Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/5e0372f9-155c-44b5-a4db-e3da48adfab2.roa
File: 5e0372f9-155c-44b5-a4db-e3da48adfab2.roa (raw, json)
Hash identifier: VKIpL4Fbb4DmtTQ0GG+KV2DyfZ3ctHtPLetJt0IjThU=
Subject key identifier: 82:D0:E0:B2:5B:34:89:B6:8F:C4:88:E6:F7:59:11:46:96:42:10:C6
Certificate issuer: /CN=df759b5af3da6c9df033b0de998970a4e79655d0
Certificate serial: 23F11A6637602CF1E480DD8120B993AABAC5EA59
Authority key identifier: DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/5e0372f9-155c-44b5-a4db-e3da48adfab2.roa
Signing time: Thu 26 Feb 2026 02:00:12 +0000
ROA not before: Thu 26 Feb 2026 02:00:12 +0000
ROA not after: Wed 27 May 2026 23:59:59 +0000
asID: 16509
IP address blocks: 51.0.0.0/20 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.mft
rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 15:00:27 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
23:f1:1a:66:37:60:2c:f1:e4:80:dd:81:20:b9:93:aa:ba:c5:ea:59
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=df759b5af3da6c9df033b0de998970a4e79655d0
Validity
Not Before: Feb 26 02:00:12 2026 GMT
Not After : May 27 23:59:59 2026 GMT
Subject: serialNumber=99f942c10b46cddef8e6d024f0c7d8d09d3be461e39adaaddd55f0250cff46d4, CN=98d67deb-bb75-4e77-b1a0-36016b2d6350
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d8:bf:9d:69:c8:90:2a:43:44:08:8a:ac:2a:d1:
e3:23:2b:8f:ae:5c:61:eb:f3:19:cf:f1:2e:46:54:
8c:13:0b:e7:f1:56:55:14:8c:40:15:83:d9:13:df:
d7:a7:73:eb:6c:d5:6d:cd:ac:12:d8:c0:a0:98:43:
d5:c1:b5:bf:7b:30:02:fe:b7:df:9e:d3:82:4e:8c:
99:c2:a2:8e:0b:2c:65:7a:c8:da:15:f0:ca:88:ee:
27:cd:d0:33:03:e0:31:a7:66:43:dc:98:2b:b8:23:
f6:9e:41:6d:c9:b0:24:0c:5c:21:2a:77:ca:ab:13:
ed:2b:5a:4f:8a:09:50:40:ec:08:81:92:df:97:56:
f0:2e:4c:9e:7d:a4:61:73:13:76:75:b5:d6:17:78:
5c:82:00:ae:4d:d2:25:e5:87:43:c2:ff:61:4b:bd:
09:e4:e1:b1:29:e1:67:66:95:07:7b:cc:0c:fd:06:
f7:66:7c:ef:4a:6d:98:2d:c3:c0:ff:6b:5e:73:0d:
47:ed:9d:f4:92:19:09:be:8a:66:7f:72:30:35:42:
db:c0:af:0c:8a:c7:b9:a3:1c:d9:df:86:4b:61:ce:
b3:a7:40:04:4b:25:43:9a:b2:9f:8b:61:22:c7:90:
79:70:96:20:f7:ab:50:5e:f2:f2:25:2c:42:f2:fd:
20:2d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
82:D0:E0:B2:5B:34:89:B6:8F:C4:88:E6:F7:59:11:46:96:42:10:C6
X509v3 Authority Key Identifier:
keyid:DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/5e0372f9-155c-44b5-a4db-e3da48adfab2.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
51.0.0.0/20
Signature Algorithm: sha256WithRSAEncryption
37:f6:19:99:e3:52:a2:97:fb:47:b6:29:a4:f7:dc:84:d3:ca:
a6:38:0c:e4:0e:20:70:4f:4c:14:92:3d:c8:8a:5a:a0:46:d3:
54:71:a2:50:52:ba:44:97:a3:e8:d8:8f:cd:8b:fa:72:cc:f5:
73:77:cb:e2:78:10:83:f7:c4:0e:92:cf:31:ea:0a:1e:f6:29:
94:39:f8:ec:38:ab:06:49:62:46:2c:de:52:0f:48:04:03:b9:
42:10:c6:27:4c:a1:91:e9:f4:aa:64:2a:8f:9c:44:6f:e8:d1:
68:05:8e:4d:7e:50:15:e1:c8:08:b2:12:ff:f7:0f:2e:e5:30:
c8:02:1e:13:36:e8:a1:26:32:c7:ea:b7:cf:83:01:22:21:ab:
df:42:a8:80:71:e8:7c:a3:1b:9c:f4:21:61:9b:eb:26:fd:b4:
23:9e:47:d6:8e:0e:ee:59:f7:4d:30:68:43:92:2c:25:b4:47:
3f:07:06:3a:34:a5:71:5a:d9:7b:54:32:cf:ad:d5:14:13:a1:
34:d0:48:9c:45:76:46:f5:53:54:6b:93:f0:ba:b4:15:ed:b9:
a1:11:dd:66:ab:5c:e9:04:59:61:63:65:61:77:a8:c4:06:63:
4f:90:00:d5:1e:9b:34:14:8d:d9:0a:2f:98:f9:ca:40:1b:b6:
34:42:7a:01
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUI/EaZjdgLPHkgN2BILmTqrrF6lkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGY3NTliNWFmM2RhNmM5ZGYwMzNiMGRlOTk4OTcwYTRl
Nzk2NTVkMDAeFw0yNjAyMjYwMjAwMTJaFw0yNjA1MjcyMzU5NTlaMHoxSTBHBgNV
BAUTQDk5Zjk0MmMxMGI0NmNkZGVmOGU2ZDAyNGYwYzdkOGQwOWQzYmU0NjFlMzlh
ZGFhZGRkNTVmMDI1MGNmZjQ2ZDQxLTArBgNVBAMTJDk4ZDY3ZGViLWJiNzUtNGU3
Ny1iMWEwLTM2MDE2YjJkNjM1MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANi/nWnIkCpDRAiKrCrR4yMrj65cYevzGc/xLkZUjBML5/FWVRSMQBWD2RPf
16dz62zVbc2sEtjAoJhD1cG1v3swAv63357Tgk6MmcKijgssZXrI2hXwyojuJ83Q
MwPgMadmQ9yYK7gj9p5BbcmwJAxcISp3yqsT7StaT4oJUEDsCIGS35dW8C5Mnn2k
YXMTdnW11hd4XIIArk3SJeWHQ8L/YUu9CeThsSnhZ2aVB3vMDP0G92Z870ptmC3D
wP9rXnMNR+2d9JIZCb6KZn9yMDVC28CvDIrHuaMc2d+GS2HOs6dABEslQ5qyn4th
IseQeXCWIPerUF7y8iUsQvL9IC0CAwEAAaOCAiEwggIdMB0GA1UdDgQWBBSC0OCy
WzSJto/EiOb3WRFGlkIQxjAfBgNVHSMEGDAWgBTfdZta89psnfAzsN6ZiXCk55ZV
0DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzMzV2JXdlBh
Ykozd003RGVtWWx3cE9lV1ZkQS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9mZTM3MzdmYi0wOTVkLTQ0NGMtOTJmNC0zZjcyMjFmYjU0NGMv
NWUwMzcyZjktMTU1Yy00NGI1LWE0ZGItZTNkYTQ4YWRmYWIyLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZmUzNzM3ZmItMDk1ZC00NDRjLTkyZjQtM2Y3MjIxZmI1
NDRjLzBYRTV0WlZ5dUdlYUFfaDctMXFCcDdhWTRTby5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEBDMAADAN
BgkqhkiG9w0BAQsFAAOCAQEAN/YZmeNSopf7R7YppPfchNPKpjgM5A4gcE9MFJI9
yIpaoEbTVHGiUFK6RJej6NiPzYv6csz1c3fL4ngQg/fEDpLPMeoKHvYplDn47Dir
BkliRizeUg9IBAO5QhDGJ0yhken0qmQqj5xEb+jRaAWOTX5QFeHICLIS//cPLuUw
yAIeEzbooSYyx+q3z4MBIiGr30KogHHofKMbnPQhYZvrJv20I55H1o4O7ln3TTBo
Q5IsJbRHPwcGOjSlcVrZe1Qyz63VFBOhNNBInEV2RvVTVGuT8Lq0Fe25oRHdZqtc
6QRZYWNlYXeoxAZjT5AA1R6bNBSN2QovmPnKQBu2NEJ6AQ==
-----END CERTIFICATE-----
Generated at Sun Mar 1 23:34:40 2026 by rpki-client