Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/ecfac2f3-79d5-4611-9977-14a354495dc8.roa
File: ecfac2f3-79d5-4611-9977-14a354495dc8.roa (raw, json)
Hash identifier: EsNofan4uYxwzZ7OkzV41BFFoV5PSxUFRyEWbszllFU=
Subject key identifier: 0D:A7:BC:BB:7A:88:C7:59:94:F5:13:6C:4A:FC:84:55:24:66:AA:15
Certificate issuer: /CN=df759b5af3da6c9df033b0de998970a4e79655d0
Certificate serial: 52065D3F6D5774EB063F15BF106C305C7849A619
Authority key identifier: DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/ecfac2f3-79d5-4611-9977-14a354495dc8.roa
Signing time: Mon 11 May 2026 01:40:36 +0000
ROA not before: Mon 11 May 2026 01:40:36 +0000
ROA not after: Sun 09 Aug 2026 23:59:59 +0000
asID: 16509
IP address blocks: 2001:3fc0::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.mft
rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 13 May 2026 14:18:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
52:06:5d:3f:6d:57:74:eb:06:3f:15:bf:10:6c:30:5c:78:49:a6:19
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=df759b5af3da6c9df033b0de998970a4e79655d0
Validity
Not Before: May 11 01:40:36 2026 GMT
Not After : Aug 9 23:59:59 2026 GMT
Subject: serialNumber=ab0f13457306bf3af154e74c92b25a6cf0d72207aa8d78431e58b9b9a775a6bb, CN=98d67deb-bb75-4e77-b1a0-36016b2d6350
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d3:52:99:89:ae:60:db:0b:30:54:5d:a7:35:6d:
7c:be:2a:8a:a5:d0:8d:42:b9:82:5e:54:c4:72:0c:
39:d7:fe:ed:33:34:f2:c2:d5:e0:80:82:9c:49:f9:
3f:c6:14:57:ef:a8:09:f3:55:b4:3c:32:95:33:ef:
cb:cf:b0:e1:bc:2c:e5:b4:a1:1d:4f:36:00:50:f5:
95:86:bb:3d:3e:d6:89:d3:9f:c0:e6:8d:a7:9d:fe:
db:e3:55:9d:ce:0b:4b:03:1a:bb:41:bf:34:81:91:
7e:c0:20:6b:88:c5:7c:39:b4:bc:cf:2a:ba:e9:48:
1e:21:61:9d:a3:0b:e3:b7:c2:3b:ba:a1:59:f5:59:
fe:af:40:7a:39:23:de:ca:a2:79:53:c1:11:ec:3f:
f5:1e:cf:80:05:7a:6b:1b:d5:d9:d7:73:14:2b:41:
95:f9:5a:04:0d:bb:40:2b:c0:84:81:7f:9e:14:02:
fe:69:27:85:ad:86:0d:10:19:16:d2:83:ea:9b:ed:
fd:16:85:34:f4:8a:a7:44:7e:69:db:59:4c:1e:84:
41:22:fb:eb:ee:77:48:37:18:0d:d0:84:7b:07:3a:
5b:e2:a8:49:17:f7:21:e4:a3:ee:a1:57:53:1f:9e:
97:62:3a:c8:a9:e4:7a:86:cb:2c:4b:42:af:fb:bb:
7e:47
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0D:A7:BC:BB:7A:88:C7:59:94:F5:13:6C:4A:FC:84:55:24:66:AA:15
X509v3 Authority Key Identifier:
keyid:DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/ecfac2f3-79d5-4611-9977-14a354495dc8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:3fc0::/29
Signature Algorithm: sha256WithRSAEncryption
61:c4:ca:89:cd:9a:57:eb:1d:fb:68:22:ef:af:4b:45:7f:ae:
