Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/d944ab55-e596-4301-a331-22631b97a422.roa
File: d944ab55-e596-4301-a331-22631b97a422.roa (raw, json)
Hash identifier: /Re4LtsUOAR6S5SWQIEYJ6fxdPms2yPx41nAngAbulk=
Subject key identifier: 13:CA:AA:5E:29:32:43:AD:16:32:B2:02:64:F2:CF:BB:58:5B:6D:A1
Certificate issuer: /CN=df759b5af3da6c9df033b0de998970a4e79655d0
Certificate serial: 33238494C8CA2445AD5035B54FD0D017039A1789
Authority key identifier: DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/d944ab55-e596-4301-a331-22631b97a422.roa
Signing time: Thu 26 Feb 2026 02:00:14 +0000
ROA not before: Thu 26 Feb 2026 02:00:14 +0000
ROA not after: Wed 27 May 2026 23:59:59 +0000
asID: 16509
IP address blocks: 51.0.252.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.mft
rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 15:00:27 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
33:23:84:94:c8:ca:24:45:ad:50:35:b5:4f:d0:d0:17:03:9a:17:89
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=df759b5af3da6c9df033b0de998970a4e79655d0
Validity
Not Before: Feb 26 02:00:14 2026 GMT
Not After : May 27 23:59:59 2026 GMT
Subject: serialNumber=6a5d87b10f29ecd49ee74a0ffccb39e1de694ba1e83a6bdcdea64912ac55dcb8, CN=98d67deb-bb75-4e77-b1a0-36016b2d6350
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:dd:32:7c:fa:0b:55:18:55:9b:39:68:62:9a:54:
f8:38:6d:c3:44:7f:d4:a5:d6:76:27:a6:0d:f2:9c:
a6:c5:74:c5:d5:84:ff:89:24:f1:17:a8:37:ce:bf:
ed:be:da:6b:ba:17:de:5b:bd:8f:95:f8:06:3a:74:
d5:49:7b:35:f5:8a:c9:05:64:fc:fe:81:22:b6:7e:
89:03:ce:e2:71:84:ab:d1:fd:6f:47:45:39:18:80:
77:8f:d9:59:8f:8d:ad:2a:8f:40:87:a1:52:f9:45:
68:c3:51:94:df:fe:df:32:28:bc:19:c3:eb:1d:b2:
a4:1f:01:07:58:fb:0e:00:36:16:03:26:4a:2d:fb:
f0:01:44:9f:9a:83:ec:15:a2:b6:af:f9:c6:54:0b:
f6:8f:fb:fe:f0:90:60:dd:65:15:6e:3a:a2:38:ea:
d5:fc:e9:ef:a1:cd:05:de:cf:23:0e:85:6e:f7:78:
3b:8c:67:d9:1b:46:a7:2b:96:a8:f1:90:75:e1:06:
3e:f7:09:03:a7:e0:e1:3e:32:f5:a9:96:7a:c5:b3:
03:46:e2:e2:3e:90:a9:fd:e0:34:a9:7c:f9:83:8d:
dd:61:0b:bc:06:61:07:bb:78:7f:0d:43:83:6c:e2:
46:55:b8:d8:98:ea:3c:f4:d2:fc:01:5e:31:45:7a:
53:19
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
13:CA:AA:5E:29:32:43:AD:16:32:B2:02:64:F2:CF:BB:58:5B:6D:A1
X509v3 Authority Key Identifier:
keyid:DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/d944ab55-e596-4301-a331-22631b97a422.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
51.0.252.0/24
Signature Algorithm: sha256WithRSAEncryption
3f:b7:cc:57:6c:37:53:6a:06:10:68:cf:44:c4:fd:66:4d:fb:
