Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/efb99c18-4a45-4f07-9c1c-080a66f77889.roa
File: efb99c18-4a45-4f07-9c1c-080a66f77889.roa (raw, json)
Hash identifier: X+08SChZ0d1grEc+nWcVTJFwxIwbfoUAjcjQHvItpSw=
Subject key identifier: 2B:F7:8B:CD:79:04:9F:05:58:3F:C3:6F:15:C9:71:B8:D5:52:B8:AB
Certificate issuer: /CN=df759b5af3da6c9df033b0de998970a4e79655d0
Certificate serial: 4903A68EF7B833F490CE2B6EF9F4BFE6D3CF9365
Authority key identifier: DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/efb99c18-4a45-4f07-9c1c-080a66f77889.roa
Signing time: Sun 17 May 2026 02:00:06 +0000
ROA not before: Sun 17 May 2026 02:00:06 +0000
ROA not after: Sat 15 Aug 2026 23:59:59 +0000
asID: 16509
IP address blocks: 51.0.24.0/22 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.mft
rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 23 May 2026 08:00:36 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
49:03:a6:8e:f7:b8:33:f4:90:ce:2b:6e:f9:f4:bf:e6:d3:cf:93:65
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=df759b5af3da6c9df033b0de998970a4e79655d0
Validity
Not Before: May 17 02:00:06 2026 GMT
Not After : Aug 15 23:59:59 2026 GMT
Subject: serialNumber=3f2acebbe55e62de68aaaa93f0050a7af586c19f7d3168be6a2d4ad096788f57, CN=98d67deb-bb75-4e77-b1a0-36016b2d6350
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d5:5d:0e:65:16:2a:09:37:dd:fc:a4:65:f5:de:
6c:11:cd:21:a6:21:ee:06:bc:96:08:a0:6d:b5:6c:
af:3c:95:81:17:70:25:39:06:3d:fb:c5:e5:b7:43:
de:94:3f:21:27:15:9a:fc:c4:f7:87:27:ed:f1:a8:
4b:96:58:26:6c:1b:93:04:b5:d0:a7:24:a3:35:f9:
71:5c:f7:8b:6c:71:d7:29:7e:c2:e9:6f:52:7f:5c:
31:6b:50:54:85:78:ab:66:1e:4f:1e:db:b5:6f:80:
6a:22:fe:ea:de:d2:89:a0:22:90:dc:5f:d2:ee:be:
b7:d0:e8:86:0f:29:e9:ef:45:61:61:76:5f:e8:33:
f5:9a:c5:ba:fb:67:8d:df:49:1f:72:78:d3:8a:0a:
c9:3f:39:e4:38:14:1b:b2:73:90:0c:6c:d0:dc:93:
54:40:9e:2f:92:fa:70:3f:15:2e:91:05:ce:04:3e:
83:01:87:dc:2d:33:c6:f5:b6:fa:6b:75:be:9b:d3:
d5:6b:ab:7e:a8:31:b7:0f:66:1a:18:85:83:f3:fb:
cf:af:93:76:7f:61:ad:27:17:05:4a:b4:fd:3b:60:
be:d7:8b:88:7d:79:5f:c8:87:0e:ac:3e:47:ee:ee:
4d:5c:c1:1f:fa:19:2a:fe:bb:7c:6d:6d:59:06:e3:
65:37
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2B:F7:8B:CD:79:04:9F:05:58:3F:C3:6F:15:C9:71:B8:D5:52:B8:AB
X509v3 Authority Key Identifier:
keyid:DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/efb99c18-4a45-4f07-9c1c-080a66f77889.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
51.0.24.0/22
Signature Algorithm: sha256WithRSAEncryption
5c:e0:3e:e4:29:0f:9d:ed:39:4e:49:f1:a0:1f:8a:8e:58:89:
61:22:5f:8b:66:0f:0c:43:c5:79:67:c5:76:86:96:0c:f7:b5:
8f:3c:ba:15:e4:88:99:6c:a8:91:44:9d:b9:67:7d:ab:94:45:
57:51:ff:10:10:ed:5e:9c:0e:fe:2f:ad:12:0b:99:5b:a4:8b:
4a:e5:40:1d:5c:3b:db:a6:d8:37:aa:72:f4:6d:8f:4c:d2:aa:
54:f7:06:67:9f:b0:32:17:16:fa:42:c1:aa:f0:0e:d0:97:aa:
10:fd:87:fc:5d:10:16:b0:1b:7b:3e:01:f3:10:6f:8c:7d:67:
7b:00:85:13:76:b3:f3:f5:41:cc:b7:ad:15:85:81:0a:6b:db:
60:91:1c:55:8e:6e:b7:c6:b5:1a:2f:fc:45:b4:dc:89:5b:1a:
71:41:31:f7:c2:38:47:15:42:f5:76:94:d2:b9:25:5a:d1:67:
2b:23:b3:49:6e:fa:a1:85:69:00:e6:de:8c:3e:da:a8:e7:7d:
b9:33:54:a9:66:b3:7a:ad:63:22:f8:07:09:08:10:03:26:93:
02:8c:f8:4c:26:fd:7a:13:8b:32:b1:93:15:f0:5e:48:97:f2:
b0:c0:e2:09:d2:50:26:7d:be:64:bd:d9:3a:75:07:ce:50:43:
62:81:29:20
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUSQOmjve4M/SQzitu+fS/5tPPk2UwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGY3NTliNWFmM2RhNmM5ZGYwMzNiMGRlOTk4OTcwYTRl
Nzk2NTVkMDAeFw0yNjA1MTcwMjAwMDZaFw0yNjA4MTUyMzU5NTlaMHoxSTBHBgNV
BAUTQDNmMmFjZWJiZTU1ZTYyZGU2OGFhYWE5M2YwMDUwYTdhZjU4NmMxOWY3ZDMx
NjhiZTZhMmQ0YWQwOTY3ODhmNTcxLTArBgNVBAMTJDk4ZDY3ZGViLWJiNzUtNGU3
Ny1iMWEwLTM2MDE2YjJkNjM1MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANVdDmUWKgk33fykZfXebBHNIaYh7ga8lgigbbVsrzyVgRdwJTkGPfvF5bdD
3pQ/IScVmvzE94cn7fGoS5ZYJmwbkwS10KckozX5cVz3i2xx1yl+wulvUn9cMWtQ
VIV4q2YeTx7btW+AaiL+6t7SiaAikNxf0u6+t9Dohg8p6e9FYWF2X+gz9ZrFuvtn
jd9JH3J404oKyT855DgUG7JzkAxs0NyTVECeL5L6cD8VLpEFzgQ+gwGH3C0zxvW2
+mt1vpvT1Wurfqgxtw9mGhiFg/P7z6+Tdn9hrScXBUq0/TtgvteLiH15X8iHDqw+
R+7uTVzBH/oZKv67fG1tWQbjZTcCAwEAAaOCAiEwggIdMB0GA1UdDgQWBBQr94vN
eQSfBVg/w28VyXG41VK4qzAfBgNVHSMEGDAWgBTfdZta89psnfAzsN6ZiXCk55ZV
0DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzMzV2JXdlBh
Ykozd003RGVtWWx3cE9lV1ZkQS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9mZTM3MzdmYi0wOTVkLTQ0NGMtOTJmNC0zZjcyMjFmYjU0NGMv
ZWZiOTljMTgtNGE0NS00ZjA3LTljMWMtMDgwYTY2Zjc3ODg5LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZmUzNzM3ZmItMDk1ZC00NDRjLTkyZjQtM2Y3MjIxZmI1
NDRjLzBYRTV0WlZ5dUdlYUFfaDctMXFCcDdhWTRTby5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAjMAGDAN
BgkqhkiG9w0BAQsFAAOCAQEAXOA+5CkPne05TknxoB+KjliJYSJfi2YPDEPFeWfF
doaWDPe1jzy6FeSImWyokUSduWd9q5RFV1H/EBDtXpwO/i+tEguZW6SLSuVAHVw7
26bYN6py9G2PTNKqVPcGZ5+wMhcW+kLBqvAO0JeqEP2H/F0QFrAbez4B8xBvjH1n
ewCFE3az8/VBzLetFYWBCmvbYJEcVY5ut8a1Gi/8RbTciVsacUEx98I4RxVC9XaU
0rklWtFnKyOzSW76oYVpAObejD7aqOd9uTNUqWazeq1jIvgHCQgQAyaTAoz4TCb9
ehOLMrGTFfBeSJfysMDiCdJQJn2+ZL3ZOnUHzlBDYoEpIA==
-----END CERTIFICATE-----
Generated at Fri May 22 16:04:21 2026 by rpki-client