Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/d9c73f5c-1d23-457e-affb-45387b6cc5e9.roa
File: d9c73f5c-1d23-457e-affb-45387b6cc5e9.roa (raw, json)
Hash identifier: 6M/a5/RKVp7clssrQuNt3Riw/8SHzOKeaHsn9T8+96I=
Subject key identifier: B8:48:84:9A:4C:36:8D:B9:6C:E5:B5:43:10:89:83:4A:D2:BA:A2:5F
Certificate issuer: /CN=df759b5af3da6c9df033b0de998970a4e79655d0
Certificate serial: 4F4F2C8F77FDD47F12B02B4E5A75398C38450A7F
Authority key identifier: DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/d9c73f5c-1d23-457e-affb-45387b6cc5e9.roa
Signing time: Fri 15 May 2026 00:30:09 +0000
ROA not before: Fri 15 May 2026 00:30:09 +0000
ROA not after: Thu 13 Aug 2026 23:59:59 +0000
asID: 16509
IP address blocks: 51.74.0.0/20 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.mft
rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 23 May 2026 08:00:36 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
4f:4f:2c:8f:77:fd:d4:7f:12:b0:2b:4e:5a:75:39:8c:38:45:0a:7f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=df759b5af3da6c9df033b0de998970a4e79655d0
Validity
Not Before: May 15 00:30:09 2026 GMT
Not After : Aug 13 23:59:59 2026 GMT
Subject: serialNumber=f1d4e2a7c74189b9946ff682b64743060c605f00748f7b99701df56097ad0f99, CN=98d67deb-bb75-4e77-b1a0-36016b2d6350
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ba:2d:71:95:3e:53:ce:32:aa:c8:38:0a:eb:ec:
58:35:06:e6:18:8f:4a:ad:81:89:b3:07:e2:92:c9:
03:35:f6:1d:4c:32:72:64:66:5f:e2:79:e2:9b:d8:
0b:47:56:0d:09:bb:c7:6a:f4:9a:8f:7e:56:28:ad:
03:25:54:71:db:35:61:de:80:c8:de:dc:1e:f0:15:
ee:a7:45:48:35:fb:80:fb:45:f0:83:e1:ca:b1:99:
87:07:a4:d9:b8:c4:04:ff:39:fa:63:92:b0:e6:c6:
a2:8d:77:f6:cb:99:6f:b0:dc:91:1b:79:ae:09:87:
82:f4:88:ef:60:1a:57:bc:16:85:c7:93:56:33:c2:
3f:f5:0a:1c:5d:5f:d3:62:dc:90:7e:1d:b1:5a:da:
5e:f7:5f:16:54:29:cf:b3:b3:78:e5:dd:28:5f:4b:
c3:91:e9:6f:7b:89:9f:20:64:41:f3:0f:3a:fe:11:
78:01:7d:0c:f5:17:a7:60:82:ab:65:e8:56:dd:e3:
75:fb:d3:23:4d:8c:28:47:c2:10:c1:ac:fd:62:48:
51:ca:5b:df:d7:85:f2:40:2b:ca:66:db:f5:fe:fa:
a7:89:08:91:56:83:e0:f0:57:1e:71:67:e5:35:cd:
1d:b9:b4:cf:92:57:7e:39:28:c0:d9:ce:04:f2:00:
f8:45
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B8:48:84:9A:4C:36:8D:B9:6C:E5:B5:43:10:89:83:4A:D2:BA:A2:5F
X509v3 Authority Key Identifier:
keyid:DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/d9c73f5c-1d23-457e-affb-45387b6cc5e9.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
51.74.0.0/20
Signature Algorithm: sha256WithRSAEncryption
69:a4:d6:02:47:b0:26:d0:95:5e:22:78:f3:c5:7c:14:c6:89:
