Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/f0473587-345b-4fdd-b3ed-1e88e69fa930.roa
File: f0473587-345b-4fdd-b3ed-1e88e69fa930.roa (raw, json)
Hash identifier: ir/VaAkawTP8f56ntlTZYLzxj+BAUd6es1wUy59+kFY=
Subject key identifier: D2:A5:5E:31:CC:3A:B4:E2:9F:B4:8D:03:9C:15:EE:8A:72:8D:14:0E
Certificate issuer: /CN=df759b5af3da6c9df033b0de998970a4e79655d0
Certificate serial: 52B5F36114CD0C78C30CB221A8B8FB4D594C4215
Authority key identifier: DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/f0473587-345b-4fdd-b3ed-1e88e69fa930.roa
Signing time: Thu 05 Mar 2026 22:51:51 +0000
ROA not before: Thu 05 Mar 2026 22:51:51 +0000
ROA not after: Wed 03 Jun 2026 23:59:59 +0000
asID: 16509
IP address blocks: 2001:3fc7:3008::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.mft
rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 20 Mar 2026 08:03:43 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
52:b5:f3:61:14:cd:0c:78:c3:0c:b2:21:a8:b8:fb:4d:59:4c:42:15
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=df759b5af3da6c9df033b0de998970a4e79655d0
Validity
Not Before: Mar 5 22:51:51 2026 GMT
Not After : Jun 3 23:59:59 2026 GMT
Subject: serialNumber=af21d1a97a674e2dc3a812eb3141f9566f9c002c4a20d1d9e3ec315b8c0e9919, CN=98d67deb-bb75-4e77-b1a0-36016b2d6350
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:af:3c:27:b1:a2:00:63:d5:60:ae:b6:b8:6a:ee:
f3:a3:bb:10:e9:c8:0f:b8:15:34:1e:36:13:63:b3:
3a:7a:4b:45:c0:63:7e:a0:0b:c0:60:4e:82:aa:84:
96:4d:59:88:93:19:a6:e4:fa:e1:ed:37:83:7d:50:
5f:83:d9:43:c4:27:46:93:54:d3:cc:13:ff:95:2e:
de:ea:7f:4f:9b:cc:59:ba:f5:e2:e1:ac:f0:2c:6a:
64:0d:10:9e:28:80:41:3f:46:81:48:ba:f8:67:af:
78:80:2f:68:5b:c5:2e:ad:0a:dc:4a:7d:55:c2:18:
74:af:6e:a4:d6:37:cc:4e:65:4b:81:6a:cc:d8:9b:
68:50:fe:16:5f:f7:95:fe:40:96:22:96:a2:a2:90:
76:25:22:82:47:e1:4f:89:50:67:a7:e7:1f:0d:a6:
b7:61:e9:5c:2e:4b:64:63:6a:76:f6:a3:b4:e9:c9:
6c:94:c0:e3:42:b5:03:fe:8d:64:63:30:3a:80:72:
a4:a7:b6:5f:35:12:39:07:a9:51:5e:55:f4:30:11:
de:79:f4:db:e5:c7:d6:2f:7d:a1:90:01:dc:db:bc:
36:47:23:3b:33:3a:c6:58:57:1e:26:83:82:8a:db:
f7:1b:3c:a4:92:f8:bf:2d:f6:16:0f:fd:c4:c4:9a:
2f:b5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D2:A5:5E:31:CC:3A:B4:E2:9F:B4:8D:03:9C:15:EE:8A:72:8D:14:0E
X509v3 Authority Key Identifier:
keyid:DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/f0473587-345b-4fdd-b3ed-1e88e69fa930.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:3fc7:3008::/48
Signature Algorithm: sha256WithRSAEncryption
55:5f:5c:57:09:2c:9b:2d:22:e1:0e:bf:5a:da:21:a6:00:90:
a2:5d:e5:ed:81:cc:11:1f:73:35:d5:5c:cd:b0:73:de:ed:10:
1f:9c:65:5b:67:85:44:53:f6:de:d1:2c:45:68:72:33:fd:6b:
e2:b8:57:e4:c9:f1:d1:45:1d:6b:87:ad:cc:cd:54:27:30:cf:
c2:c0:45:9a:00:a7:3b:b9:2e:84:76:b2:c6:a8:63:3c:9b:6c:
d9:27:34:f0:7d:29:5f:6b:ce:23:cc:04:98:e9:40:ed:08:44:
5b:8b:f8:c5:cf:c3:41:d5:4f:e3:3a:f5:db:95:be:07:1a:01:
10:0f:5b:50:5d:1f:34:14:df:7c:c3:f1:f2:36:d9:41:83:b3:
7a:d0:2e:e1:bf:a8:f2:20:f1:18:5c:57:87:61:69:ea:82:68:
21:b0:4e:d4:f0:56:47:db:34:a8:c8:4b:8d:ac:01:93:ec:5f:
64:fb:de:4f:f3:59:41:69:a2:c0:8d:7d:6e:4a:84:9e:a7:28:
8e:01:10:fd:39:8a:04:d7:2b:66:39:56:a8:40:52:50:ee:18:
26:9d:8f:6d:6b:37:1a:2a:dc:a3:c6:5b:9b:c5:4d:b2:39:4b:
5e:5e:cb:60:a3:8d:a3:c7:ba:5d:71:20:f4:ab:56:17:eb:2f:
d0:93:98:c3
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUUrXzYRTNDHjDDLIhqLj7TVlMQhUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGY3NTliNWFmM2RhNmM5ZGYwMzNiMGRlOTk4OTcwYTRl
Nzk2NTVkMDAeFw0yNjAzMDUyMjUxNTFaFw0yNjA2MDMyMzU5NTlaMHoxSTBHBgNV
BAUTQGFmMjFkMWE5N2E2NzRlMmRjM2E4MTJlYjMxNDFmOTU2NmY5YzAwMmM0YTIw
ZDFkOWUzZWMzMTViOGMwZTk5MTkxLTArBgNVBAMTJDk4ZDY3ZGViLWJiNzUtNGU3
Ny1iMWEwLTM2MDE2YjJkNjM1MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAK88J7GiAGPVYK62uGru86O7EOnID7gVNB42E2OzOnpLRcBjfqALwGBOgqqE
lk1ZiJMZpuT64e03g31QX4PZQ8QnRpNU08wT/5Uu3up/T5vMWbr14uGs8CxqZA0Q
niiAQT9GgUi6+GeveIAvaFvFLq0K3Ep9VcIYdK9upNY3zE5lS4FqzNibaFD+Fl/3
lf5AliKWoqKQdiUigkfhT4lQZ6fnHw2mt2HpXC5LZGNqdvajtOnJbJTA40K1A/6N
ZGMwOoBypKe2XzUSOQepUV5V9DAR3nn02+XH1i99oZAB3Nu8NkcjOzM6xlhXHiaD
gorb9xs8pJL4vy32Fg/9xMSaL7UCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBTSpV4x
zDq04p+0jQOcFe6Kco0UDjAfBgNVHSMEGDAWgBTfdZta89psnfAzsN6ZiXCk55ZV
0DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzMzV2JXdlBh
Ykozd003RGVtWWx3cE9lV1ZkQS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9mZTM3MzdmYi0wOTVkLTQ0NGMtOTJmNC0zZjcyMjFmYjU0NGMv
ZjA0NzM1ODctMzQ1Yi00ZmRkLWIzZWQtMWU4OGU2OWZhOTMwLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZmUzNzM3ZmItMDk1ZC00NDRjLTkyZjQtM2Y3MjIxZmI1
NDRjLzBYRTV0WlZ5dUdlYUFfaDctMXFCcDdhWTRTby5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACABP8cw
CDANBgkqhkiG9w0BAQsFAAOCAQEAVV9cVwksmy0i4Q6/WtohpgCQol3l7YHMER9z
NdVczbBz3u0QH5xlW2eFRFP23tEsRWhyM/1r4rhX5Mnx0UUda4etzM1UJzDPwsBF
mgCnO7kuhHayxqhjPJts2Sc08H0pX2vOI8wEmOlA7QhEW4v4xc/DQdVP4zr125W+
BxoBEA9bUF0fNBTffMPx8jbZQYOzetAu4b+o8iDxGFxXh2Fp6oJoIbBO1PBWR9s0
qMhLjawBk+xfZPveT/NZQWmiwI19bkqEnqcojgEQ/TmKBNcrZjlWqEBSUO4YJp2P
bWs3Girco8Zbm8VNsjlLXl7LYKONo8e6XXEg9KtWF+sv0JOYww==
-----END CERTIFICATE-----
Generated at Thu Mar 19 12:28:07 2026 by rpki-client