Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/d5f28959-e053-4dd5-9cd7-d519d57c2a0e.roa
File: d5f28959-e053-4dd5-9cd7-d519d57c2a0e.roa (raw, json)
Hash identifier: MfuPLWGrFXth+YSWsjX6IfDLh3NWH2xqHPpjWnxLlbw=
Subject key identifier: 90:1E:79:BB:DF:DA:19:8A:8E:98:29:E8:76:A7:A2:6C:CC:0A:92:DC
Certificate issuer: /CN=df759b5af3da6c9df033b0de998970a4e79655d0
Certificate serial: 591E37AD89EADF40B749AD181C1F0E13A470D5C9
Authority key identifier: DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/d5f28959-e053-4dd5-9cd7-d519d57c2a0e.roa
Signing time: Sun 17 May 2026 02:00:27 +0000
ROA not before: Sun 17 May 2026 02:00:27 +0000
ROA not after: Sat 15 Aug 2026 23:59:59 +0000
asID: 16509
IP address blocks: 51.0.136.0/21 maxlen: 21
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.mft
rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 23 May 2026 08:00:36 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
59:1e:37:ad:89:ea:df:40:b7:49:ad:18:1c:1f:0e:13:a4:70:d5:c9
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=df759b5af3da6c9df033b0de998970a4e79655d0
Validity
Not Before: May 17 02:00:27 2026 GMT
Not After : Aug 15 23:59:59 2026 GMT
Subject: serialNumber=59ece1b5bfd0a271008edad81574b2f057da66baa54e2f4b56636efae67ebb21, CN=98d67deb-bb75-4e77-b1a0-36016b2d6350
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d4:55:ff:09:ab:b2:94:23:96:4e:47:97:af:4e:
fa:b3:3d:43:7e:b7:15:ab:52:0d:b6:5e:91:34:cb:
d3:1a:4b:b3:21:78:f7:8f:fa:93:0f:92:6f:a0:6f:
18:2e:89:15:15:3a:41:85:9e:f2:dc:7e:73:cd:43:
b2:e1:42:3f:40:c4:d2:0e:58:78:70:da:cb:12:f7:
a4:a4:d9:fb:f3:93:92:e5:90:57:52:81:3b:51:73:
59:6b:64:34:7e:fe:fb:fd:57:47:a4:12:42:3c:01:
8a:cc:3e:31:fe:87:2f:99:15:bc:ad:01:4a:74:69:
d2:24:00:3f:15:53:32:d0:e1:fc:ef:50:43:6c:98:
02:42:b3:86:41:23:8a:e6:a1:be:b3:ce:62:88:a8:
f3:d8:6a:d2:31:b6:a9:c2:b2:e7:5c:d1:d5:63:ba:
1e:c6:5c:a5:f2:99:ac:a8:fe:6b:76:a9:ea:79:a0:
4c:bb:03:55:ff:98:6c:3d:d6:94:d1:f6:79:6e:96:
c6:de:10:54:37:43:9c:3e:21:5d:b1:0b:82:92:c4:
8b:41:8c:9a:ab:50:48:bf:92:b0:32:a5:67:18:c9:
30:f4:9f:0f:50:eb:df:0e:48:2f:04:99:02:b7:1f:
72:33:c5:6b:91:79:8d:db:bb:91:08:0f:5a:80:ec:
77:b3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
90:1E:79:BB:DF:DA:19:8A:8E:98:29:E8:76:A7:A2:6C:CC:0A:92:DC
X509v3 Authority Key Identifier:
keyid:DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/d5f28959-e053-4dd5-9cd7-d519d57c2a0e.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
51.0.136.0/21
Signature Algorithm: sha256WithRSAEncryption
29:35:3f:bd:43:c3:37:26:22:dd:35:9c:f4:6d:e5:83:f1:a3:
