Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/78f049e0-a9a9-4ac6-aeaf-9fde546d76b5.roa
File: 78f049e0-a9a9-4ac6-aeaf-9fde546d76b5.roa (raw, json)
Hash identifier: jgi1F6E/gNFrg+scicV+F2jxGVsVDk3QylYxmvgM8cY=
Subject key identifier: 95:A2:32:E6:29:3E:E9:9E:7D:27:0D:5B:20:FE:37:AE:4A:69:59:5F
Certificate issuer: /CN=df759b5af3da6c9df033b0de998970a4e79655d0
Certificate serial: 43A3C9841A9853DA47BB9CC114461E49603C84EC
Authority key identifier: DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/78f049e0-a9a9-4ac6-aeaf-9fde546d76b5.roa
Signing time: Thu 26 Feb 2026 02:00:07 +0000
ROA not before: Thu 26 Feb 2026 02:00:07 +0000
ROA not after: Wed 27 May 2026 23:59:59 +0000
asID: 16509
IP address blocks: 51.0.138.0/23 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.mft
rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 15:00:27 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
43:a3:c9:84:1a:98:53:da:47:bb:9c:c1:14:46:1e:49:60:3c:84:ec
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=df759b5af3da6c9df033b0de998970a4e79655d0
Validity
Not Before: Feb 26 02:00:07 2026 GMT
Not After : May 27 23:59:59 2026 GMT
Subject: serialNumber=95b07eb1f5c500c2e4d1d139d617e99b46f3b60ca3aae7bcc20b7e7a7b2d218c, CN=98d67deb-bb75-4e77-b1a0-36016b2d6350
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8f:5c:b6:14:5d:26:5f:14:88:ae:6c:eb:63:90:
d4:58:0e:eb:60:1b:95:5c:13:39:9e:95:65:a9:0e:
9c:fa:92:a7:ed:12:4b:78:cb:fa:81:f5:b8:00:65:
dd:58:55:91:a0:ca:c4:1f:0a:15:89:1a:e2:00:f6:
bf:e7:1d:f3:78:a4:5f:51:ba:21:d0:cc:a5:be:e1:
aa:d4:df:c9:33:9a:f5:a2:7d:b5:a5:55:66:22:11:
4c:4a:d7:c0:f6:8d:b7:4c:3f:0d:a3:93:7f:18:2f:
95:c6:96:dd:ed:eb:0e:f3:7a:b7:1b:47:91:9d:8e:
8c:3f:2c:cc:75:01:08:d9:cf:b8:29:12:95:37:aa:
1d:e7:f9:25:32:83:b1:76:8b:9c:67:83:81:7e:65:
1a:e1:66:e9:ce:32:ea:7e:7c:fd:bd:71:9a:f5:dd:
40:5d:12:ec:d3:e4:ef:37:ca:bf:fd:99:c2:57:10:
ce:63:3f:41:8d:45:3a:15:2e:96:62:8f:8c:45:4f:
c1:5f:09:4e:63:ea:05:55:c5:ba:24:e7:b1:0d:2c:
90:b7:dd:22:9d:51:2d:21:df:5c:8b:c2:8b:7e:21:
17:81:0c:aa:18:f9:8f:16:4a:ea:ab:a1:41:18:b0:
73:20:7b:57:4b:c8:b3:82:06:1b:70:03:da:6f:cd:
ca:5b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
95:A2:32:E6:29:3E:E9:9E:7D:27:0D:5B:20:FE:37:AE:4A:69:59:5F
X509v3 Authority Key Identifier:
keyid:DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/78f049e0-a9a9-4ac6-aeaf-9fde546d76b5.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
51.0.138.0/23
Signature Algorithm: sha256WithRSAEncryption
22:dc:ab:05:d4:13:28:d5:99:c7:0e:c7:ef:e6:5a:6b:b3:5d:
