Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/c47386ff-4f1d-480a-be76-cc4ee1b3a35f.roa
File: c47386ff-4f1d-480a-be76-cc4ee1b3a35f.roa (raw, json)
Hash identifier: 91xbtarM21Z/KJIFLBdulTfsa4z9DL6XaM9hUAmloLo=
Subject key identifier: 75:D8:2E:AD:CF:A2:2F:99:25:4B:C9:E2:B8:8A:43:CA:4C:F6:88:47
Certificate issuer: /CN=df759b5af3da6c9df033b0de998970a4e79655d0
Certificate serial: 2DBE8A077A366293AB12F6863B3B3D834572D1D1
Authority key identifier: DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/c47386ff-4f1d-480a-be76-cc4ee1b3a35f.roa
Signing time: Mon 11 May 2026 01:40:10 +0000
ROA not before: Mon 11 May 2026 01:40:10 +0000
ROA not after: Sun 09 Aug 2026 23:59:59 +0000
asID: 16509
IP address blocks: 2001:3fc3::/36 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.mft
rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 13 May 2026 14:18:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
2d:be:8a:07:7a:36:62:93:ab:12:f6:86:3b:3b:3d:83:45:72:d1:d1
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=df759b5af3da6c9df033b0de998970a4e79655d0
Validity
Not Before: May 11 01:40:10 2026 GMT
Not After : Aug 9 23:59:59 2026 GMT
Subject: serialNumber=f8b0a302724eba76224865a34ea0146d874b0f8ced4471f0d0f17df078f5dc0f, CN=98d67deb-bb75-4e77-b1a0-36016b2d6350
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b7:0a:ed:5d:86:b1:15:65:93:8f:04:07:82:3b:
0c:3e:08:3c:b2:c7:d8:72:38:11:9a:0f:4f:d8:e4:
52:55:4b:58:0d:41:f7:01:89:59:28:f5:86:45:5e:
77:84:58:6c:62:9f:b7:d4:bc:d1:3e:90:db:c0:90:
8a:d2:df:58:02:b2:9f:1a:dd:03:75:bc:1c:c4:13:
f0:c3:42:a5:0d:96:ba:6c:8d:bb:04:5a:e7:9d:5e:
0e:4d:06:51:6b:37:58:b4:2f:16:8c:e3:97:ae:e0:
3f:26:9f:eb:13:38:1d:45:62:55:00:a4:d8:b9:68:
e7:07:e5:ff:3f:0a:5d:38:eb:17:27:15:68:b0:d4:
bd:04:b2:71:14:7d:94:1d:e8:85:8e:b4:73:6b:c4:
25:6d:9f:c3:e3:f8:83:4b:8c:1a:15:f8:c8:95:61:
9a:84:ba:dc:17:ff:a7:6c:f5:28:ca:b9:46:5c:1c:
73:3a:12:8b:8f:fd:ea:66:12:02:a8:04:8a:8c:63:
43:2e:4f:2c:61:ab:f8:64:77:ec:2b:01:aa:e3:d2:
d0:ad:d5:7e:ea:70:a2:98:a2:e1:bd:49:b0:40:16:
0c:23:5e:39:ac:b9:1c:2b:f6:74:03:0f:39:e4:ed:
42:ee:18:23:c4:bb:5c:aa:f8:28:f9:ef:12:97:b4:
b9:93
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
75:D8:2E:AD:CF:A2:2F:99:25:4B:C9:E2:B8:8A:43:CA:4C:F6:88:47
X509v3 Authority Key Identifier:
keyid:DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/c47386ff-4f1d-480a-be76-cc4ee1b3a35f.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:3fc3::/36
Signature Algorithm: sha256WithRSAEncryption
c8:91:06:04:c1:68:b3:e4:6c:c1:69:f5:64:2f:b5:3a:b3:cb:
