Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/d5f28959-e053-4dd5-9cd7-d519d57c2a0e.roa
File: d5f28959-e053-4dd5-9cd7-d519d57c2a0e.roa (raw, json)
Hash identifier: 9UhoZoaMrCxAfz4/dAGajQZCtRnm2f5y/EJC8PdHQzk=
Subject key identifier: 82:C6:B0:32:9F:D6:92:09:CF:41:86:3B:D6:40:8F:83:66:37:C4:0A
Certificate issuer: /CN=df759b5af3da6c9df033b0de998970a4e79655d0
Certificate serial: 6924604EC3861CD9DECFED1F1AAD3D7DB183B073
Authority key identifier: DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/d5f28959-e053-4dd5-9cd7-d519d57c2a0e.roa
Signing time: Thu 26 Feb 2026 02:00:35 +0000
ROA not before: Thu 26 Feb 2026 02:00:35 +0000
ROA not after: Wed 27 May 2026 23:59:59 +0000
asID: 16509
IP address blocks: 51.0.136.0/21 maxlen: 21
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.mft
rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 15:00:27 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
69:24:60:4e:c3:86:1c:d9:de:cf:ed:1f:1a:ad:3d:7d:b1:83:b0:73
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=df759b5af3da6c9df033b0de998970a4e79655d0
Validity
Not Before: Feb 26 02:00:35 2026 GMT
Not After : May 27 23:59:59 2026 GMT
Subject: serialNumber=4dc676c55fcebc1c007b9c81137c6c82f5ec615d3f335652abd387a008bb1ede, CN=98d67deb-bb75-4e77-b1a0-36016b2d6350
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bd:73:80:fb:0d:91:8c:27:9e:08:52:2f:a2:81:
a5:f2:72:1d:d3:ed:b2:48:c6:43:53:c8:1e:4d:58:
51:35:03:e2:00:7f:2a:7b:8b:61:fa:61:36:29:be:
8a:69:fd:5b:d2:91:e9:c2:50:91:47:5c:3f:b6:5a:
74:1d:03:fc:ff:e1:83:56:b6:76:9e:41:62:3d:95:
68:78:66:d8:3a:be:a7:29:54:9c:39:80:12:d5:ac:
4b:a5:ae:35:0c:8d:d2:ba:55:a2:26:97:ab:c7:c1:
a1:10:f1:3b:b2:47:d8:34:41:4d:e3:1e:e1:7f:2a:
7e:aa:39:15:1e:cb:50:40:bb:23:ea:31:c1:ee:6d:
81:6c:ff:10:0f:58:42:16:72:e5:c2:ff:5e:e3:a5:
51:d2:60:69:e3:18:9d:93:da:4e:03:f3:65:02:d7:
99:a9:e6:6d:54:2c:40:17:f8:11:74:a6:53:76:8f:
69:56:41:60:26:a7:8c:a4:7a:c7:8b:1c:0b:f4:f2:
6f:c1:e2:17:91:3b:75:cb:5f:4c:ec:b3:5e:28:0c:
59:14:ee:c5:7a:24:68:92:4a:fb:1f:dc:15:60:13:
c3:8f:62:50:40:a9:62:1a:30:54:41:87:80:90:2d:
37:8e:1d:9c:24:93:e1:8a:74:7b:fb:8a:35:75:9e:
b9:bf
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
82:C6:B0:32:9F:D6:92:09:CF:41:86:3B:D6:40:8F:83:66:37:C4:0A
X509v3 Authority Key Identifier:
keyid:DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/d5f28959-e053-4dd5-9cd7-d519d57c2a0e.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
51.0.136.0/21
Signature Algorithm: sha256WithRSAEncryption
66:16:e0:6c:1f:c1:62:ae:f8:97:b5:e3:48:17:16:fc:89:98:
de:18:ed:ba:9b:9d:a1:11:f5:51:49:e9:4c:75:1f:8b:c5:b5:
56:c8:22:6e:dd:77:cb:ba:b5:97:27:8f:68:ed:e9:b4:82:7c:
9a:57:7b:67:67:58:e2:e5:fd:de:8b:65:ea:a0:49:2b:cb:6b:
5a:04:c6:4c:51:9c:40:dc:60:7c:0b:6a:60:d5:fb:c7:24:77:
54:e1:be:c7:16:e4:79:d5:17:31:e9:36:de:bc:b4:cc:e3:4c:
91:d8:dc:2a:a6:84:40:ba:b7:c2:50:29:71:4d:b6:09:c3:00:
37:b3:bc:bb:b0:7a:48:a2:df:8f:a1:b5:95:57:db:be:4c:25:
ea:fd:79:f5:9c:76:da:c9:76:e1:dd:ae:d4:73:cd:fe:0e:2f:
26:67:86:48:fc:78:ce:fb:a9:f4:3f:33:11:a0:93:d2:a7:a3:
90:d4:8a:2b:53:33:93:a3:d0:3e:88:8c:80:79:19:e2:54:3f:
e0:de:0f:ce:9a:ad:d7:f8:ff:3d:96:1a:70:6a:a0:57:de:74:
d0:b3:12:ab:e7:1f:45:ec:9e:5b:02:29:89:6a:1b:05:ab:d8:
8a:9a:7c:d4:96:09:58:e6:35:01:c6:fd:b9:09:04:d5:e6:e8:
e5:db:91:84
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUaSRgTsOGHNnez+0fGq09fbGDsHMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGY3NTliNWFmM2RhNmM5ZGYwMzNiMGRlOTk4OTcwYTRl
Nzk2NTVkMDAeFw0yNjAyMjYwMjAwMzVaFw0yNjA1MjcyMzU5NTlaMHoxSTBHBgNV
BAUTQDRkYzY3NmM1NWZjZWJjMWMwMDdiOWM4MTEzN2M2YzgyZjVlYzYxNWQzZjMz
NTY1MmFiZDM4N2EwMDhiYjFlZGUxLTArBgNVBAMTJDk4ZDY3ZGViLWJiNzUtNGU3
Ny1iMWEwLTM2MDE2YjJkNjM1MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAL1zgPsNkYwnnghSL6KBpfJyHdPtskjGQ1PIHk1YUTUD4gB/KnuLYfphNim+
imn9W9KR6cJQkUdcP7ZadB0D/P/hg1a2dp5BYj2VaHhm2Dq+pylUnDmAEtWsS6Wu
NQyN0rpVoiaXq8fBoRDxO7JH2DRBTeMe4X8qfqo5FR7LUEC7I+oxwe5tgWz/EA9Y
QhZy5cL/XuOlUdJgaeMYnZPaTgPzZQLXmanmbVQsQBf4EXSmU3aPaVZBYCanjKR6
x4scC/Tyb8HiF5E7dctfTOyzXigMWRTuxXokaJJK+x/cFWATw49iUECpYhowVEGH
gJAtN44dnCST4Yp0e/uKNXWeub8CAwEAAaOCAiEwggIdMB0GA1UdDgQWBBSCxrAy
n9aSCc9BhjvWQI+DZjfECjAfBgNVHSMEGDAWgBTfdZta89psnfAzsN6ZiXCk55ZV
0DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzMzV2JXdlBh
Ykozd003RGVtWWx3cE9lV1ZkQS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9mZTM3MzdmYi0wOTVkLTQ0NGMtOTJmNC0zZjcyMjFmYjU0NGMv
ZDVmMjg5NTktZTA1My00ZGQ1LTljZDctZDUxOWQ1N2MyYTBlLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZmUzNzM3ZmItMDk1ZC00NDRjLTkyZjQtM2Y3MjIxZmI1
NDRjLzBYRTV0WlZ5dUdlYUFfaDctMXFCcDdhWTRTby5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAzMAiDAN
BgkqhkiG9w0BAQsFAAOCAQEAZhbgbB/BYq74l7XjSBcW/ImY3hjtupudoRH1UUnp
THUfi8W1Vsgibt13y7q1lyePaO3ptIJ8mld7Z2dY4uX93otl6qBJK8trWgTGTFGc
QNxgfAtqYNX7xyR3VOG+xxbkedUXMek23ry0zONMkdjcKqaEQLq3wlApcU22CcMA
N7O8u7B6SKLfj6G1lVfbvkwl6v159Zx22sl24d2u1HPN/g4vJmeGSPx4zvup9D8z
EaCT0qejkNSKK1Mzk6PQPoiMgHkZ4lQ/4N4Pzpqt1/j/PZYacGqgV9500LMSq+cf
ReyeWwIpiWobBavYipp81JYJWOY1Acb9uQkE1ebo5duRhA==
-----END CERTIFICATE-----
Generated at Mon Mar 2 01:26:41 2026 by rpki-client