Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/f1ac118e-e6d3-4c1a-be43-c76f57238339.roa
File: f1ac118e-e6d3-4c1a-be43-c76f57238339.roa (raw, json)
Hash identifier: eJliFW0v/NrA3ZEUDIXOeEAlp8u3mm1zrUjMDrxH4Gg=
Subject key identifier: B7:F3:CC:A5:94:BF:AB:29:F8:BF:67:BE:92:BA:B9:55:45:A1:B9:37
Certificate issuer: /CN=df759b5af3da6c9df033b0de998970a4e79655d0
Certificate serial: 5DC3D88C5165F1AD64AF773E70247F3059ECD21B
Authority key identifier: DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/f1ac118e-e6d3-4c1a-be43-c76f57238339.roa
Signing time: Mon 11 May 2026 01:30:13 +0000
ROA not before: Mon 11 May 2026 01:30:13 +0000
ROA not after: Sun 09 Aug 2026 23:59:59 +0000
asID: 14618
IP address blocks: 2001:3fc5:9800::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.mft
rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 13 May 2026 14:18:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
5d:c3:d8:8c:51:65:f1:ad:64:af:77:3e:70:24:7f:30:59:ec:d2:1b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=df759b5af3da6c9df033b0de998970a4e79655d0
Validity
Not Before: May 11 01:30:13 2026 GMT
Not After : Aug 9 23:59:59 2026 GMT
Subject: serialNumber=9736c52e288e06585c6b1648bcd777670ccb2379aa471cd80ee00da65aeb914d, CN=98d67deb-bb75-4e77-b1a0-36016b2d6350
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bc:3c:f4:65:5f:cd:15:b9:b4:d0:cb:b3:03:1d:
4c:78:9c:0d:28:7a:73:4e:08:7f:fe:9e:52:d4:5a:
be:ef:d0:a1:fa:87:59:6e:e2:f2:1e:ea:0c:dc:25:
1a:3c:6b:60:47:c9:5f:6f:76:3d:9d:9d:e4:9d:9d:
d8:6c:86:b4:fc:87:63:c6:27:43:92:6b:88:be:19:
a7:7f:1d:22:e1:60:11:53:f6:ae:2e:c8:6e:79:58:
50:93:a2:93:46:de:76:e8:7b:b6:b7:74:45:b5:10:
2a:db:88:a9:01:8a:42:83:4d:37:fa:0b:7c:dd:33:
8d:b8:fa:88:5b:c4:fe:d9:7d:db:37:b4:ea:5a:bc:
32:f4:37:15:83:92:e4:70:a1:dc:7c:14:0e:ec:f8:
94:d1:ce:c0:a4:5e:66:31:b3:52:17:d5:72:28:01:
a2:a9:31:88:8f:80:e6:68:03:0d:fd:07:3b:35:57:
ee:73:d3:08:7a:57:ff:1c:8a:a2:a8:5f:1e:d2:b9:
68:31:a4:b4:8c:a6:f1:ed:6f:1a:67:35:02:a1:de:
bd:c3:c9:29:d3:fb:de:be:74:d4:b3:b6:5b:cf:57:
1e:7c:dd:af:5d:7d:dc:33:ab:55:6d:42:ee:a0:79:
95:45:d5:4b:ff:ae:99:c4:a4:d8:75:28:f2:c6:ee:
84:d3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B7:F3:CC:A5:94:BF:AB:29:F8:BF:67:BE:92:BA:B9:55:45:A1:B9:37
X509v3 Authority Key Identifier:
keyid:DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/f1ac118e-e6d3-4c1a-be43-c76f57238339.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:3fc5:9800::/40
Signature Algorithm: sha256WithRSAEncryption
cf:85:15:ed:28:fc:5f:d3:01:88:9b:b6:49:5d:e1:89:14:e4:
a7:ab:b6:94:37:be:e6:d1:ab:39:a5:b9:cd:6a:e2:77:dd:68:
43:9a:c4:1c:e3:a4:a3:73:d4:7f:5b:39:0e:73:cd:eb:c5:08:
69:a9:2e:01:b6:9b:59:ea:89:fe:e8:09:cc:d6:a6:d1:b7:72:
b4:bc:d4:5c:4f:cb:5b:16:06:33:c1:36:a0:ac:e3:1c:d9:44:
5e:7f:c0:68:d8:4e:6e:62:c3:5f:eb:7a:72:6d:90:fa:05:c1:
24:63:fb:45:62:01:b9:d3:ab:f5:81:b8:08:f4:0c:a8:3e:a0:
6f:18:84:6f:9f:ce:96:69:ae:31:26:95:fb:eb:4b:88:36:c9:
b8:aa:42:73:64:80:c4:46:e7:ad:e5:bd:43:aa:c6:e0:e5:ee:
52:1c:0c:2b:00:87:cf:f1:8d:d8:fd:a5:d8:2b:78:f1:8a:31:
11:26:bb:f7:a7:01:73:85:2c:92:0b:f1:f6:ae:43:a1:b0:65:
a4:35:64:27:03:64:53:54:82:d3:75:f2:c7:ef:b5:74:d7:99:
f5:ee:b0:3f:00:ef:7a:17:b9:a1:c5:b3:87:8a:57:c2:4b:91:
88:7e:ba:61:47:bd:21:be:79:01:cc:ab:f8:a9:51:dd:81:0c:
67:18:58:a6
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUXcPYjFFl8a1kr3c+cCR/MFns0hswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGY3NTliNWFmM2RhNmM5ZGYwMzNiMGRlOTk4OTcwYTRl
Nzk2NTVkMDAeFw0yNjA1MTEwMTMwMTNaFw0yNjA4MDkyMzU5NTlaMHoxSTBHBgNV
BAUTQDk3MzZjNTJlMjg4ZTA2NTg1YzZiMTY0OGJjZDc3NzY3MGNjYjIzNzlhYTQ3
MWNkODBlZTAwZGE2NWFlYjkxNGQxLTArBgNVBAMTJDk4ZDY3ZGViLWJiNzUtNGU3
Ny1iMWEwLTM2MDE2YjJkNjM1MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALw89GVfzRW5tNDLswMdTHicDSh6c04If/6eUtRavu/QofqHWW7i8h7qDNwl
GjxrYEfJX292PZ2d5J2d2GyGtPyHY8YnQ5JriL4Zp38dIuFgEVP2ri7IbnlYUJOi
k0beduh7trd0RbUQKtuIqQGKQoNNN/oLfN0zjbj6iFvE/tl92ze06lq8MvQ3FYOS
5HCh3HwUDuz4lNHOwKReZjGzUhfVcigBoqkxiI+A5mgDDf0HOzVX7nPTCHpX/xyK
oqhfHtK5aDGktIym8e1vGmc1AqHevcPJKdP73r501LO2W89XHnzdr1193DOrVW1C
7qB5lUXVS/+umcSk2HUo8sbuhNMCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBS388yl
lL+rKfi/Z76SurlVRaG5NzAfBgNVHSMEGDAWgBTfdZta89psnfAzsN6ZiXCk55ZV
0DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzMzV2JXdlBh
Ykozd003RGVtWWx3cE9lV1ZkQS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9mZTM3MzdmYi0wOTVkLTQ0NGMtOTJmNC0zZjcyMjFmYjU0NGMv
ZjFhYzExOGUtZTZkMy00YzFhLWJlNDMtYzc2ZjU3MjM4MzM5LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZmUzNzM3ZmItMDk1ZC00NDRjLTkyZjQtM2Y3MjIxZmI1
NDRjLzBYRTV0WlZ5dUdlYUFfaDctMXFCcDdhWTRTby5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACABP8WY
MA0GCSqGSIb3DQEBCwUAA4IBAQDPhRXtKPxf0wGIm7ZJXeGJFOSnq7aUN77m0as5
pbnNauJ33WhDmsQc46Sjc9R/WzkOc83rxQhpqS4BtptZ6on+6AnM1qbRt3K0vNRc
T8tbFgYzwTagrOMc2URef8Bo2E5uYsNf63pybZD6BcEkY/tFYgG506v1gbgI9Ayo
PqBvGIRvn86Waa4xJpX760uINsm4qkJzZIDERuet5b1Dqsbg5e5SHAwrAIfP8Y3Y
/aXYK3jxijERJrv3pwFzhSySC/H2rkOhsGWkNWQnA2RTVILTdfLH77V015n17rA/
AO96F7mhxbOHilfCS5GIfrphR70hvnkBzKv4qVHdgQxnGFim
-----END CERTIFICATE-----
Generated at Tue May 12 22:22:50 2026 by rpki-client