2e:f4:52:e5:cb:b4:62:88:7d:64:0c:a9:84:bf:e0:d9:8b:ce:
c6:fc:35:0c:d3:20:5b:80:69:d5:83:f1:d6:75:f8:31:7c:2a:
9c:c5:42:8e:84:9d:85:d1:dc:0b:42:d1:0f:b5:84:79:2e:38:
4b:d9:5c:97:36:a7:e5:e2:9c:b2:73:e8:9f:6c:96:8c:d5:4b:
26:58:3f:7b:c9:c2:26:b0:9e:c5:88:4d:ca:57:c3:2c:30:b0:
57:f2:4e:c4:e7:dc:32:a8:5c:e0:65:7d:80:03:8b:b6:d5:b8:
5b:83:fa:59:34:3a:ac:c5:f2:9e:e1:82:5f:a7:0a:3f:13:a4:
c7:ec:37:61:72:9b:d4:35:aa:8a:0c:a5:5a:22:65:92:41:15:
f7:db:7e:4c:a6:83:b8:ee:03:a2:c2:33:5d:3a:69:28:42:cb:
24:c0:7f:37:64:ca:a7:d6:ea:99:48:80:3d:c9:cf:34:16:29:
b1:fd:1a:b2:ed:64:16:d2:f7:57:1f:03:ec:da:82:bd:c5:1f:
b5:1c:68:be:be:63:66:66:81:9e:ae:99:84:ba:8b:f1:2d:eb:
ac:73:47:ea:59:18:d9:89:cf:90:24:a2:54:51:4c:ba:27:1d:
00:b6:41:b1
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIULb6KB3o2YpOrEvaGOzs9g0Vy0dEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGY3NTliNWFmM2RhNmM5ZGYwMzNiMGRlOTk4OTcwYTRl
Nzk2NTVkMDAeFw0yNjA1MTEwMTQwMTBaFw0yNjA4MDkyMzU5NTlaMHoxSTBHBgNV
BAUTQGY4YjBhMzAyNzI0ZWJhNzYyMjQ4NjVhMzRlYTAxNDZkODc0YjBmOGNlZDQ0
NzFmMGQwZjE3ZGYwNzhmNWRjMGYxLTArBgNVBAMTJDk4ZDY3ZGViLWJiNzUtNGU3
Ny1iMWEwLTM2MDE2YjJkNjM1MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALcK7V2GsRVlk48EB4I7DD4IPLLH2HI4EZoPT9jkUlVLWA1B9wGJWSj1hkVe
d4RYbGKft9S80T6Q28CQitLfWAKynxrdA3W8HMQT8MNCpQ2WumyNuwRa551eDk0G
UWs3WLQvFozjl67gPyaf6xM4HUViVQCk2Llo5wfl/z8KXTjrFycVaLDUvQSycRR9
lB3ohY60c2vEJW2fw+P4g0uMGhX4yJVhmoS63Bf/p2z1KMq5RlwcczoSi4/96mYS
AqgEioxjQy5PLGGr+GR37CsBquPS0K3Vfupwopii4b1JsEAWDCNeOay5HCv2dAMP
OeTtQu4YI8S7XKr4KPnvEpe0uZMCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBR12C6t
z6IvmSVLyeK4ikPKTPaIRzAfBgNVHSMEGDAWgBTfdZta89psnfAzsN6ZiXCk55ZV
0DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzMzV2JXdlBh
Ykozd003RGVtWWx3cE9lV1ZkQS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9mZTM3MzdmYi0wOTVkLTQ0NGMtOTJmNC0zZjcyMjFmYjU0NGMv
YzQ3Mzg2ZmYtNGYxZC00ODBhLWJlNzYtY2M0ZWUxYjNhMzVmLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZmUzNzM3ZmItMDk1ZC00NDRjLTkyZjQtM2Y3MjIxZmI1
NDRjLzBYRTV0WlZ5dUdlYUFfaDctMXFCcDdhWTRTby5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGBCABP8MA
MA0GCSqGSIb3DQEBCwUAA4IBAQDIkQYEwWiz5GzBafVkL7U6s8su9FLly7RiiH1k
DKmEv+DZi87G/DUM0yBbgGnVg/HWdfgxfCqcxUKOhJ2F0dwLQtEPtYR5LjhL2VyX
Nqfl4pyyc+ifbJaM1UsmWD97ycImsJ7FiE3KV8MsMLBX8k7E59wyqFzgZX2AA4u2
1bhbg/pZNDqsxfKe4YJfpwo/E6TH7DdhcpvUNaqKDKVaImWSQRX3235MpoO47gOi
wjNdOmkoQsskwH83ZMqn1uqZSIA9yc80Fimx/Rqy7WQW0vdXHwPs2oK9xR+1HGi+
vmNmZoGerpmEuovxLeusc0fqWRjZic+QJKJUUUy6Jx0AtkGx
-----END CERTIFICATE-----
Generated at Tue May 12 22:22:54 2026 by rpki-client