Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/18d9a632-05fe-446e-aca9-1adb271dcda8.roa
File: 18d9a632-05fe-446e-aca9-1adb271dcda8.roa (raw, json)
Hash identifier: cPswcGs2fcxcpJ643I5gB2BtCl1M5SYrRK+yyOBsX0w=
Subject key identifier: 6B:6A:D4:18:7D:D4:3F:D3:97:4B:9E:BB:CA:A0:5C:31:8C:A0:ED:91
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 3BF5139541BF459470768DEFE833A172E44F9B94
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/18d9a632-05fe-446e-aca9-1adb271dcda8.roa
Signing time: Sat 28 Feb 2026 06:40:03 +0000
ROA not before: Sat 28 Feb 2026 06:40:03 +0000
ROA not after: Fri 29 May 2026 23:59:59 +0000
asID: 16509
IP address blocks: 51.196.0.0/15 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 15:00:27 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
3b:f5:13:95:41:bf:45:94:70:76:8d:ef:e8:33:a1:72:e4:4f:9b:94
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Feb 28 06:40:03 2026 GMT
Not After : May 29 23:59:59 2026 GMT
Subject: serialNumber=cb73c7f6bebd0b390e98a9ceb13c4d2893c5e442ccd2f675bb3428fb36ccaf40, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c8:a2:fa:76:ac:b5:81:96:f7:f7:22:95:db:15:
64:fa:61:95:63:c2:4f:ca:f7:c2:49:cb:1f:3d:db:
1f:cb:5e:1a:fa:09:23:16:de:73:25:e2:f0:b1:b1:
43:6c:49:cc:20:72:4a:a3:fd:91:88:8d:f5:a0:e8:
08:3d:97:3b:04:90:7f:43:99:ae:5e:5c:f4:8a:0b:
e1:64:dc:db:74:90:9a:58:aa:d0:6a:ec:c6:a6:df:
a3:c9:26:7b:54:5b:b0:cc:2c:d1:f9:f3:0e:2d:5c:
dd:77:ce:b7:3a:83:1f:b4:cf:27:0d:be:0a:23:b9:
90:ad:5e:c5:de:b6:85:e4:81:e5:ca:94:3c:49:0c:
cb:f9:ce:e3:02:ad:a3:88:5b:9e:f4:9c:b0:70:b2:
09:d3:a1:19:5c:9d:1d:28:f5:ef:f8:29:aa:91:fb:
76:ff:7c:b6:6b:c3:3f:e8:d5:aa:d3:2b:d4:2f:e0:
b3:51:a2:e4:b4:f4:b4:a8:11:c6:b1:d5:8a:5e:41:
3d:8d:87:da:cb:79:bc:43:98:91:dd:1f:5a:dd:ed:
a7:1a:83:1b:03:70:b0:01:ab:75:49:0c:6a:24:51:
34:b3:52:30:76:06:ad:39:d0:62:bd:30:b0:a7:02:
ec:f0:bb:34:13:f4:a1:25:ac:0b:a0:86:31:0a:fe:
eb:17
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6B:6A:D4:18:7D:D4:3F:D3:97:4B:9E:BB:CA:A0:5C:31:8C:A0:ED:91
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/18d9a632-05fe-446e-aca9-1adb271dcda8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
51.196.0.0/15
Signature Algorithm: sha256WithRSAEncryption
c6:2c:2b:74:b6:42:d0:a4:fc:92:23:4a:5e:e6:08:5f:d8:21:
a2:43:84:bc:64:bc:6d:24:1a:12:be:ca:ac:e0:58:32:0a:4b:
4c:d7:83:cf:8a:e7:2c:ba:da:2c:a4:59:9d:3a:f5:85:fe:82:
11:0f:7d:f2:cb:59:59:77:8c:be:67:79:cc:f7:23:8a:f6:71:
bc:14:76:31:04:16:83:0e:b9:8e:82:4b:35:1c:5e:15:1e:50:
98:c7:27:bb:b9:3c:62:d5:9c:19:fa:49:f8:c5:7d:83:99:70:
bb:0c:38:e7:dc:80:62:c4:ac:07:3c:9b:93:6a:f7:0f:53:7e:
0b:a1:09:fd:62:ee:b8:81:95:f4:7a:05:68:b0:0f:cd:c2:bf:
ea:f9:94:e3:76:3e:25:41:83:e8:d8:30:f0:ce:7c:d7:b9:96:
cd:d9:1a:63:fc:fe:70:e5:f5:fd:70:cb:4c:af:08:2f:65:d1:
b8:08:87:e6:9d:f7:65:b1:a3:9f:51:87:55:bf:62:9b:17:4b:
a9:4e:b5:c5:d6:80:7c:22:a0:44:63:e3:9b:ee:3e:3d:0a:a4:
3b:4a:e2:b2:25:99:b6:d5:8d:46:d6:6d:90:16:d2:cc:82:7b:
77:fa:cb:28:95:95:15:9d:47:f6:e3:56:d7:b5:59:39:12:18:
34:25:fd:1b
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUO/UTlUG/RZRwdo3v6DOhcuRPm5QwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNjAyMjgwNjQwMDNaFw0yNjA1MjkyMzU5NTlaMHoxSTBHBgNV
BAUTQGNiNzNjN2Y2YmViZDBiMzkwZTk4YTljZWIxM2M0ZDI4OTNjNWU0NDJjY2Qy
ZjY3NWJiMzQyOGZiMzZjY2FmNDAxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMii+nastYGW9/cildsVZPphlWPCT8r3wknLHz3bH8teGvoJIxbecyXi8LGx
Q2xJzCBySqP9kYiN9aDoCD2XOwSQf0OZrl5c9IoL4WTc23SQmliq0Grsxqbfo8km
e1RbsMws0fnzDi1c3XfOtzqDH7TPJw2+CiO5kK1exd62heSB5cqUPEkMy/nO4wKt
o4hbnvScsHCyCdOhGVydHSj17/gpqpH7dv98tmvDP+jVqtMr1C/gs1Gi5LT0tKgR
xrHVil5BPY2H2st5vEOYkd0fWt3tpxqDGwNwsAGrdUkMaiRRNLNSMHYGrTnQYr0w
sKcC7PC7NBP0oSWsC6CGMQr+6xcCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBRratQY
fdQ/05dLnrvKoFwxjKDtkTAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
MThkOWE2MzItMDVmZS00NDZlLWFjYTktMWFkYjI3MWRjZGE4LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDATPEMA0G
CSqGSIb3DQEBCwUAA4IBAQDGLCt0tkLQpPySI0pe5ghf2CGiQ4S8ZLxtJBoSvsqs
4FgyCktM14PPiucsutospFmdOvWF/oIRD33yy1lZd4y+Z3nM9yOK9nG8FHYxBBaD
DrmOgks1HF4VHlCYxye7uTxi1ZwZ+kn4xX2DmXC7DDjn3IBixKwHPJuTavcPU34L
oQn9Yu64gZX0egVosA/Nwr/q+ZTjdj4lQYPo2DDwznzXuZbN2Rpj/P5w5fX9cMtM
rwgvZdG4CIfmnfdlsaOfUYdVv2KbF0upTrXF1oB8IqBEY+Ob7j49CqQ7SuKyJZm2
1Y1G1m2QFtLMgnt3+ssolZUVnUf241bXtVk5Ehg0Jf0b
-----END CERTIFICATE-----
Generated at Sun Mar 1 21:50:59 2026 by rpki-client