Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/409e157b-4120-4d9a-987d-302a50987746.roa
File: 409e157b-4120-4d9a-987d-302a50987746.roa (raw, json)
Hash identifier: Figq/orpihPLJ/d4qNW+LO9DFVsfMlqDq/1yUxGbioE=
Subject key identifier: 9E:A8:04:3B:52:6A:B5:E5:4E:CC:6A:A1:D5:F1:2B:26:70:B4:0A:40
Certificate issuer: /CN=df759b5af3da6c9df033b0de998970a4e79655d0
Certificate serial: 7637A1FF5404F0A519653B899BCBAEB8C2712F2C
Authority key identifier: DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/409e157b-4120-4d9a-987d-302a50987746.roa
Signing time: Thu 26 Feb 2026 02:00:07 +0000
ROA not before: Thu 26 Feb 2026 02:00:07 +0000
ROA not after: Wed 27 May 2026 23:59:59 +0000
asID: 16509
IP address blocks: 51.0.128.0/17 maxlen: 17
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.mft
rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 15:00:27 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
76:37:a1:ff:54:04:f0:a5:19:65:3b:89:9b:cb:ae:b8:c2:71:2f:2c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=df759b5af3da6c9df033b0de998970a4e79655d0
Validity
Not Before: Feb 26 02:00:07 2026 GMT
Not After : May 27 23:59:59 2026 GMT
Subject: serialNumber=a2300927c11ba5d37a7b72b1cf4aaf623e55612a48f3b9b27e1d49d492294639, CN=98d67deb-bb75-4e77-b1a0-36016b2d6350
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a3:97:15:e9:f5:89:86:f3:71:5e:81:70:88:24:
47:93:9f:33:d6:d1:c2:a1:d3:69:a0:66:63:0a:86:
d5:70:54:f4:5f:d7:dd:6f:28:5d:d2:62:59:c5:65:
b9:4a:45:c9:95:4d:5d:94:e7:ea:4c:fb:8f:32:23:
91:16:d9:db:48:53:32:12:fa:a1:c4:0f:40:6b:9c:
8f:56:a2:c6:c5:5d:cf:bd:fe:0a:f8:e6:f8:ef:af:
ce:b5:de:53:c3:69:19:7d:d6:47:ec:9d:82:06:50:
02:f8:5f:3e:15:ea:c3:9b:72:db:d4:80:15:8f:13:
5d:76:1b:94:cf:5b:1b:f8:05:bb:ac:bd:53:fe:64:
f0:20:06:13:9a:10:e6:f6:af:7b:b2:dc:38:d7:e4:
11:17:59:df:f6:22:85:a8:5e:f7:41:e0:8f:ac:0a:
14:32:17:ee:3d:77:3d:84:dd:18:25:65:1a:b9:64:
82:f6:bd:b4:4a:09:29:fb:2e:8a:17:8b:f9:94:8c:
b6:c8:97:2f:9c:8c:88:27:5c:90:51:8c:4e:cc:a3:
67:4f:fc:a9:d2:2e:f4:93:7d:7a:39:24:6c:e2:d3:
0e:6d:1e:d4:7b:32:90:dc:aa:5c:2e:93:4a:b5:7e:
d0:5f:42:8d:f3:56:0d:cd:63:25:c1:5b:0d:8b:c1:
70:8d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9E:A8:04:3B:52:6A:B5:E5:4E:CC:6A:A1:D5:F1:2B:26:70:B4:0A:40
X509v3 Authority Key Identifier:
keyid:DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/409e157b-4120-4d9a-987d-302a50987746.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
51.0.128.0/17
Signature Algorithm: sha256WithRSAEncryption
4e:47:85:0f:10:fc:7b:5b:9c:87:48:fc:69:48:12:9a:c2:a6:
