Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/123b20eb-4142-4c18-96e0-d1871de66fd3.roa
File: 123b20eb-4142-4c18-96e0-d1871de66fd3.roa (raw, json)
Hash identifier: fAiTZrrLtYdzRa6CzS/dl+NqJBvfLQgFvQbcA4pfP5I=
Subject key identifier: CE:B7:01:DD:73:D3:E7:D5:D2:55:84:B0:69:6E:CC:1F:F2:1E:07:53
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 2B6F2B30291733244A723C956345E2C6A7CC7B45
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/123b20eb-4142-4c18-96e0-d1871de66fd3.roa
Signing time: Sat 28 Feb 2026 06:40:20 +0000
ROA not before: Sat 28 Feb 2026 06:40:20 +0000
ROA not after: Fri 29 May 2026 23:59:59 +0000
asID: 16509
IP address blocks: 51.214.0.0/15 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 15:00:27 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
2b:6f:2b:30:29:17:33:24:4a:72:3c:95:63:45:e2:c6:a7:cc:7b:45
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Feb 28 06:40:20 2026 GMT
Not After : May 29 23:59:59 2026 GMT
Subject: serialNumber=dc0dc771b9642fcedca10f4fa996f840d2da8f362bfc7da1f2d36a54d383746a, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a2:f7:b9:70:4f:eb:1f:a8:df:65:6f:69:62:1d:
c3:f2:ea:e9:86:65:09:fa:13:76:af:20:60:2e:59:
bb:e0:69:9d:27:be:a7:f3:b5:30:d4:b5:37:e7:87:
ad:e8:29:b7:d7:8c:3a:10:cb:77:84:47:1e:bd:5a:
c8:00:83:38:c1:02:91:a3:0f:b8:b0:20:d4:8e:91:
12:65:3d:de:00:b5:20:1a:88:23:3f:ea:e5:08:59:
8e:f5:07:87:ec:09:db:a9:7f:a6:de:f9:95:3d:f1:
f8:5e:7c:ec:2f:b2:50:71:dd:b5:88:98:9a:87:8a:
13:61:54:2e:c6:10:e3:c6:06:9f:8d:36:4c:87:32:
8e:1f:fe:c7:c4:79:f9:ef:66:20:b8:a8:e2:5b:4d:
f9:9d:76:2e:8a:2c:c1:4e:8e:75:f9:38:86:6b:c6:
64:7d:bc:58:98:19:9f:db:53:4f:9d:f1:f5:83:59:
8d:a4:74:a8:22:63:8c:22:6a:55:9d:a3:83:83:77:
06:b6:b3:1c:f0:c1:bd:7b:cb:8e:95:5b:10:ed:dd:
c3:03:4d:48:d3:a5:42:2d:3b:cf:8e:af:c6:7e:5e:
ed:5b:93:6b:98:51:0c:50:73:32:b0:d6:83:99:29:
8c:57:be:c9:6b:e8:15:93:a3:6c:52:d7:95:51:a1:
ec:13
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CE:B7:01:DD:73:D3:E7:D5:D2:55:84:B0:69:6E:CC:1F:F2:1E:07:53
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/123b20eb-4142-4c18-96e0-d1871de66fd3.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
51.214.0.0/15
Signature Algorithm: sha256WithRSAEncryption
4c:5c:51:ab:8b:47:ca:c5:c9:e8:71:38:f2:aa:38:17:2b:c6:
91:85:0b:63:f7:c9:f1:ab:72:f8:8d:f0:ca:c8:ce:b7:7c:0d:
43:07:26:88:71:34:ba:71:bd:a1:39:9d:35:a3:88:7c:1d:c9:
94:4a:c6:0c:5e:61:c3:1b:08:af:c8:bd:b3:a6:82:06:df:f0:
47:a4:50:63:64:99:1c:d9:38:ca:cf:ba:19:85:da:1c:9e:1a:
da:8e:8e:95:fa:74:32:62:37:a9:4f:db:dc:ee:97:57:e9:de:
4e:95:df:d1:60:cb:29:b0:51:83:66:a0:e4:66:2d:65:b5:d5:
bf:76:43:69:01:3c:c1:7c:51:00:47:42:8a:50:75:8f:7c:07:
3f:be:cf:25:6a:5b:37:78:99:df:87:4b:81:ba:a2:01:98:9a:
00:81:cf:2a:68:55:fc:6c:63:43:d6:6f:3f:c1:fa:06:23:72:
41:11:72:c6:09:cd:b6:84:ed:7b:f0:f7:4c:89:4c:f5:45:a7:
14:7d:ce:56:b1:83:ca:f7:16:3b:0b:de:af:aa:ed:82:f3:75:
5f:52:d8:ea:56:30:eb:0e:02:d1:48:c8:b0:9a:ca:00:0e:1d:
d1:9f:04:f1:7d:e7:3c:e1:fc:84:a9:7a:95:1b:1d:fe:02:78:
82:50:b8:07
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUK28rMCkXMyRKcjyVY0XixqfMe0UwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNjAyMjgwNjQwMjBaFw0yNjA1MjkyMzU5NTlaMHoxSTBHBgNV
BAUTQGRjMGRjNzcxYjk2NDJmY2VkY2ExMGY0ZmE5OTZmODQwZDJkYThmMzYyYmZj
N2RhMWYyZDM2YTU0ZDM4Mzc0NmExLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKL3uXBP6x+o32VvaWIdw/Lq6YZlCfoTdq8gYC5Zu+BpnSe+p/O1MNS1N+eH
regpt9eMOhDLd4RHHr1ayACDOMECkaMPuLAg1I6REmU93gC1IBqIIz/q5QhZjvUH
h+wJ26l/pt75lT3x+F587C+yUHHdtYiYmoeKE2FULsYQ48YGn402TIcyjh/+x8R5
+e9mILio4ltN+Z12LooswU6Odfk4hmvGZH28WJgZn9tTT53x9YNZjaR0qCJjjCJq
VZ2jg4N3BrazHPDBvXvLjpVbEO3dwwNNSNOlQi07z46vxn5e7VuTa5hRDFBzMrDW
g5kpjFe+yWvoFZOjbFLXlVGh7BMCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBTOtwHd
c9Pn1dJVhLBpbswf8h4HUzAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
MTIzYjIwZWItNDE0Mi00YzE4LTk2ZTAtZDE4NzFkZTY2ZmQzLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDATPWMA0G
CSqGSIb3DQEBCwUAA4IBAQBMXFGri0fKxcnocTjyqjgXK8aRhQtj98nxq3L4jfDK
yM63fA1DByaIcTS6cb2hOZ01o4h8HcmUSsYMXmHDGwivyL2zpoIG3/BHpFBjZJkc
2TjKz7oZhdocnhrajo6V+nQyYjepT9vc7pdX6d5Old/RYMspsFGDZqDkZi1ltdW/
dkNpATzBfFEAR0KKUHWPfAc/vs8lals3eJnfh0uBuqIBmJoAgc8qaFX8bGND1m8/
wfoGI3JBEXLGCc22hO178PdMiUz1RacUfc5WsYPK9xY7C96vqu2C83VfUtjqVjDr
DgLRSMiwmsoADh3RnwTxfec84fyEqXqVGx3+AniCULgH
-----END CERTIFICATE-----
Generated at Sun Mar 1 21:53:26 2026 by rpki-client