Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/615d3e86-4d7a-49e4-8e47-2075cfdb3c69.roa
File: 615d3e86-4d7a-49e4-8e47-2075cfdb3c69.roa (raw, json)
Hash identifier: X1DDqqZfHvG5mHYHAzLMt97pL7HnbgrnR/W5DlRj76E=
Subject key identifier: CC:F3:CE:9D:F1:09:38:A7:E9:25:78:2F:47:B2:D2:69:FE:AF:78:35
Certificate issuer: /CN=df759b5af3da6c9df033b0de998970a4e79655d0
Certificate serial: 49C5A75C4542DACC0CB6849A70B080D3557D2235
Authority key identifier: DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/615d3e86-4d7a-49e4-8e47-2075cfdb3c69.roa
Signing time: Fri 10 Apr 2026 00:00:12 +0000
ROA not before: Fri 10 Apr 2026 00:00:12 +0000
ROA not after: Thu 09 Jul 2026 23:59:59 +0000
asID: 16509
IP address blocks: 51.172.0.0/15 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.mft
rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 17 Apr 2026 22:00:20 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
49:c5:a7:5c:45:42:da:cc:0c:b6:84:9a:70:b0:80:d3:55:7d:22:35
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=df759b5af3da6c9df033b0de998970a4e79655d0
Validity
Not Before: Apr 10 00:00:12 2026 GMT
Not After : Jul 9 23:59:59 2026 GMT
Subject: serialNumber=5422deaeccf9dfe1a9e04fc21d7b61d776a0f0164f728677f240c8154f2ee9d3, CN=98d67deb-bb75-4e77-b1a0-36016b2d6350
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bc:2f:c0:4b:9f:e8:4c:97:31:26:ab:99:66:8a:
de:29:94:77:be:a4:b9:f6:d8:d5:54:ba:d1:00:9c:
2a:30:cc:18:70:7f:06:91:d8:93:09:33:b5:a0:36:
2b:23:b8:9a:7c:43:fe:40:5e:3a:be:e1:d3:af:8c:
40:ea:40:14:52:f1:21:9b:5a:1d:3c:82:75:3d:b7:
13:51:8d:0f:d2:19:cf:72:6e:c7:24:3c:40:ff:cd:
39:1c:fa:61:37:a5:f5:b0:03:98:c0:f9:cb:03:8f:
11:29:8a:d1:62:2f:de:ea:f8:9b:61:fb:6f:0e:a9:
dd:40:69:f7:a4:73:ba:80:63:4a:a9:06:d7:35:a3:
73:ff:36:d5:ce:a0:f5:55:0e:23:54:a4:29:ff:d1:
17:fe:57:95:8e:86:fe:71:00:ca:02:e5:58:51:32:
54:37:aa:43:49:19:41:52:e1:21:72:55:8c:fb:7e:
65:81:87:ca:7d:42:33:d2:d5:ac:29:08:6d:28:56:
2a:15:a9:00:b3:15:b4:dc:eb:55:97:42:61:92:86:
c5:f1:50:5f:44:4c:6a:dc:a2:98:9e:75:49:b2:99:
26:5b:54:bc:80:6f:9f:8d:f1:6e:c3:5e:42:a5:38:
1c:69:4f:a6:b2:e2:a7:82:10:af:2f:ee:0d:8b:f1:
b2:a1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CC:F3:CE:9D:F1:09:38:A7:E9:25:78:2F:47:B2:D2:69:FE:AF:78:35
X509v3 Authority Key Identifier:
keyid:DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/615d3e86-4d7a-49e4-8e47-2075cfdb3c69.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
51.172.0.0/15
Signature Algorithm: sha256WithRSAEncryption
2e:18:5c:8c:17:7b:d3:71:62:db:2d:b8:75:9b:1c:3f:b6:b3:
eb:07:d7:12:87:bf:ef:84:2c:ed:85:09:70:db:1f:e0:5e:a2:
a8:56:16:d8:d8:d3:6c:c9:04:60:93:7d:c3:44:5c:f0:03:ca:
e6:e2:a9:bc:7b:81:c6:5d:e2:4c:77:57:fe:68:55:7f:60:f3:
b8:f2:42:c4:9a:d5:1b:84:7b:4b:59:db:39:24:06:d4:3d:cc:
0a:22:94:92:5e:e2:2b:78:ba:a5:38:c4:67:68:0d:06:f0:ed:
d1:f5:73:04:b4:7c:6e:c3:47:e1:0b:5e:fa:3c:33:8e:e6:9c:
13:f7:6f:73:5b:77:6f:2b:f4:a2:7f:ed:9c:84:71:58:b4:3b:
80:62:97:16:0d:dd:1c:75:c1:0d:92:f4:16:46:7d:4e:71:b6:
8f:83:7f:c0:0c:52:fb:dd:d0:77:9a:d2:a4:ef:22:a0:03:20:
69:b3:c5:47:48:b8:cc:57:de:56:20:6b:8f:01:6a:b7:05:d7:
12:f2:c1:7b:9e:db:de:08:33:82:6d:81:2b:10:2a:6e:b9:05:
41:5a:54:26:c2:15:8f:3f:31:5a:04:b4:29:2a:13:2b:f9:bd:
98:47:9b:86:64:0f:65:47:b1:6e:d9:c0:19:cc:0e:8f:d3:ce:
51:0b:24:a6
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUScWnXEVC2swMtoSacLCA01V9IjUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGY3NTliNWFmM2RhNmM5ZGYwMzNiMGRlOTk4OTcwYTRl
Nzk2NTVkMDAeFw0yNjA0MTAwMDAwMTJaFw0yNjA3MDkyMzU5NTlaMHoxSTBHBgNV
BAUTQDU0MjJkZWFlY2NmOWRmZTFhOWUwNGZjMjFkN2I2MWQ3NzZhMGYwMTY0Zjcy
ODY3N2YyNDBjODE1NGYyZWU5ZDMxLTArBgNVBAMTJDk4ZDY3ZGViLWJiNzUtNGU3
Ny1iMWEwLTM2MDE2YjJkNjM1MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALwvwEuf6EyXMSarmWaK3imUd76kufbY1VS60QCcKjDMGHB/BpHYkwkztaA2
KyO4mnxD/kBeOr7h06+MQOpAFFLxIZtaHTyCdT23E1GND9IZz3JuxyQ8QP/NORz6
YTel9bADmMD5ywOPESmK0WIv3ur4m2H7bw6p3UBp96RzuoBjSqkG1zWjc/821c6g
9VUOI1SkKf/RF/5XlY6G/nEAygLlWFEyVDeqQ0kZQVLhIXJVjPt+ZYGHyn1CM9LV
rCkIbShWKhWpALMVtNzrVZdCYZKGxfFQX0RMatyimJ51SbKZJltUvIBvn43xbsNe
QqU4HGlPprLip4IQry/uDYvxsqECAwEAAaOCAiAwggIcMB0GA1UdDgQWBBTM886d
8Qk4p+kleC9HstJp/q94NTAfBgNVHSMEGDAWgBTfdZta89psnfAzsN6ZiXCk55ZV
0DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzMzV2JXdlBh
Ykozd003RGVtWWx3cE9lV1ZkQS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9mZTM3MzdmYi0wOTVkLTQ0NGMtOTJmNC0zZjcyMjFmYjU0NGMv
NjE1ZDNlODYtNGQ3YS00OWU0LThlNDctMjA3NWNmZGIzYzY5LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZmUzNzM3ZmItMDk1ZC00NDRjLTkyZjQtM2Y3MjIxZmI1
NDRjLzBYRTV0WlZ5dUdlYUFfaDctMXFCcDdhWTRTby5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDATOsMA0G
CSqGSIb3DQEBCwUAA4IBAQAuGFyMF3vTcWLbLbh1mxw/trPrB9cSh7/vhCzthQlw
2x/gXqKoVhbY2NNsyQRgk33DRFzwA8rm4qm8e4HGXeJMd1f+aFV/YPO48kLEmtUb
hHtLWds5JAbUPcwKIpSSXuIreLqlOMRnaA0G8O3R9XMEtHxuw0fhC176PDOO5pwT
929zW3dvK/Sif+2chHFYtDuAYpcWDd0cdcENkvQWRn1OcbaPg3/ADFL73dB3mtKk
7yKgAyBps8VHSLjMV95WIGuPAWq3BdcS8sF7ntveCDOCbYErECpuuQVBWlQmwhWP
PzFaBLQpKhMr+b2YR5uGZA9lR7Fu2cAZzA6P085RCySm
-----END CERTIFICATE-----
Generated at Fri Apr 17 08:07:35 2026 by rpki-client