Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/2740a5f5-ec55-42ac-b7df-f4c863c83981.roa
File: 2740a5f5-ec55-42ac-b7df-f4c863c83981.roa (raw, json)
Hash identifier: 9GU9VCtdQ5JFtsHaeIas36KqydK1f4UpWXqQDDB7m7s=
Subject key identifier: 0F:36:EE:89:13:F8:45:64:EA:8A:C8:7C:41:38:92:C5:01:AF:36:D4
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 2EEC46899B9ED8C2C51FAF6A902356AEE9B49B15
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/2740a5f5-ec55-42ac-b7df-f4c863c83981.roa
Signing time: Sat 28 Feb 2026 06:30:15 +0000
ROA not before: Sat 28 Feb 2026 06:30:15 +0000
ROA not after: Fri 29 May 2026 23:59:59 +0000
asID: 16509
IP address blocks: 51.125.0.0/16 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 15:00:27 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
2e:ec:46:89:9b:9e:d8:c2:c5:1f:af:6a:90:23:56:ae:e9:b4:9b:15
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Feb 28 06:30:15 2026 GMT
Not After : May 29 23:59:59 2026 GMT
Subject: serialNumber=5cc973233479b31e8d4fd0f37ce0843f1ddf641dc31ac1e41818adc9edd574b9, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c2:12:8c:6e:52:d9:3b:5d:68:6c:77:29:b9:4e:
2d:2f:95:64:72:ea:e4:7f:53:de:18:ae:76:5a:47:
9b:e0:bf:64:8d:b4:ae:72:c5:ad:a3:e1:64:bb:60:
26:fb:e5:d8:1b:5a:8a:22:8d:cb:7c:50:80:0b:8a:
1a:99:21:17:65:58:4b:e0:7c:85:47:99:95:1f:18:
92:79:48:cf:93:42:ff:f1:c2:8e:5a:2d:26:cc:00:
33:a7:1b:6f:b9:b0:da:2e:9c:df:5f:25:fc:64:a7:
6f:e8:2e:17:22:a3:a7:1e:99:10:8e:21:96:2d:32:
38:f1:2c:e9:03:58:44:ed:6b:5c:ed:7b:ef:7f:a3:
64:50:d5:2b:d8:d9:50:18:66:f5:72:af:db:c8:0e:
13:0b:31:58:a9:14:4e:30:6a:b1:94:7c:b9:06:c1:
38:c2:71:60:73:11:6b:18:d5:a1:e4:e6:e1:dc:9f:
20:04:12:3d:43:9a:54:d9:57:2f:82:2e:e5:52:2e:
9b:23:17:7a:50:14:28:37:ed:eb:e4:5c:16:55:ef:
e5:79:a1:76:69:77:6e:41:89:41:49:1d:a7:3c:31:
e6:74:a5:94:ff:ff:c9:45:af:42:0a:d0:88:87:cb:
cc:cd:8f:5d:c6:3c:b5:2c:42:4f:44:9d:f9:53:9a:
fd:89
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0F:36:EE:89:13:F8:45:64:EA:8A:C8:7C:41:38:92:C5:01:AF:36:D4
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/2740a5f5-ec55-42ac-b7df-f4c863c83981.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
51.125.0.0/16
Signature Algorithm: sha256WithRSAEncryption
0f:37:a1:d5:3c:51:35:fb:66:f6:ee:5a:52:33:90:5e:2e:54:
f0:45:1c:a2:43:f3:08:16:3e:3d:42:07:e4:94:c6:93:55:d9:
27:a7:ed:1b:d5:ba:32:de:05:8e:8c:ee:e5:c7:d2:20:8b:43:
c0:73:7a:cb:d8:3e:24:dd:5c:e0:17:af:5b:89:65:a8:28:ad:
21:34:97:c5:43:21:49:a6:8f:8c:cf:06:78:d7:66:b2:b3:43:
db:e5:19:02:0d:38:83:6c:2a:a5:c8:87:08:b9:59:0e:38:c6:
5c:66:ef:f9:5c:c9:dc:71:dd:f0:f9:eb:43:06:43:05:cd:ce:
fb:90:2a:72:8c:0c:68:37:6f:0a:63:7a:61:4b:41:ae:97:a7:
84:8d:6d:c0:a5:e8:be:fa:e9:cb:f2:bf:1b:d9:a7:eb:0e:f7:
bc:8a:d6:e4:58:b9:e6:3e:97:41:05:61:8f:e2:3a:d9:fa:d9:
9a:bc:fe:a7:21:13:f8:d6:20:c1:73:16:eb:41:5e:ae:aa:94:
45:5b:46:b5:14:4a:f8:fa:8b:b7:d6:29:6d:1d:6c:ab:a8:d4:
2a:4b:97:15:34:27:15:a3:46:92:34:70:69:85:f9:b0:48:68:
6d:aa:88:54:fb:d1:6e:b7:5d:0c:cb:da:15:c4:d2:df:d2:fb:
ec:83:df:f2
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIULuxGiZue2MLFH69qkCNWrum0mxUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNjAyMjgwNjMwMTVaFw0yNjA1MjkyMzU5NTlaMHoxSTBHBgNV
BAUTQDVjYzk3MzIzMzQ3OWIzMWU4ZDRmZDBmMzdjZTA4NDNmMWRkZjY0MWRjMzFh
YzFlNDE4MThhZGM5ZWRkNTc0YjkxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMISjG5S2TtdaGx3KblOLS+VZHLq5H9T3hiudlpHm+C/ZI20rnLFraPhZLtg
Jvvl2BtaiiKNy3xQgAuKGpkhF2VYS+B8hUeZlR8YknlIz5NC//HCjlotJswAM6cb
b7mw2i6c318l/GSnb+guFyKjpx6ZEI4hli0yOPEs6QNYRO1rXO1773+jZFDVK9jZ
UBhm9XKv28gOEwsxWKkUTjBqsZR8uQbBOMJxYHMRaxjVoeTm4dyfIAQSPUOaVNlX
L4Iu5VIumyMXelAUKDft6+RcFlXv5Xmhdml3bkGJQUkdpzwx5nSllP//yUWvQgrQ
iIfLzM2PXcY8tSxCT0Sd+VOa/YkCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBQPNu6J
E/hFZOqKyHxBOJLFAa821DAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
Mjc0MGE1ZjUtZWM1NS00MmFjLWI3ZGYtZjRjODYzYzgzOTgxLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDADN9MA0G
CSqGSIb3DQEBCwUAA4IBAQAPN6HVPFE1+2b27lpSM5BeLlTwRRyiQ/MIFj49Qgfk
lMaTVdknp+0b1boy3gWOjO7lx9Igi0PAc3rL2D4k3VzgF69biWWoKK0hNJfFQyFJ
po+MzwZ412ays0Pb5RkCDTiDbCqlyIcIuVkOOMZcZu/5XMnccd3w+etDBkMFzc77
kCpyjAxoN28KY3phS0Gul6eEjW3Apei++unL8r8b2afrDve8itbkWLnmPpdBBWGP
4jrZ+tmavP6nIRP41iDBcxbrQV6uqpRFW0a1FEr4+ou31iltHWyrqNQqS5cVNCcV
o0aSNHBphfmwSGhtqohU+9Fut10My9oVxNLf0vvsg9/y
-----END CERTIFICATE-----
Generated at Sun Mar 1 23:48:39 2026 by rpki-client