Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/a2a38309-dc8f-4fea-abcb-43fd0ba79d30.roa
File: a2a38309-dc8f-4fea-abcb-43fd0ba79d30.roa (raw, json)
Hash identifier: jO1wvg9o8ZL1+dLIpV6MIuzuaEhnh1pHMtJ7PhkUjqQ=
Subject key identifier: 24:C0:31:25:D5:1C:50:36:F3:3B:5D:2A:00:E5:44:88:D4:E3:DC:19
Certificate issuer: /CN=df759b5af3da6c9df033b0de998970a4e79655d0
Certificate serial: 50124EF11816418EC5E1A269124056AD797C0405
Authority key identifier: DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/a2a38309-dc8f-4fea-abcb-43fd0ba79d30.roa
Signing time: Thu 26 Feb 2026 02:00:34 +0000
ROA not before: Thu 26 Feb 2026 02:00:34 +0000
ROA not after: Wed 27 May 2026 23:59:59 +0000
asID: 16509
IP address blocks: 51.0.128.0/22 maxlen: 22
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.mft
rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 18:00:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
50:12:4e:f1:18:16:41:8e:c5:e1:a2:69:12:40:56:ad:79:7c:04:05
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=df759b5af3da6c9df033b0de998970a4e79655d0
Validity
Not Before: Feb 26 02:00:34 2026 GMT
Not After : May 27 23:59:59 2026 GMT
Subject: serialNumber=ee93b1498469ceaa430d24feee9f3a562877cb7667ef7d25ba591a832e9397f6, CN=98d67deb-bb75-4e77-b1a0-36016b2d6350
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ed:12:fa:ec:eb:95:00:7d:af:44:91:65:9f:b5:
7b:d9:d6:a0:f9:16:40:02:7c:9c:8b:78:4a:7e:6b:
44:ed:01:a2:76:60:de:46:a2:0e:57:91:e7:64:18:
40:f3:a8:34:31:c8:3e:5e:f4:8f:48:fa:9d:f4:0a:
b3:8e:8a:6d:ce:d5:6c:b1:77:85:65:1c:6d:3e:72:
af:9a:bd:d0:f5:2b:4a:ef:02:13:f0:72:e7:8d:d5:
b7:6d:89:b9:d2:09:41:22:56:0c:2f:e7:3b:18:71:
66:3c:93:d1:7e:2b:ff:69:65:45:be:2c:7e:f0:77:
12:01:9f:29:25:df:af:9c:22:ce:b2:f9:7a:89:15:
61:65:b5:c0:b4:52:f9:01:d8:4e:5e:56:70:f9:7d:
9d:3c:67:be:5a:db:2b:c2:1c:e2:93:0b:14:bf:86:
53:58:ed:3c:aa:29:ce:9b:91:c0:26:b9:f2:02:a0:
41:ae:86:fa:03:43:6d:ac:63:ca:a8:79:96:22:d4:
f8:5e:47:54:76:50:3e:f5:b4:1b:01:0a:4e:58:ce:
b2:2b:e3:15:4d:e7:75:53:7c:e6:cf:e8:1d:1b:b2:
c7:cc:db:cf:1d:90:f9:85:a5:ac:2a:0a:7f:d8:1e:
e2:2b:c3:a5:eb:b3:ea:dd:8b:55:78:9d:6b:f4:c0:
58:e5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
24:C0:31:25:D5:1C:50:36:F3:3B:5D:2A:00:E5:44:88:D4:E3:DC:19
X509v3 Authority Key Identifier:
keyid:DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/a2a38309-dc8f-4fea-abcb-43fd0ba79d30.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
51.0.128.0/22
Signature Algorithm: sha256WithRSAEncryption
36:9e:fc:a3:90:a8:db:c3:20:e0:f2:87:45:bf:50:88:b1:5f:
5f:44:f5:4e:98:d9:58:f6:a4:ac:c3:c5:3a:51:16:78:a6:72:
bd:15:ac:8b:52:fc:50:72:c2:12:02:14:44:12:fc:99:01:d1:
49:fa:88:cf:5f:27:1c:89:81:4a:6e:8e:fc:0e:33:6b:59:ca:
f5:78:e7:1b:6e:54:8a:a0:78:51:69:0f:cb:f0:fa:53:6e:83:
a1:cb:c3:77:cd:64:49:71:08:8b:51:1c:6b:aa:44:36:72:ec:
b3:de:db:84:2a:36:9e:8e:52:d2:22:b9:89:be:d0:1b:91:c4:
29:29:f2:68:eb:db:b7:dc:8a:86:44:dc:b6:17:c1:8c:b4:1f:
1f:26:76:84:fd:53:82:d1:3b:95:f1:2e:5a:e4:da:0e:7f:2d:
09:be:37:b9:a0:92:5b:c7:73:a2:07:78:14:ff:f5:9a:4d:06:
ed:72:ce:9f:24:99:39:f7:75:a1:a4:7f:bf:89:d0:ce:2e:03:
fc:da:70:97:be:25:54:3d:57:d1:db:87:6d:a9:28:c7:85:93:
85:da:0c:f2:0d:79:aa:4c:72:4d:d1:92:7b:f9:b5:7a:61:20:
04:75:f6:ad:34:2c:07:5c:6c:c1:16:6b:e9:0a:06:29:7a:e0:
ec:5a:67:15
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUUBJO8RgWQY7F4aJpEkBWrXl8BAUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGY3NTliNWFmM2RhNmM5ZGYwMzNiMGRlOTk4OTcwYTRl
Nzk2NTVkMDAeFw0yNjAyMjYwMjAwMzRaFw0yNjA1MjcyMzU5NTlaMHoxSTBHBgNV
BAUTQGVlOTNiMTQ5ODQ2OWNlYWE0MzBkMjRmZWVlOWYzYTU2Mjg3N2NiNzY2N2Vm
N2QyNWJhNTkxYTgzMmU5Mzk3ZjYxLTArBgNVBAMTJDk4ZDY3ZGViLWJiNzUtNGU3
Ny1iMWEwLTM2MDE2YjJkNjM1MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAO0S+uzrlQB9r0SRZZ+1e9nWoPkWQAJ8nIt4Sn5rRO0BonZg3kaiDleR52QY
QPOoNDHIPl70j0j6nfQKs46Kbc7VbLF3hWUcbT5yr5q90PUrSu8CE/By543Vt22J
udIJQSJWDC/nOxhxZjyT0X4r/2llRb4sfvB3EgGfKSXfr5wizrL5eokVYWW1wLRS
+QHYTl5WcPl9nTxnvlrbK8Ic4pMLFL+GU1jtPKopzpuRwCa58gKgQa6G+gNDbaxj
yqh5liLU+F5HVHZQPvW0GwEKTljOsivjFU3ndVN85s/oHRuyx8zbzx2Q+YWlrCoK
f9ge4ivDpeuz6t2LVXida/TAWOUCAwEAAaOCAiEwggIdMB0GA1UdDgQWBBQkwDEl
1RxQNvM7XSoA5USI1OPcGTAfBgNVHSMEGDAWgBTfdZta89psnfAzsN6ZiXCk55ZV
0DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzMzV2JXdlBh
Ykozd003RGVtWWx3cE9lV1ZkQS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9mZTM3MzdmYi0wOTVkLTQ0NGMtOTJmNC0zZjcyMjFmYjU0NGMv
YTJhMzgzMDktZGM4Zi00ZmVhLWFiY2ItNDNmZDBiYTc5ZDMwLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZmUzNzM3ZmItMDk1ZC00NDRjLTkyZjQtM2Y3MjIxZmI1
NDRjLzBYRTV0WlZ5dUdlYUFfaDctMXFCcDdhWTRTby5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAjMAgDAN
BgkqhkiG9w0BAQsFAAOCAQEANp78o5Co28Mg4PKHRb9QiLFfX0T1TpjZWPakrMPF
OlEWeKZyvRWsi1L8UHLCEgIURBL8mQHRSfqIz18nHImBSm6O/A4za1nK9XjnG25U
iqB4UWkPy/D6U26DocvDd81kSXEIi1Eca6pENnLss97bhCo2no5S0iK5ib7QG5HE
KSnyaOvbt9yKhkTcthfBjLQfHyZ2hP1TgtE7lfEuWuTaDn8tCb43uaCSW8dzogd4
FP/1mk0G7XLOnySZOfd1oaR/v4nQzi4D/Npwl74lVD1X0duHbakox4WThdoM8g15
qkxyTdGSe/m1emEgBHX2rTQsB1xswRZr6QoGKXrg7FpnFQ==
-----END CERTIFICATE-----
Generated at Mon Mar 2 04:27:33 2026 by rpki-client