e7:70:cd:83:07:ac:cb:cf:8c:2e:b7:4e:7f:a0:6f:66:7c:a6:
4f:69:2e:69:ae:e6:c4:5c:9d:d1:b6:bc:3c:32:b1:ae:93:fc:
7f:b0:61:6c:30:81:ef:f5:bd:b7:b3:d4:c5:e3:77:46:eb:8f:
ac:d5:13:90:80:ad:c1:4c:d9:c7:e9:e4:1d:a0:c3:95:24:6d:
f7:6e:60:22:69:8a:47:79:fa:bc:25:89:d3:ca:a8:cc:4a:50:
83:13:10:04:2c:ba:37:c2:d6:cc:6a:73:c6:39:39:ac:e6:a1:
c1:c3:45:ae:01:22:8a:a2:dd:b9:1b:48:96:ae:3a:e0:fd:7f:
78:04:cc:af:0e:d6:1f:91:20:1d:da:ad:b6:b7:21:65:c0:cc:
63:92:cb:7a:db:3b:16:6e:1b:8e:bc:2a:63:d1:c8:55:a9:5e:
7f:ee:11:c6:b7:50:c3:12:03:fa:24:11:b3:29:61:9b:7c:be:
33:66:85:47:90:a4:f3:dd:b3:80:a7:e8:2e:fe:b3:77:c1:48:
28:a1:ef:41:46:db:89:7b:30:81:ae:98:c2:a2:68:d5:b5:b0:
54:a2:8d:fb:cd:d1:b9:bb:dd:eb:b5:86:fa:68:23:7d:e7:c8:
a1:db:70:03
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUQ6PJhBqYU9pHu5zBFEYeSWA8hOwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGY3NTliNWFmM2RhNmM5ZGYwMzNiMGRlOTk4OTcwYTRl
Nzk2NTVkMDAeFw0yNjAyMjYwMjAwMDdaFw0yNjA1MjcyMzU5NTlaMHoxSTBHBgNV
BAUTQDk1YjA3ZWIxZjVjNTAwYzJlNGQxZDEzOWQ2MTdlOTliNDZmM2I2MGNhM2Fh
ZTdiY2MyMGI3ZTdhN2IyZDIxOGMxLTArBgNVBAMTJDk4ZDY3ZGViLWJiNzUtNGU3
Ny1iMWEwLTM2MDE2YjJkNjM1MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAI9cthRdJl8UiK5s62OQ1FgO62AblVwTOZ6VZakOnPqSp+0SS3jL+oH1uABl
3VhVkaDKxB8KFYka4gD2v+cd83ikX1G6IdDMpb7hqtTfyTOa9aJ9taVVZiIRTErX
wPaNt0w/DaOTfxgvlcaW3e3rDvN6txtHkZ2OjD8szHUBCNnPuCkSlTeqHef5JTKD
sXaLnGeDgX5lGuFm6c4y6n58/b1xmvXdQF0S7NPk7zfKv/2ZwlcQzmM/QY1FOhUu
lmKPjEVPwV8JTmPqBVXFuiTnsQ0skLfdIp1RLSHfXIvCi34hF4EMqhj5jxZK6quh
QRiwcyB7V0vIs4IGG3AD2m/NylsCAwEAAaOCAiEwggIdMB0GA1UdDgQWBBSVojLm
KT7pnn0nDVsg/jeuSmlZXzAfBgNVHSMEGDAWgBTfdZta89psnfAzsN6ZiXCk55ZV
0DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzMzV2JXdlBh
Ykozd003RGVtWWx3cE9lV1ZkQS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9mZTM3MzdmYi0wOTVkLTQ0NGMtOTJmNC0zZjcyMjFmYjU0NGMv
NzhmMDQ5ZTAtYTlhOS00YWM2LWFlYWYtOWZkZTU0NmQ3NmI1LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZmUzNzM3ZmItMDk1ZC00NDRjLTkyZjQtM2Y3MjIxZmI1
NDRjLzBYRTV0WlZ5dUdlYUFfaDctMXFCcDdhWTRTby5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEATMAijAN
BgkqhkiG9w0BAQsFAAOCAQEAItyrBdQTKNWZxw7H7+Zaa7Nd53DNgwesy8+MLrdO
f6BvZnymT2kuaa7mxFyd0ba8PDKxrpP8f7BhbDCB7/W9t7PUxeN3RuuPrNUTkICt
wUzZx+nkHaDDlSRt925gImmKR3n6vCWJ08qozEpQgxMQBCy6N8LWzGpzxjk5rOah
wcNFrgEiiqLduRtIlq464P1/eATMrw7WH5EgHdqttrchZcDMY5LLets7Fm4bjrwq
Y9HIValef+4RxrdQwxID+iQRsylhm3y+M2aFR5Ck892zgKfoLv6zd8FIKKHvQUbb
iXswga6YwqJo1bWwVKKN+83Rubvd67WG+mgjfefIodtwAw==
-----END CERTIFICATE-----
Generated at Sun Mar 1 21:57:22 2026 by rpki-client