0b:48:97:ed:50:27:98:bc:cc:27:cb:a1:c7:ba:b5:4a:19:45:
e6:8f:7e:73:fc:40:31:b3:f7:97:91:ab:e9:b2:db:d3:eb:03:
82:80:bf:63:6e:81:ea:12:33:f7:75:de:ba:cd:d9:9c:a3:3e:
89:6f:ec:a9:b9:7f:9f:dc:a5:03:ed:09:bf:e4:25:f0:2f:cb:
75:77:e5:ac:a8:9e:14:72:52:fc:fa:cd:11:f2:6d:49:55:86:
d9:53:96:ad:9e:e2:5f:32:aa:e2:0f:35:b4:1f:24:63:fb:36:
a7:97:32:db:73:67:7a:09:03:0c:5a:17:e3:fa:8a:27:41:8f:
29:16:cd:a4:9c:28:49:13:36:49:df:c8:0b:d7:44:bf:e0:d2:
b9:b6:98:b5:e6:c6:5e:ce:39:25:ef:18:c8:b5:59:55:8c:8a:
15:19:26:93:ac:c8:b3:c1:a4:f1:5e:ba:60:7d:86:4c:05:83:
e9:b5:1e:92:59:45:5e:13:6c:bc:e6:74:00:ef:e5:65:17:9e:
a1:b6:78:73:67:5f:78:34:a2:43:77:62:ff:72:71:69:1e:5a:
5f:35:c8:c5:26:aa:60:85:fc:27:d8:1d:c8:96:23:54:1c:33:
8a:72:ea:8a
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUMyOElMjKJEWtUDW1T9DQFwOaF4kwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGY3NTliNWFmM2RhNmM5ZGYwMzNiMGRlOTk4OTcwYTRl
Nzk2NTVkMDAeFw0yNjAyMjYwMjAwMTRaFw0yNjA1MjcyMzU5NTlaMHoxSTBHBgNV
BAUTQDZhNWQ4N2IxMGYyOWVjZDQ5ZWU3NGEwZmZjY2IzOWUxZGU2OTRiYTFlODNh
NmJkY2RlYTY0OTEyYWM1NWRjYjgxLTArBgNVBAMTJDk4ZDY3ZGViLWJiNzUtNGU3
Ny1iMWEwLTM2MDE2YjJkNjM1MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAN0yfPoLVRhVmzloYppU+Dhtw0R/1KXWdiemDfKcpsV0xdWE/4kk8ReoN86/
7b7aa7oX3lu9j5X4Bjp01Ul7NfWKyQVk/P6BIrZ+iQPO4nGEq9H9b0dFORiAd4/Z
WY+NrSqPQIehUvlFaMNRlN/+3zIovBnD6x2ypB8BB1j7DgA2FgMmSi378AFEn5qD
7BWitq/5xlQL9o/7/vCQYN1lFW46ojjq1fzp76HNBd7PIw6Fbvd4O4xn2RtGpyuW
qPGQdeEGPvcJA6fg4T4y9amWesWzA0bi4j6Qqf3gNKl8+YON3WELvAZhB7t4fw1D
g2ziRlW42JjqPPTS/AFeMUV6UxkCAwEAAaOCAiEwggIdMB0GA1UdDgQWBBQTyqpe
KTJDrRYysgJk8s+7WFttoTAfBgNVHSMEGDAWgBTfdZta89psnfAzsN6ZiXCk55ZV
0DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzMzV2JXdlBh
Ykozd003RGVtWWx3cE9lV1ZkQS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9mZTM3MzdmYi0wOTVkLTQ0NGMtOTJmNC0zZjcyMjFmYjU0NGMv
ZDk0NGFiNTUtZTU5Ni00MzAxLWEzMzEtMjI2MzFiOTdhNDIyLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZmUzNzM3ZmItMDk1ZC00NDRjLTkyZjQtM2Y3MjIxZmI1
NDRjLzBYRTV0WlZ5dUdlYUFfaDctMXFCcDdhWTRTby5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEADMA/DAN
BgkqhkiG9w0BAQsFAAOCAQEAP7fMV2w3U2oGEGjPRMT9Zk37C0iX7VAnmLzMJ8uh
x7q1ShlF5o9+c/xAMbP3l5Gr6bLb0+sDgoC/Y26B6hIz93Xeus3ZnKM+iW/sqbl/
n9ylA+0Jv+Ql8C/LdXflrKieFHJS/PrNEfJtSVWG2VOWrZ7iXzKq4g81tB8kY/s2
p5cy23NnegkDDFoX4/qKJ0GPKRbNpJwoSRM2Sd/IC9dEv+DSubaYtebGXs45Je8Y
yLVZVYyKFRkmk6zIs8Gk8V66YH2GTAWD6bUekllFXhNsvOZ0AO/lZReeobZ4c2df
eDSiQ3di/3JxaR5aXzXIxSaqYIX8J9gdyJYjVBwzinLqig==
-----END CERTIFICATE-----
Generated at Sun Mar 1 21:48:06 2026 by rpki-client