Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/fda00aef-6886-4665-94fd-a76addf441b7.roa
File: fda00aef-6886-4665-94fd-a76addf441b7.roa (raw, json)
Hash identifier: LAfq37GRY4LvA+klB1DPpq/OBIruIPZA+XpmWQ5ncZg=
Subject key identifier: E3:97:AA:9F:A2:9B:0E:E6:C4:AE:44:EB:37:C4:06:FC:06:84:4D:BA
Certificate issuer: /CN=df759b5af3da6c9df033b0de998970a4e79655d0
Certificate serial: 1A6C5D5B8ED773C71378DE708DEE54B60BF50EB1
Authority key identifier: DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/fda00aef-6886-4665-94fd-a76addf441b7.roa
Signing time: Mon 11 May 2026 01:40:58 +0000
ROA not before: Mon 11 May 2026 01:40:58 +0000
ROA not after: Sun 09 Aug 2026 23:59:59 +0000
asID: 16509
IP address blocks: 2001:3fc3:8000::/36 maxlen: 36
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.mft
rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 13 May 2026 14:18:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
1a:6c:5d:5b:8e:d7:73:c7:13:78:de:70:8d:ee:54:b6:0b:f5:0e:b1
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=df759b5af3da6c9df033b0de998970a4e79655d0
Validity
Not Before: May 11 01:40:58 2026 GMT
Not After : Aug 9 23:59:59 2026 GMT
Subject: serialNumber=87484f7b2431834efeb9e4c9bafdf95bc95fce63e1a2264f2334e02916fc7b88, CN=98d67deb-bb75-4e77-b1a0-36016b2d6350
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bf:a6:20:15:b3:b6:a6:81:78:dc:56:4d:0b:ad:
6c:b4:fe:25:73:47:5b:e9:54:bf:b4:75:cc:c6:2d:
b3:8e:71:1c:98:23:a6:26:23:1d:86:29:fd:21:f9:
49:a6:df:16:b2:94:59:3b:bf:25:b7:a9:a3:4d:5e:
b3:b4:57:16:a7:99:1d:3f:69:2c:62:ad:8b:ff:64:
dd:45:ff:1b:8d:6f:4a:9b:c1:14:a2:a3:95:90:c2:
61:09:ed:39:3d:4d:fe:5d:79:ea:90:1c:aa:29:c3:
c7:ee:e7:87:3f:7e:5a:26:8e:a3:31:e1:ec:16:0e:
e4:ad:0d:30:fb:09:3c:4e:dc:22:90:81:11:ef:90:
6f:b4:54:53:f6:53:f6:05:59:f7:a7:04:5a:7e:25:
ab:e1:4d:9d:f3:57:da:62:53:a0:f8:87:f0:f8:63:
9c:d5:a0:40:a9:69:7b:fa:db:42:59:44:c4:46:ed:
b3:2b:d7:56:21:01:b8:99:bb:e6:83:c9:12:34:d8:
a9:8d:8c:e5:77:ae:d7:ef:e2:a9:9b:a1:7a:90:47:
8f:df:88:b6:5d:60:00:ea:ae:29:2e:ba:46:3c:28:
8a:aa:b0:a5:69:88:b1:f3:f0:60:61:a5:a1:1b:1f:
76:95:b3:2e:8f:41:d3:c5:c5:58:d4:a2:f8:98:85:
8f:3b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E3:97:AA:9F:A2:9B:0E:E6:C4:AE:44:EB:37:C4:06:FC:06:84:4D:BA
X509v3 Authority Key Identifier:
keyid:DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/fda00aef-6886-4665-94fd-a76addf441b7.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:3fc3:8000::/36
Signature Algorithm: sha256WithRSAEncryption
0d:f2:0a:66:a7:9d:df:a4:bb:1a:34:2a:01:b6:b0:96:82:00:
5f:1c:e7:a5:66:a8:b8:07:0a:84:cc:29:48:27:fe:4e:32:72:
3c:28:d5:6e:f2:de:65:fc:b2:52:70:17:d4:f3:11:6f:e7:b4:
79:e7:56:e1:52:40:38:e9:a8:73:e6:c1:c5:c1:f6:fe:e4:e3:
f7:d1:b0:a2:22:73:27:c2:04:99:dd:75:e8:28:72:3b:bc:10:
81:39:86:79:dd:62:00:92:82:b1:f1:31:08:c9:9a:62:c7:e3:
b5:8e:f2:53:7e:eb:55:bf:e5:76:02:af:08:28:44:02:43:32:
41:48:e8:19:0b:2c:b7:f1:77:49:6d:d2:7c:dc:93:89:82:e2:
04:6d:0f:ff:e6:07:a8:16:6b:1b:36:b3:7d:f0:76:ae:f4:52:
f9:06:3e:40:e5:18:6a:db:ae:6f:12:e4:6a:83:95:96:4e:51:
97:6f:43:f3:f5:4c:31:33:8c:5e:70:05:30:4a:5e:01:64:75:
be:49:7a:8a:b8:9d:8f:1c:57:59:8c:95:97:6b:2f:e6:ac:f5:
b7:34:31:7e:46:54:01:2a:b7:fe:31:a5:51:fe:f6:8f:6f:99:
6c:f0:f3:32:7c:3e:ca:02:99:f2:f6:43:0c:a6:fc:61:c7:63:
b8:87:6e:29
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUGmxdW47Xc8cTeN5wje5Utgv1DrEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGY3NTliNWFmM2RhNmM5ZGYwMzNiMGRlOTk4OTcwYTRl
Nzk2NTVkMDAeFw0yNjA1MTEwMTQwNThaFw0yNjA4MDkyMzU5NTlaMHoxSTBHBgNV
BAUTQDg3NDg0ZjdiMjQzMTgzNGVmZWI5ZTRjOWJhZmRmOTViYzk1ZmNlNjNlMWEy
MjY0ZjIzMzRlMDI5MTZmYzdiODgxLTArBgNVBAMTJDk4ZDY3ZGViLWJiNzUtNGU3
Ny1iMWEwLTM2MDE2YjJkNjM1MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAL+mIBWztqaBeNxWTQutbLT+JXNHW+lUv7R1zMYts45xHJgjpiYjHYYp/SH5
SabfFrKUWTu/Jbepo01es7RXFqeZHT9pLGKti/9k3UX/G41vSpvBFKKjlZDCYQnt
OT1N/l156pAcqinDx+7nhz9+WiaOozHh7BYO5K0NMPsJPE7cIpCBEe+Qb7RUU/ZT
9gVZ96cEWn4lq+FNnfNX2mJToPiH8PhjnNWgQKlpe/rbQllExEbtsyvXViEBuJm7
5oPJEjTYqY2M5Xeu1+/iqZuhepBHj9+Itl1gAOquKS66RjwoiqqwpWmIsfPwYGGl
oRsfdpWzLo9B08XFWNSi+JiFjzsCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBTjl6qf
opsO5sSuROs3xAb8BoRNujAfBgNVHSMEGDAWgBTfdZta89psnfAzsN6ZiXCk55ZV
0DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzMzV2JXdlBh
Ykozd003RGVtWWx3cE9lV1ZkQS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9mZTM3MzdmYi0wOTVkLTQ0NGMtOTJmNC0zZjcyMjFmYjU0NGMv
ZmRhMDBhZWYtNjg4Ni00NjY1LTk0ZmQtYTc2YWRkZjQ0MWI3LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZmUzNzM3ZmItMDk1ZC00NDRjLTkyZjQtM2Y3MjIxZmI1
NDRjLzBYRTV0WlZ5dUdlYUFfaDctMXFCcDdhWTRTby5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGBCABP8OA
MA0GCSqGSIb3DQEBCwUAA4IBAQAN8gpmp53fpLsaNCoBtrCWggBfHOelZqi4BwqE
zClIJ/5OMnI8KNVu8t5l/LJScBfU8xFv57R551bhUkA46ahz5sHFwfb+5OP30bCi
InMnwgSZ3XXoKHI7vBCBOYZ53WIAkoKx8TEIyZpix+O1jvJTfutVv+V2Aq8IKEQC
QzJBSOgZCyy38XdJbdJ83JOJguIEbQ//5geoFmsbNrN98Hau9FL5Bj5A5Rhq265v
EuRqg5WWTlGXb0Pz9UwxM4xecAUwSl4BZHW+SXqKuJ2PHFdZjJWXay/mrPW3NDF+
RlQBKrf+MaVR/vaPb5ls8PMyfD7KApny9kMMpvxhx2O4h24p
-----END CERTIFICATE-----
Generated at Tue May 12 22:00:38 2026 by rpki-client