Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/ef2e1fb6-d368-45de-866d-0e09f49b5eef.roa
File: ef2e1fb6-d368-45de-866d-0e09f49b5eef.roa (raw, json)
Hash identifier: 8GWqAZVuqCYpqateBZ7NGXgrNnGdWQoiGaKvyAQQk8g=
Subject key identifier: 32:4F:A2:64:AD:CA:B3:1D:05:59:8D:E6:AA:DB:F6:76:DF:21:CD:3A
Certificate issuer: /CN=df759b5af3da6c9df033b0de998970a4e79655d0
Certificate serial: 22DD2B0B623483DF80C4A4D7CA815DA00A898ABB
Authority key identifier: DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/ef2e1fb6-d368-45de-866d-0e09f49b5eef.roa
Signing time: Mon 11 May 2026 01:40:58 +0000
ROA not before: Mon 11 May 2026 01:40:58 +0000
ROA not after: Sun 09 Aug 2026 23:59:59 +0000
asID: 16509
IP address blocks: 2001:3fc0::/36 maxlen: 36
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.mft
rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 13 May 2026 14:18:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
22:dd:2b:0b:62:34:83:df:80:c4:a4:d7:ca:81:5d:a0:0a:89:8a:bb
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=df759b5af3da6c9df033b0de998970a4e79655d0
Validity
Not Before: May 11 01:40:58 2026 GMT
Not After : Aug 9 23:59:59 2026 GMT
Subject: serialNumber=70cc7c249a76a8453529d073a8cd27f4e1f90610c7d3561b4e6d0ed530f1554c, CN=98d67deb-bb75-4e77-b1a0-36016b2d6350
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ca:20:a9:21:56:c0:78:32:3f:af:8f:63:60:d2:
42:d1:8c:bb:a8:91:a2:7d:50:d6:64:2c:45:9d:70:
59:8a:ae:ab:20:93:40:08:9b:b1:d0:07:88:61:69:
67:66:b8:58:b3:fd:79:ee:12:fd:f1:0f:97:8a:c8:
3a:a0:02:eb:f0:92:33:92:2d:7c:ff:2d:91:79:31:
32:7e:6d:c4:7b:1a:df:6b:b9:4c:ea:37:9b:b1:cd:
c4:d0:81:7f:61:83:9a:10:46:fe:df:2c:4f:7e:82:
81:8c:d2:7b:1d:7a:cf:dd:d9:04:cc:f8:ff:f5:dd:
0c:64:9f:80:2a:fe:7f:98:37:39:46:0a:77:ad:68:
2d:88:cf:0d:a9:48:e3:1d:b9:10:10:11:2e:3b:83:
ee:2b:48:64:c7:42:42:8e:72:71:d6:b0:ea:6a:4d:
a8:a0:1b:a1:3f:02:4e:76:41:53:bb:d5:6a:82:9a:
c3:1e:1b:3d:51:a7:1e:df:f8:ed:48:d5:78:56:03:
9a:00:9a:f7:7e:45:53:1e:c6:25:1f:f8:f3:af:5b:
a9:2a:18:96:4e:c1:df:c0:db:49:84:42:ad:ef:14:
57:e8:2c:99:72:63:fe:2c:88:03:bd:f9:31:27:d3:
b9:21:e3:55:d4:83:a9:e4:83:67:ce:de:b5:31:52:
c7:c1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
32:4F:A2:64:AD:CA:B3:1D:05:59:8D:E6:AA:DB:F6:76:DF:21:CD:3A
X509v3 Authority Key Identifier:
keyid:DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/ef2e1fb6-d368-45de-866d-0e09f49b5eef.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:3fc0::/36
Signature Algorithm: sha256WithRSAEncryption
2d:32:19:0d:88:77:bc:6a:6a:43:e9:00:4c:1e:8e:21:41:5e:
f7:d6:ae:8f:f0:df:5f:b3:c0:96:eb:40:c6:14:b6:33:2f:d6:
0f:d1:54:ec:f2:1e:b6:96:3d:4b:e6:56:52:4c:73:2d:10:8f:
ea:eb:56:8c:04:9e:21:bb:06:67:19:6e:96:1f:00:66:e9:85:
68:00:28:cf:87:f4:c3:ff:3a:a1:94:31:a2:e4:06:d0:47:cd:
95:85:f5:33:54:d9:77:ed:e4:68:63:ee:c4:b7:bc:df:4b:5b:
ce:21:ab:c6:2e:7f:08:33:01:d6:39:5f:4a:03:a4:23:98:c8:
79:69:e8:a2:e7:05:c3:76:2f:15:8c:38:78:1a:fc:ad:d3:66:
64:c4:9c:8d:7f:2d:f0:65:78:10:36:2e:77:42:00:37:65:a7:
8e:71:e5:b8:09:cc:f2:5d:a7:9c:44:d6:03:bc:15:01:ac:c9:
04:ab:69:5f:6a:b8:09:6a:57:8b:df:d7:4c:ee:b8:1f:85:92:
0c:e8:11:35:44:15:78:5e:73:f2:04:d4:24:cf:c7:01:9a:45:
10:73:68:9c:2e:f5:bb:d3:c2:33:fd:ca:a1:e1:63:b3:db:80:
8d:45:ee:48:fa:8d:59:86:2b:b8:e9:9f:cf:71:b8:87:cd:be:
05:21:9f:33
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUIt0rC2I0g9+AxKTXyoFdoAqJirswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGY3NTliNWFmM2RhNmM5ZGYwMzNiMGRlOTk4OTcwYTRl
Nzk2NTVkMDAeFw0yNjA1MTEwMTQwNThaFw0yNjA4MDkyMzU5NTlaMHoxSTBHBgNV
BAUTQDcwY2M3YzI0OWE3NmE4NDUzNTI5ZDA3M2E4Y2QyN2Y0ZTFmOTA2MTBjN2Qz
NTYxYjRlNmQwZWQ1MzBmMTU1NGMxLTArBgNVBAMTJDk4ZDY3ZGViLWJiNzUtNGU3
Ny1iMWEwLTM2MDE2YjJkNjM1MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMogqSFWwHgyP6+PY2DSQtGMu6iRon1Q1mQsRZ1wWYquqyCTQAibsdAHiGFp
Z2a4WLP9ee4S/fEPl4rIOqAC6/CSM5ItfP8tkXkxMn5txHsa32u5TOo3m7HNxNCB
f2GDmhBG/t8sT36CgYzSex16z93ZBMz4//XdDGSfgCr+f5g3OUYKd61oLYjPDalI
4x25EBARLjuD7itIZMdCQo5ycdaw6mpNqKAboT8CTnZBU7vVaoKawx4bPVGnHt/4
7UjVeFYDmgCa935FUx7GJR/4869bqSoYlk7B38DbSYRCre8UV+gsmXJj/iyIA735
MSfTuSHjVdSDqeSDZ87etTFSx8ECAwEAAaOCAiMwggIfMB0GA1UdDgQWBBQyT6Jk
rcqzHQVZjeaq2/Z23yHNOjAfBgNVHSMEGDAWgBTfdZta89psnfAzsN6ZiXCk55ZV
0DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzMzV2JXdlBh
Ykozd003RGVtWWx3cE9lV1ZkQS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9mZTM3MzdmYi0wOTVkLTQ0NGMtOTJmNC0zZjcyMjFmYjU0NGMv
ZWYyZTFmYjYtZDM2OC00NWRlLTg2NmQtMGUwOWY0OWI1ZWVmLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZmUzNzM3ZmItMDk1ZC00NDRjLTkyZjQtM2Y3MjIxZmI1
NDRjLzBYRTV0WlZ5dUdlYUFfaDctMXFCcDdhWTRTby5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGBCABP8AA
MA0GCSqGSIb3DQEBCwUAA4IBAQAtMhkNiHe8ampD6QBMHo4hQV731q6P8N9fs8CW
60DGFLYzL9YP0VTs8h62lj1L5lZSTHMtEI/q61aMBJ4huwZnGW6WHwBm6YVoACjP
h/TD/zqhlDGi5AbQR82VhfUzVNl37eRoY+7Et7zfS1vOIavGLn8IMwHWOV9KA6Qj
mMh5aeii5wXDdi8VjDh4Gvyt02ZkxJyNfy3wZXgQNi53QgA3ZaeOceW4CczyXaec
RNYDvBUBrMkEq2lfargJaleL39dM7rgfhZIM6BE1RBV4XnPyBNQkz8cBmkUQc2ic
LvW708Iz/cqh4WOz24CNRe5I+o1Zhiu46Z/PcbiHzb4FIZ8z
-----END CERTIFICATE-----
Generated at Tue May 12 22:00:33 2026 by rpki-client