Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/d5d13f03-51e3-4e02-981f-1c9a02e38524.roa
File: d5d13f03-51e3-4e02-981f-1c9a02e38524.roa (raw, json)
Hash identifier: OypJpFruJ0Bra0gkYrtKY5cLH4yVlSAL41Vjgiy69LA=
Subject key identifier: F9:B2:3F:59:ED:FF:8A:89:B4:20:D9:81:D7:99:93:D2:7F:E2:DD:8D
Certificate issuer: /CN=df759b5af3da6c9df033b0de998970a4e79655d0
Certificate serial: 098D1FC1C35789C119C98666D79A4E82C61F6776
Authority key identifier: DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/d5d13f03-51e3-4e02-981f-1c9a02e38524.roa
Signing time: Mon 11 May 2026 01:40:12 +0000
ROA not before: Mon 11 May 2026 01:40:12 +0000
ROA not after: Sun 09 Aug 2026 23:59:59 +0000
asID: 16509
IP address blocks: 2001:3fc7:5000::/36 maxlen: 36
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.mft
rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 13 May 2026 14:18:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
09:8d:1f:c1:c3:57:89:c1:19:c9:86:66:d7:9a:4e:82:c6:1f:67:76
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=df759b5af3da6c9df033b0de998970a4e79655d0
Validity
Not Before: May 11 01:40:12 2026 GMT
Not After : Aug 9 23:59:59 2026 GMT
Subject: serialNumber=6e00bc2dbc93797766db3797a41d08e885a94fbea150078f256dd8af0ac049d8, CN=98d67deb-bb75-4e77-b1a0-36016b2d6350
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b5:54:c6:ed:f3:d7:3b:aa:d3:d4:56:f6:6a:09:
a5:19:bb:21:06:c9:94:b6:01:41:4f:8b:de:84:33:
0c:2d:a4:fa:2a:0d:82:89:4b:f8:8e:05:65:75:d8:
fe:2f:da:23:2b:7d:09:92:71:ee:eb:6d:97:0e:a0:
91:86:25:ab:67:ef:86:41:7c:b3:65:ba:95:77:05:
35:f7:a6:78:3b:08:29:87:8a:90:52:84:a4:31:f5:
c2:57:9f:ab:76:d0:67:ab:f8:91:b2:13:9b:07:a8:
ad:3c:59:d8:34:19:52:6d:75:5a:be:f3:80:59:77:
7e:9e:8a:d3:6a:0c:a5:54:32:ee:f1:05:2e:c7:07:
49:04:fb:88:f4:a2:19:b9:6c:72:64:47:1b:c6:df:
6e:23:94:f3:fe:ce:78:4c:fb:fd:db:56:2e:11:e8:
11:ae:f8:fd:ac:d8:9f:81:4d:e4:c3:0b:04:c8:0e:
45:7d:dc:27:40:54:dc:09:2a:45:5d:fa:ad:17:44:
20:ae:66:4b:f8:e4:36:7f:b3:40:9e:4b:91:4b:8f:
f5:93:92:51:b3:7e:d0:86:01:13:21:f2:91:52:de:
1a:f7:f1:c8:1a:25:b8:6e:39:45:c8:ba:79:b2:80:
52:9e:e7:44:56:89:ad:04:f3:27:39:63:a0:04:a5:
76:fb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F9:B2:3F:59:ED:FF:8A:89:B4:20:D9:81:D7:99:93:D2:7F:E2:DD:8D
X509v3 Authority Key Identifier:
keyid:DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/d5d13f03-51e3-4e02-981f-1c9a02e38524.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:3fc7:5000::/36
Signature Algorithm: sha256WithRSAEncryption
1a:d9:55:d6:c2:f8:5a:7a:51:45:ec:88:95:02:5d:cf:44:c0:
63:ba:af:9d:63:61:fc:f1:27:f8:e2:23:22:57:cb:57:26:e2:
d4:9a:7a:c8:2c:ac:95:6e:0d:b3:38:ae:2b:fc:c6:b8:ec:32:
55:2a:9e:ce:ae:5c:ef:ef:49:fe:ee:94:6e:41:eb:f5:c3:12:
50:a8:da:71:f4:bf:3a:b1:c9:92:96:50:20:51:31:6b:b9:c4:
19:60:a5:f4:61:2d:96:88:dc:87:91:ae:0b:82:6b:19:34:e1:
20:08:f5:50:a3:bb:47:8e:ce:08:c5:a1:0e:c4:23:20:bd:0e:
b9:95:7b:9e:2a:b8:8a:62:5c:61:ff:59:b9:c8:5d:bd:14:93:
21:6d:d7:80:df:4b:c6:67:bd:3e:ec:23:bf:09:06:73:4a:d3:
4a:15:28:cf:fd:d3:5d:79:8f:04:e6:14:bc:fe:83:78:50:fa:
35:d8:04:dd:fb:79:20:81:26:12:13:4e:e0:98:5b:dd:eb:82:
78:8d:67:de:56:98:71:76:ef:df:d5:40:15:8b:7a:a0:d8:e5:
d8:5d:3a:dd:56:ef:50:61:ba:e5:f7:bb:73:83:35:9b:f8:b7:
ea:84:00:de:61:57:95:60:8b:37:10:8f:bf:6c:e5:13:b7:89:
ea:11:ae:0e
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUCY0fwcNXicEZyYZm15pOgsYfZ3YwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGY3NTliNWFmM2RhNmM5ZGYwMzNiMGRlOTk4OTcwYTRl
Nzk2NTVkMDAeFw0yNjA1MTEwMTQwMTJaFw0yNjA4MDkyMzU5NTlaMHoxSTBHBgNV
BAUTQDZlMDBiYzJkYmM5Mzc5Nzc2NmRiMzc5N2E0MWQwOGU4ODVhOTRmYmVhMTUw
MDc4ZjI1NmRkOGFmMGFjMDQ5ZDgxLTArBgNVBAMTJDk4ZDY3ZGViLWJiNzUtNGU3
Ny1iMWEwLTM2MDE2YjJkNjM1MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALVUxu3z1zuq09RW9moJpRm7IQbJlLYBQU+L3oQzDC2k+ioNgolL+I4FZXXY
/i/aIyt9CZJx7uttlw6gkYYlq2fvhkF8s2W6lXcFNfemeDsIKYeKkFKEpDH1wlef
q3bQZ6v4kbITmweorTxZ2DQZUm11Wr7zgFl3fp6K02oMpVQy7vEFLscHSQT7iPSi
GblscmRHG8bfbiOU8/7OeEz7/dtWLhHoEa74/azYn4FN5MMLBMgORX3cJ0BU3Akq
RV36rRdEIK5mS/jkNn+zQJ5LkUuP9ZOSUbN+0IYBEyHykVLeGvfxyBoluG45Rci6
ebKAUp7nRFaJrQTzJzljoASldvsCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBT5sj9Z
7f+KibQg2YHXmZPSf+LdjTAfBgNVHSMEGDAWgBTfdZta89psnfAzsN6ZiXCk55ZV
0DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzMzV2JXdlBh
Ykozd003RGVtWWx3cE9lV1ZkQS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9mZTM3MzdmYi0wOTVkLTQ0NGMtOTJmNC0zZjcyMjFmYjU0NGMv
ZDVkMTNmMDMtNTFlMy00ZTAyLTk4MWYtMWM5YTAyZTM4NTI0LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZmUzNzM3ZmItMDk1ZC00NDRjLTkyZjQtM2Y3MjIxZmI1
NDRjLzBYRTV0WlZ5dUdlYUFfaDctMXFCcDdhWTRTby5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGBCABP8dQ
MA0GCSqGSIb3DQEBCwUAA4IBAQAa2VXWwvhaelFF7IiVAl3PRMBjuq+dY2H88Sf4
4iMiV8tXJuLUmnrILKyVbg2zOK4r/Ma47DJVKp7Orlzv70n+7pRuQev1wxJQqNpx
9L86scmSllAgUTFrucQZYKX0YS2WiNyHka4LgmsZNOEgCPVQo7tHjs4IxaEOxCMg
vQ65lXueKriKYlxh/1m5yF29FJMhbdeA30vGZ70+7CO/CQZzStNKFSjP/dNdeY8E
5hS8/oN4UPo12ATd+3kggSYSE07gmFvd64J4jWfeVphxdu/f1UAVi3qg2OXYXTrd
Vu9QYbrl97tzgzWb+LfqhADeYVeVYIs3EI+/bOUTt4nqEa4O
-----END CERTIFICATE-----
Generated at Tue May 12 22:12:06 2026 by rpki-client