Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/cdf607fb-daf0-4767-b47b-4a8c3266c681.roa
File: cdf607fb-daf0-4767-b47b-4a8c3266c681.roa (raw, json)
Hash identifier: GlFRm2hmO+K0DE0XTdWmeqTtB8qdk+dDp1BtoOnktbQ=
Subject key identifier: D5:68:91:23:C6:31:5E:3C:96:8B:58:73:C3:D6:DB:FE:D7:6D:57:BD
Certificate issuer: /CN=df759b5af3da6c9df033b0de998970a4e79655d0
Certificate serial: 457C5C0011B0301A25A82625121C77C9C2E7D18B
Authority key identifier: DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/cdf607fb-daf0-4767-b47b-4a8c3266c681.roa
Signing time: Mon 11 May 2026 01:30:21 +0000
ROA not before: Mon 11 May 2026 01:30:21 +0000
ROA not after: Sun 09 Aug 2026 23:59:59 +0000
asID: 16509
IP address blocks: 2001:3fc1:8c00::/38 maxlen: 38
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.mft
rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 13 May 2026 14:18:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
45:7c:5c:00:11:b0:30:1a:25:a8:26:25:12:1c:77:c9:c2:e7:d1:8b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=df759b5af3da6c9df033b0de998970a4e79655d0
Validity
Not Before: May 11 01:30:21 2026 GMT
Not After : Aug 9 23:59:59 2026 GMT
Subject: serialNumber=c0508b20c018c0646c372380c404cb7db6849bb98ebfb29df9c4f7183162381d, CN=98d67deb-bb75-4e77-b1a0-36016b2d6350
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a6:fd:22:02:b5:03:1f:77:86:71:18:53:1c:ae:
4c:97:9b:a1:3e:d2:54:a5:88:b4:fd:17:27:85:69:
2e:7b:7e:c4:5d:28:27:f0:d1:29:41:9b:74:a2:83:
72:5f:cc:11:3c:57:63:b8:54:5b:98:ff:59:8a:17:
24:22:e4:c5:79:34:53:cd:f1:05:bb:95:02:ef:6e:
c7:bc:bd:15:3a:3c:3d:db:df:7c:64:5a:19:2b:4f:
bf:23:65:36:a7:36:ef:5f:3d:55:79:69:2f:dc:33:
e5:91:6a:fe:74:4e:c3:30:3d:cb:bd:3d:97:7d:8b:
d0:11:67:c4:82:21:23:a5:ae:42:4e:39:31:fe:f7:
b8:9c:c8:fe:a6:4c:e4:9d:dc:32:12:c2:43:1a:e1:
fd:82:0f:df:2f:59:ad:d6:fd:60:fb:ca:0f:8e:a2:
3f:67:c4:94:dc:2d:58:56:cb:9a:01:cd:a9:d5:60:
bb:1a:4b:f2:58:bb:ca:03:78:73:c3:9d:36:7a:f8:
3c:b4:9a:31:5a:44:70:bf:81:1f:ab:52:4e:40:62:
87:30:0f:8e:93:16:e3:67:63:92:29:a7:86:28:74:
ed:67:9f:68:7d:62:1a:89:6a:21:95:71:16:b7:15:
0c:b0:92:59:c1:d1:91:db:2a:41:3a:32:5b:22:fd:
f5:6b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D5:68:91:23:C6:31:5E:3C:96:8B:58:73:C3:D6:DB:FE:D7:6D:57:BD
X509v3 Authority Key Identifier:
keyid:DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/cdf607fb-daf0-4767-b47b-4a8c3266c681.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:3fc1:8c00::/38
Signature Algorithm: sha256WithRSAEncryption
9c:0a:1c:dd:9e:2f:e5:eb:87:46:c8:12:2c:f0:11:b3:51:91:
