Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/238dbfbb-0e18-45e0-ba91-6e88bb50802a.roa
File: 238dbfbb-0e18-45e0-ba91-6e88bb50802a.roa (raw, json)
Hash identifier: ICHBMUlgCVYoF0aTh7r3qizAoyAxKBdBemS+7fNP36Y=
Subject key identifier: B3:24:5E:39:43:F6:5B:B8:DE:CB:97:06:A3:BF:94:D7:CE:B2:D8:93
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 330B431046D91B93FBC7855CFA04277813758DCC
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/238dbfbb-0e18-45e0-ba91-6e88bb50802a.roa
Signing time: Sat 28 Feb 2026 06:40:49 +0000
ROA not before: Sat 28 Feb 2026 06:40:49 +0000
ROA not after: Fri 29 May 2026 23:59:59 +0000
asID: 16509
IP address blocks: 200.197.0.0/16 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 15:00:27 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
33:0b:43:10:46:d9:1b:93:fb:c7:85:5c:fa:04:27:78:13:75:8d:cc
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Feb 28 06:40:49 2026 GMT
Not After : May 29 23:59:59 2026 GMT
Subject: serialNumber=54828b5450e1ff3fe42e2b19aeb60535a0dc539437e7dc7d702e22e144727780, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a9:0f:a3:55:4e:41:48:66:e9:a5:4a:52:8d:6a:
93:b2:a2:f6:8a:e1:4b:8e:c8:e7:2e:d9:8c:2c:ce:
bf:c0:b0:ca:5c:a1:e3:6d:58:e4:a3:15:87:2f:42:
5d:3f:23:3b:cf:7c:4f:f9:35:e8:b9:f3:4b:ee:dd:
d5:d6:d7:b4:6a:b3:87:60:f8:13:0e:a4:7f:33:7f:
bc:38:63:b2:61:b2:88:4c:ab:3d:64:8a:5c:31:ad:
78:cb:85:28:12:d4:eb:3f:26:e1:51:f1:81:b1:17:
de:44:b3:68:00:28:39:c9:7a:5c:d9:8d:ba:c4:24:
fa:6c:cf:61:a4:60:f1:cb:45:3e:0a:6c:0e:c7:b5:
e6:ed:16:99:62:1e:9e:cd:39:9b:da:d9:79:f3:85:
40:8d:58:dc:8c:75:30:f6:03:b9:f9:30:0e:0b:e2:
0e:56:e7:a7:a1:bc:54:1d:51:67:8c:eb:a7:51:04:
c5:66:72:29:9e:78:fa:23:58:3d:2f:9a:2d:2b:99:
cf:84:12:a8:34:06:c5:0b:c9:bb:02:71:a3:39:22:
d0:ba:b8:eb:8f:46:b9:3e:50:fe:4b:dd:fa:36:ef:
00:ff:7c:42:1a:99:6d:32:a4:3a:b4:27:23:10:60:
cf:d7:94:73:6c:7a:4a:90:c9:89:30:76:86:01:66:
df:7d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B3:24:5E:39:43:F6:5B:B8:DE:CB:97:06:A3:BF:94:D7:CE:B2:D8:93
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/238dbfbb-0e18-45e0-ba91-6e88bb50802a.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
200.197.0.0/16
Signature Algorithm: sha256WithRSAEncryption
68:82:11:5c:e2:ac:df:d2:80:d8:c1:10:54:96:2b:72:11:83:
e5:3e:75:16:0b:05:d5:18:58:65:67:33:71:0f:fb:f4:f0:c0:
f7:8b:92:09:a1:ce:d8:b6:cc:d5:3c:ff:4d:05:b1:63:6a:67:
6c:42:78:fa:45:49:4c:ca:66:59:75:e3:96:46:20:33:81:4c:
24:67:d2:39:b4:3c:ee:0d:71:81:74:07:e9:0d:63:76:97:33:
86:a0:3d:54:bf:3d:37:e8:53:a2:cf:b1:75:bd:7a:2f:51:aa:
f7:a8:00:fb:58:ce:65:8d:53:67:28:ed:4f:78:df:de:9b:f9:
54:b0:a8:7b:5a:0a:bc:2b:bc:96:98:c8:fe:d6:3e:ef:cb:63:
8d:05:e0:90:8f:10:18:12:01:04:d0:9f:65:67:84:3f:6f:e2:
89:b7:50:bf:88:73:b1:3c:b7:6b:ed:43:17:84:4b:0b:d0:26:
04:07:12:f0:3f:dc:68:f9:11:bb:69:61:ba:8a:4d:b0:67:28:
07:9e:a0:ec:59:a6:d1:72:07:72:b2:18:91:f3:8d:3a:ff:4c:
f4:09:ff:6e:52:61:bd:b7:73:1f:b5:93:5a:7f:e9:53:cb:7b:
67:9c:46:40:cb:9a:10:c0:be:fa:9f:6f:88:30:d2:3e:38:5a:
cf:ea:2b:21
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUMwtDEEbZG5P7x4Vc+gQneBN1jcwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNjAyMjgwNjQwNDlaFw0yNjA1MjkyMzU5NTlaMHoxSTBHBgNV
BAUTQDU0ODI4YjU0NTBlMWZmM2ZlNDJlMmIxOWFlYjYwNTM1YTBkYzUzOTQzN2U3
ZGM3ZDcwMmUyMmUxNDQ3Mjc3ODAxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKkPo1VOQUhm6aVKUo1qk7Ki9orhS47I5y7ZjCzOv8Cwylyh421Y5KMVhy9C
XT8jO898T/k16LnzS+7d1dbXtGqzh2D4Ew6kfzN/vDhjsmGyiEyrPWSKXDGteMuF
KBLU6z8m4VHxgbEX3kSzaAAoOcl6XNmNusQk+mzPYaRg8ctFPgpsDse15u0WmWIe
ns05m9rZefOFQI1Y3Ix1MPYDufkwDgviDlbnp6G8VB1RZ4zrp1EExWZyKZ54+iNY
PS+aLSuZz4QSqDQGxQvJuwJxozki0Lq4649GuT5Q/kvd+jbvAP98QhqZbTKkOrQn
IxBgz9eUc2x6SpDJiTB2hgFm330CAwEAAaOCAiAwggIcMB0GA1UdDgQWBBSzJF45
Q/ZbuN7Llwajv5TXzrLYkzAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
MjM4ZGJmYmItMGUxOC00NWUwLWJhOTEtNmU4OGJiNTA4MDJhLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDAMjFMA0G
CSqGSIb3DQEBCwUAA4IBAQBoghFc4qzf0oDYwRBUlityEYPlPnUWCwXVGFhlZzNx
D/v08MD3i5IJoc7YtszVPP9NBbFjamdsQnj6RUlMymZZdeOWRiAzgUwkZ9I5tDzu
DXGBdAfpDWN2lzOGoD1Uvz036FOiz7F1vXovUar3qAD7WM5ljVNnKO1PeN/em/lU
sKh7Wgq8K7yWmMj+1j7vy2ONBeCQjxAYEgEE0J9lZ4Q/b+KJt1C/iHOxPLdr7UMX
hEsL0CYEBxLwP9xo+RG7aWG6ik2wZygHnqDsWabRcgdyshiR8406/0z0Cf9uUmG9
t3MftZNaf+lTy3tnnEZAy5oQwL76n2+IMNI+OFrP6ish
-----END CERTIFICATE-----
Generated at Sun Mar 1 21:49:53 2026 by rpki-client