Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/409e157b-4120-4d9a-987d-302a50987746.roa
File: 409e157b-4120-4d9a-987d-302a50987746.roa (raw, json)
Hash identifier: 79v2wmNMvHRhJS4EI/U7+xAlmKcnXFNvsHNgfmYq8ZA=
Subject key identifier: B4:F6:BE:EE:2A:A0:01:BE:76:2F:57:EE:EA:30:E0:D2:85:00:42:EF
Certificate issuer: /CN=df759b5af3da6c9df033b0de998970a4e79655d0
Certificate serial: 0879B3551F71FA0BCEF3AE7D338D4A68C5B1D078
Authority key identifier: DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/409e157b-4120-4d9a-987d-302a50987746.roa
Signing time: Sun 17 May 2026 02:00:02 +0000
ROA not before: Sun 17 May 2026 02:00:02 +0000
ROA not after: Sat 15 Aug 2026 23:59:59 +0000
asID: 16509
IP address blocks: 51.0.128.0/17 maxlen: 17
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.mft
rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 23 May 2026 08:00:36 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
08:79:b3:55:1f:71:fa:0b:ce:f3:ae:7d:33:8d:4a:68:c5:b1:d0:78
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=df759b5af3da6c9df033b0de998970a4e79655d0
Validity
Not Before: May 17 02:00:02 2026 GMT
Not After : Aug 15 23:59:59 2026 GMT
Subject: serialNumber=26f0255421d2cb7e44be69621f90c8c62d995c3b4e3bb11c82fccfad647b5ab5, CN=98d67deb-bb75-4e77-b1a0-36016b2d6350
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:da:31:32:bd:10:28:34:10:d7:9c:5b:c0:19:f7:
f7:04:6e:8e:0c:13:4b:5b:eb:5a:a9:19:3f:3f:04:
9c:f6:2f:58:81:a4:7b:18:81:c0:92:17:32:46:db:
5d:7d:2c:91:7d:6e:f3:68:6d:b9:f3:2f:ec:4f:26:
54:70:0f:fc:10:0e:6b:d9:8a:b1:54:14:74:44:60:
88:0a:74:cf:4a:5c:8f:d0:41:0f:7b:d1:af:7e:50:
db:83:3e:cc:8e:e1:c8:3f:2a:b4:7f:d9:5f:3a:53:
41:77:82:ea:21:7a:91:f5:82:44:18:cc:13:4f:b2:
e4:08:e1:e0:7f:a6:66:19:37:a6:45:88:68:36:0e:
6f:2b:c8:c6:6d:76:9a:cd:61:e2:cc:4d:6b:c3:01:
4c:8c:70:76:d2:bf:36:b1:4b:ef:08:1f:a7:1a:46:
b1:36:22:a5:64:8d:ca:0c:36:28:3f:b8:ce:d2:a0:
16:98:9d:da:05:b5:13:4a:96:ce:0a:23:32:ea:87:
53:bd:cc:8d:ff:4d:1f:bb:6c:18:8a:d6:c2:fb:77:
5f:e3:f3:5b:f7:a2:39:42:33:d7:15:08:49:84:d0:
88:42:2f:5e:ba:47:44:37:52:9a:c3:6c:2d:73:40:
4e:1e:a0:a5:a4:e2:c7:f5:d5:a3:1f:38:2a:4b:9d:
82:63
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B4:F6:BE:EE:2A:A0:01:BE:76:2F:57:EE:EA:30:E0:D2:85:00:42:EF
X509v3 Authority Key Identifier:
keyid:DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/409e157b-4120-4d9a-987d-302a50987746.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
51.0.128.0/17
Signature Algorithm: sha256WithRSAEncryption
16:75:1a:2d:44:4a:b3:30:20:78:0a:f5:cb:19:75:77:e1:c3:
d5:26:f9:1f:52:47:53:19:2f:e8:83:a9:72:26:c6:6c:26:87:
a5:6a:57:54:80:8e:1d:b0:80:8e:69:bd:19:5b:b6:b0:bf:80:
a8:11:fa:98:44:a1:95:ef:0c:31:64:c3:71:43:ee:7d:c0:c8:
54:61:53:50:5d:d4:00:55:7d:1d:ac:58:6c:c7:71:c7:ef:ae:
8a:bc:cc:e0:ed:37:01:a2:16:e0:9b:83:07:f7:13:0e:7f:60:
44:a6:e4:b6:d1:c6:7d:0f:10:6c:d9:2e:de:62:3a:7c:19:16:
ae:bb:9f:21:a7:ee:a3:84:ea:6b:c3:16:7f:91:e2:97:6e:f8:
70:f6:1c:03:50:fd:b5:e4:13:cd:1d:b4:af:f1:8f:36:b1:42:
26:b5:6c:8f:c3:a6:ff:05:af:13:74:55:f3:70:01:fa:d5:69:
7a:10:14:df:d7:0b:b9:54:8e:98:0a:84:d3:7e:b6:8d:d9:61:
0b:eb:40:8c:83:e5:50:97:bb:ae:f3:92:af:f8:c9:1f:26:06:
71:e4:c5:a9:ce:89:d9:6f:f9:22:36:af:00:a2:76:63:6b:9e:
b9:07:e2:1d:21:93:07:83:5e:27:b7:4d:6f:96:a3:3c:b5:2c:
62:77:05:a4
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUCHmzVR9x+gvO8659M41KaMWx0HgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGY3NTliNWFmM2RhNmM5ZGYwMzNiMGRlOTk4OTcwYTRl
Nzk2NTVkMDAeFw0yNjA1MTcwMjAwMDJaFw0yNjA4MTUyMzU5NTlaMHoxSTBHBgNV
BAUTQDI2ZjAyNTU0MjFkMmNiN2U0NGJlNjk2MjFmOTBjOGM2MmQ5OTVjM2I0ZTNi
YjExYzgyZmNjZmFkNjQ3YjVhYjUxLTArBgNVBAMTJDk4ZDY3ZGViLWJiNzUtNGU3
Ny1iMWEwLTM2MDE2YjJkNjM1MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANoxMr0QKDQQ15xbwBn39wRujgwTS1vrWqkZPz8EnPYvWIGkexiBwJIXMkbb
XX0skX1u82htufMv7E8mVHAP/BAOa9mKsVQUdERgiAp0z0pcj9BBD3vRr35Q24M+
zI7hyD8qtH/ZXzpTQXeC6iF6kfWCRBjME0+y5Ajh4H+mZhk3pkWIaDYObyvIxm12
ms1h4sxNa8MBTIxwdtK/NrFL7wgfpxpGsTYipWSNygw2KD+4ztKgFpid2gW1E0qW
zgojMuqHU73Mjf9NH7tsGIrWwvt3X+PzW/eiOUIz1xUISYTQiEIvXrpHRDdSmsNs
LXNATh6gpaTix/XVox84KkudgmMCAwEAAaOCAiEwggIdMB0GA1UdDgQWBBS09r7u
KqABvnYvV+7qMODShQBC7zAfBgNVHSMEGDAWgBTfdZta89psnfAzsN6ZiXCk55ZV
0DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzMzV2JXdlBh
Ykozd003RGVtWWx3cE9lV1ZkQS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9mZTM3MzdmYi0wOTVkLTQ0NGMtOTJmNC0zZjcyMjFmYjU0NGMv
NDA5ZTE1N2ItNDEyMC00ZDlhLTk4N2QtMzAyYTUwOTg3NzQ2LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZmUzNzM3ZmItMDk1ZC00NDRjLTkyZjQtM2Y3MjIxZmI1
NDRjLzBYRTV0WlZ5dUdlYUFfaDctMXFCcDdhWTRTby5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEBzMAgDAN
BgkqhkiG9w0BAQsFAAOCAQEAFnUaLURKszAgeAr1yxl1d+HD1Sb5H1JHUxkv6IOp
cibGbCaHpWpXVICOHbCAjmm9GVu2sL+AqBH6mEShle8MMWTDcUPufcDIVGFTUF3U
AFV9HaxYbMdxx++uirzM4O03AaIW4JuDB/cTDn9gRKbkttHGfQ8QbNku3mI6fBkW
rrufIafuo4Tqa8MWf5Hil274cPYcA1D9teQTzR20r/GPNrFCJrVsj8Om/wWvE3RV
83AB+tVpehAU39cLuVSOmAqE0362jdlhC+tAjIPlUJe7rvOSr/jJHyYGceTFqc6J
2W/5IjavAKJ2Y2ueuQfiHSGTB4NeJ7dNb5ajPLUsYncFpA==
-----END CERTIFICATE-----
Generated at Fri May 22 18:28:29 2026 by rpki-client