Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/383c1f6d-4e0e-4e33-a2ce-f49386dcc1f1.roa
File: 383c1f6d-4e0e-4e33-a2ce-f49386dcc1f1.roa (raw, json)
Hash identifier: JODMa9v7vBwPGKPTG3585YADim2LYCpIdOHxxghf2Kc=
Subject key identifier: 34:56:3F:53:D4:3A:13:47:5C:E6:F2:71:C2:D9:04:1A:D0:E1:05:80
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 093D3D9A35A4427825134FC63FC1282D61AF06F1
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/383c1f6d-4e0e-4e33-a2ce-f49386dcc1f1.roa
Signing time: Sat 28 Feb 2026 06:40:08 +0000
ROA not before: Sat 28 Feb 2026 06:40:08 +0000
ROA not after: Fri 29 May 2026 23:59:59 +0000
asID: 16509
IP address blocks: 200.224.0.0/16 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 15:00:27 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
09:3d:3d:9a:35:a4:42:78:25:13:4f:c6:3f:c1:28:2d:61:af:06:f1
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Feb 28 06:40:08 2026 GMT
Not After : May 29 23:59:59 2026 GMT
Subject: serialNumber=584686de6a0a2f6465e1856fb578a803543fda234df1a736e7b772142d6c06f9, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b9:d8:6b:95:fb:a8:58:b9:a1:12:03:db:e4:fc:
6e:cd:33:8e:7a:8c:d6:df:67:75:52:98:53:7c:e8:
bf:24:ca:dc:f1:7d:d3:5c:c5:42:2c:f6:d2:bc:56:
01:9b:9d:a2:06:f6:b9:70:03:18:25:a9:50:24:d9:
25:f8:56:d6:c7:6f:5d:97:3d:e3:0b:a2:d4:96:43:
c3:97:8f:f7:b0:5b:21:94:26:55:35:da:80:de:0e:
55:6b:d1:50:f9:9e:3b:69:e3:27:31:3b:b7:8a:14:
b7:ea:ad:99:b0:d8:ec:79:c8:1d:e9:11:12:39:28:
38:82:5d:f9:25:44:92:29:73:5e:d4:f8:bb:b6:da:
ad:58:1e:20:fc:6b:04:37:16:cd:4a:c6:9d:1d:bc:
91:3b:ed:43:e1:ce:a7:da:dd:28:d2:d4:ae:05:1a:
c6:a4:7c:d6:68:60:6b:5f:60:f9:fb:04:52:58:20:
08:5b:b4:9f:10:a2:ab:c0:7b:81:a3:53:d6:be:d3:
75:41:ee:c3:70:8e:92:6b:d1:ff:c4:01:0c:6e:95:
bf:f5:d3:7d:d9:72:df:10:f0:4f:5f:f6:c7:45:e1:
c4:ec:24:a1:38:75:27:cf:80:e8:ba:35:db:de:e9:
87:a9:ba:2b:b8:29:18:f5:73:5e:ce:4d:67:1c:52:
70:1f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
34:56:3F:53:D4:3A:13:47:5C:E6:F2:71:C2:D9:04:1A:D0:E1:05:80
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/383c1f6d-4e0e-4e33-a2ce-f49386dcc1f1.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
200.224.0.0/16
Signature Algorithm: sha256WithRSAEncryption
21:55:7e:6d:9e:05:e7:ae:be:6c:3f:91:bf:c5:93:00:59:4d:
0e:de:74:fb:92:05:05:0d:db:f0:31:e9:00:ce:16:c4:3f:86:
76:a4:9d:7d:38:34:a3:fe:d9:e1:28:0f:7f:50:94:3d:b8:0a:
eb:e4:39:ce:bd:d8:f2:ca:6b:b7:a6:07:b2:0a:dc:4b:f5:c2:
95:53:40:af:cd:5c:cc:86:63:fb:4d:c4:25:65:01:9e:4f:ce:
86:ce:6f:d6:f1:8e:66:a8:b1:f7:7f:3e:3d:41:cd:89:11:fe:
f8:97:ab:e4:ff:e1:fc:56:2d:f5:ff:5f:8c:d6:43:6c:bb:85:
99:60:02:c1:7d:b4:e1:7e:9b:dc:d6:b4:7d:6d:8d:f1:dc:38:
f8:1a:67:c3:d6:84:d8:79:79:33:0b:be:74:cd:30:93:aa:8a:
b5:35:7f:ff:32:68:45:aa:9b:b4:a5:bc:05:78:b6:8b:4f:8e:
1a:ba:29:7b:92:be:b4:ff:f5:88:6a:1b:44:35:75:2a:d7:95:
15:fa:a1:35:79:de:ce:f0:df:41:a2:01:2d:16:4d:d3:12:c4:
cf:44:b2:36:c4:a3:03:f0:75:e0:e2:31:f1:50:85:6f:83:8c:
86:cc:f8:98:f4:84:fd:35:99:46:9d:9f:ec:61:92:50:35:bc:
da:07:41:9e
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUCT09mjWkQnglE0/GP8EoLWGvBvEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNjAyMjgwNjQwMDhaFw0yNjA1MjkyMzU5NTlaMHoxSTBHBgNV
BAUTQDU4NDY4NmRlNmEwYTJmNjQ2NWUxODU2ZmI1NzhhODAzNTQzZmRhMjM0ZGYx
YTczNmU3Yjc3MjE0MmQ2YzA2ZjkxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALnYa5X7qFi5oRID2+T8bs0zjnqM1t9ndVKYU3zovyTK3PF901zFQiz20rxW
AZudogb2uXADGCWpUCTZJfhW1sdvXZc94wui1JZDw5eP97BbIZQmVTXagN4OVWvR
UPmeO2njJzE7t4oUt+qtmbDY7HnIHekREjkoOIJd+SVEkilzXtT4u7barVgeIPxr
BDcWzUrGnR28kTvtQ+HOp9rdKNLUrgUaxqR81mhga19g+fsEUlggCFu0nxCiq8B7
gaNT1r7TdUHuw3COkmvR/8QBDG6Vv/XTfdly3xDwT1/2x0XhxOwkoTh1J8+A6Lo1
297ph6m6K7gpGPVzXs5NZxxScB8CAwEAAaOCAiAwggIcMB0GA1UdDgQWBBQ0Vj9T
1DoTR1zm8nHC2QQa0OEFgDAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
MzgzYzFmNmQtNGUwZS00ZTMzLWEyY2UtZjQ5Mzg2ZGNjMWYxLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDAMjgMA0G
CSqGSIb3DQEBCwUAA4IBAQAhVX5tngXnrr5sP5G/xZMAWU0O3nT7kgUFDdvwMekA
zhbEP4Z2pJ19ODSj/tnhKA9/UJQ9uArr5DnOvdjyymu3pgeyCtxL9cKVU0CvzVzM
hmP7TcQlZQGeT86Gzm/W8Y5mqLH3fz49Qc2JEf74l6vk/+H8Vi31/1+M1kNsu4WZ
YALBfbThfpvc1rR9bY3x3Dj4GmfD1oTYeXkzC750zTCTqoq1NX//MmhFqpu0pbwF
eLaLT44auil7kr60//WIahtENXUq15UV+qE1ed7O8N9BogEtFk3TEsTPRLI2xKMD
8HXg4jHxUIVvg4yGzPiY9IT9NZlGnZ/sYZJQNbzaB0Ge
-----END CERTIFICATE-----
Generated at Sun Mar 1 21:45:41 2026 by rpki-client