Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/caf04ce0-0dbd-43ea-843a-a139a615d156.roa
File: caf04ce0-0dbd-43ea-843a-a139a615d156.roa (raw, json)
Hash identifier: l+al8j9zs6BwpSOF1HHvFhUoC01jWb4LzWcCCNadBi8=
Subject key identifier: B0:9D:13:1B:B1:59:32:59:54:DA:30:3D:59:8E:F4:EC:31:81:65:0C
Certificate issuer: /CN=df759b5af3da6c9df033b0de998970a4e79655d0
Certificate serial: 0C81539AC6EC45B159E2E8D7085F0C56C49AA0FF
Authority key identifier: DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/caf04ce0-0dbd-43ea-843a-a139a615d156.roa
Signing time: Thu 26 Feb 2026 02:00:07 +0000
ROA not before: Thu 26 Feb 2026 02:00:07 +0000
ROA not after: Wed 27 May 2026 23:59:59 +0000
asID: 16509
IP address blocks: 51.0.28.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.mft
rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 15:00:27 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
0c:81:53:9a:c6:ec:45:b1:59:e2:e8:d7:08:5f:0c:56:c4:9a:a0:ff
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=df759b5af3da6c9df033b0de998970a4e79655d0
Validity
Not Before: Feb 26 02:00:07 2026 GMT
Not After : May 27 23:59:59 2026 GMT
Subject: serialNumber=e909f2e0bea50e054abdd5208ffcc06319e57222f12d10b638c0f16981379092, CN=98d67deb-bb75-4e77-b1a0-36016b2d6350
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ad:b7:c9:0c:b9:66:70:9b:9a:96:92:75:4e:af:
56:59:a4:bb:7f:ab:cd:64:50:e6:f9:6a:0e:5f:89:
1c:fe:bd:44:72:70:06:e6:c9:00:ea:fa:03:66:ec:
fa:e0:ba:45:cb:f9:79:e6:5d:a8:09:a1:38:78:3a:
29:d6:8e:17:43:33:16:18:6b:34:c0:15:7a:0f:57:
57:81:ee:76:30:15:38:93:07:a7:eb:a2:8c:3f:98:
19:b4:07:85:06:be:37:86:4e:4f:f4:0e:20:34:10:
fd:cc:91:68:a0:03:4c:b0:21:13:df:0a:2e:d5:6f:
9f:aa:7a:87:05:08:da:d9:1d:10:d7:23:70:96:78:
f4:70:26:2e:6c:cb:b4:3a:34:ac:20:23:43:9b:23:
f8:d3:48:ad:7c:b6:97:80:b8:5a:d2:ca:0d:f1:9b:
69:c5:77:17:97:b4:30:af:3b:14:15:f2:2a:65:1e:
05:ed:07:0d:0e:ac:f5:1a:dc:57:44:c8:d4:d4:6c:
86:42:ee:34:e5:c1:8c:2f:20:be:0d:04:58:0b:f8:
ad:54:21:e6:4c:f3:a1:00:2b:e9:14:5c:bd:b3:6c:
1b:54:b5:bb:49:b0:72:34:44:53:38:28:20:c9:14:
dc:50:3d:01:b2:f4:46:a1:50:1f:fa:40:da:47:97:
3c:81
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B0:9D:13:1B:B1:59:32:59:54:DA:30:3D:59:8E:F4:EC:31:81:65:0C
X509v3 Authority Key Identifier:
keyid:DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/caf04ce0-0dbd-43ea-843a-a139a615d156.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
51.0.28.0/24
Signature Algorithm: sha256WithRSAEncryption
5f:30:e0:66:b5:82:39:c7:04:d6:1c:ff:f9:53:a1:46:85:26:
08:34:d8:42:a7:e9:25:1b:6d:c1:d5:b3:ac:fc:aa:0e:28:9d:
88:30:fe:c3:5d:b1:7c:19:ff:a6:a8:3b:3b:67:af:ab:51:62:
94:94:9a:de:4b:4f:56:07:48:b3:be:ac:10:55:f7:d0:23:19:
8f:dc:ad:d4:32:53:bb:b9:1f:7a:52:b0:61:95:4f:01:1f:55:
e9:aa:c2:93:96:4c:61:d3:4d:48:6d:b5:09:aa:57:1f:dc:e4:
ba:f1:44:e3:ee:db:0b:8f:e1:5a:cd:f8:05:28:62:62:d6:9a:
8f:3f:e6:37:cd:32:2f:98:9d:06:77:c8:08:f8:eb:a2:27:9f:
81:39:37:28:ac:cf:b5:58:2e:5f:91:55:75:71:b2:f1:c5:52:
53:86:94:49:65:d4:0f:64:37:b5:ed:6c:ed:36:5a:37:60:35:
0f:91:57:e5:38:2d:3d:e4:21:34:4d:80:66:fe:af:70:bf:10:
51:0c:90:5e:86:e5:00:fc:3d:4a:b3:dc:96:f6:29:d4:4e:bc:
dd:5c:17:3a:23:19:bb:d7:44:6a:4a:c4:f9:95:44:7b:57:29:
3e:fc:42:0d:a1:d9:9a:7c:c3:e9:c9:79:7c:c7:c9:f1:cc:76:
11:6f:fa:22
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUDIFTmsbsRbFZ4ujXCF8MVsSaoP8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGY3NTliNWFmM2RhNmM5ZGYwMzNiMGRlOTk4OTcwYTRl
Nzk2NTVkMDAeFw0yNjAyMjYwMjAwMDdaFw0yNjA1MjcyMzU5NTlaMHoxSTBHBgNV
BAUTQGU5MDlmMmUwYmVhNTBlMDU0YWJkZDUyMDhmZmNjMDYzMTllNTcyMjJmMTJk
MTBiNjM4YzBmMTY5ODEzNzkwOTIxLTArBgNVBAMTJDk4ZDY3ZGViLWJiNzUtNGU3
Ny1iMWEwLTM2MDE2YjJkNjM1MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAK23yQy5ZnCbmpaSdU6vVlmku3+rzWRQ5vlqDl+JHP69RHJwBubJAOr6A2bs
+uC6Rcv5eeZdqAmhOHg6KdaOF0MzFhhrNMAVeg9XV4HudjAVOJMHp+uijD+YGbQH
hQa+N4ZOT/QOIDQQ/cyRaKADTLAhE98KLtVvn6p6hwUI2tkdENcjcJZ49HAmLmzL
tDo0rCAjQ5sj+NNIrXy2l4C4WtLKDfGbacV3F5e0MK87FBXyKmUeBe0HDQ6s9Rrc
V0TI1NRshkLuNOXBjC8gvg0EWAv4rVQh5kzzoQAr6RRcvbNsG1S1u0mwcjREUzgo
IMkU3FA9AbL0RqFQH/pA2keXPIECAwEAAaOCAiEwggIdMB0GA1UdDgQWBBSwnRMb
sVkyWVTaMD1ZjvTsMYFlDDAfBgNVHSMEGDAWgBTfdZta89psnfAzsN6ZiXCk55ZV
0DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzMzV2JXdlBh
Ykozd003RGVtWWx3cE9lV1ZkQS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9mZTM3MzdmYi0wOTVkLTQ0NGMtOTJmNC0zZjcyMjFmYjU0NGMv
Y2FmMDRjZTAtMGRiZC00M2VhLTg0M2EtYTEzOWE2MTVkMTU2LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZmUzNzM3ZmItMDk1ZC00NDRjLTkyZjQtM2Y3MjIxZmI1
NDRjLzBYRTV0WlZ5dUdlYUFfaDctMXFCcDdhWTRTby5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEADMAHDAN
BgkqhkiG9w0BAQsFAAOCAQEAXzDgZrWCOccE1hz/+VOhRoUmCDTYQqfpJRttwdWz
rPyqDiidiDD+w12xfBn/pqg7O2evq1FilJSa3ktPVgdIs76sEFX30CMZj9yt1DJT
u7kfelKwYZVPAR9V6arCk5ZMYdNNSG21CapXH9zkuvFE4+7bC4/hWs34BShiYtaa
jz/mN80yL5idBnfICPjroiefgTk3KKzPtVguX5FVdXGy8cVSU4aUSWXUD2Q3te1s
7TZaN2A1D5FX5TgtPeQhNE2AZv6vcL8QUQyQXoblAPw9SrPclvYp1E683VwXOiMZ
u9dEakrE+ZVEe1cpPvxCDaHZmnzD6cl5fMfJ8cx2EW/6Ig==
-----END CERTIFICATE-----
Generated at Sun Mar 1 21:58:40 2026 by rpki-client