ad:6a:af:c1:ad:2c:c3:4c:2a:5a:1d:d2:20:59:31:7e:a1:4a:
cb:16:a1:f3:2a:eb:93:47:3f:8b:7a:0c:fc:03:89:42:c5:4f:
d7:34:54:88:c3:f9:0b:db:7b:de:0b:29:13:bc:d5:4a:2d:3e:
6b:42:18:a4:f3:f2:81:f4:8f:e9:63:60:0f:16:4c:87:08:80:
cd:42:7c:02:4d:45:dd:73:05:ec:45:07:db:8a:7e:aa:97:27:
0f:22:7b:4e:5d:7e:12:f1:0d:dc:ad:88:f3:8b:f8:0f:68:51:
56:2d:71:84:f2:06:2c:94:99:78:b1:9f:23:0b:e4:44:89:1e:
8e:0f:23:c7:d1:5a:06:d4:d9:ca:84:d1:0b:27:bb:a2:03:53:
23:6c:43:9b:af:c6:cd:72:e3:49:ac:62:51:a2:cc:f7:0e:66:
2d:74:b0:4b:27:54:78:f4:a4:a2:59:27:c6:d5:e3:bf:2a:ee:
17:9a:1c:5d:16:da:96:00:76:9d:14:3e:4a:ae:41:8b:a9:e4:
36:65:f3:38:bd:66:54:61:e9:9b:2f:fb:52:3b:de:60:99:56:
e9:f8:2c:4f:b8:f9:d9:da:da:0d:f9:8d:c3:72:86:67:42:e1:
21:18:7a:a2
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIURXxcABGwMBolqCYlEhx3ycLn0YswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGY3NTliNWFmM2RhNmM5ZGYwMzNiMGRlOTk4OTcwYTRl
Nzk2NTVkMDAeFw0yNjA1MTEwMTMwMjFaFw0yNjA4MDkyMzU5NTlaMHoxSTBHBgNV
BAUTQGMwNTA4YjIwYzAxOGMwNjQ2YzM3MjM4MGM0MDRjYjdkYjY4NDliYjk4ZWJm
YjI5ZGY5YzRmNzE4MzE2MjM4MWQxLTArBgNVBAMTJDk4ZDY3ZGViLWJiNzUtNGU3
Ny1iMWEwLTM2MDE2YjJkNjM1MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKb9IgK1Ax93hnEYUxyuTJeboT7SVKWItP0XJ4VpLnt+xF0oJ/DRKUGbdKKD
cl/METxXY7hUW5j/WYoXJCLkxXk0U83xBbuVAu9ux7y9FTo8PdvffGRaGStPvyNl
Nqc27189VXlpL9wz5ZFq/nROwzA9y709l32L0BFnxIIhI6WuQk45Mf73uJzI/qZM
5J3cMhLCQxrh/YIP3y9Zrdb9YPvKD46iP2fElNwtWFbLmgHNqdVguxpL8li7ygN4
c8OdNnr4PLSaMVpEcL+BH6tSTkBihzAPjpMW42djkimnhih07WefaH1iGolqIZVx
FrcVDLCSWcHRkdsqQToyWyL99WsCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBTVaJEj
xjFePJaLWHPD1tv+121XvTAfBgNVHSMEGDAWgBTfdZta89psnfAzsN6ZiXCk55ZV
0DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzMzV2JXdlBh
Ykozd003RGVtWWx3cE9lV1ZkQS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9mZTM3MzdmYi0wOTVkLTQ0NGMtOTJmNC0zZjcyMjFmYjU0NGMv
Y2RmNjA3ZmItZGFmMC00NzY3LWI0N2ItNGE4YzMyNjZjNjgxLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZmUzNzM3ZmItMDk1ZC00NDRjLTkyZjQtM2Y3MjIxZmI1
NDRjLzBYRTV0WlZ5dUdlYUFfaDctMXFCcDdhWTRTby5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGAiABP8GM
MA0GCSqGSIb3DQEBCwUAA4IBAQCcChzdni/l64dGyBIs8BGzUZGtaq/BrSzDTCpa
HdIgWTF+oUrLFqHzKuuTRz+Legz8A4lCxU/XNFSIw/kL23veCykTvNVKLT5rQhik
8/KB9I/pY2APFkyHCIDNQnwCTUXdcwXsRQfbin6qlycPIntOXX4S8Q3crYjzi/gP
aFFWLXGE8gYslJl4sZ8jC+REiR6ODyPH0VoG1NnKhNELJ7uiA1MjbEObr8bNcuNJ
rGJRosz3DmYtdLBLJ1R49KSiWSfG1eO/Ku4XmhxdFtqWAHadFD5KrkGLqeQ2ZfM4
vWZUYembL/tSO95gmVbp+CxPuPnZ2toN+Y3DcoZnQuEhGHqi
-----END CERTIFICATE-----
Generated at Tue May 12 22:01:02 2026 by rpki-client