Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/3558ad32-215e-47a4-9f5b-477ec71e940f.roa
File: 3558ad32-215e-47a4-9f5b-477ec71e940f.roa (raw, json)
Hash identifier: E6isInnhgA7EEVdryAKBFQ2PLoBB1xiuHyd1FB+nKdU=
Subject key identifier: 05:A8:E1:7E:E5:B5:CD:23:71:65:04:2A:0D:4E:56:72:99:22:45:C2
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 172D64875B49BB15F78EDDC85D0C5837188A246D
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/3558ad32-215e-47a4-9f5b-477ec71e940f.roa
Signing time: Sat 28 Feb 2026 06:40:19 +0000
ROA not before: Sat 28 Feb 2026 06:40:19 +0000
ROA not after: Fri 29 May 2026 23:59:59 +0000
asID: 16509
IP address blocks: 2a01:578:3::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 15:00:27 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
17:2d:64:87:5b:49:bb:15:f7:8e:dd:c8:5d:0c:58:37:18:8a:24:6d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Feb 28 06:40:19 2026 GMT
Not After : May 29 23:59:59 2026 GMT
Subject: serialNumber=03cfbe2944d45e2088cb4011f45034bd52139c68513ce4768cf72700c8cc1398, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a2:0d:01:c3:16:92:ca:ea:9c:0d:96:1d:d9:8c:
71:ee:1a:d0:f5:e9:30:cd:d3:78:2d:96:36:7d:cd:
57:06:82:4d:61:4b:f7:eb:6b:7a:22:b6:c6:7d:cb:
79:d0:bb:51:95:1c:0d:da:83:e7:65:97:33:cb:49:
5b:25:94:f4:93:5f:24:59:a7:3b:f5:cd:cb:bf:d1:
60:c0:a1:cc:18:82:85:08:f5:1c:39:71:01:21:78:
e0:60:cc:a7:31:83:53:13:4d:82:55:57:34:bc:d5:
05:0c:4b:0d:55:c0:3e:f4:cb:80:bc:21:59:fa:64:
e2:c1:16:fe:e6:f8:75:7d:82:a5:3c:7b:ff:4c:41:
a2:0b:bd:73:3a:a4:ff:5c:c8:fc:ff:55:19:2b:13:
41:78:ed:42:ff:3b:a6:9b:70:45:a6:38:4a:d5:57:
91:bc:c7:d1:c3:e8:75:15:92:73:53:55:c9:cf:9e:
f7:39:a4:b9:05:af:9c:93:da:8a:f2:4b:38:03:6e:
a5:e2:e2:c7:24:da:e1:9e:c2:1f:e6:19:95:43:83:
ba:1a:c6:4c:8f:fc:0e:66:82:5e:fd:29:fa:b6:44:
54:ef:1a:0b:2a:91:60:25:cd:09:dd:cf:76:f5:10:
b8:17:2e:ca:79:e1:83:2f:2c:39:04:bc:cd:3a:ec:
73:a5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
05:A8:E1:7E:E5:B5:CD:23:71:65:04:2A:0D:4E:56:72:99:22:45:C2
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/3558ad32-215e-47a4-9f5b-477ec71e940f.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a01:578:3::/48
Signature Algorithm: sha256WithRSAEncryption
d5:03:17:99:79:89:af:ea:13:4d:5e:09:df:e2:4a:3e:6b:0d:
12:2c:fd:db:08:fc:d4:c2:e1:c1:88:7e:f9:11:31:58:d9:51:
75:d4:0a:77:ef:0e:13:80:2a:d9:0c:9c:01:7a:de:b8:ed:f4:
1b:94:38:a0:c6:5b:95:76:18:64:dd:e6:fa:3a:d2:a7:20:4a:
b4:97:1c:14:60:ae:63:64:20:d1:41:36:33:68:ec:9a:90:22:
ff:f5:25:6e:12:4d:49:7a:d5:79:16:a6:ba:3d:d1:0c:50:35:
02:63:9f:c8:c0:b9:b5:de:4e:f2:51:cb:60:a2:77:e5:b2:b0:
49:fa:47:86:7f:8a:9c:a3:be:9f:92:3b:c9:02:35:2f:0a:62:
74:42:5f:2e:05:d2:48:9f:93:14:2e:2f:59:0d:1e:f7:2b:52:
2f:ae:05:8b:f6:7b:67:75:4b:02:cf:3b:5e:9b:0c:7b:40:0f:
36:56:46:6f:83:be:ec:69:5f:fc:64:e0:c6:72:df:5b:d8:d3:
55:66:c5:07:b1:71:62:17:52:06:84:10:19:89:70:4f:0a:2a:
a2:7a:f6:25:bf:73:27:21:db:18:60:74:56:aa:91:2c:bb:70:
f3:93:fe:8a:d1:33:52:b9:0d:2e:c1:3a:70:0c:71:5c:39:3c:
7a:22:4f:71
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUFy1kh1tJuxX3jt3IXQxYNxiKJG0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNjAyMjgwNjQwMTlaFw0yNjA1MjkyMzU5NTlaMHoxSTBHBgNV
BAUTQDAzY2ZiZTI5NDRkNDVlMjA4OGNiNDAxMWY0NTAzNGJkNTIxMzljNjg1MTNj
ZTQ3NjhjZjcyNzAwYzhjYzEzOTgxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKINAcMWksrqnA2WHdmMce4a0PXpMM3TeC2WNn3NVwaCTWFL9+treiK2xn3L
edC7UZUcDdqD52WXM8tJWyWU9JNfJFmnO/XNy7/RYMChzBiChQj1HDlxASF44GDM
pzGDUxNNglVXNLzVBQxLDVXAPvTLgLwhWfpk4sEW/ub4dX2CpTx7/0xBogu9czqk
/1zI/P9VGSsTQXjtQv87pptwRaY4StVXkbzH0cPodRWSc1NVyc+e9zmkuQWvnJPa
ivJLOANupeLixyTa4Z7CH+YZlUODuhrGTI/8DmaCXv0p+rZEVO8aCyqRYCXNCd3P
dvUQuBcuynnhgy8sOQS8zTrsc6UCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBQFqOF+
5bXNI3FlBCoNTlZymSJFwjAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
MzU1OGFkMzItMjE1ZS00N2E0LTlmNWItNDc3ZWM3MWU5NDBmLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoBBXgA
AzANBgkqhkiG9w0BAQsFAAOCAQEA1QMXmXmJr+oTTV4J3+JKPmsNEiz92wj81MLh
wYh++RExWNlRddQKd+8OE4Aq2QycAXreuO30G5Q4oMZblXYYZN3m+jrSpyBKtJcc
FGCuY2Qg0UE2M2jsmpAi//UlbhJNSXrVeRamuj3RDFA1AmOfyMC5td5O8lHLYKJ3
5bKwSfpHhn+KnKO+n5I7yQI1LwpidEJfLgXSSJ+TFC4vWQ0e9ytSL64Fi/Z7Z3VL
As87XpsMe0APNlZGb4O+7Glf/GTgxnLfW9jTVWbFB7FxYhdSBoQQGYlwTwoqonr2
Jb9zJyHbGGB0VqqRLLtw85P+itEzUrkNLsE6cAxxXDk8eiJPcQ==
-----END CERTIFICATE-----
Generated at Sun Mar 1 21:51:51 2026 by rpki-client