01:5f:88:d3:19:a3:cb:72:a0:8e:b6:94:09:2e:95:f3:ef:ce:
e3:2c:83:48:3c:3d:d1:7b:78:02:d3:f8:27:e8:79:cb:91:76:
12:10:07:9e:5d:2f:14:73:9a:bb:f2:8b:fb:72:97:9b:9f:ae:
eb:66:0b:55:3f:31:d8:30:4c:08:08:74:c3:51:fb:cd:70:aa:
f7:84:3d:b6:8c:3d:8f:90:5f:fa:7a:f3:27:16:50:74:38:3c:
32:9c:bb:0b:c0:63:64:fd:c9:29:7e:eb:d3:bc:3e:83:53:98:
ff:2a:7c:f6:6a:a2:5b:7a:6d:15:ca:27:2b:f4:6f:bd:54:95:
7d:c7:00:a5:04:1d:3e:fd:0a:a8:41:2f:0b:fb:a1:32:ad:e0:
50:d5:0d:5a:1c:47:5d:72:b3:3f:ba:6d:5a:db:07:01:b5:53:
bb:34:3f:ca:5a:d5:c5:ad:47:5d:c0:c6:86:2a:40:cb:6f:de:
56:51:9d:b4:83:7b:8e:9e:e1:6f:3a:90:b0:a5:e8:00:8b:af:
4a:e8:61:95:21:bc:24:88:da:80:93:96:7a:55:8a:47:74:65:
41:f8:56:e5:5a:8c:a4:ee:01:95:10:d6:49:bc:c6:9d:c2:dd:
6b:cb:c3:82
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUT08sj3f91H8SsCtOWnU5jDhFCn8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGY3NTliNWFmM2RhNmM5ZGYwMzNiMGRlOTk4OTcwYTRl
Nzk2NTVkMDAeFw0yNjA1MTUwMDMwMDlaFw0yNjA4MTMyMzU5NTlaMHoxSTBHBgNV
BAUTQGYxZDRlMmE3Yzc0MTg5Yjk5NDZmZjY4MmI2NDc0MzA2MGM2MDVmMDA3NDhm
N2I5OTcwMWRmNTYwOTdhZDBmOTkxLTArBgNVBAMTJDk4ZDY3ZGViLWJiNzUtNGU3
Ny1iMWEwLTM2MDE2YjJkNjM1MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALotcZU+U84yqsg4CuvsWDUG5hiPSq2BibMH4pLJAzX2HUwycmRmX+J54pvY
C0dWDQm7x2r0mo9+ViitAyVUcds1Yd6AyN7cHvAV7qdFSDX7gPtF8IPhyrGZhwek
2bjEBP85+mOSsObGoo139suZb7DckRt5rgmHgvSI72AaV7wWhceTVjPCP/UKHF1f
02LckH4dsVraXvdfFlQpz7OzeOXdKF9Lw5Hpb3uJnyBkQfMPOv4ReAF9DPUXp2CC
q2XoVt3jdfvTI02MKEfCEMGs/WJIUcpb39eF8kArymbb9f76p4kIkVaD4PBXHnFn
5TXNHbm0z5JXfjkowNnOBPIA+EUCAwEAAaOCAiEwggIdMB0GA1UdDgQWBBS4SISa
TDaNuWzltUMQiYNK0rqiXzAfBgNVHSMEGDAWgBTfdZta89psnfAzsN6ZiXCk55ZV
0DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzMzV2JXdlBh
Ykozd003RGVtWWx3cE9lV1ZkQS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9mZTM3MzdmYi0wOTVkLTQ0NGMtOTJmNC0zZjcyMjFmYjU0NGMv
ZDljNzNmNWMtMWQyMy00NTdlLWFmZmItNDUzODdiNmNjNWU5LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZmUzNzM3ZmItMDk1ZC00NDRjLTkyZjQtM2Y3MjIxZmI1
NDRjLzBYRTV0WlZ5dUdlYUFfaDctMXFCcDdhWTRTby5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEBDNKADAN
BgkqhkiG9w0BAQsFAAOCAQEAaaTWAkewJtCVXiJ488V8FMaJAV+I0xmjy3KgjraU
CS6V8+/O4yyDSDw90Xt4AtP4J+h5y5F2EhAHnl0vFHOau/KL+3KXm5+u62YLVT8x
2DBMCAh0w1H7zXCq94Q9tow9j5Bf+nrzJxZQdDg8Mpy7C8BjZP3JKX7r07w+g1OY
/yp89mqiW3ptFconK/RvvVSVfccApQQdPv0KqEEvC/uhMq3gUNUNWhxHXXKzP7pt
WtsHAbVTuzQ/ylrVxa1HXcDGhipAy2/eVlGdtIN7jp7hbzqQsKXoAIuvSuhhlSG8
JIjagJOWelWKR3RlQfhW5VqMpO4BlRDWSbzGncLda8vDgg==
-----END CERTIFICATE-----
Generated at Fri May 22 16:04:20 2026 by rpki-client