Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/397b5a86-52b0-4a8c-87de-e6da77812b46.roa
File: 397b5a86-52b0-4a8c-87de-e6da77812b46.roa (raw, json)
Hash identifier: zAUEfzVCzXI2+LBZqAkbmDSDnKRY4vUNRE2C0dvQM20=
Subject key identifier: 8A:48:3B:F0:66:7F:1C:70:61:C9:02:B7:9D:42:CC:20:B7:B3:46:5E
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 40B419FA01F234AD3529689D8E4B2F58DEDC4300
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/397b5a86-52b0-4a8c-87de-e6da77812b46.roa
Signing time: Sat 28 Feb 2026 06:40:03 +0000
ROA not before: Sat 28 Feb 2026 06:40:03 +0000
ROA not after: Fri 29 May 2026 23:59:59 +0000
asID: 16509
IP address blocks: 51.248.0.0/15 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 03 Mar 2026 00:00:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
40:b4:19:fa:01:f2:34:ad:35:29:68:9d:8e:4b:2f:58:de:dc:43:00
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Feb 28 06:40:03 2026 GMT
Not After : May 29 23:59:59 2026 GMT
Subject: serialNumber=730e4bc52f0a624ebc08d70fc909e9a7c62cb2fb167f0aff5519e66225b926f7, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b6:45:3c:be:ee:5a:ea:75:e6:f4:27:45:71:59:
f3:3e:d1:79:e7:22:0b:3e:39:bb:8c:c6:7f:38:a1:
cf:c7:5c:c4:d8:b7:36:d8:96:98:98:b9:29:b5:c9:
23:ab:b7:36:cd:df:b5:88:0b:51:6e:a2:7e:74:78:
df:da:14:72:42:69:c2:3f:a0:9a:66:30:0a:00:69:
e0:7a:a6:23:9c:69:d6:cb:3a:d9:bd:0d:53:ab:aa:
46:5a:98:90:da:d1:32:13:4a:01:d4:0e:71:84:ca:
21:c8:4d:7a:51:71:fa:d7:7b:8e:52:51:1d:9c:d7:
8b:d8:a7:bc:17:14:70:9b:75:60:b8:96:12:3a:11:
40:69:cb:dc:36:3c:bb:6b:3e:db:29:8c:a1:52:04:
d8:6e:80:ad:1d:da:f4:9d:fa:a0:16:4b:d7:4b:0b:
e8:c3:56:49:6b:52:07:c8:29:36:e2:af:1c:45:b5:
dd:13:ff:f2:a4:4c:b7:e9:34:a6:7f:c7:7b:4c:a2:
5a:63:9e:c1:ba:c7:10:aa:0e:be:3d:d8:de:f8:2d:
73:be:f2:49:0b:ec:3c:9d:53:cc:58:38:b4:b4:70:
9d:f4:c3:b3:21:d6:b6:73:61:c2:88:9e:b3:ef:80:
81:b8:74:62:df:f6:f4:03:87:39:fe:4a:8a:e9:c8:
7c:3b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8A:48:3B:F0:66:7F:1C:70:61:C9:02:B7:9D:42:CC:20:B7:B3:46:5E
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/397b5a86-52b0-4a8c-87de-e6da77812b46.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
51.248.0.0/15
Signature Algorithm: sha256WithRSAEncryption
05:59:2d:ef:e9:e6:52:fc:df:62:82:11:a1:c1:bd:6c:07:8d:
51:7e:f8:fb:49:a6:69:fb:b9:d6:93:43:18:1d:8b:5e:f7:14:
ed:13:15:26:d2:2f:33:94:e1:36:42:82:a4:a8:1f:b1:05:fc:
3a:7a:3c:13:db:4e:13:6d:a8:4e:fa:16:a8:dd:95:a4:5e:f6:
8a:cf:62:b5:48:6f:01:6a:0b:bb:d9:8f:bf:bc:f1:cb:ba:95:
f1:b5:6e:57:20:cb:a3:a2:3e:3d:6f:ba:e2:7b:b9:4c:be:51:
15:b0:15:f5:c4:41:eb:69:43:00:02:44:9d:e2:ae:dd:6f:3c:
8f:5d:02:54:f3:94:7c:9e:30:92:0e:e8:00:11:d6:bf:e7:f7:
59:31:58:30:56:93:af:1d:a1:20:fc:70:d0:aa:3f:28:f0:55:
67:70:b4:db:30:36:89:51:6b:57:98:e6:21:16:1b:26:d6:df:
23:b1:99:aa:b5:f2:38:1d:e3:d2:23:90:a2:02:63:4d:08:af:
66:fe:fa:d7:69:9b:8f:4f:82:b2:cb:41:d3:c2:cf:94:b5:ac:
3a:22:e1:09:90:be:d0:fa:64:1b:54:9d:a2:f7:54:04:9e:19:
63:fa:2a:01:ad:a2:3e:16:01:7b:4f:d1:93:63:55:ee:95:a1:
03:cf:04:64
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUQLQZ+gHyNK01KWidjksvWN7cQwAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNjAyMjgwNjQwMDNaFw0yNjA1MjkyMzU5NTlaMHoxSTBHBgNV
BAUTQDczMGU0YmM1MmYwYTYyNGViYzA4ZDcwZmM5MDllOWE3YzYyY2IyZmIxNjdm
MGFmZjU1MTllNjYyMjViOTI2ZjcxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALZFPL7uWup15vQnRXFZ8z7ReeciCz45u4zGfzihz8dcxNi3NtiWmJi5KbXJ
I6u3Ns3ftYgLUW6ifnR439oUckJpwj+gmmYwCgBp4HqmI5xp1ss62b0NU6uqRlqY
kNrRMhNKAdQOcYTKIchNelFx+td7jlJRHZzXi9invBcUcJt1YLiWEjoRQGnL3DY8
u2s+2ymMoVIE2G6ArR3a9J36oBZL10sL6MNWSWtSB8gpNuKvHEW13RP/8qRMt+k0
pn/He0yiWmOewbrHEKoOvj3Y3vgtc77ySQvsPJ1TzFg4tLRwnfTDsyHWtnNhwoie
s++Agbh0Yt/29AOHOf5KiunIfDsCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBSKSDvw
Zn8ccGHJAredQswgt7NGXjAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
Mzk3YjVhODYtNTJiMC00YThjLTg3ZGUtZTZkYTc3ODEyYjQ2LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDATP4MA0G
CSqGSIb3DQEBCwUAA4IBAQAFWS3v6eZS/N9ighGhwb1sB41Rfvj7SaZp+7nWk0MY
HYte9xTtExUm0i8zlOE2QoKkqB+xBfw6ejwT204TbahO+hao3ZWkXvaKz2K1SG8B
agu72Y+/vPHLupXxtW5XIMujoj49b7rie7lMvlEVsBX1xEHraUMAAkSd4q7dbzyP
XQJU85R8njCSDugAEda/5/dZMVgwVpOvHaEg/HDQqj8o8FVncLTbMDaJUWtXmOYh
Fhsm1t8jsZmqtfI4HePSI5CiAmNNCK9m/vrXaZuPT4Kyy0HTws+Utaw6IuEJkL7Q
+mQbVJ2i91QEnhlj+ioBraI+FgF7T9GTY1XulaEDzwRk
-----END CERTIFICATE-----
Generated at Mon Mar 2 10:11:14 2026 by rpki-client