Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/28dd94b2-8e51-494f-9933-f9f2e07c6aa1.roa
File: 28dd94b2-8e51-494f-9933-f9f2e07c6aa1.roa (raw, json)
Hash identifier: 8NsgXGCUXuPkxnJHhCzRtviHfFGN9YHvIwWopW75sDM=
Subject key identifier: 04:42:D1:86:DA:32:43:2A:3D:13:B8:11:97:D8:10:2C:50:44:EF:6A
Certificate issuer: /CN=df759b5af3da6c9df033b0de998970a4e79655d0
Certificate serial: 5376F52357E5BEF53A2EA012D10936BD968C609E
Authority key identifier: DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/28dd94b2-8e51-494f-9933-f9f2e07c6aa1.roa
Signing time: Thu 26 Feb 2026 02:00:09 +0000
ROA not before: Thu 26 Feb 2026 02:00:09 +0000
ROA not after: Wed 27 May 2026 23:59:59 +0000
asID: 16509
IP address blocks: 51.224.0.0/15 maxlen: 15
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.mft
rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 15:00:27 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
53:76:f5:23:57:e5:be:f5:3a:2e:a0:12:d1:09:36:bd:96:8c:60:9e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=df759b5af3da6c9df033b0de998970a4e79655d0
Validity
Not Before: Feb 26 02:00:09 2026 GMT
Not After : May 27 23:59:59 2026 GMT
Subject: serialNumber=e81c1eca74db21717e15dd75084a34eed2caa90bb62aac198922b8780bc5eac3, CN=98d67deb-bb75-4e77-b1a0-36016b2d6350
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c8:c5:a8:67:7b:13:14:07:5a:1c:1a:01:79:31:
eb:ae:0a:a9:3f:9c:4a:02:83:af:e6:7f:c2:44:41:
c0:d3:b5:a0:7b:4b:e6:e5:04:d8:e9:9b:92:d5:41:
5c:43:7b:0e:4d:b3:59:fc:fc:82:45:24:d0:8e:da:
8a:c2:ee:99:ab:2b:11:1f:46:3c:ff:77:54:49:7c:
31:b0:41:fb:4d:da:6a:33:34:fa:ca:ba:36:a6:e2:
02:60:6a:4d:13:33:4d:2f:f3:a6:8d:29:13:15:b4:
ae:76:ef:06:96:c2:2b:98:2b:46:86:dd:9b:95:07:
65:d8:73:4f:76:1b:6d:ec:0b:f0:5d:a0:93:54:7b:
b7:2b:12:73:b4:f0:1c:d2:7c:a2:18:b5:5a:f3:b6:
81:99:b7:02:49:90:d6:4d:18:60:1a:f6:f8:3d:26:
ed:15:c8:84:f5:f0:32:af:d5:76:eb:87:98:b8:5c:
7e:95:4f:5b:5d:05:fe:0a:03:80:54:f9:bf:8e:21:
dd:34:35:e1:54:71:f4:59:8e:41:4f:0a:44:27:e1:
6c:99:2c:b1:50:37:1a:d9:99:9c:d1:f9:33:0e:81:
78:ae:4c:37:bd:d2:f1:53:57:98:21:56:00:11:4a:
e1:c9:1d:ba:09:27:8f:a9:89:c9:b7:46:22:f5:a4:
18:07
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
04:42:D1:86:DA:32:43:2A:3D:13:B8:11:97:D8:10:2C:50:44:EF:6A
X509v3 Authority Key Identifier:
keyid:DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/28dd94b2-8e51-494f-9933-f9f2e07c6aa1.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
51.224.0.0/15
Signature Algorithm: sha256WithRSAEncryption
15:2b:71:57:11:14:8e:fb:5a:aa:72:23:7e:76:61:7c:b7:b3:
a6:ea:97:84:0e:0a:6c:e2:50:b1:ed:44:91:96:3c:18:60:d7:
ea:00:4b:af:06:96:55:c7:76:8c:09:2c:10:e5:2d:02:ec:98:
4e:14:66:82:fe:e6:9d:2b:b1:ad:b5:57:a7:d0:cc:5f:ca:56:
e1:56:74:e3:f1:9c:ae:49:ab:32:49:88:aa:40:92:db:b5:ca:
9d:35:9c:29:ab:dc:d3:1e:19:d4:b5:0e:80:66:8a:85:b6:6b:
ef:fe:d4:4b:04:d4:95:a9:1a:5a:7b:c4:79:86:23:a0:14:04:
eb:63:43:ae:d1:05:ef:e7:8b:66:c5:0b:20:39:d0:a1:90:88:
cb:0b:bf:c1:a9:54:84:c6:9d:78:5e:4a:b8:f1:d6:5e:14:1a:
40:ab:fd:5d:0c:fd:9e:13:42:3c:b5:b4:a3:bd:6b:4c:54:63:
bf:43:a8:01:a2:3b:51:02:90:a6:7f:cd:8c:a1:28:af:c8:0e:
33:86:94:ec:97:d8:9c:fd:e0:ab:4e:36:e4:46:7a:3b:80:f2:
40:b5:7d:ae:78:e5:af:0d:8b:c2:14:39:a5:c9:21:b5:70:52:
e8:a4:f7:ce:d5:92:ba:c4:29:63:2d:62:30:b5:d2:ae:c1:03:
ff:47:e9:af
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUU3b1I1flvvU6LqAS0Qk2vZaMYJ4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGY3NTliNWFmM2RhNmM5ZGYwMzNiMGRlOTk4OTcwYTRl
Nzk2NTVkMDAeFw0yNjAyMjYwMjAwMDlaFw0yNjA1MjcyMzU5NTlaMHoxSTBHBgNV
BAUTQGU4MWMxZWNhNzRkYjIxNzE3ZTE1ZGQ3NTA4NGEzNGVlZDJjYWE5MGJiNjJh
YWMxOTg5MjJiODc4MGJjNWVhYzMxLTArBgNVBAMTJDk4ZDY3ZGViLWJiNzUtNGU3
Ny1iMWEwLTM2MDE2YjJkNjM1MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMjFqGd7ExQHWhwaAXkx664KqT+cSgKDr+Z/wkRBwNO1oHtL5uUE2OmbktVB
XEN7Dk2zWfz8gkUk0I7aisLumasrER9GPP93VEl8MbBB+03aajM0+sq6NqbiAmBq
TRMzTS/zpo0pExW0rnbvBpbCK5grRobdm5UHZdhzT3YbbewL8F2gk1R7tysSc7Tw
HNJ8ohi1WvO2gZm3AkmQ1k0YYBr2+D0m7RXIhPXwMq/VduuHmLhcfpVPW10F/goD
gFT5v44h3TQ14VRx9FmOQU8KRCfhbJkssVA3GtmZnNH5Mw6BeK5MN73S8VNXmCFW
ABFK4ckdugknj6mJybdGIvWkGAcCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBQEQtGG
2jJDKj0TuBGX2BAsUETvajAfBgNVHSMEGDAWgBTfdZta89psnfAzsN6ZiXCk55ZV
0DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzMzV2JXdlBh
Ykozd003RGVtWWx3cE9lV1ZkQS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9mZTM3MzdmYi0wOTVkLTQ0NGMtOTJmNC0zZjcyMjFmYjU0NGMv
MjhkZDk0YjItOGU1MS00OTRmLTk5MzMtZjlmMmUwN2M2YWExLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZmUzNzM3ZmItMDk1ZC00NDRjLTkyZjQtM2Y3MjIxZmI1
NDRjLzBYRTV0WlZ5dUdlYUFfaDctMXFCcDdhWTRTby5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDATPgMA0G
CSqGSIb3DQEBCwUAA4IBAQAVK3FXERSO+1qqciN+dmF8t7Om6peEDgps4lCx7USR
ljwYYNfqAEuvBpZVx3aMCSwQ5S0C7JhOFGaC/uadK7GttVen0MxfylbhVnTj8Zyu
SasySYiqQJLbtcqdNZwpq9zTHhnUtQ6AZoqFtmvv/tRLBNSVqRpae8R5hiOgFATr
Y0Ou0QXv54tmxQsgOdChkIjLC7/BqVSExp14Xkq48dZeFBpAq/1dDP2eE0I8tbSj
vWtMVGO/Q6gBojtRApCmf82MoSivyA4zhpTsl9ic/eCrTjbkRno7gPJAtX2ueOWv
DYvCFDmlySG1cFLopPfO1ZK6xCljLWIwtdKuwQP/R+mv
-----END CERTIFICATE-----
Generated at Sun Mar 1 23:49:44 2026 by rpki-client