89:0a:6b:25:18:2b:98:50:0d:ca:8a:99:5c:a8:21:6e:28:78:
4a:1c:e4:1a:c8:0d:30:b9:8b:d8:7a:e6:0f:d8:0c:55:cf:3f:
bf:4e:36:39:d7:24:61:7b:3f:fa:0c:7c:61:35:86:20:08:6a:
e7:ce:56:4f:4c:2f:98:a9:99:29:bb:88:a3:58:7e:89:9d:5a:
60:e9:f6:65:76:00:ea:58:40:d1:04:e4:97:22:29:bc:11:99:
7b:a5:fb:15:ed:89:63:5f:06:dd:ec:15:88:c4:b1:fa:09:11:
b5:58:ab:99:cf:63:07:48:af:5a:46:d4:cd:99:9c:4a:a0:4f:
49:b1:a7:c1:fb:d5:97:50:e3:27:ef:67:06:30:9b:40:f8:58:
d0:2f:22:f7:a2:fd:77:21:33:67:53:b8:02:1f:75:a4:26:c8:
c7:dd:7d:56:01:ac:61:4b:58:87:f7:fb:78:26:c6:3a:17:f2:
83:a7:9e:b4:49:9b:68:1d:59:a4:aa:18:1f:0e:41:a7:ef:35:
80:26:6b:e6:13:81:d6:a1:6d:8b:f0:af:08:e0:f2:9b:6d:0b:
91:5a:86:bb:ca:c2:39:4b:3d:86:d9:72:98:2d:cf:37:cb:98:
02:ba:40:c7
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUWR43rYnq30C3Sa0YHB8OE6Rw1ckwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGY3NTliNWFmM2RhNmM5ZGYwMzNiMGRlOTk4OTcwYTRl
Nzk2NTVkMDAeFw0yNjA1MTcwMjAwMjdaFw0yNjA4MTUyMzU5NTlaMHoxSTBHBgNV
BAUTQDU5ZWNlMWI1YmZkMGEyNzEwMDhlZGFkODE1NzRiMmYwNTdkYTY2YmFhNTRl
MmY0YjU2NjM2ZWZhZTY3ZWJiMjExLTArBgNVBAMTJDk4ZDY3ZGViLWJiNzUtNGU3
Ny1iMWEwLTM2MDE2YjJkNjM1MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANRV/wmrspQjlk5Hl69O+rM9Q363FatSDbZekTTL0xpLsyF494/6kw+Sb6Bv
GC6JFRU6QYWe8tx+c81DsuFCP0DE0g5YeHDayxL3pKTZ+/OTkuWQV1KBO1FzWWtk
NH7++/1XR6QSQjwBisw+Mf6HL5kVvK0BSnRp0iQAPxVTMtDh/O9QQ2yYAkKzhkEj
iuahvrPOYoio89hq0jG2qcKy51zR1WO6HsZcpfKZrKj+a3ap6nmgTLsDVf+YbD3W
lNH2eW6Wxt4QVDdDnD4hXbELgpLEi0GMmqtQSL+SsDKlZxjJMPSfD1Dr3w5ILwSZ
ArcfcjPFa5F5jdu7kQgPWoDsd7MCAwEAAaOCAiEwggIdMB0GA1UdDgQWBBSQHnm7
39oZio6YKeh2p6JszAqS3DAfBgNVHSMEGDAWgBTfdZta89psnfAzsN6ZiXCk55ZV
0DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzMzV2JXdlBh
Ykozd003RGVtWWx3cE9lV1ZkQS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9mZTM3MzdmYi0wOTVkLTQ0NGMtOTJmNC0zZjcyMjFmYjU0NGMv
ZDVmMjg5NTktZTA1My00ZGQ1LTljZDctZDUxOWQ1N2MyYTBlLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZmUzNzM3ZmItMDk1ZC00NDRjLTkyZjQtM2Y3MjIxZmI1
NDRjLzBYRTV0WlZ5dUdlYUFfaDctMXFCcDdhWTRTby5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAzMAiDAN
BgkqhkiG9w0BAQsFAAOCAQEAKTU/vUPDNyYi3TWc9G3lg/GjiQprJRgrmFANyoqZ
XKghbih4ShzkGsgNMLmL2HrmD9gMVc8/v042OdckYXs/+gx8YTWGIAhq585WT0wv
mKmZKbuIo1h+iZ1aYOn2ZXYA6lhA0QTklyIpvBGZe6X7Fe2JY18G3ewViMSx+gkR
tVirmc9jB0ivWkbUzZmcSqBPSbGnwfvVl1DjJ+9nBjCbQPhY0C8i96L9dyEzZ1O4
Ah91pCbIx919VgGsYUtYh/f7eCbGOhfyg6eetEmbaB1ZpKoYHw5Bp+81gCZr5hOB
1qFti/CvCODym20LkVqGu8rCOUs9htlymC3PN8uYArpAxw==
-----END CERTIFICATE-----
Generated at Fri May 22 16:04:29 2026 by rpki-client