Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/f6db5bce-e352-420d-afe4-8a12365284c3.roa
File: f6db5bce-e352-420d-afe4-8a12365284c3.roa (raw, json)
Hash identifier: U8J00dlQ5xj/UnnQt1hNy6dDi+qKJbINsrO+hO8Dj20=
Subject key identifier: E9:B5:ED:24:F5:49:95:73:CF:F5:DA:16:74:37:2B:54:90:69:8A:75
Certificate issuer: /CN=df759b5af3da6c9df033b0de998970a4e79655d0
Certificate serial: 418BC56E6F277AC06EF2567E25D47A1D055179AD
Authority key identifier: DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/f6db5bce-e352-420d-afe4-8a12365284c3.roa
Signing time: Sat 07 Feb 2026 00:10:05 +0000
ROA not before: Sat 07 Feb 2026 00:10:05 +0000
ROA not after: Fri 08 May 2026 23:59:59 +0000
asID: 16509
IP address blocks: 51.74.16.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.mft
rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 22 Feb 2026 00:56:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
41:8b:c5:6e:6f:27:7a:c0:6e:f2:56:7e:25:d4:7a:1d:05:51:79:ad
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=df759b5af3da6c9df033b0de998970a4e79655d0
Validity
Not Before: Feb 7 00:10:05 2026 GMT
Not After : May 8 23:59:59 2026 GMT
Subject: serialNumber=d856e0b070eeaee481bbfe940b844147f07b568f888195bf0f9de81d585aaa6d, CN=98d67deb-bb75-4e77-b1a0-36016b2d6350
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e8:fd:8e:ca:09:75:a3:a2:f9:c9:02:4c:4f:a6:
16:32:31:b5:e3:24:12:bb:27:6e:73:eb:0c:31:cb:
67:2d:f5:93:49:f8:3c:42:2a:31:6a:45:f2:b5:31:
e0:50:ee:e9:f8:ae:97:61:fb:70:1c:15:38:b8:57:
a4:6e:18:9e:a8:1a:d1:70:35:3a:e6:97:e0:59:51:
c8:fe:a5:97:87:06:1d:33:2b:e0:c5:47:e6:b9:67:
21:8b:c8:b8:43:dc:a2:a9:7b:2b:04:7a:eb:a4:ad:
a7:29:df:de:4e:b3:ed:ba:5f:bc:da:a0:d6:85:bd:
3b:8e:18:0a:6c:96:a6:44:af:1a:ad:d6:5e:01:25:
98:c6:a3:63:bf:42:08:98:9b:77:03:7c:cf:44:63:
d0:40:03:1b:0a:b0:89:d1:53:79:8f:ad:73:19:38:
43:22:27:02:63:eb:b8:59:0a:15:b1:cc:cc:29:45:
23:f8:32:7e:87:04:bb:62:1e:71:5c:25:e8:95:cd:
3b:37:76:9b:c3:2e:ff:e3:67:38:c3:e5:a5:9e:7f:
33:29:c2:10:8d:f1:23:04:c5:05:cd:ed:7f:43:4f:
d7:17:77:94:57:04:af:e1:c6:13:d5:82:8d:21:3b:
b4:68:72:e8:bd:91:fd:c7:f6:9e:48:17:98:b5:ba:
a7:8b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E9:B5:ED:24:F5:49:95:73:CF:F5:DA:16:74:37:2B:54:90:69:8A:75
X509v3 Authority Key Identifier:
keyid:DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/f6db5bce-e352-420d-afe4-8a12365284c3.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
51.74.16.0/24
Signature Algorithm: sha256WithRSAEncryption
82:f2:14:ee:a4:6c:13:a7:5c:9f:c4:e8:a1:66:df:11:a1:17:
46:fe:7f:ad:4c:15:2c:6c:27:4d:d1:43:06:be:48:2f:e6:af:
df:8c:a2:ce:89:94:8f:45:a0:79:0c:38:b6:07:25:b6:c8:39:
03:c5:42:51:06:7f:62:eb:a7:23:11:b1:4b:1c:01:b4:a2:9a:
8d:12:a0:bb:c2:c4:d8:93:63:9e:14:a3:4b:23:5a:13:67:ae:
3e:fb:5e:59:20:73:0e:26:c7:04:47:ac:32:3e:27:4f:89:b3:
a9:1b:02:d6:24:04:e9:8d:4c:c9:a5:da:74:42:29:41:6d:16:
f3:d2:4c:6a:e2:a8:f3:84:a0:5d:62:18:ac:62:ce:70:8b:9f:
32:b1:f3:8a:f6:23:cf:a8:4c:e2:d9:3f:db:9c:a2:d9:5d:ae:
4b:4e:cd:c9:ec:e6:bb:dd:a6:a3:6f:4f:96:3d:75:89:88:e9:
65:f5:e0:a4:56:6b:27:6c:51:5d:76:39:0f:ce:e9:20:bd:45:
6a:9c:e3:57:a6:60:b6:29:40:84:29:09:7b:7b:f1:27:0e:aa:
cc:06:7f:e3:26:fa:1d:04:9f:aa:09:05:f6:f7:cf:1f:9a:20:
95:02:d0:c3:9d:9c:fc:53:2e:56:ea:86:9d:d3:b0:b6:c5:b8:
0f:b2:c3:a6
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUQYvFbm8nesBu8lZ+JdR6HQVRea0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZGY3NTliNWFmM2RhNmM5ZGYwMzNiMGRlOTk4OTcwYTRl
Nzk2NTVkMDAeFw0yNjAyMDcwMDEwMDVaFw0yNjA1MDgyMzU5NTlaMHoxSTBHBgNV
BAUTQGQ4NTZlMGIwNzBlZWFlZTQ4MWJiZmU5NDBiODQ0MTQ3ZjA3YjU2OGY4ODgx
OTViZjBmOWRlODFkNTg1YWFhNmQxLTArBgNVBAMTJDk4ZDY3ZGViLWJiNzUtNGU3
Ny1iMWEwLTM2MDE2YjJkNjM1MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAOj9jsoJdaOi+ckCTE+mFjIxteMkErsnbnPrDDHLZy31k0n4PEIqMWpF8rUx
4FDu6fiul2H7cBwVOLhXpG4Ynqga0XA1OuaX4FlRyP6ll4cGHTMr4MVH5rlnIYvI
uEPcoql7KwR666Stpynf3k6z7bpfvNqg1oW9O44YCmyWpkSvGq3WXgElmMajY79C
CJibdwN8z0Rj0EADGwqwidFTeY+tcxk4QyInAmPruFkKFbHMzClFI/gyfocEu2Ie
cVwl6JXNOzd2m8Mu/+NnOMPlpZ5/MynCEI3xIwTFBc3tf0NP1xd3lFcEr+HGE9WC
jSE7tGhy6L2R/cf2nkgXmLW6p4sCAwEAAaOCAiEwggIdMB0GA1UdDgQWBBTpte0k
9UmVc8/12hZ0NytUkGmKdTAfBgNVHSMEGDAWgBTfdZta89psnfAzsN6ZiXCk55ZV
0DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzMzV2JXdlBh
Ykozd003RGVtWWx3cE9lV1ZkQS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9mZTM3MzdmYi0wOTVkLTQ0NGMtOTJmNC0zZjcyMjFmYjU0NGMv
ZjZkYjViY2UtZTM1Mi00MjBkLWFmZTQtOGExMjM2NTI4NGMzLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZmUzNzM3ZmItMDk1ZC00NDRjLTkyZjQtM2Y3MjIxZmI1
NDRjLzBYRTV0WlZ5dUdlYUFfaDctMXFCcDdhWTRTby5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEADNKEDAN
BgkqhkiG9w0BAQsFAAOCAQEAgvIU7qRsE6dcn8TooWbfEaEXRv5/rUwVLGwnTdFD
Br5IL+av34yizomUj0WgeQw4tgcltsg5A8VCUQZ/YuunIxGxSxwBtKKajRKgu8LE
2JNjnhSjSyNaE2euPvteWSBzDibHBEesMj4nT4mzqRsC1iQE6Y1MyaXadEIpQW0W
89JMauKo84SgXWIYrGLOcIufMrHzivYjz6hM4tk/25yi2V2uS07Nyezmu92mo29P
lj11iYjpZfXgpFZrJ2xRXXY5D87pIL1FapzjV6ZgtilAhCkJe3vxJw6qzAZ/4yb6
HQSfqgkF9vfPH5oglQLQw52c/FMuVuqGndOwtsW4D7LDpg==
-----END CERTIFICATE-----
Generated at Sat Feb 21 07:29:51 2026 by rpki-client