Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/2ce9a789-9599-4c9d-a093-ead3033f60d1.roa
File: 2ce9a789-9599-4c9d-a093-ead3033f60d1.roa (raw, json)
Hash identifier: Z6aU8whl2j2FtVG0NKckS/htwguqXHzvufOjifzsyx0=
Subject key identifier: 66:1B:7C:90:30:D8:39:A2:DB:C5:6B:4A:67:91:89:69:D0:9E:7F:56
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 59DCBB44CCD4FE343D4342E57BB7C8C5F5FC45FB
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/2ce9a789-9599-4c9d-a093-ead3033f60d1.roa
Signing time: Sat 28 Feb 2026 06:30:44 +0000
ROA not before: Sat 28 Feb 2026 06:30:44 +0000
ROA not after: Fri 29 May 2026 23:59:59 +0000
asID: 16509
IP address blocks: 51.34.0.0/16 maxlen: 16
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 18:00:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
59:dc:bb:44:cc:d4:fe:34:3d:43:42:e5:7b:b7:c8:c5:f5:fc:45:fb
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Feb 28 06:30:44 2026 GMT
Not After : May 29 23:59:59 2026 GMT
Subject: serialNumber=a8ae43bd556639abb70f811a79d82ca87f328decf5f931c38a8c4db4717d18ac, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b2:e4:78:e8:63:9c:1d:2d:f2:b8:30:da:27:c3:
e8:e5:6e:ea:92:8f:12:b8:2c:24:2b:a8:cc:d5:5a:
15:04:c5:24:c2:9f:ae:77:58:c2:45:55:34:13:6b:
17:6a:1e:cf:e9:ec:7d:f9:28:f8:ba:17:ae:41:b4:
9e:22:57:ad:57:03:7f:3b:7f:d4:a5:10:0a:0f:16:
30:0a:fc:6f:6f:f3:09:d9:08:c5:c4:56:e6:ec:32:
3c:35:9b:d9:a4:b2:c8:aa:27:13:7a:df:ea:94:9f:
94:c2:df:fb:99:df:67:e2:9d:c1:f3:65:ab:f1:ea:
48:9e:9e:b6:76:ba:09:49:28:1c:b3:1f:8a:1e:05:
81:1f:d7:15:fe:25:f5:63:e7:61:20:71:66:8b:1a:
24:69:8a:31:ae:0f:82:2e:0c:9a:89:9a:ae:21:19:
4a:d1:8e:69:c4:ee:a9:36:82:be:fe:f9:18:61:e7:
28:94:be:25:3f:1b:16:d0:ba:4b:23:be:c4:bb:db:
60:96:be:c0:1d:e3:c8:5d:a3:34:c5:7b:3d:d3:dd:
0f:2e:14:2f:4b:dc:d1:e3:e8:ca:ce:b1:43:01:68:
5d:03:de:21:94:3b:d4:a2:22:ff:50:4c:4e:a5:21:
fe:cd:80:db:64:53:1f:8e:f2:81:5b:a7:2e:bb:e9:
31:cb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
66:1B:7C:90:30:D8:39:A2:DB:C5:6B:4A:67:91:89:69:D0:9E:7F:56
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/2ce9a789-9599-4c9d-a093-ead3033f60d1.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
51.34.0.0/16
Signature Algorithm: sha256WithRSAEncryption
d3:0d:00:44:4d:a2:fa:a9:12:92:34:e1:11:57:33:60:9b:79:
10:7a:0d:ba:8d:f4:98:1d:04:4c:27:f4:b4:d1:52:31:6d:6a:
70:b7:62:dc:64:36:01:02:d9:4e:bd:d7:8d:50:5d:ca:bc:97:
df:c6:e9:83:e1:8c:a5:86:68:df:25:15:77:35:a1:e7:c1:20:
45:ed:10:03:2f:30:33:b7:97:18:be:6a:f1:20:ad:0c:28:df:
d9:fc:8b:16:6c:1c:f5:ae:84:94:7f:6c:88:58:22:6d:2d:b8:
78:88:22:67:fa:0a:3b:20:57:c1:7f:b9:da:2a:19:12:9f:80:
23:79:b1:40:8b:40:74:d1:93:8d:50:6a:dd:45:12:51:c6:cd:
71:e1:60:5d:0a:8c:30:12:d0:9a:97:30:63:7b:2a:4d:9b:19:
49:d7:8a:23:24:79:45:e6:e1:06:89:ed:fa:70:84:0a:4e:b8:
57:43:12:80:1d:ae:71:ce:57:9c:42:6f:3e:6d:a6:23:87:7d:
bd:e2:31:ba:c8:e1:12:61:3c:b3:e5:93:9b:a3:b1:d3:9d:b3:
98:1e:99:a3:83:db:7f:10:c6:c0:ee:91:ca:bd:74:57:4b:da:
0f:7c:72:8f:8a:61:d2:59:3c:1a:0a:4d:d1:ca:d8:01:a6:ab:
59:97:36:e3
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUWdy7RMzU/jQ9Q0Lle7fIxfX8RfswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNjAyMjgwNjMwNDRaFw0yNjA1MjkyMzU5NTlaMHoxSTBHBgNV
BAUTQGE4YWU0M2JkNTU2NjM5YWJiNzBmODExYTc5ZDgyY2E4N2YzMjhkZWNmNWY5
MzFjMzhhOGM0ZGI0NzE3ZDE4YWMxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALLkeOhjnB0t8rgw2ifD6OVu6pKPErgsJCuozNVaFQTFJMKfrndYwkVVNBNr
F2oez+nsffko+LoXrkG0niJXrVcDfzt/1KUQCg8WMAr8b2/zCdkIxcRW5uwyPDWb
2aSyyKonE3rf6pSflMLf+5nfZ+KdwfNlq/HqSJ6etna6CUkoHLMfih4FgR/XFf4l
9WPnYSBxZosaJGmKMa4Pgi4MmomariEZStGOacTuqTaCvv75GGHnKJS+JT8bFtC6
SyO+xLvbYJa+wB3jyF2jNMV7PdPdDy4UL0vc0ePoys6xQwFoXQPeIZQ71KIi/1BM
TqUh/s2A22RTH47ygVunLrvpMcsCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBRmG3yQ
MNg5otvFa0pnkYlp0J5/VjAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
MmNlOWE3ODktOTU5OS00YzlkLWEwOTMtZWFkMzAzM2Y2MGQxLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDADMiMA0G
CSqGSIb3DQEBCwUAA4IBAQDTDQBETaL6qRKSNOERVzNgm3kQeg26jfSYHQRMJ/S0
0VIxbWpwt2LcZDYBAtlOvdeNUF3KvJffxumD4YylhmjfJRV3NaHnwSBF7RADLzAz
t5cYvmrxIK0MKN/Z/IsWbBz1roSUf2yIWCJtLbh4iCJn+go7IFfBf7naKhkSn4Aj
ebFAi0B00ZONUGrdRRJRxs1x4WBdCowwEtCalzBjeypNmxlJ14ojJHlF5uEGie36
cIQKTrhXQxKAHa5xzlecQm8+baYjh3294jG6yOESYTyz5ZObo7HTnbOYHpmjg9t/
EMbA7pHKvXRXS9oPfHKPimHSWTwaCk3RytgBpqtZlzbj
-----END CERTIFICATE-----
Generated at Mon Mar 2 03:18:01 2026 by rpki-client