f9:5e:6b:9e:f9:5f:a4:19:ec:4b:fe:e8:c4:de:7a:42:a8:a2:
ae:1b:c8:17:e9:a0:f0:fd:a7:71:36:f4:88:99:63:b4:0c:85:
d3:0b:a5:c6:52:cd:5f:d5:b4:0a:74:fc:24:a0:0b:79:ce:7d:
ee:63:28:a3:84:95:b8:07:45:a0:38:52:07:2f:0d:c0:9b:62:
74:0d:8c:55:c7:43:82:9d:b9:d4:db:5a:a5:49:24:dd:b4:36:
ef:b1:9c:ce:ee:07:da:cc:08:01:f7:58:79:f3:18:ac:94:c5:
b7:9a:f9:8f:66:7e:eb:3a:dd:24:24:fb:5b:16:11:6a:8d:11:
2c:fe:fd:c4:38:92:cd:59:45:98:6d:64:38:ab:07:9a:01:62:
20:a3:89:19:45:fb:eb:e2:2d:b0:12:68:e8:7f:ce:96:cb:a5:
77:1e:ab:86:7a:5c:75:17:8f:61:5e:15:d4:6e:66:74:85:b9:
f9:e2:9c:c5:c5:07:dc:2c:99:80:bd:2c:d5:76:42:83:f6:fe:
7e:9f:d7:ad:d3:09:eb:1a:ac:cb:73:7b:1c:e0:cc:99:76:04:
cd:d8:6d:cf:90:25:10:ca:fb:eb:8f:4b:a6:5d:40:92:42:d4:
37:e1:06:5a
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUdjeh/1QE8KUZZTuJm8uuuMJxLywwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGY3NTliNWFmM2RhNmM5ZGYwMzNiMGRlOTk4OTcwYTRl
Nzk2NTVkMDAeFw0yNjAyMjYwMjAwMDdaFw0yNjA1MjcyMzU5NTlaMHoxSTBHBgNV
BAUTQGEyMzAwOTI3YzExYmE1ZDM3YTdiNzJiMWNmNGFhZjYyM2U1NTYxMmE0OGYz
YjliMjdlMWQ0OWQ0OTIyOTQ2MzkxLTArBgNVBAMTJDk4ZDY3ZGViLWJiNzUtNGU3
Ny1iMWEwLTM2MDE2YjJkNjM1MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKOXFen1iYbzcV6BcIgkR5OfM9bRwqHTaaBmYwqG1XBU9F/X3W8oXdJiWcVl
uUpFyZVNXZTn6kz7jzIjkRbZ20hTMhL6ocQPQGucj1aixsVdz73+Cvjm+O+vzrXe
U8NpGX3WR+ydggZQAvhfPhXqw5ty29SAFY8TXXYblM9bG/gFu6y9U/5k8CAGE5oQ
5vave7LcONfkERdZ3/Yihahe90Hgj6wKFDIX7j13PYTdGCVlGrlkgva9tEoJKfsu
iheL+ZSMtsiXL5yMiCdckFGMTsyjZ0/8qdIu9JN9ejkkbOLTDm0e1HsykNyqXC6T
SrV+0F9CjfNWDc1jJcFbDYvBcI0CAwEAAaOCAiEwggIdMB0GA1UdDgQWBBSeqAQ7
Umq15U7MaqHV8SsmcLQKQDAfBgNVHSMEGDAWgBTfdZta89psnfAzsN6ZiXCk55ZV
0DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzMzV2JXdlBh
Ykozd003RGVtWWx3cE9lV1ZkQS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9mZTM3MzdmYi0wOTVkLTQ0NGMtOTJmNC0zZjcyMjFmYjU0NGMv
NDA5ZTE1N2ItNDEyMC00ZDlhLTk4N2QtMzAyYTUwOTg3NzQ2LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZmUzNzM3ZmItMDk1ZC00NDRjLTkyZjQtM2Y3MjIxZmI1
NDRjLzBYRTV0WlZ5dUdlYUFfaDctMXFCcDdhWTRTby5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEBzMAgDAN
BgkqhkiG9w0BAQsFAAOCAQEATkeFDxD8e1uch0j8aUgSmsKm+V5rnvlfpBnsS/7o
xN56QqiirhvIF+mg8P2ncTb0iJljtAyF0wulxlLNX9W0CnT8JKALec597mMoo4SV
uAdFoDhSBy8NwJtidA2MVcdDgp251NtapUkk3bQ277Gczu4H2swIAfdYefMYrJTF
t5r5j2Z+6zrdJCT7WxYRao0RLP79xDiSzVlFmG1kOKsHmgFiIKOJGUX76+ItsBJo
6H/Olsuldx6rhnpcdRePYV4V1G5mdIW5+eKcxcUH3CyZgL0s1XZCg/b+fp/XrdMJ
6xqsy3N7HODMmXYEzdhtz5AlEMr7649Lpl1AkkLUN+EGWg==
-----END CERTIFICATE-----
Generated at Sun Mar 1 23:50:05 2026 by rpki-client