Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/d3861b82-61e2-49b9-b47f-b22209774f28.roa
File: d3861b82-61e2-49b9-b47f-b22209774f28.roa (raw, json)
Hash identifier: pucYxbuyMK6QZVLkIh/1Wq5drSBAG0JdNuOPdHGs7bA=
Subject key identifier: FD:67:52:87:1F:64:46:26:38:5C:71:85:89:69:5A:D8:B9:2B:D9:AF
Certificate issuer: /CN=df759b5af3da6c9df033b0de998970a4e79655d0
Certificate serial: 0E927CD478187B6E130B6BF6CDF4506C6FE0B83A
Authority key identifier: DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/d3861b82-61e2-49b9-b47f-b22209774f28.roa
Signing time: Mon 11 May 2026 01:40:13 +0000
ROA not before: Mon 11 May 2026 01:40:13 +0000
ROA not after: Sun 09 Aug 2026 23:59:59 +0000
asID: 16509
IP address blocks: 2001:3fc7:f800::/40 maxlen: 40
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.mft
rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 13 May 2026 14:18:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
0e:92:7c:d4:78:18:7b:6e:13:0b:6b:f6:cd:f4:50:6c:6f:e0:b8:3a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=df759b5af3da6c9df033b0de998970a4e79655d0
Validity
Not Before: May 11 01:40:13 2026 GMT
Not After : Aug 9 23:59:59 2026 GMT
Subject: serialNumber=f6cfdb23666f13787b871ebbd5694043375db0806fcf233e75f10207d2ac1313, CN=98d67deb-bb75-4e77-b1a0-36016b2d6350
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b8:ac:b1:c2:02:7d:c0:ad:df:f5:c6:d1:0d:b7:
6c:7a:b3:42:dd:33:6b:10:9e:07:aa:3d:d4:21:ae:
f3:21:c2:0a:e6:c8:1f:f5:e7:31:1f:0f:76:9e:b9:
ee:ec:32:21:1b:a6:a3:a6:20:75:6d:5e:84:c1:e6:
96:39:f7:fd:bb:6a:51:d3:82:f2:fd:6b:1c:c4:9b:
d0:0a:25:ae:ca:c5:ea:c6:46:4c:d4:70:80:fd:de:
f8:2c:4c:14:a2:c0:09:bc:e7:6b:f4:ae:cc:bb:10:
e0:c3:12:24:1e:81:bd:23:ef:37:a6:48:2c:dc:6c:
03:e1:16:fd:f1:70:cf:f9:05:20:ea:39:03:2b:10:
4b:fd:42:3b:41:c9:3b:6b:20:3f:49:1b:a4:d9:2c:
6a:9b:62:19:c0:a0:29:25:49:5c:49:cb:8b:27:dc:
66:d3:2e:e2:97:fa:97:dc:45:bb:9e:b3:4b:20:f4:
94:50:2b:d5:82:da:22:30:3b:d3:0f:f0:25:f6:f3:
fe:79:c7:9f:f7:55:f9:23:8f:d6:ea:7f:42:4f:b1:
c8:a5:67:75:42:93:c1:d0:02:03:3f:a1:fe:71:1a:
e9:59:3a:80:a4:e5:df:d6:13:d2:46:90:41:b8:95:
e0:f8:e2:d4:67:df:be:38:29:d6:e4:b8:73:81:70:
3e:a3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FD:67:52:87:1F:64:46:26:38:5C:71:85:89:69:5A:D8:B9:2B:D9:AF
X509v3 Authority Key Identifier:
keyid:DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/d3861b82-61e2-49b9-b47f-b22209774f28.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:3fc7:f800::/40
Signature Algorithm: sha256WithRSAEncryption
77:28:f2:83:85:af:a9:8f:9b:2a:e2:7b:2b:0c:02:4e:01:92:
8e:67:e5:7b:d2:ab:86:6e:4e:5d:fc:5e:97:1f:a5:19:df:69:
2a:09:cf:a7:69:97:60:34:c4:9e:aa:10:55:d8:42:7a:66:e2:
a4:1d:b5:f2:79:34:cd:33:ef:be:b6:4a:a7:e1:ba:30:78:d2:
f3:0f:62:cb:bd:6f:d6:11:b4:09:21:63:85:21:ec:e7:ac:78:
a5:28:a8:18:04:6d:ac:b5:f6:15:1b:e8:61:1f:45:d3:cd:a7:
54:00:b7:84:bf:f1:b1:f2:f3:ce:a5:ee:61:8c:61:5d:30:88:
7c:c3:54:06:c9:80:6c:77:f5:ac:ac:4b:94:c6:c0:9a:6f:2e:
64:48:8b:99:38:b5:82:46:58:c8:35:4f:38:a3:a6:cd:17:79:
e9:34:45:d6:92:29:64:01:0a:c1:a5:17:c7:d0:dc:42:ea:f4:
95:0b:3e:0d:34:8a:f2:5c:be:52:68:dd:3a:0b:38:44:db:30:
92:f6:38:d1:43:90:9b:97:c5:e1:b6:4a:02:8a:bb:ee:a5:dd:
bb:b3:cb:de:15:f0:3d:ec:35:dd:2e:f6:5d:f6:8e:28:14:70:
16:d5:15:26:9a:aa:09:93:79:72:4e:02:da:05:ea:7d:78:48:
7a:eb:2c:a2
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUDpJ81HgYe24TC2v2zfRQbG/guDowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGY3NTliNWFmM2RhNmM5ZGYwMzNiMGRlOTk4OTcwYTRl
Nzk2NTVkMDAeFw0yNjA1MTEwMTQwMTNaFw0yNjA4MDkyMzU5NTlaMHoxSTBHBgNV
BAUTQGY2Y2ZkYjIzNjY2ZjEzNzg3Yjg3MWViYmQ1Njk0MDQzMzc1ZGIwODA2ZmNm
MjMzZTc1ZjEwMjA3ZDJhYzEzMTMxLTArBgNVBAMTJDk4ZDY3ZGViLWJiNzUtNGU3
Ny1iMWEwLTM2MDE2YjJkNjM1MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALisscICfcCt3/XG0Q23bHqzQt0zaxCeB6o91CGu8yHCCubIH/XnMR8Pdp65
7uwyIRumo6YgdW1ehMHmljn3/btqUdOC8v1rHMSb0AolrsrF6sZGTNRwgP3e+CxM
FKLACbzna/SuzLsQ4MMSJB6BvSPvN6ZILNxsA+EW/fFwz/kFIOo5AysQS/1CO0HJ
O2sgP0kbpNksaptiGcCgKSVJXEnLiyfcZtMu4pf6l9xFu56zSyD0lFAr1YLaIjA7
0w/wJfbz/nnHn/dV+SOP1up/Qk+xyKVndUKTwdACAz+h/nEa6Vk6gKTl39YT0kaQ
QbiV4Pji1Gffvjgp1uS4c4FwPqMCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBT9Z1KH
H2RGJjhccYWJaVrYuSvZrzAfBgNVHSMEGDAWgBTfdZta89psnfAzsN6ZiXCk55ZV
0DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzMzV2JXdlBh
Ykozd003RGVtWWx3cE9lV1ZkQS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9mZTM3MzdmYi0wOTVkLTQ0NGMtOTJmNC0zZjcyMjFmYjU0NGMv
ZDM4NjFiODItNjFlMi00OWI5LWI0N2YtYjIyMjA5Nzc0ZjI4LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZmUzNzM3ZmItMDk1ZC00NDRjLTkyZjQtM2Y3MjIxZmI1
NDRjLzBYRTV0WlZ5dUdlYUFfaDctMXFCcDdhWTRTby5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACABP8f4
MA0GCSqGSIb3DQEBCwUAA4IBAQB3KPKDha+pj5sq4nsrDAJOAZKOZ+V70quGbk5d
/F6XH6UZ32kqCc+naZdgNMSeqhBV2EJ6ZuKkHbXyeTTNM+++tkqn4boweNLzD2LL
vW/WEbQJIWOFIeznrHilKKgYBG2stfYVG+hhH0XTzadUALeEv/Gx8vPOpe5hjGFd
MIh8w1QGyYBsd/WsrEuUxsCaby5kSIuZOLWCRljINU84o6bNF3npNEXWkilkAQrB
pRfH0NxC6vSVCz4NNIryXL5SaN06CzhE2zCS9jjRQ5Cbl8XhtkoCirvupd27s8ve
FfA97DXdLvZd9o4oFHAW1RUmmqoJk3lyTgLaBep9eEh66yyi
-----END CERTIFICATE-----
Generated at Tue May 12 22:18:19 2026 by rpki-client