Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/caf04ce0-0dbd-43ea-843a-a139a615d156.roa
File: caf04ce0-0dbd-43ea-843a-a139a615d156.roa (raw, json)
Hash identifier: dwQJuJjiauzeYgElosBGncYLQ5UqNi+3422lVcFZl7s=
Subject key identifier: B9:A9:2C:5A:64:2A:AA:91:F9:81:E5:05:EA:0D:E1:09:FF:75:EC:A8
Certificate issuer: /CN=df759b5af3da6c9df033b0de998970a4e79655d0
Certificate serial: 36AA74DE3EA929D3ED01C020A36BC5AC2C923910
Authority key identifier: DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/caf04ce0-0dbd-43ea-843a-a139a615d156.roa
Signing time: Sun 17 May 2026 02:00:02 +0000
ROA not before: Sun 17 May 2026 02:00:02 +0000
ROA not after: Sat 15 Aug 2026 23:59:59 +0000
asID: 16509
IP address blocks: 51.0.28.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.mft
rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 23 May 2026 08:00:36 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
36:aa:74:de:3e:a9:29:d3:ed:01:c0:20:a3:6b:c5:ac:2c:92:39:10
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=df759b5af3da6c9df033b0de998970a4e79655d0
Validity
Not Before: May 17 02:00:02 2026 GMT
Not After : Aug 15 23:59:59 2026 GMT
Subject: serialNumber=783edb365e856c92939182d7c8a461fe21ecd4ab931e5e8d6bc22185ab1c5673, CN=98d67deb-bb75-4e77-b1a0-36016b2d6350
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:aa:69:e5:4a:eb:a4:b0:e5:64:6f:67:8b:9e:b4:
08:d3:61:37:a0:24:b8:a7:60:5d:8a:48:0d:1f:f0:
70:dc:11:f9:7d:8b:b1:40:28:f7:1a:98:53:71:03:
23:35:f3:55:8b:15:2e:74:6d:ac:c7:a1:e0:2c:7f:
35:1f:6d:3c:aa:2f:05:ec:d6:51:19:f8:87:be:70:
1d:87:b2:7d:35:08:cb:3e:60:d6:82:47:59:2f:57:
ef:df:4c:93:27:9f:be:ab:48:1d:9c:14:d9:b3:46:
bb:b8:f7:57:b9:f1:4e:8f:17:eb:72:d5:14:98:2f:
32:de:ed:fc:53:fd:6c:60:31:7f:2c:36:27:f9:67:
3a:0b:d6:a1:0a:07:4b:5a:41:7c:d8:45:cd:7f:3b:
0f:94:44:a4:95:10:e8:9e:a2:34:18:fc:a8:d8:73:
7e:2a:70:9a:1c:f5:83:02:ee:2d:d7:b5:2a:b5:cb:
62:d0:7d:19:1c:17:58:8b:03:8d:f9:a1:be:5e:2e:
45:fe:c3:5f:58:c1:a8:8d:1b:5d:d3:d5:5f:55:45:
b0:62:01:22:c5:cc:61:ab:db:ea:b1:a2:f4:43:90:
96:f7:07:f9:df:f7:f9:6a:53:77:b5:af:54:98:7b:
3e:72:fe:df:5d:82:ac:f9:17:e0:d7:d1:30:ad:84:
71:25
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B9:A9:2C:5A:64:2A:AA:91:F9:81:E5:05:EA:0D:E1:09:FF:75:EC:A8
X509v3 Authority Key Identifier:
keyid:DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/caf04ce0-0dbd-43ea-843a-a139a615d156.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
51.0.28.0/24
Signature Algorithm: sha256WithRSAEncryption
74:8b:dd:c3:45:8e:f4:be:ac:d5:ba:c5:97:cb:e4:ea:fa:c8:
