Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/a833bcbc-91ad-4e89-8666-86ec46002db6.roa
File: a833bcbc-91ad-4e89-8666-86ec46002db6.roa (raw, json)
Hash identifier: Qf3u2qbivUliGSesUawl+Lr/14kh0UzBzZ3vDN9KNwA=
Subject key identifier: 30:B4:D4:06:95:40:83:58:2A:00:77:EF:C5:A3:6C:19:19:DC:0D:92
Certificate issuer: /CN=df759b5af3da6c9df033b0de998970a4e79655d0
Certificate serial: 1CE110A83EB116BFE004D3225497D602C80F7143
Authority key identifier: DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/a833bcbc-91ad-4e89-8666-86ec46002db6.roa
Signing time: Thu 26 Feb 2026 02:00:09 +0000
ROA not before: Thu 26 Feb 2026 02:00:09 +0000
ROA not after: Wed 27 May 2026 23:59:59 +0000
asID: 16509
IP address blocks: 51.0.142.0/23 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.mft
rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 15:00:27 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
1c:e1:10:a8:3e:b1:16:bf:e0:04:d3:22:54:97:d6:02:c8:0f:71:43
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=df759b5af3da6c9df033b0de998970a4e79655d0
Validity
Not Before: Feb 26 02:00:09 2026 GMT
Not After : May 27 23:59:59 2026 GMT
Subject: serialNumber=9dc52e3813610181fe7968a5de5cf386cbca73fe764c3829f56434425b2ed427, CN=98d67deb-bb75-4e77-b1a0-36016b2d6350
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:97:00:05:af:31:b6:bf:c6:5c:c4:a8:22:6c:83:
d8:fc:63:00:df:8b:c0:f0:c8:34:6c:49:dd:f4:e0:
24:d8:50:dc:f2:20:63:1e:1b:a6:aa:b3:49:17:34:
f8:3e:2c:f8:36:1d:05:40:32:d8:a3:e2:73:c2:5d:
82:94:c2:62:89:2a:df:02:07:2b:0f:5d:01:35:e2:
76:f1:74:b6:e8:65:97:ef:8c:89:69:51:9b:1b:29:
b1:b7:d7:24:44:2f:81:87:71:86:c6:e0:c3:93:25:
e5:e7:0e:8b:5e:17:40:77:a6:59:13:55:b2:b4:ba:
0c:a4:63:75:f0:94:73:d2:31:9e:5e:1b:c9:95:84:
cb:e6:a3:97:7c:33:fe:6e:c1:44:7b:09:47:8a:fd:
d8:59:0f:b1:d9:fe:7f:8e:52:98:c2:62:a9:86:6c:
8e:0b:be:53:ba:91:33:cf:58:0a:c4:9e:0c:c8:86:
28:85:b3:53:83:e4:15:19:dc:39:3e:04:ea:74:4b:
32:e4:11:36:c7:5e:5d:5b:c7:79:aa:7b:c1:82:a1:
2e:f0:c4:ae:4e:bf:ec:1c:93:51:45:2b:00:bd:40:
c4:00:96:d9:43:e1:59:a0:fd:77:f4:00:be:17:ad:
e1:67:51:4e:37:53:db:50:fb:84:39:01:e8:f7:6a:
66:5d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
30:B4:D4:06:95:40:83:58:2A:00:77:EF:C5:A3:6C:19:19:DC:0D:92
X509v3 Authority Key Identifier:
keyid:DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/a833bcbc-91ad-4e89-8666-86ec46002db6.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
51.0.142.0/23
Signature Algorithm: sha256WithRSAEncryption
71:3b:36:9e:aa:9f:e7:75:79:08:d3:57:5b:6e:4e:e9:53:e2:
7b:d9:bd:21:82:a4:74:a3:72:fc:54:35:e9:a6:0f:36:ae:3d:
13:55:25:b9:43:5e:7f:1a:8c:a8:d1:61:23:8a:62:e2:98:a4:
0c:cb:90:45:29:e8:33:56:d5:3c:f1:0f:50:a3:f2:bb:ab:cc:
ac:7f:c5:35:4f:6f:9c:bc:19:41:e1:04:5f:76:dc:c2:bb:18:
6f:39:0f:61:b5:8a:15:f0:f5:dd:50:e0:10:79:4c:96:a4:e1:
c4:ca:09:b7:f5:e0:19:07:33:f0:e5:f7:2e:82:6d:c7:df:16:
0e:d6:d6:4b:f9:81:a4:c1:31:f8:d5:67:cb:a5:3b:9d:06:0e:
e2:85:c0:fb:f2:f4:15:a8:5f:81:21:c3:a3:c2:f9:a2:d5:98:
30:ee:38:0e:4f:4b:66:ae:56:38:70:4c:95:bf:e6:c4:6d:63:
b5:e2:07:09:d4:db:4f:56:52:b5:0b:e8:d3:d2:e8:08:ef:2d:
40:58:58:a5:bf:2d:51:b9:70:ae:3a:06:3b:92:35:2c:db:1d:
8b:17:92:4c:80:23:c6:a2:76:6d:4c:54:63:4d:61:16:81:56:
a0:80:8b:dc:47:bb:43:e1:70:42:7b:f3:ff:c8:b4:af:26:90:
4c:59:70:ad
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUHOEQqD6xFr/gBNMiVJfWAsgPcUMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGY3NTliNWFmM2RhNmM5ZGYwMzNiMGRlOTk4OTcwYTRl
Nzk2NTVkMDAeFw0yNjAyMjYwMjAwMDlaFw0yNjA1MjcyMzU5NTlaMHoxSTBHBgNV
BAUTQDlkYzUyZTM4MTM2MTAxODFmZTc5NjhhNWRlNWNmMzg2Y2JjYTczZmU3NjRj
MzgyOWY1NjQzNDQyNWIyZWQ0MjcxLTArBgNVBAMTJDk4ZDY3ZGViLWJiNzUtNGU3
Ny1iMWEwLTM2MDE2YjJkNjM1MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJcABa8xtr/GXMSoImyD2PxjAN+LwPDINGxJ3fTgJNhQ3PIgYx4bpqqzSRc0
+D4s+DYdBUAy2KPic8JdgpTCYokq3wIHKw9dATXidvF0tuhll++MiWlRmxspsbfX
JEQvgYdxhsbgw5Ml5ecOi14XQHemWRNVsrS6DKRjdfCUc9Ixnl4byZWEy+ajl3wz
/m7BRHsJR4r92FkPsdn+f45SmMJiqYZsjgu+U7qRM89YCsSeDMiGKIWzU4PkFRnc
OT4E6nRLMuQRNsdeXVvHeap7wYKhLvDErk6/7ByTUUUrAL1AxACW2UPhWaD9d/QA
vhet4WdRTjdT21D7hDkB6PdqZl0CAwEAAaOCAiEwggIdMB0GA1UdDgQWBBQwtNQG
lUCDWCoAd+/Fo2wZGdwNkjAfBgNVHSMEGDAWgBTfdZta89psnfAzsN6ZiXCk55ZV
0DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzMzV2JXdlBh
Ykozd003RGVtWWx3cE9lV1ZkQS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9mZTM3MzdmYi0wOTVkLTQ0NGMtOTJmNC0zZjcyMjFmYjU0NGMv
YTgzM2JjYmMtOTFhZC00ZTg5LTg2NjYtODZlYzQ2MDAyZGI2LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZmUzNzM3ZmItMDk1ZC00NDRjLTkyZjQtM2Y3MjIxZmI1
NDRjLzBYRTV0WlZ5dUdlYUFfaDctMXFCcDdhWTRTby5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEATMAjjAN
BgkqhkiG9w0BAQsFAAOCAQEAcTs2nqqf53V5CNNXW25O6VPie9m9IYKkdKNy/FQ1
6aYPNq49E1UluUNefxqMqNFhI4pi4pikDMuQRSnoM1bVPPEPUKPyu6vMrH/FNU9v
nLwZQeEEX3bcwrsYbzkPYbWKFfD13VDgEHlMlqThxMoJt/XgGQcz8OX3LoJtx98W
DtbWS/mBpMEx+NVny6U7nQYO4oXA+/L0FahfgSHDo8L5otWYMO44Dk9LZq5WOHBM
lb/mxG1jteIHCdTbT1ZStQvo09LoCO8tQFhYpb8tUblwrjoGO5I1LNsdixeSTIAj
xqJ2bUxUY01hFoFWoICL3Ee7Q+FwQnvz/8i0ryaQTFlwrQ==
-----END CERTIFICATE-----
Generated at Sun Mar 1 23:38:08 2026 by rpki-client