Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/d84171a2-90dc-4e53-8d37-601033f5728d.roa
File: d84171a2-90dc-4e53-8d37-601033f5728d.roa (raw, json)
Hash identifier: 0qd0rGaliI7y2vT7A3jd1k3OaiCBodD90NZQ2LsmJbk=
Subject key identifier: 74:7C:5A:20:6B:D0:00:52:2C:7D:12:DC:91:0F:7A:5E:22:BF:43:20
Certificate issuer: /CN=df759b5af3da6c9df033b0de998970a4e79655d0
Certificate serial: 6E6165FDDF16EA562A6110E85872E9024D521A54
Authority key identifier: DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/d84171a2-90dc-4e53-8d37-601033f5728d.roa
Signing time: Tue 19 May 2026 14:32:12 +0000
ROA not before: Tue 19 May 2026 14:32:12 +0000
ROA not after: Mon 17 Aug 2026 23:59:59 +0000
asID: 16509
IP address blocks: 2001:3fc6:200::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.mft
rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 23 May 2026 08:00:36 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
6e:61:65:fd:df:16:ea:56:2a:61:10:e8:58:72:e9:02:4d:52:1a:54
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=df759b5af3da6c9df033b0de998970a4e79655d0
Validity
Not Before: May 19 14:32:12 2026 GMT
Not After : Aug 17 23:59:59 2026 GMT
Subject: serialNumber=631516056d90fba84f194aece1bdb0e0c43739a6c8add9e005e23aea1db00d86, CN=98d67deb-bb75-4e77-b1a0-36016b2d6350
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c2:0f:9e:00:88:55:bb:ec:71:7a:8a:64:31:2e:
2b:e1:d5:76:6f:88:9a:76:84:3e:44:3b:55:d9:22:
6e:78:e1:70:e6:9f:ff:77:2d:d4:3a:0c:41:21:8c:
38:f1:78:a6:c9:fd:47:97:c9:82:76:76:f0:89:f5:
b9:38:59:fb:e9:8a:63:5a:d3:2a:1e:b8:92:2e:5b:
5c:f8:83:5a:2a:f1:a5:66:9c:44:c2:28:3e:25:c9:
dd:17:4b:d5:d9:72:fd:9f:f2:d1:95:de:60:54:29:
aa:c4:be:73:52:3c:8d:ab:7b:62:c3:7a:cd:5e:1d:
70:96:23:64:fe:ee:8e:41:ab:71:a4:92:a1:c6:db:
84:e6:95:49:f8:8a:33:af:27:42:5b:ae:8e:76:54:
2a:60:34:48:98:c7:fb:cc:65:0d:a2:44:98:5c:43:
2a:c3:6c:0f:db:4b:f1:23:df:d2:02:0b:9f:96:c2:
9a:3c:62:2e:54:34:1d:75:b6:4c:cb:90:a9:f9:28:
2a:aa:4b:e1:be:04:4a:e8:14:bb:a3:a5:95:ee:84:
46:3a:b4:3f:3b:42:b0:5f:e7:22:8f:ab:6a:e5:fe:
d0:cc:0f:74:60:3a:ec:a7:3a:42:85:21:86:ce:19:
c7:ef:df:e2:4a:73:36:29:ac:0a:de:ac:cf:bc:36:
8d:3d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
74:7C:5A:20:6B:D0:00:52:2C:7D:12:DC:91:0F:7A:5E:22:BF:43:20
X509v3 Authority Key Identifier:
keyid:DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/d84171a2-90dc-4e53-8d37-601033f5728d.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:3fc6:200::/40
Signature Algorithm: sha256WithRSAEncryption
ca:88:4c:92:39:9f:48:d8:a3:d1:ac:57:25:f9:34:ad:1e:c5:
0d:08:37:e5:38:fa:36:58:74:e8:34:a6:b4:11:d1:ef:9f:33:
05:93:4a:5f:e1:a7:1e:a5:9e:7e:7d:87:7d:a9:2b:2f:47:ea:
89:3b:e1:48:10:fa:de:ee:46:ae:fc:cd:50:72:e9:ae:6a:78:
48:bd:0e:ec:c5:30:13:91:4e:33:68:9c:73:55:62:43:57:af:
9a:54:7c:27:0e:ed:99:1f:61:9d:90:5c:74:c3:ee:2a:3e:87:
11:62:ba:04:fe:76:6e:20:24:de:28:83:14:ed:f1:94:54:45:
08:1a:70:83:ec:8a:ee:b2:4d:8b:86:51:a2:85:5e:a3:24:2d:
80:bb:5f:a0:7b:c7:fe:7c:c7:f0:a8:da:17:10:67:ce:0f:ee:
a3:53:44:99:e0:7c:c4:96:84:c9:15:f0:df:8c:38:e3:49:db:
d0:d6:e9:72:51:99:af:6a:62:18:58:1f:26:9f:95:aa:58:51:
ad:30:b5:63:e9:85:84:9a:5e:9b:e4:bb:d4:7d:24:c1:85:a0:
e1:4c:77:aa:2e:b9:03:52:ab:2c:10:84:7e:44:46:dd:b3:eb:
a3:76:c8:43:d2:64:f6:84:4b:c3:20:c9:ce:cf:9a:93:ec:c4:
33:33:ba:fc
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUbmFl/d8W6lYqYRDoWHLpAk1SGlQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGY3NTliNWFmM2RhNmM5ZGYwMzNiMGRlOTk4OTcwYTRl
Nzk2NTVkMDAeFw0yNjA1MTkxNDMyMTJaFw0yNjA4MTcyMzU5NTlaMHoxSTBHBgNV
BAUTQDYzMTUxNjA1NmQ5MGZiYTg0ZjE5NGFlY2UxYmRiMGUwYzQzNzM5YTZjOGFk
ZDllMDA1ZTIzYWVhMWRiMDBkODYxLTArBgNVBAMTJDk4ZDY3ZGViLWJiNzUtNGU3
Ny1iMWEwLTM2MDE2YjJkNjM1MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMIPngCIVbvscXqKZDEuK+HVdm+ImnaEPkQ7VdkibnjhcOaf/3ct1DoMQSGM
OPF4psn9R5fJgnZ28In1uThZ++mKY1rTKh64ki5bXPiDWirxpWacRMIoPiXJ3RdL
1dly/Z/y0ZXeYFQpqsS+c1I8jat7YsN6zV4dcJYjZP7ujkGrcaSSocbbhOaVSfiK
M68nQluujnZUKmA0SJjH+8xlDaJEmFxDKsNsD9tL8SPf0gILn5bCmjxiLlQ0HXW2
TMuQqfkoKqpL4b4ESugUu6Olle6ERjq0PztCsF/nIo+rauX+0MwPdGA67Kc6QoUh
hs4Zx+/f4kpzNimsCt6sz7w2jT0CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBR0fFog
a9AAUix9EtyRD3peIr9DIDAfBgNVHSMEGDAWgBTfdZta89psnfAzsN6ZiXCk55ZV
0DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzMzV2JXdlBh
Ykozd003RGVtWWx3cE9lV1ZkQS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9mZTM3MzdmYi0wOTVkLTQ0NGMtOTJmNC0zZjcyMjFmYjU0NGMv
ZDg0MTcxYTItOTBkYy00ZTUzLThkMzctNjAxMDMzZjU3MjhkLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZmUzNzM3ZmItMDk1ZC00NDRjLTkyZjQtM2Y3MjIxZmI1
NDRjLzBYRTV0WlZ5dUdlYUFfaDctMXFCcDdhWTRTby5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACABP8YC
MA0GCSqGSIb3DQEBCwUAA4IBAQDKiEySOZ9I2KPRrFcl+TStHsUNCDflOPo2WHTo
NKa0EdHvnzMFk0pf4acepZ5+fYd9qSsvR+qJO+FIEPre7kau/M1QcumuanhIvQ7s
xTATkU4zaJxzVWJDV6+aVHwnDu2ZH2GdkFx0w+4qPocRYroE/nZuICTeKIMU7fGU
VEUIGnCD7Irusk2LhlGihV6jJC2Au1+ge8f+fMfwqNoXEGfOD+6jU0SZ4HzEloTJ
FfDfjDjjSdvQ1ulyUZmvamIYWB8mn5WqWFGtMLVj6YWEml6b5LvUfSTBhaDhTHeq
LrkDUqssEIR+REbds+ujdshD0mT2hEvDIMnOz5qT7MQzM7r8
-----END CERTIFICATE-----
Generated at Fri May 22 16:04:25 2026 by rpki-client