Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/20d3dbf0-2683-4a01-a00b-6e292c832b53.roa
File: 20d3dbf0-2683-4a01-a00b-6e292c832b53.roa (raw, json)
Hash identifier: l7c9F2+RXgASMoG/nAkGsVpjVJVx2mWR/jwBkrsb9OU=
Subject key identifier: F2:DE:B5:EB:C0:85:28:4F:43:2B:B8:27:16:A7:85:23:EC:F5:07:68
Certificate issuer: /CN=df759b5af3da6c9df033b0de998970a4e79655d0
Certificate serial: 0FD17018F38C1C7F71039E11A9804F0E994ECC80
Authority key identifier: DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/20d3dbf0-2683-4a01-a00b-6e292c832b53.roa
Signing time: Sun 17 May 2026 02:00:23 +0000
ROA not before: Sun 17 May 2026 02:00:23 +0000
ROA not after: Sat 15 Aug 2026 23:59:59 +0000
asID: 16509
IP address blocks: 51.0.128.0/21 maxlen: 21
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.mft
rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 23 May 2026 08:00:36 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
0f:d1:70:18:f3:8c:1c:7f:71:03:9e:11:a9:80:4f:0e:99:4e:cc:80
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=df759b5af3da6c9df033b0de998970a4e79655d0
Validity
Not Before: May 17 02:00:23 2026 GMT
Not After : Aug 15 23:59:59 2026 GMT
Subject: serialNumber=2c27275a40d1950282f6dbafa283ba5f34700d27540272c85ab691e6380dda90, CN=98d67deb-bb75-4e77-b1a0-36016b2d6350
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a2:bd:d2:ba:55:84:17:ad:da:99:c0:11:0d:87:
b3:a5:1b:d8:de:74:9a:84:c6:3e:00:5a:f1:03:2c:
8b:f3:f8:31:c4:fe:42:b2:38:13:f0:2a:1e:84:f7:
0f:51:75:cb:d4:7f:10:4b:d2:8f:df:ce:a8:d6:43:
b9:7d:74:2f:ee:c6:05:ea:b8:8e:2e:cf:73:1e:c1:
c6:1e:f2:d6:1f:21:1d:53:b6:e0:e4:01:17:a0:1b:
9e:1b:ee:2a:ec:1f:11:76:e7:c5:0b:47:24:4b:93:
ed:f7:3d:a3:45:0e:f1:fb:1d:ec:80:da:a4:15:59:
91:4c:81:d1:24:91:36:b2:1a:4b:9e:48:92:c6:eb:
e1:c4:bb:2c:2d:df:9c:9f:8b:9e:e3:3c:10:e0:fb:
33:66:54:2f:88:1f:3a:3a:4c:20:a5:36:c2:c9:80:
06:d5:da:a7:5b:83:87:8f:c0:04:6a:07:c3:11:77:
f0:28:2a:cf:98:ca:7c:d1:ac:c6:77:fc:00:4c:bb:
e3:4d:a2:eb:cd:c8:a0:7a:06:18:b0:5c:03:a7:18:
42:31:be:04:39:38:b2:d5:d3:e2:1e:f3:4d:b8:64:
20:f6:d6:08:0c:52:ec:57:65:d6:3f:81:ee:c4:0f:
c9:93:5d:f9:a6:21:54:7a:a1:b2:95:60:2b:77:d6:
9c:2d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F2:DE:B5:EB:C0:85:28:4F:43:2B:B8:27:16:A7:85:23:EC:F5:07:68
X509v3 Authority Key Identifier:
keyid:DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/20d3dbf0-2683-4a01-a00b-6e292c832b53.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
51.0.128.0/21
Signature Algorithm: sha256WithRSAEncryption
31:a1:30:47:29:71:7f:e6:0c:4a:56:79:bd:02:d0:4c:d9:89:
c5:f2:97:a6:63:09:f3:7c:6f:ea:0a:3f:77:c4:0f:44:1a:41:
33:9b:e9:79:ab:61:29:a2:ca:ea:2b:68:a7:14:b5:b9:e4:08:
68:d4:6f:e5:51:3e:1d:1f:17:90:d9:73:b3:19:d7:25:95:b8:
10:f9:4a:8e:dc:68:3a:9b:47:b2:c8:06:15:98:c5:ad:c3:05:
f3:e3:00:5f:27:2c:12:2e:d4:72:3e:9e:7f:3c:d1:c4:d3:78:
4b:a6:23:75:41:c5:c2:c8:7e:bb:d7:47:37:9f:e8:ff:03:c0:
95:af:a3:3d:c1:c5:e7:74:dc:93:ed:ef:2c:75:95:c8:2c:79:
3b:2b:40:de:b2:95:98:95:f4:58:44:e8:33:d4:90:88:d8:d2:
64:74:4a:4b:eb:fa:69:34:5d:4d:02:50:d6:e9:fe:7a:db:e6:
57:e2:d6:aa:d6:7f:88:80:4f:c4:44:6b:94:56:bd:bb:71:c8:
f6:5f:7e:9e:04:54:50:11:2d:62:b3:c7:15:de:f5:d7:b4:cc:
24:78:eb:a3:52:a3:5d:06:bb:db:91:f1:8e:3c:7b:0b:08:c1:
88:a5:13:56:13:f9:9d:44:63:5a:73:e0:45:68:20:58:d3:d2:
ff:4a:59:9f
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUD9FwGPOMHH9xA54RqYBPDplOzIAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGY3NTliNWFmM2RhNmM5ZGYwMzNiMGRlOTk4OTcwYTRl
Nzk2NTVkMDAeFw0yNjA1MTcwMjAwMjNaFw0yNjA4MTUyMzU5NTlaMHoxSTBHBgNV
BAUTQDJjMjcyNzVhNDBkMTk1MDI4MmY2ZGJhZmEyODNiYTVmMzQ3MDBkMjc1NDAy
NzJjODVhYjY5MWU2MzgwZGRhOTAxLTArBgNVBAMTJDk4ZDY3ZGViLWJiNzUtNGU3
Ny1iMWEwLTM2MDE2YjJkNjM1MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKK90rpVhBet2pnAEQ2Hs6Ub2N50moTGPgBa8QMsi/P4McT+QrI4E/AqHoT3
D1F1y9R/EEvSj9/OqNZDuX10L+7GBeq4ji7Pcx7Bxh7y1h8hHVO24OQBF6Abnhvu
KuwfEXbnxQtHJEuT7fc9o0UO8fsd7IDapBVZkUyB0SSRNrIaS55Iksbr4cS7LC3f
nJ+LnuM8EOD7M2ZUL4gfOjpMIKU2wsmABtXap1uDh4/ABGoHwxF38Cgqz5jKfNGs
xnf8AEy7402i683IoHoGGLBcA6cYQjG+BDk4stXT4h7zTbhkIPbWCAxS7Fdl1j+B
7sQPyZNd+aYhVHqhspVgK3fWnC0CAwEAAaOCAiEwggIdMB0GA1UdDgQWBBTy3rXr
wIUoT0MruCcWp4Uj7PUHaDAfBgNVHSMEGDAWgBTfdZta89psnfAzsN6ZiXCk55ZV
0DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzMzV2JXdlBh
Ykozd003RGVtWWx3cE9lV1ZkQS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9mZTM3MzdmYi0wOTVkLTQ0NGMtOTJmNC0zZjcyMjFmYjU0NGMv
MjBkM2RiZjAtMjY4My00YTAxLWEwMGItNmUyOTJjODMyYjUzLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZmUzNzM3ZmItMDk1ZC00NDRjLTkyZjQtM2Y3MjIxZmI1
NDRjLzBYRTV0WlZ5dUdlYUFfaDctMXFCcDdhWTRTby5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAzMAgDAN
BgkqhkiG9w0BAQsFAAOCAQEAMaEwRylxf+YMSlZ5vQLQTNmJxfKXpmMJ83xv6go/
d8QPRBpBM5vpeathKaLK6itopxS1ueQIaNRv5VE+HR8XkNlzsxnXJZW4EPlKjtxo
OptHssgGFZjFrcMF8+MAXycsEi7Ucj6efzzRxNN4S6YjdUHFwsh+u9dHN5/o/wPA
la+jPcHF53Tck+3vLHWVyCx5OytA3rKVmJX0WEToM9SQiNjSZHRKS+v6aTRdTQJQ
1un+etvmV+LWqtZ/iIBPxERrlFa9u3HI9l9+ngRUUBEtYrPHFd7117TMJHjro1Kj
XQa725Hxjjx7CwjBiKUTVhP5nURjWnPgRWggWNPS/0pZnw==
-----END CERTIFICATE-----
Generated at Fri May 22 16:04:16 2026 by rpki-client