9a:58:ac:be:71:7b:93:e3:df:11:18:2a:4c:39:3d:c5:e4:d7:
ea:a4:72:50:1c:84:a5:12:fc:3b:a2:00:a8:22:e5:26:88:f1:
e9:4a:ad:d4:e2:6e:19:1b:25:1a:4e:0f:2b:ea:8d:cd:ed:3f:
5e:5c:c8:40:89:6d:94:bc:ff:49:44:1b:ee:a9:4b:32:a5:e1:
ce:ed:64:f4:c0:30:65:09:2f:2d:48:0d:65:ff:d8:49:2c:65:
6d:da:49:eb:fd:d3:13:3c:90:d0:54:39:33:d3:68:f2:d0:2c:
53:ca:4c:7a:28:20:94:ac:f2:b7:2c:fd:77:f9:d0:16:b6:13:
07:4e:b6:06:dc:12:53:44:be:9a:65:d8:8b:52:25:21:cf:a2:
f5:c6:30:51:47:8b:91:ff:d9:25:77:04:32:6a:0a:6b:54:c3:
3b:6e:de:9c:a7:a5:78:a5:1e:ed:9a:73:28:1f:d7:ce:5a:29:
80:d6:25:a3:88:11:b4:c1:5c:47:62:f2:e1:01:ca:b2:c6:37:
0a:53:8a:60:2c:b2:61:89:e0:4a:50:75:9b:0a:da:08:92:cd:
fe:19:aa:0f:d0:b0:5e:0d:b8:20:45:7a:f1:af:db:f6:15:a0:
92:20:c1:98
-----BEGIN CERTIFICATE-----
MIIFXzCCBEegAwIBAgIUUgZdP21XdOsGPxW/EGwwXHhJphkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGY3NTliNWFmM2RhNmM5ZGYwMzNiMGRlOTk4OTcwYTRl
Nzk2NTVkMDAeFw0yNjA1MTEwMTQwMzZaFw0yNjA4MDkyMzU5NTlaMHoxSTBHBgNV
BAUTQGFiMGYxMzQ1NzMwNmJmM2FmMTU0ZTc0YzkyYjI1YTZjZjBkNzIyMDdhYThk
Nzg0MzFlNThiOWI5YTc3NWE2YmIxLTArBgNVBAMTJDk4ZDY3ZGViLWJiNzUtNGU3
Ny1iMWEwLTM2MDE2YjJkNjM1MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANNSmYmuYNsLMFRdpzVtfL4qiqXQjUK5gl5UxHIMOdf+7TM08sLV4ICCnEn5
P8YUV++oCfNVtDwylTPvy8+w4bws5bShHU82AFD1lYa7PT7WidOfwOaNp53+2+NV
nc4LSwMau0G/NIGRfsAga4jFfDm0vM8quulIHiFhnaML47fCO7qhWfVZ/q9Aejkj
3sqieVPBEew/9R7PgAV6axvV2ddzFCtBlflaBA27QCvAhIF/nhQC/mknha2GDRAZ
FtKD6pvt/RaFNPSKp0R+adtZTB6EQSL76+53SDcYDdCEewc6W+KoSRf3IeSj7qFX
Ux+el2I6yKnkeobLLEtCr/u7fkcCAwEAAaOCAiIwggIeMB0GA1UdDgQWBBQNp7y7
eojHWZT1E2xK/IRVJGaqFTAfBgNVHSMEGDAWgBTfdZta89psnfAzsN6ZiXCk55ZV
0DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzMzV2JXdlBh
Ykozd003RGVtWWx3cE9lV1ZkQS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9mZTM3MzdmYi0wOTVkLTQ0NGMtOTJmNC0zZjcyMjFmYjU0NGMv
ZWNmYWMyZjMtNzlkNS00NjExLTk5NzctMTRhMzU0NDk1ZGM4LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZmUzNzM3ZmItMDk1ZC00NDRjLTkyZjQtM2Y3MjIxZmI1
NDRjLzBYRTV0WlZ5dUdlYUFfaDctMXFCcDdhWTRTby5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFAyABP8Aw
DQYJKoZIhvcNAQELBQADggEBAGHEyonNmlfrHftoIu+vS0V/rppYrL5xe5Pj3xEY
Kkw5PcXk1+qkclAchKUS/DuiAKgi5SaI8elKrdTibhkbJRpODyvqjc3tP15cyECJ
bZS8/0lEG+6pSzKl4c7tZPTAMGUJLy1IDWX/2EksZW3aSev90xM8kNBUOTPTaPLQ
LFPKTHooIJSs8rcs/Xf50Ba2EwdOtgbcElNEvppl2ItSJSHPovXGMFFHi5H/2SV3
BDJqCmtUwztu3pynpXilHu2acygf185aKYDWJaOIEbTBXEdi8uEByrLGNwpTimAs
smGJ4EpQdZsK2giSzf4Zqg/QsF4NuCBFevGv2/YVoJIgwZg=
-----END CERTIFICATE-----
Generated at Tue May 12 22:01:16 2026 by rpki-client