Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/2db57b82-f8e4-4b85-a46a-befecb4774c0.roa
File: 2db57b82-f8e4-4b85-a46a-befecb4774c0.roa (raw, json)
Hash identifier: fkbChim+FfUxHapORdybXsZKRDOW4i23ONGdLqQYOlA=
Subject key identifier: F4:D2:E7:4A:62:BA:20:48:4C:33:9C:59:93:4F:4F:A5:F9:74:05:78
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 736D116E50826E0A8E751854F4E2C533680C32E4
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/2db57b82-f8e4-4b85-a46a-befecb4774c0.roa
Signing time: Tue 19 May 2026 06:00:48 +0000
ROA not before: Tue 19 May 2026 06:00:48 +0000
ROA not after: Mon 17 Aug 2026 23:59:59 +0000
asID: 16509
IP address blocks: 51.32.0.0/16 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 14 Jun 2026 08:43:11 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
73:6d:11:6e:50:82:6e:0a:8e:75:18:54:f4:e2:c5:33:68:0c:32:e4
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: May 19 06:00:48 2026 GMT
Not After : Aug 17 23:59:59 2026 GMT
Subject: serialNumber=85da7aae2ebf761616436414e2cd9e6706b04f4728e0040492ca6347ad829f59, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a5:17:1b:45:5a:1a:e1:95:66:31:cf:6e:7a:16:
4d:10:4e:b5:54:7a:6d:ef:01:bc:95:9a:15:46:0a:
73:c8:7b:81:41:56:a5:33:f8:97:08:14:ba:f5:46:
3c:c4:54:f2:aa:13:db:7e:4f:4c:dd:fc:8a:91:8f:
ab:0c:21:01:fd:4e:79:23:62:b4:e3:da:a6:b5:cd:
aa:70:1e:da:e7:f0:6e:99:c1:a6:6e:7e:d8:be:e5:
04:e5:0c:bf:e5:87:27:88:90:df:7d:7b:ce:20:00:
13:ca:92:1d:6f:79:6d:38:64:8d:03:80:c3:31:50:
9c:1a:1b:ec:8e:17:de:1b:7a:7c:2e:87:74:98:40:
40:7d:bf:c9:ae:16:a7:73:48:92:55:9f:9f:50:7c:
3e:33:9a:92:29:4e:85:8e:a7:f4:5e:8b:90:e0:10:
15:c3:f1:e1:cd:11:ca:ef:64:89:76:79:6b:19:a1:
97:bb:ac:a6:18:15:99:bb:f3:96:eb:95:1c:f6:61:
57:4c:77:0a:50:90:e9:be:ac:ff:f1:ce:a3:10:78:
13:4d:0a:82:99:38:35:3f:dd:71:2f:88:e6:50:c0:
bc:68:68:0e:ae:36:8b:77:a3:fd:57:cb:da:4b:f6:
c4:b3:9e:84:39:e5:78:cb:e7:f6:4b:63:ba:d1:fc:
7e:9b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F4:D2:E7:4A:62:BA:20:48:4C:33:9C:59:93:4F:4F:A5:F9:74:05:78
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/2db57b82-f8e4-4b85-a46a-befecb4774c0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
51.32.0.0/16
Signature Algorithm: sha256WithRSAEncryption
95:d3:60:99:e2:ad:0a:d4:2b:a2:59:d0:a9:a3:93:9b:3a:e9:
e3:8f:59:e4:6b:72:22:b6:2f:c5:43:1f:3e:90:dd:89:3d:03:
62:6f:35:69:92:d5:b3:d6:6b:3d:79:14:06:6a:0d:b2:1a:2a:
c9:0b:26:29:ef:c3:fc:39:25:2a:25:a6:3c:dd:f8:09:fe:fc:
a9:78:b9:a9:dc:60:22:34:9a:b7:20:39:a9:b2:c4:bf:d2:d5:
81:78:e3:c7:b5:46:a6:35:18:20:e1:99:8c:cd:a6:6c:62:0e:
61:92:c5:62:af:77:d0:39:fe:0d:01:10:57:5b:d6:e6:3d:f5:
2c:a2:c7:02:f1:43:30:fc:25:6d:d2:5d:ff:4c:92:89:ac:93:
e1:23:15:78:21:51:00:3b:61:84:1b:57:43:08:cd:c8:3d:b5:
81:af:c6:70:29:8f:6b:fd:fa:2d:c8:1b:ae:80:e6:5a:63:91:
ac:01:08:ae:cd:99:5d:53:1c:72:d3:7d:2e:16:37:e6:74:48:
e3:05:6a:44:89:64:fe:dc:a7:fb:ca:66:a6:db:88:b8:71:ea:
eb:de:35:7a:41:f4:d2:a1:06:e5:1e:92:ac:e6:22:bd:85:78:
62:1f:5c:71:ab:b2:76:9c:b8:be:38:4b:9e:5c:45:8b:55:4d:
97:3e:34:f1
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUc20RblCCbgqOdRhU9OLFM2gMMuQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNjA1MTkwNjAwNDhaFw0yNjA4MTcyMzU5NTlaMHoxSTBHBgNV
BAUTQDg1ZGE3YWFlMmViZjc2MTYxNjQzNjQxNGUyY2Q5ZTY3MDZiMDRmNDcyOGUw
MDQwNDkyY2E2MzQ3YWQ4MjlmNTkxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKUXG0VaGuGVZjHPbnoWTRBOtVR6be8BvJWaFUYKc8h7gUFWpTP4lwgUuvVG
PMRU8qoT235PTN38ipGPqwwhAf1OeSNitOPaprXNqnAe2ufwbpnBpm5+2L7lBOUM
v+WHJ4iQ3317ziAAE8qSHW95bThkjQOAwzFQnBob7I4X3ht6fC6HdJhAQH2/ya4W
p3NIklWfn1B8PjOakilOhY6n9F6LkOAQFcPx4c0Ryu9kiXZ5axmhl7usphgVmbvz
luuVHPZhV0x3ClCQ6b6s//HOoxB4E00Kgpk4NT/dcS+I5lDAvGhoDq42i3ej/VfL
2kv2xLOehDnleMvn9ktjutH8fpsCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBT00udK
YrogSEwznFmTT0+l+XQFeDAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
MmRiNTdiODItZjhlNC00Yjg1LWE0NmEtYmVmZWNiNDc3NGMwLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDADMgMA0G
CSqGSIb3DQEBCwUAA4IBAQCV02CZ4q0K1CuiWdCpo5ObOunjj1nka3Iiti/FQx8+
kN2JPQNibzVpktWz1ms9eRQGag2yGirJCyYp78P8OSUqJaY83fgJ/vypeLmp3GAi
NJq3IDmpssS/0tWBeOPHtUamNRgg4ZmMzaZsYg5hksVir3fQOf4NARBXW9bmPfUs
oscC8UMw/CVt0l3/TJKJrJPhIxV4IVEAO2GEG1dDCM3IPbWBr8ZwKY9r/fotyBuu
gOZaY5GsAQiuzZldUxxy030uFjfmdEjjBWpEiWT+3Kf7ymam24i4cerr3jV6QfTS
oQblHpKs5iK9hXhiH1xxq7J2nLi+OEueXEWLVU2XPjTx
-----END CERTIFICATE-----
Generated at Sat Jun 13 11:35:43 2026 by rpki-client