Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/74f381b2-46ae-4e78-8d95-25730216e683.roa
File: 74f381b2-46ae-4e78-8d95-25730216e683.roa (raw, json)
Hash identifier: nYj4J5B4HUI4r53xrKGk5LMOyJ9nagQXs5vFAn+DLXU=
Subject key identifier: 83:9E:0E:60:E1:B0:E3:C1:D9:40:7F:06:7A:2E:05:76:0B:69:BB:9F
Certificate issuer: /CN=df759b5af3da6c9df033b0de998970a4e79655d0
Certificate serial: 4093595938D652ED56C286AE8E1607800E01CB0E
Authority key identifier: DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/74f381b2-46ae-4e78-8d95-25730216e683.roa
Signing time: Fri 15 May 2026 00:30:09 +0000
ROA not before: Fri 15 May 2026 00:30:09 +0000
ROA not after: Thu 13 Aug 2026 23:59:59 +0000
asID: 16509
IP address blocks: 2001:3fc2:8000::/36 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.mft
rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 14 Jun 2026 01:00:11 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
40:93:59:59:38:d6:52:ed:56:c2:86:ae:8e:16:07:80:0e:01:cb:0e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=df759b5af3da6c9df033b0de998970a4e79655d0
Validity
Not Before: May 15 00:30:09 2026 GMT
Not After : Aug 13 23:59:59 2026 GMT
Subject: serialNumber=9a138322f996885a91b15961f9947f1835b21b8ce9fa0bbf47edffc909b880db, CN=98d67deb-bb75-4e77-b1a0-36016b2d6350
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cc:0e:45:90:f4:c6:19:27:eb:20:f2:8c:26:3e:
03:f5:65:7f:fd:3b:cb:5d:cc:63:8c:9a:7e:74:90:
cc:67:fa:5a:8e:3b:ae:fe:01:08:e2:7a:be:71:b1:
9b:c0:d8:48:0c:84:81:69:30:79:5a:ee:45:02:fd:
7c:2a:80:c4:70:1c:33:7e:de:b1:c4:bd:75:11:8d:
ae:d3:34:23:93:c9:a4:94:a4:bd:a2:54:be:3d:57:
03:9d:61:f6:37:58:fb:3c:d0:90:df:6f:29:92:91:
68:41:16:f9:7f:a1:d8:bf:09:ca:4f:fc:b9:d4:d1:
be:4c:a9:ee:52:11:88:f0:3b:00:dc:41:9a:05:79:
e3:5f:db:32:e1:ce:ee:2a:fe:ef:17:e8:f7:af:de:
c5:6b:77:a5:36:ab:38:b8:15:3d:57:ea:1b:b4:b6:
39:b6:af:a9:d0:81:51:2f:66:6c:09:18:ff:4a:89:
c8:49:f0:c6:e4:0e:7b:72:28:ed:f9:bc:b6:3d:cd:
25:94:5a:2e:a8:0d:75:df:ac:ef:a6:71:e0:a9:13:
95:9d:9a:22:99:1b:9d:4e:06:a8:71:b8:e8:ab:82:
bd:33:8e:53:78:7b:14:9d:b2:11:53:8b:d5:b7:d8:
6e:de:63:5a:46:18:f6:88:f2:e6:1d:ef:d7:c2:e5:
9c:03
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
83:9E:0E:60:E1:B0:E3:C1:D9:40:7F:06:7A:2E:05:76:0B:69:BB:9F
X509v3 Authority Key Identifier:
keyid:DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/74f381b2-46ae-4e78-8d95-25730216e683.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:3fc2:8000::/36
Signature Algorithm: sha256WithRSAEncryption
9f:be:85:5c:fb:77:f3:24:15:6f:bc:67:6d:c8:d8:ce:26:2f:
dc:55:ac:8a:ee:5a:b1:3b:d3:6f:39:ae:a4:95:0d:79:96:ed:
72:f7:1b:17:e0:32:81:0b:f2:1a:74:f6:75:1c:48:90:b7:e5:
6b:04:5c:7b:14:27:99:c9:10:be:9c:71:09:55:40:2c:24:e9:
7f:41:b2:89:b7:91:02:46:b8:63:95:0a:ed:6a:f4:63:d0:e6:
1b:4b:f1:b1:dc:56:b8:f5:72:0a:1d:26:b6:f0:f4:c7:85:a1:
7b:3f:73:15:af:9b:b2:87:38:df:1a:c0:bb:e7:16:6f:d1:83:
b0:fb:cf:6a:1f:70:c0:e0:9e:2c:5f:0c:64:96:af:a0:bf:da:
83:3c:12:a0:d7:bd:12:26:4b:b4:f6:f6:74:72:2f:6f:ed:ad:
ee:f0:be:6f:36:7d:48:13:32:4a:c0:9a:88:42:a4:50:4d:9a:
d9:a9:d9:c9:9a:3b:1e:b8:35:49:e2:77:5c:06:ce:47:ef:d0:
15:33:b4:52:60:c7:38:4c:28:34:7c:48:32:17:27:de:ca:bd:
42:57:79:2a:61:33:7f:eb:9a:04:c5:c5:e4:72:77:c6:ce:89:
11:91:6e:ce:94:49:c8:3c:54:4f:50:82:b4:24:82:f4:ab:6d:
92:8d:07:2a
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUQJNZWTjWUu1WwoaujhYHgA4Byw4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGY3NTliNWFmM2RhNmM5ZGYwMzNiMGRlOTk4OTcwYTRl
Nzk2NTVkMDAeFw0yNjA1MTUwMDMwMDlaFw0yNjA4MTMyMzU5NTlaMHoxSTBHBgNV
BAUTQDlhMTM4MzIyZjk5Njg4NWE5MWIxNTk2MWY5OTQ3ZjE4MzViMjFiOGNlOWZh
MGJiZjQ3ZWRmZmM5MDliODgwZGIxLTArBgNVBAMTJDk4ZDY3ZGViLWJiNzUtNGU3
Ny1iMWEwLTM2MDE2YjJkNjM1MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMwORZD0xhkn6yDyjCY+A/Vlf/07y13MY4yafnSQzGf6Wo47rv4BCOJ6vnGx
m8DYSAyEgWkweVruRQL9fCqAxHAcM37escS9dRGNrtM0I5PJpJSkvaJUvj1XA51h
9jdY+zzQkN9vKZKRaEEW+X+h2L8Jyk/8udTRvkyp7lIRiPA7ANxBmgV541/bMuHO
7ir+7xfo96/exWt3pTarOLgVPVfqG7S2ObavqdCBUS9mbAkY/0qJyEnwxuQOe3Io
7fm8tj3NJZRaLqgNdd+s76Zx4KkTlZ2aIpkbnU4GqHG46KuCvTOOU3h7FJ2yEVOL
1bfYbt5jWkYY9ojy5h3v18LlnAMCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBSDng5g
4bDjwdlAfwZ6LgV2C2m7nzAfBgNVHSMEGDAWgBTfdZta89psnfAzsN6ZiXCk55ZV
0DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzMzV2JXdlBh
Ykozd003RGVtWWx3cE9lV1ZkQS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9mZTM3MzdmYi0wOTVkLTQ0NGMtOTJmNC0zZjcyMjFmYjU0NGMv
NzRmMzgxYjItNDZhZS00ZTc4LThkOTUtMjU3MzAyMTZlNjgzLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZmUzNzM3ZmItMDk1ZC00NDRjLTkyZjQtM2Y3MjIxZmI1
NDRjLzBYRTV0WlZ5dUdlYUFfaDctMXFCcDdhWTRTby5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGBCABP8KA
MA0GCSqGSIb3DQEBCwUAA4IBAQCfvoVc+3fzJBVvvGdtyNjOJi/cVayK7lqxO9Nv
Oa6klQ15lu1y9xsX4DKBC/IadPZ1HEiQt+VrBFx7FCeZyRC+nHEJVUAsJOl/QbKJ
t5ECRrhjlQrtavRj0OYbS/Gx3Fa49XIKHSa28PTHhaF7P3MVr5uyhzjfGsC75xZv
0YOw+89qH3DA4J4sXwxklq+gv9qDPBKg170SJku09vZ0ci9v7a3u8L5vNn1IEzJK
wJqIQqRQTZrZqdnJmjseuDVJ4ndcBs5H79AVM7RSYMc4TCg0fEgyFyfeyr1CV3kq
YTN/65oExcXkcnfGzokRkW7OlEnIPFRPUIK0JIL0q22SjQcq
-----END CERTIFICATE-----
Generated at Sat Jun 13 08:01:28 2026 by rpki-client