Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/98c39c27-f261-4d67-a85e-ec7479538084.roa
File: 98c39c27-f261-4d67-a85e-ec7479538084.roa (raw, json)
Hash identifier: OULfuIijY5MhgSR5wnXw/auwTAZqZ2f/dGQAdI58BSU=
Subject key identifier: F0:79:7E:CA:EA:9A:B4:3B:11:26:8A:AF:7D:BE:4D:6A:93:E5:ED:AF
Certificate issuer: /CN=df759b5af3da6c9df033b0de998970a4e79655d0
Certificate serial: 6B3BC34641730FAFE067776A69D5414682C41849
Authority key identifier: DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/98c39c27-f261-4d67-a85e-ec7479538084.roa
Signing time: Thu 26 Feb 2026 02:00:10 +0000
ROA not before: Thu 26 Feb 2026 02:00:10 +0000
ROA not after: Wed 27 May 2026 23:59:59 +0000
asID: 16509
IP address blocks: 51.0.132.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.mft
rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 15:00:27 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
6b:3b:c3:46:41:73:0f:af:e0:67:77:6a:69:d5:41:46:82:c4:18:49
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=df759b5af3da6c9df033b0de998970a4e79655d0
Validity
Not Before: Feb 26 02:00:10 2026 GMT
Not After : May 27 23:59:59 2026 GMT
Subject: serialNumber=6ab73df9845a76b49b1a1fdf421429fb4ef4b4ba8657c318702fc519e9b50557, CN=98d67deb-bb75-4e77-b1a0-36016b2d6350
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:aa:14:b4:6f:c2:ac:79:8c:b9:d5:85:b0:66:2c:
ca:f1:97:93:6d:49:2a:e1:57:b4:a2:d5:06:dc:d8:
01:bd:0d:3c:29:b8:1d:5a:45:6e:68:de:f5:7f:eb:
70:d6:b0:c2:5f:cd:18:0f:c8:23:b4:cc:43:9f:a8:
14:6e:fe:b1:06:2e:83:92:7f:64:38:57:77:fa:e5:
81:f4:97:16:26:46:d4:44:57:89:4c:e6:3e:c4:ec:
85:08:83:89:b1:8d:ed:5c:08:86:b6:04:c2:75:fd:
02:d5:92:94:06:47:30:e6:bc:48:a3:8f:f2:c9:58:
e1:ec:f6:2a:09:db:3b:96:35:ce:88:53:eb:04:1e:
04:86:57:ca:f2:ce:07:46:45:7c:f4:d5:f6:36:11:
07:62:b4:ce:65:1e:fa:be:cb:09:9f:98:b6:c7:20:
cd:20:c1:0d:94:79:a8:12:ef:62:47:4a:73:5a:3c:
2b:f2:af:d2:11:fa:81:c7:1f:36:39:81:9e:3d:fa:
b1:51:75:b8:0f:13:d4:5f:35:c4:a7:2f:d8:26:9e:
3d:32:3f:52:6d:4d:0c:f0:41:27:70:10:7d:0b:e2:
53:83:a4:a2:82:57:85:b6:fc:c4:3e:2c:ae:66:65:
66:08:b4:3e:f6:64:fb:87:af:ab:35:49:77:11:f8:
50:19
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F0:79:7E:CA:EA:9A:B4:3B:11:26:8A:AF:7D:BE:4D:6A:93:E5:ED:AF
X509v3 Authority Key Identifier:
keyid:DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/98c39c27-f261-4d67-a85e-ec7479538084.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
51.0.132.0/24
Signature Algorithm: sha256WithRSAEncryption
47:ce:be:6a:19:0f:aa:fd:92:ad:7e:3d:1a:bd:f6:82:8a:37:
83:c3:40:25:22:c6:72:8e:88:03:11:77:fa:7e:52:9b:a7:85:
58:9b:53:c2:55:76:8c:86:49:d5:d0:a2:ec:4b:8c:57:6e:ef:
2a:a9:f9:5e:38:77:fd:6c:bb:e6:6d:d3:70:1c:3e:57:ca:50:
99:33:e3:11:eb:0c:d4:57:af:7b:27:5e:c0:68:78:40:dc:3a:
6b:69:58:f7:02:55:5b:47:cc:de:42:a5:40:d1:08:f6:ce:92:
b8:44:3b:d1:19:d3:40:4f:9f:84:0a:d5:0f:66:b9:f1:d3:4b:
01:08:e7:f3:66:3c:5c:4a:4b:f3:a3:5a:17:18:bd:21:e8:f4:
e1:37:a2:84:db:a3:da:ea:7e:88:81:4b:66:68:6c:97:26:b7:
b8:aa:e2:d2:04:ba:ee:17:fc:a9:f0:d6:bd:00:a8:e6:f2:80:
96:1d:5f:ec:94:51:bf:f8:aa:7d:34:b8:5c:0a:c7:38:b3:ca:
97:da:d8:ed:fd:f9:f4:ce:6d:bc:29:50:2c:9b:28:45:ef:0f:
91:1b:5a:66:90:f9:b6:f4:12:90:21:ba:b9:54:da:20:c3:d7:
7f:d2:fb:b3:49:3d:d9:d6:1d:9c:1a:6e:4b:6e:53:6f:b4:c1:
80:dc:2b:c2
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUazvDRkFzD6/gZ3dqadVBRoLEGEkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGY3NTliNWFmM2RhNmM5ZGYwMzNiMGRlOTk4OTcwYTRl
Nzk2NTVkMDAeFw0yNjAyMjYwMjAwMTBaFw0yNjA1MjcyMzU5NTlaMHoxSTBHBgNV
BAUTQDZhYjczZGY5ODQ1YTc2YjQ5YjFhMWZkZjQyMTQyOWZiNGVmNGI0YmE4NjU3
YzMxODcwMmZjNTE5ZTliNTA1NTcxLTArBgNVBAMTJDk4ZDY3ZGViLWJiNzUtNGU3
Ny1iMWEwLTM2MDE2YjJkNjM1MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKoUtG/CrHmMudWFsGYsyvGXk21JKuFXtKLVBtzYAb0NPCm4HVpFbmje9X/r
cNawwl/NGA/II7TMQ5+oFG7+sQYug5J/ZDhXd/rlgfSXFiZG1ERXiUzmPsTshQiD
ibGN7VwIhrYEwnX9AtWSlAZHMOa8SKOP8slY4ez2KgnbO5Y1zohT6wQeBIZXyvLO
B0ZFfPTV9jYRB2K0zmUe+r7LCZ+YtscgzSDBDZR5qBLvYkdKc1o8K/Kv0hH6gccf
NjmBnj36sVF1uA8T1F81xKcv2CaePTI/Um1NDPBBJ3AQfQviU4OkooJXhbb8xD4s
rmZlZgi0PvZk+4evqzVJdxH4UBkCAwEAAaOCAiEwggIdMB0GA1UdDgQWBBTweX7K
6pq0OxEmiq99vk1qk+XtrzAfBgNVHSMEGDAWgBTfdZta89psnfAzsN6ZiXCk55ZV
0DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzMzV2JXdlBh
Ykozd003RGVtWWx3cE9lV1ZkQS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9mZTM3MzdmYi0wOTVkLTQ0NGMtOTJmNC0zZjcyMjFmYjU0NGMv
OThjMzljMjctZjI2MS00ZDY3LWE4NWUtZWM3NDc5NTM4MDg0LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZmUzNzM3ZmItMDk1ZC00NDRjLTkyZjQtM2Y3MjIxZmI1
NDRjLzBYRTV0WlZ5dUdlYUFfaDctMXFCcDdhWTRTby5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEADMAhDAN
BgkqhkiG9w0BAQsFAAOCAQEAR86+ahkPqv2SrX49Gr32goo3g8NAJSLGco6IAxF3
+n5Sm6eFWJtTwlV2jIZJ1dCi7EuMV27vKqn5Xjh3/Wy75m3TcBw+V8pQmTPjEesM
1FeveydewGh4QNw6a2lY9wJVW0fM3kKlQNEI9s6SuEQ70RnTQE+fhArVD2a58dNL
AQjn82Y8XEpL86NaFxi9Iej04TeihNuj2up+iIFLZmhslya3uKri0gS67hf8qfDW
vQCo5vKAlh1f7JRRv/iqfTS4XArHOLPKl9rY7f359M5tvClQLJsoRe8PkRtaZpD5
tvQSkCG6uVTaIMPXf9L7s0k92dYdnBpuS25Tb7TBgNwrwg==
-----END CERTIFICATE-----
Generated at Sun Mar 1 22:20:41 2026 by rpki-client