Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/20d3dbf0-2683-4a01-a00b-6e292c832b53.roa
File: 20d3dbf0-2683-4a01-a00b-6e292c832b53.roa (raw, json)
Hash identifier: XIyDKXGg73vVjxO2fThWaKprUJ7uUK7ohBpPzInKW1w=
Subject key identifier: 0F:A5:9F:6E:8F:02:DC:35:8F:97:2A:CD:49:BF:C3:3C:92:FE:16:42
Certificate issuer: /CN=df759b5af3da6c9df033b0de998970a4e79655d0
Certificate serial: 3738D29892CC527E536066D54CF22886A733B5AB
Authority key identifier: DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/20d3dbf0-2683-4a01-a00b-6e292c832b53.roa
Signing time: Thu 26 Feb 2026 02:00:31 +0000
ROA not before: Thu 26 Feb 2026 02:00:31 +0000
ROA not after: Wed 27 May 2026 23:59:59 +0000
asID: 16509
IP address blocks: 51.0.128.0/21 maxlen: 21
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.mft
rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 15:00:27 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
37:38:d2:98:92:cc:52:7e:53:60:66:d5:4c:f2:28:86:a7:33:b5:ab
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=df759b5af3da6c9df033b0de998970a4e79655d0
Validity
Not Before: Feb 26 02:00:31 2026 GMT
Not After : May 27 23:59:59 2026 GMT
Subject: serialNumber=9b61c96912495faaa7e3cc8e15f7ce87acefaa77ed7957c95a97ceddf2c5c292, CN=98d67deb-bb75-4e77-b1a0-36016b2d6350
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a9:39:c4:b6:e8:d4:07:db:56:83:3d:4a:38:6e:
bc:98:14:0b:0e:b8:3d:6f:81:3d:7b:c5:70:2c:e5:
6f:e2:3a:d6:8d:e3:b3:26:46:9f:e5:e7:d8:e8:c6:
5c:79:fa:72:c3:ad:30:90:87:73:4a:4a:b5:fb:57:
78:6a:a3:ac:cf:b7:31:8e:38:1e:d7:1f:a6:34:b6:
4d:fc:7e:b7:ba:d4:f2:aa:f1:2f:2e:91:d2:49:08:
f1:d1:b1:df:cf:cf:39:99:63:ad:b9:5f:46:89:77:
75:ad:35:0f:d2:03:0e:97:0e:fb:ff:84:ad:3c:ac:
b6:ba:3d:60:11:06:aa:cb:99:55:69:ad:cb:d9:32:
db:dd:66:1a:f9:70:fe:24:1a:2c:af:4b:87:00:7c:
d9:00:db:e8:e8:50:f0:a4:f9:91:94:ed:e8:07:25:
97:42:ed:86:ee:a5:17:08:e2:66:12:c1:49:8f:af:
18:37:36:7d:3f:dc:da:22:62:34:0a:ce:86:51:07:
5a:ac:89:c6:cb:d7:62:67:6f:d4:fe:81:a2:e1:35:
43:c0:22:26:25:27:d4:9f:9d:1b:ff:7e:06:8e:77:
26:8a:ed:f1:a5:6e:aa:67:6e:c7:8c:13:34:b9:2a:
d9:d8:ee:00:19:da:90:88:4c:3b:88:0f:21:0c:41:
fe:49
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0F:A5:9F:6E:8F:02:DC:35:8F:97:2A:CD:49:BF:C3:3C:92:FE:16:42
X509v3 Authority Key Identifier:
keyid:DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/20d3dbf0-2683-4a01-a00b-6e292c832b53.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
51.0.128.0/21
Signature Algorithm: sha256WithRSAEncryption
48:1c:15:80:30:f6:03:a8:da:35:ca:ec:78:42:a1:89:23:68:
d8:f0:e6:04:f3:7e:0f:f8:19:e2:a5:29:06:4c:3f:bb:03:49:
82:32:e3:5d:4f:c9:dd:fd:b0:d7:2e:35:bf:6e:c6:d6:e2:46:
cf:bc:ef:c1:00:bf:d3:da:7e:5f:88:74:7b:fd:7f:27:72:9e:
8e:c9:a3:cd:b6:4c:37:57:59:d9:93:8f:b4:1f:da:41:4f:6a:
02:f7:ae:7a:74:bc:6a:37:61:73:98:ef:87:fd:4b:16:5d:d7:
fa:54:bb:74:1e:78:ed:4c:e1:76:14:19:3b:15:11:18:c4:70:
ad:73:b4:37:d1:f0:b6:fa:17:d7:58:38:3a:a3:e0:0e:f4:83:
a8:8f:11:87:84:5c:50:cd:86:bb:1b:49:8b:5b:4f:e9:46:30:
38:4d:52:ba:50:8f:a0:c5:5d:91:28:1c:e6:0e:7d:ee:6d:c9:
c5:e5:a2:72:23:b9:13:7b:19:b1:c6:8b:a9:5d:48:fe:c6:73:
39:34:30:bc:68:77:29:3d:3d:b0:73:f9:4f:25:d6:47:69:89:
51:d4:6c:31:0d:5b:02:21:b7:52:b7:36:00:5b:13:17:51:5e:
57:9e:4c:48:4f:28:4a:10:f6:d5:a2:6f:01:a1:df:8e:a5:52:
90:80:34:fd
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUNzjSmJLMUn5TYGbVTPIohqcztaswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGY3NTliNWFmM2RhNmM5ZGYwMzNiMGRlOTk4OTcwYTRl
Nzk2NTVkMDAeFw0yNjAyMjYwMjAwMzFaFw0yNjA1MjcyMzU5NTlaMHoxSTBHBgNV
BAUTQDliNjFjOTY5MTI0OTVmYWFhN2UzY2M4ZTE1ZjdjZTg3YWNlZmFhNzdlZDc5
NTdjOTVhOTdjZWRkZjJjNWMyOTIxLTArBgNVBAMTJDk4ZDY3ZGViLWJiNzUtNGU3
Ny1iMWEwLTM2MDE2YjJkNjM1MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKk5xLbo1AfbVoM9SjhuvJgUCw64PW+BPXvFcCzlb+I61o3jsyZGn+Xn2OjG
XHn6csOtMJCHc0pKtftXeGqjrM+3MY44HtcfpjS2Tfx+t7rU8qrxLy6R0kkI8dGx
38/POZljrblfRol3da01D9IDDpcO+/+ErTystro9YBEGqsuZVWmty9ky291mGvlw
/iQaLK9LhwB82QDb6OhQ8KT5kZTt6Acll0Lthu6lFwjiZhLBSY+vGDc2fT/c2iJi
NArOhlEHWqyJxsvXYmdv1P6BouE1Q8AiJiUn1J+dG/9+Bo53Jort8aVuqmdux4wT
NLkq2djuABnakIhMO4gPIQxB/kkCAwEAAaOCAiEwggIdMB0GA1UdDgQWBBQPpZ9u
jwLcNY+XKs1Jv8M8kv4WQjAfBgNVHSMEGDAWgBTfdZta89psnfAzsN6ZiXCk55ZV
0DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzMzV2JXdlBh
Ykozd003RGVtWWx3cE9lV1ZkQS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9mZTM3MzdmYi0wOTVkLTQ0NGMtOTJmNC0zZjcyMjFmYjU0NGMv
MjBkM2RiZjAtMjY4My00YTAxLWEwMGItNmUyOTJjODMyYjUzLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZmUzNzM3ZmItMDk1ZC00NDRjLTkyZjQtM2Y3MjIxZmI1
NDRjLzBYRTV0WlZ5dUdlYUFfaDctMXFCcDdhWTRTby5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAzMAgDAN
BgkqhkiG9w0BAQsFAAOCAQEASBwVgDD2A6jaNcrseEKhiSNo2PDmBPN+D/gZ4qUp
Bkw/uwNJgjLjXU/J3f2w1y41v27G1uJGz7zvwQC/09p+X4h0e/1/J3KejsmjzbZM
N1dZ2ZOPtB/aQU9qAveuenS8ajdhc5jvh/1LFl3X+lS7dB547UzhdhQZOxURGMRw
rXO0N9HwtvoX11g4OqPgDvSDqI8Rh4RcUM2GuxtJi1tP6UYwOE1SulCPoMVdkSgc
5g597m3JxeWiciO5E3sZscaLqV1I/sZzOTQwvGh3KT09sHP5TyXWR2mJUdRsMQ1b
AiG3Urc2AFsTF1FeV55MSE8oShD21aJvAaHfjqVSkIA0/Q==
-----END CERTIFICATE-----
Generated at Mon Mar 2 01:01:51 2026 by rpki-client