cc:70:5a:d5:43:b9:95:1d:aa:8e:39:e9:25:b3:be:b3:49:bd:
9e:a4:15:d2:43:be:41:0a:8d:04:d9:91:92:ec:14:16:d6:d3:
60:57:c9:00:70:3b:7f:4b:5f:b2:de:e3:d3:32:2c:ed:9a:fa:
90:a2:6e:3e:6a:36:4f:9b:6e:db:71:53:32:12:53:a3:52:b9:
5c:20:18:50:ac:5c:83:d6:b2:e2:3d:d6:32:b8:49:95:de:88:
12:65:ba:a7:b0:08:e2:5d:e7:e7:6d:e4:16:f2:a7:ed:fb:3c:
b3:98:8c:aa:c8:07:50:05:c1:37:c5:0a:7d:3e:ae:58:85:5e:
19:2e:be:fd:c6:14:59:a8:e6:ab:67:8c:ab:4f:ad:68:34:80:
dc:2d:1b:cc:96:42:fb:7f:4e:46:c1:05:0c:d4:00:07:d9:fe:
d8:6f:9b:34:9e:76:92:49:3e:30:1a:c5:6c:ca:7d:cd:90:20:
de:35:99:f0:ff:5b:c8:a7:ca:47:26:ab:a4:37:9c:ef:93:16:
4d:96:e8:2f:65:d0:a3:03:6b:c7:16:44:d3:8b:86:45:a4:ae:
67:4a:04:62:2a:11:9c:f7:53:e4:ba:08:0b:87:dd:9c:a2:89:
6c:60:17:bf
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUNqp03j6pKdPtAcAgo2vFrCySORAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGY3NTliNWFmM2RhNmM5ZGYwMzNiMGRlOTk4OTcwYTRl
Nzk2NTVkMDAeFw0yNjA1MTcwMjAwMDJaFw0yNjA4MTUyMzU5NTlaMHoxSTBHBgNV
BAUTQDc4M2VkYjM2NWU4NTZjOTI5MzkxODJkN2M4YTQ2MWZlMjFlY2Q0YWI5MzFl
NWU4ZDZiYzIyMTg1YWIxYzU2NzMxLTArBgNVBAMTJDk4ZDY3ZGViLWJiNzUtNGU3
Ny1iMWEwLTM2MDE2YjJkNjM1MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKpp5UrrpLDlZG9ni560CNNhN6AkuKdgXYpIDR/wcNwR+X2LsUAo9xqYU3ED
IzXzVYsVLnRtrMeh4Cx/NR9tPKovBezWURn4h75wHYeyfTUIyz5g1oJHWS9X799M
kyefvqtIHZwU2bNGu7j3V7nxTo8X63LVFJgvMt7t/FP9bGAxfyw2J/lnOgvWoQoH
S1pBfNhFzX87D5REpJUQ6J6iNBj8qNhzfipwmhz1gwLuLde1KrXLYtB9GRwXWIsD
jfmhvl4uRf7DX1jBqI0bXdPVX1VFsGIBIsXMYavb6rGi9EOQlvcH+d/3+WpTd7Wv
VJh7PnL+312CrPkX4NfRMK2EcSUCAwEAAaOCAiEwggIdMB0GA1UdDgQWBBS5qSxa
ZCqqkfmB5QXqDeEJ/3XsqDAfBgNVHSMEGDAWgBTfdZta89psnfAzsN6ZiXCk55ZV
0DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzMzV2JXdlBh
Ykozd003RGVtWWx3cE9lV1ZkQS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9mZTM3MzdmYi0wOTVkLTQ0NGMtOTJmNC0zZjcyMjFmYjU0NGMv
Y2FmMDRjZTAtMGRiZC00M2VhLTg0M2EtYTEzOWE2MTVkMTU2LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZmUzNzM3ZmItMDk1ZC00NDRjLTkyZjQtM2Y3MjIxZmI1
NDRjLzBYRTV0WlZ5dUdlYUFfaDctMXFCcDdhWTRTby5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEADMAHDAN
BgkqhkiG9w0BAQsFAAOCAQEAdIvdw0WO9L6s1brFl8vk6vrIzHBa1UO5lR2qjjnp
JbO+s0m9nqQV0kO+QQqNBNmRkuwUFtbTYFfJAHA7f0tfst7j0zIs7Zr6kKJuPmo2
T5tu23FTMhJTo1K5XCAYUKxcg9ay4j3WMrhJld6IEmW6p7AI4l3n523kFvKn7fs8
s5iMqsgHUAXBN8UKfT6uWIVeGS6+/cYUWajmq2eMq0+taDSA3C0bzJZC+39ORsEF
DNQAB9n+2G+bNJ52kkk+MBrFbMp9zZAg3jWZ8P9byKfKRyarpDec75MWTZboL2XQ
owNrxxZE04uGRaSuZ0oEYioRnPdT5LoIC4fdnKKJbGAXvw==
-----END CERTIFICATE-----
Generated at Fri May 22 16:04:19 2026 by rpki-client