Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/d9c73f5c-1d23-457e-affb-45387b6cc5e9.roa
File: d9c73f5c-1d23-457e-affb-45387b6cc5e9.roa (raw, json)
Hash identifier: bU37sY+PHdThDLF3WC7lNA/gu76Tmn76zGH1/DOSw1M=
Subject key identifier: E9:3C:C6:A7:4C:95:32:D4:97:B4:3B:44:92:71:CF:75:30:3D:5A:7F
Certificate issuer: /CN=df759b5af3da6c9df033b0de998970a4e79655d0
Certificate serial: 220BADA18724F05F7CFB6AE0A394F5DB96CF927B
Authority key identifier: DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/d9c73f5c-1d23-457e-affb-45387b6cc5e9.roa
Signing time: Tue 24 Feb 2026 00:30:08 +0000
ROA not before: Tue 24 Feb 2026 00:30:08 +0000
ROA not after: Mon 25 May 2026 23:59:59 +0000
asID: 16509
IP address blocks: 51.74.0.0/20 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.mft
rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 15:00:27 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
22:0b:ad:a1:87:24:f0:5f:7c:fb:6a:e0:a3:94:f5:db:96:cf:92:7b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=df759b5af3da6c9df033b0de998970a4e79655d0
Validity
Not Before: Feb 24 00:30:08 2026 GMT
Not After : May 25 23:59:59 2026 GMT
Subject: serialNumber=b994c77596a2a2bcacde114e0db2c8308435d82f8e96d034438363a4cf134ddb, CN=98d67deb-bb75-4e77-b1a0-36016b2d6350
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a8:54:20:ec:f5:09:63:93:f7:89:1e:1b:3a:70:
ea:11:d4:8d:4a:0e:2c:6a:e3:24:db:d9:cf:7a:79:
4b:84:ff:52:f1:3d:14:73:7f:0a:c0:a0:0c:6c:d2:
44:d8:b2:03:1f:d8:29:d0:cd:9b:d0:69:e1:45:a8:
fd:cd:57:8f:32:ef:19:58:d9:dd:93:e5:f1:ef:e8:
0c:44:45:91:d0:af:56:0c:0e:e2:96:5f:da:5e:a5:
8a:bc:fc:61:71:1c:b8:38:5e:11:0e:aa:a9:e2:b1:
b7:e2:9e:fc:1e:5d:98:82:c7:60:29:1b:81:52:a2:
9b:3a:36:d4:b0:95:86:c5:c3:63:96:42:9f:c4:cb:
3b:ce:70:3a:60:33:5c:0a:a5:bb:ff:e5:ee:c6:13:
d9:f0:dd:1e:62:39:3f:92:e0:74:be:1e:6f:c0:44:
e2:8a:74:91:59:fc:d6:2f:fc:51:07:6b:c6:4e:ce:
62:dc:32:f3:4b:91:e6:54:e3:81:a3:4d:ba:60:aa:
18:94:74:e3:f8:33:9a:b0:dd:82:b2:53:ba:7a:9a:
0e:fb:b3:42:32:ec:a0:d1:f0:df:6c:95:19:78:4e:
20:ab:61:fc:07:77:7c:bd:01:32:f2:86:27:64:c9:
59:c8:f3:1d:ea:c5:c8:99:86:5f:af:eb:90:67:ee:
d4:61
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E9:3C:C6:A7:4C:95:32:D4:97:B4:3B:44:92:71:CF:75:30:3D:5A:7F
X509v3 Authority Key Identifier:
keyid:DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/d9c73f5c-1d23-457e-affb-45387b6cc5e9.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
51.74.0.0/20
Signature Algorithm: sha256WithRSAEncryption
af:06:63:e5:d1:f7:bf:58:09:b4:69:96:6d:78:6e:12:5a:4b:
4d:cb:ab:42:9f:c1:48:f9:22:fd:90:e4:7e:e7:d2:3b:4d:03:
31:55:9a:d4:a2:12:d5:96:3b:c6:c7:52:bd:b0:6f:fb:93:87:
2e:56:4e:df:26:5e:8d:23:e7:18:de:04:33:c2:28:24:15:18:
7a:d5:8c:e1:e6:fe:2b:66:7c:81:ab:2b:2c:b5:7c:86:9f:7e:
64:77:bf:02:7c:37:32:8d:83:56:c1:30:06:ad:4e:74:b5:8f:
5f:cb:9b:de:93:94:1d:fc:5b:8b:d1:03:ca:aa:bc:d5:17:2f:
55:65:8b:39:d2:70:cd:3b:a6:ec:3e:15:16:cf:94:ce:0a:49:
96:85:9a:32:42:ee:f1:3d:17:12:84:a1:11:c2:10:12:11:c6:
3c:24:c1:0d:dc:68:c1:9f:a9:34:71:12:fe:6a:c3:7f:d5:82:
8d:de:e1:ff:dd:40:08:8f:7e:35:9d:6d:49:75:d5:5f:7a:8f:
69:ff:02:45:e5:e4:76:47:ad:d5:5d:6d:11:41:9b:ed:b5:21:
02:8c:4d:8a:54:c8:4b:82:38:aa:a3:96:34:6e:44:65:09:df:
6e:34:f8:8c:9d:d5:6a:a4:89:10:ad:8a:5b:8e:b7:7a:8e:e1:
af:ea:37:9d
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUIgutoYck8F98+2rgo5T125bPknswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGY3NTliNWFmM2RhNmM5ZGYwMzNiMGRlOTk4OTcwYTRl
Nzk2NTVkMDAeFw0yNjAyMjQwMDMwMDhaFw0yNjA1MjUyMzU5NTlaMHoxSTBHBgNV
BAUTQGI5OTRjNzc1OTZhMmEyYmNhY2RlMTE0ZTBkYjJjODMwODQzNWQ4MmY4ZTk2
ZDAzNDQzODM2M2E0Y2YxMzRkZGIxLTArBgNVBAMTJDk4ZDY3ZGViLWJiNzUtNGU3
Ny1iMWEwLTM2MDE2YjJkNjM1MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKhUIOz1CWOT94keGzpw6hHUjUoOLGrjJNvZz3p5S4T/UvE9FHN/CsCgDGzS
RNiyAx/YKdDNm9Bp4UWo/c1XjzLvGVjZ3ZPl8e/oDERFkdCvVgwO4pZf2l6lirz8
YXEcuDheEQ6qqeKxt+Ke/B5dmILHYCkbgVKimzo21LCVhsXDY5ZCn8TLO85wOmAz
XAqlu//l7sYT2fDdHmI5P5LgdL4eb8BE4op0kVn81i/8UQdrxk7OYtwy80uR5lTj
gaNNumCqGJR04/gzmrDdgrJTunqaDvuzQjLsoNHw32yVGXhOIKth/Ad3fL0BMvKG
J2TJWcjzHerFyJmGX6/rkGfu1GECAwEAAaOCAiEwggIdMB0GA1UdDgQWBBTpPMan
TJUy1Je0O0SScc91MD1afzAfBgNVHSMEGDAWgBTfdZta89psnfAzsN6ZiXCk55ZV
0DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzMzV2JXdlBh
Ykozd003RGVtWWx3cE9lV1ZkQS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9mZTM3MzdmYi0wOTVkLTQ0NGMtOTJmNC0zZjcyMjFmYjU0NGMv
ZDljNzNmNWMtMWQyMy00NTdlLWFmZmItNDUzODdiNmNjNWU5LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZmUzNzM3ZmItMDk1ZC00NDRjLTkyZjQtM2Y3MjIxZmI1
NDRjLzBYRTV0WlZ5dUdlYUFfaDctMXFCcDdhWTRTby5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEBDNKADAN
BgkqhkiG9w0BAQsFAAOCAQEArwZj5dH3v1gJtGmWbXhuElpLTcurQp/BSPki/ZDk
fufSO00DMVWa1KIS1ZY7xsdSvbBv+5OHLlZO3yZejSPnGN4EM8IoJBUYetWM4eb+
K2Z8gasrLLV8hp9+ZHe/Anw3Mo2DVsEwBq1OdLWPX8ub3pOUHfxbi9EDyqq81Rcv
VWWLOdJwzTum7D4VFs+UzgpJloWaMkLu8T0XEoShEcIQEhHGPCTBDdxowZ+pNHES
/mrDf9WCjd7h/91ACI9+NZ1tSXXVX3qPaf8CReXkdket1V1tEUGb7bUhAoxNilTI
S4I4qqOWNG5EZQnfbjT4jJ3VaqSJEK2KW463eo7hr+o3nQ==
-----END CERTIFICATE-----
Generated at Sun Mar 1 21:55:45 2026 by rpki-client