Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/24601d85-ac6e-46b6-a0d2-d35342ccc951.roa
File: 24601d85-ac6e-46b6-a0d2-d35342ccc951.roa (raw, json)
Hash identifier: JQoYTo8GK8pxm4LffUn8Fx+bsFBXLV+3QIhI09qrWL4=
Subject key identifier: A2:53:57:0E:53:7F:64:C2:1B:8F:ED:64:99:AF:DE:A1:B7:E3:4F:7E
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 6FCFDF4960165CA5FF3054462D3515467AECB192
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/24601d85-ac6e-46b6-a0d2-d35342ccc951.roa
Signing time: Fri 06 Feb 2026 00:40:26 +0000
ROA not before: Fri 06 Feb 2026 00:40:26 +0000
ROA not after: Thu 07 May 2026 23:59:59 +0000
asID: 16509
IP address blocks: 51.93.0.0/16 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 15:00:27 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
6f:cf:df:49:60:16:5c:a5:ff:30:54:46:2d:35:15:46:7a:ec:b1:92
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Feb 6 00:40:26 2026 GMT
Not After : May 7 23:59:59 2026 GMT
Subject: serialNumber=b4db564414d95b67e0b691a3024be8f8ce67b7741f799c47b729e852619bd6ab, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d8:f3:c0:d5:16:aa:33:0c:9d:83:cb:32:56:4a:
15:5d:e8:7c:e0:52:d0:24:dc:c2:de:f7:41:fb:2e:
e8:bf:75:9f:48:1b:25:c2:45:c4:04:33:3c:df:4a:
b2:d2:ec:a0:54:ad:d6:e2:bf:e5:6e:cf:fa:6b:20:
c1:4d:99:fa:69:72:75:de:ae:04:d2:14:f2:07:6e:
53:e1:4d:fd:6f:9e:91:69:12:63:a8:08:9a:6f:5e:
4e:20:95:c6:85:e8:66:37:1b:22:05:c8:fe:2d:f9:
04:c2:b2:99:1c:ac:12:64:05:fc:54:50:83:a7:f3:
21:98:a1:4d:24:63:e0:b8:b9:f8:94:dc:f0:8a:79:
4d:88:83:a1:47:c0:25:7e:5d:47:fc:a1:1e:30:dd:
4d:e3:eb:d2:50:5f:07:dd:4a:a4:56:ef:41:c6:2e:
b4:80:cb:8a:7c:a5:2f:2d:56:67:7b:d0:dc:19:22:
b5:de:36:43:2c:d7:bd:b2:f2:8a:60:bb:61:c9:a1:
8b:df:ac:65:ee:ac:e1:82:e7:07:41:c3:27:43:3f:
cb:fa:79:d3:01:c0:a9:a2:68:d8:10:cf:6f:fc:8d:
41:09:f5:f4:9b:c4:e0:43:01:f7:8f:1b:58:6b:04:
4e:d1:3a:df:82:39:da:7f:4d:df:72:54:08:4c:12:
8f:4f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A2:53:57:0E:53:7F:64:C2:1B:8F:ED:64:99:AF:DE:A1:B7:E3:4F:7E
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/24601d85-ac6e-46b6-a0d2-d35342ccc951.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
51.93.0.0/16
Signature Algorithm: sha256WithRSAEncryption
64:3f:d3:2f:b0:26:37:11:2f:78:4a:3c:cd:04:9e:d2:dd:3b:
6f:89:11:f2:92:a7:02:4c:ef:f4:20:27:e6:98:ea:9d:06:ee:
16:38:70:57:5d:2c:eb:c5:c6:db:6c:6a:e0:21:4a:67:af:3f:
c9:0b:fa:36:17:ad:67:d2:98:0c:01:1e:23:db:8f:6b:14:f8:
8c:f4:e4:28:63:43:73:5a:9e:c8:d7:79:59:f3:2e:75:ec:a1:
c1:73:71:08:43:b0:b9:0f:02:97:a1:89:c1:17:00:64:d9:a1:
3a:be:91:66:08:a1:29:5f:a0:db:d0:99:ce:6b:99:2c:61:86:
cb:a5:a5:58:2e:e1:52:2c:a4:11:5b:b0:7a:1e:bd:18:01:64:
35:b3:19:c6:e4:0c:67:3c:5e:6d:82:79:e4:7f:f4:ce:c9:e7:
50:07:52:8b:8d:6c:42:8d:cd:d7:be:c1:2c:f4:ff:0b:42:16:
e9:5f:53:1d:c8:26:71:e8:85:91:bd:cf:79:3d:1e:ec:77:b9:
e4:95:31:67:2a:ca:6e:04:68:f4:b6:de:e8:09:e6:b4:9e:e5:
24:06:7e:86:d9:f1:61:0b:40:08:1b:d1:86:26:a7:0a:d5:c6:
68:1d:3c:a7:19:8f:c5:d5:a3:04:a1:ac:b0:a4:00:cc:66:d5:
10:d1:3f:9d
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUb8/fSWAWXKX/MFRGLTUVRnrssZIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNjAyMDYwMDQwMjZaFw0yNjA1MDcyMzU5NTlaMHoxSTBHBgNV
BAUTQGI0ZGI1NjQ0MTRkOTViNjdlMGI2OTFhMzAyNGJlOGY4Y2U2N2I3NzQxZjc5
OWM0N2I3MjllODUyNjE5YmQ2YWIxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANjzwNUWqjMMnYPLMlZKFV3ofOBS0CTcwt73Qfsu6L91n0gbJcJFxAQzPN9K
stLsoFSt1uK/5W7P+msgwU2Z+mlydd6uBNIU8gduU+FN/W+ekWkSY6gImm9eTiCV
xoXoZjcbIgXI/i35BMKymRysEmQF/FRQg6fzIZihTSRj4Li5+JTc8Ip5TYiDoUfA
JX5dR/yhHjDdTePr0lBfB91KpFbvQcYutIDLinylLy1WZ3vQ3Bkitd42QyzXvbLy
imC7Ycmhi9+sZe6s4YLnB0HDJ0M/y/p50wHAqaJo2BDPb/yNQQn19JvE4EMB948b
WGsETtE634I52n9N33JUCEwSj08CAwEAAaOCAiAwggIcMB0GA1UdDgQWBBSiU1cO
U39kwhuP7WSZr96ht+NPfjAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
MjQ2MDFkODUtYWM2ZS00NmI2LWEwZDItZDM1MzQyY2NjOTUxLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDADNdMA0G
CSqGSIb3DQEBCwUAA4IBAQBkP9MvsCY3ES94SjzNBJ7S3TtviRHykqcCTO/0ICfm
mOqdBu4WOHBXXSzrxcbbbGrgIUpnrz/JC/o2F61n0pgMAR4j249rFPiM9OQoY0Nz
Wp7I13lZ8y517KHBc3EIQ7C5DwKXoYnBFwBk2aE6vpFmCKEpX6Db0JnOa5ksYYbL
paVYLuFSLKQRW7B6Hr0YAWQ1sxnG5AxnPF5tgnnkf/TOyedQB1KLjWxCjc3XvsEs
9P8LQhbpX1MdyCZx6IWRvc95PR7sd7nklTFnKspuBGj0tt7oCea0nuUkBn6G2fFh
C0AIG9GGJqcK1cZoHTynGY/F1aMEoaywpADMZtUQ0T+d
-----END CERTIFICATE-----
Generated at Mon Mar 2 01:26:46 2026 by rpki-client