgiUdFkhWeUWWC
W75m9i9G3BQXGMbt3eFPNVE0mEUCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBQT4VYA
LlIJd3PVCMXoeFdc7srtKzAfBgNVHSMEGDAWgBTfdZta89psnfAzsN6ZiXCk55ZV
0DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzMzV2JXdlBh
Ykozd003RGVtWWx3cE9lV1ZkQS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9mZTM3MzdmYi0wOTVkLTQ0NGMtOTJmNC0zZjcyMjFmYjU0NGMv
YWUwMTM2ODAtZTRmNC00NDljLTlhMmMtNzE1ODY3Yzg1YTUxLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZmUzNzM3ZmItMDk1ZC00NDRjLTkyZjQtM2Y3MjIxZmI1
NDRjLzBYRTV0WlZ5dUdlYUFfaDctMXFCcDdhWTRTby5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHAyABP8YA
CDANBgkqhkiG9w0BAQsFAAOCAQEAbSV10CXGm2Ohcqouuq8pZpwcLYgiDuz/DU4u
ETxA9iE1TlJxOzgaRjeq3Wx5dlIsgbywR6nJlFa55TRKB2eVCLSYQgVUCVROJwba
96xHnYHJXZHGw+7NV/ElMra7LTqun8Di+WIamkU3Evlu92cZ649FXPknYFvqbW0l
s08AwsrXlNswcVvyCN4qGlFaoyHj60CU1p0YCUZCqd3516V1ieGVHRX2vTMBLe9C
zqoFx7f0vKAiT0zt/qyZan7PALIoiVkiZbDFZbCQ64ybbn/e2yb6qO1sguNkKaYc
bHdHXDQxYAT+PdeWCjTAWUKYM5q0CsWPUXUyqVdpYiuFAdf4Aw==
-----END CERTIFICATE-----
Generated at Wed May 13 00:17:48 2026 by rpki-client