Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/3b67bb62-9bcf-4daa-99b5-5374c3285177.roa
File: 3b67bb62-9bcf-4daa-99b5-5374c3285177.roa (raw, json)
Hash identifier: JHq6Ou12mV0BBbeXSkrwg4H0hpf3QskogtrTwiy9nNE=
Subject key identifier: 88:49:1C:9F:8F:C5:7D:5A:A3:9E:B4:3F:3A:1A:76:7A:6A:F3:84:11
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 2EA6977645BF647E93DE3CDF38A6F8BC7E2080C1
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/3b67bb62-9bcf-4daa-99b5-5374c3285177.roa
Signing time: Sat 28 Feb 2026 06:40:50 +0000
ROA not before: Sat 28 Feb 2026 06:40:50 +0000
ROA not after: Fri 29 May 2026 23:59:59 +0000
asID: 16509
IP address blocks: 51.48.0.0/15 maxlen: 15
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 15:00:27 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
2e:a6:97:76:45:bf:64:7e:93:de:3c:df:38:a6:f8:bc:7e:20:80:c1
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Feb 28 06:40:50 2026 GMT
Not After : May 29 23:59:59 2026 GMT
Subject: serialNumber=e2da9d67efe6abb91a990c7174922c57b452c6cbb929e81e9eb2adbb0b4edd7f, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ea:94:36:86:a4:b7:8b:93:f9:cc:09:45:95:c4:
dd:02:43:a6:80:d4:7d:38:79:c9:d8:b6:4a:53:a9:
44:e7:da:38:b9:e7:b3:a2:51:5d:80:4e:40:34:79:
61:be:c8:fa:ce:82:7b:26:4c:81:1e:ee:ab:83:13:
de:f1:69:e2:4c:7b:40:7b:51:cf:d3:f9:c2:0b:d2:
4e:08:8c:d4:81:06:d4:d1:ab:bc:10:50:24:44:c1:
bc:95:62:82:4c:92:04:22:4b:65:e4:f3:f3:1b:c2:
34:3c:9b:fb:68:a5:4d:8a:a0:85:de:e2:99:bd:41:
f4:03:b9:ff:3a:5b:bd:e2:2d:29:1e:73:f6:54:a6:
bc:e5:4c:06:72:31:ca:06:6a:ed:59:ee:4e:bd:fa:
70:60:ac:2b:67:c3:b8:94:ca:05:f0:40:48:53:57:
4e:14:7f:d2:81:b2:01:c8:67:aa:9d:41:2d:a9:b4:
d4:bf:74:43:69:70:7a:04:c4:e8:0d:e9:91:fd:e0:
78:c2:e3:bd:7e:ac:db:8d:ac:a8:06:e1:2d:a4:a1:
8b:24:9f:28:25:05:2e:97:0a:41:76:df:86:71:26:
19:d3:04:b5:3a:bd:81:9f:db:46:f8:6a:e1:d5:59:
6f:2b:a7:4f:b2:2d:68:fc:c2:2c:14:85:93:79:6d:
0a:ff
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
88:49:1C:9F:8F:C5:7D:5A:A3:9E:B4:3F:3A:1A:76:7A:6A:F3:84:11
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/3b67bb62-9bcf-4daa-99b5-5374c3285177.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
51.48.0.0/15
Signature Algorithm: sha256WithRSAEncryption
1f:20:b4:17:34:16:ff:b1:8f:37:b2:82:90:76:c7:37:18:4a:
d3:8a:75:98:60:62:57:cb:9a:71:f5:72:89:b8:f4:41:e8:19:
c7:cc:25:a2:c8:cd:00:a9:9e:54:23:ec:e2:50:14:38:43:fe:
c6:9b:4f:2f:6b:71:ff:d8:33:f1:c1:7c:f3:bc:3e:65:1b:af:
f9:d6:3b:13:05:e0:c0:b4:43:09:dc:a8:c9:69:ca:72:f5:e2:
16:f4:fe:28:94:eb:99:5e:ec:66:e0:5a:4f:02:a8:28:e5:60:
c4:6d:cd:d2:a7:9c:a0:97:c5:f6:c4:3c:87:4b:97:f2:d4:5f:
16:52:0f:74:0b:e7:a5:c2:a8:00:d2:ad:7d:5a:67:ee:c8:27:
6a:78:4a:b5:47:73:f2:f9:af:1e:ce:11:83:63:ea:5b:ff:d0:
af:90:0c:e4:f6:a1:c3:66:64:0e:a1:55:d3:19:d5:da:7b:ac:
41:5e:70:13:19:59:c8:1f:f1:a2:0f:c6:a8:b7:7a:ef:89:7e:
ac:c6:c8:2d:45:c2:6a:3f:b7:25:2e:ce:ae:bd:cf:dd:69:de:
da:50:82:a6:0c:c1:87:fb:dc:f6:76:3d:f9:08:5c:a1:84:fe:
84:8c:46:7d:51:13:77:03:86:b0:8a:1b:dc:da:41:87:1d:f2:
fe:e8:78:15
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIULqaXdkW/ZH6T3jzfOKb4vH4ggMEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNjAyMjgwNjQwNTBaFw0yNjA1MjkyMzU5NTlaMHoxSTBHBgNV
BAUTQGUyZGE5ZDY3ZWZlNmFiYjkxYTk5MGM3MTc0OTIyYzU3YjQ1MmM2Y2JiOTI5
ZTgxZTllYjJhZGJiMGI0ZWRkN2YxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAOqUNoakt4uT+cwJRZXE3QJDpoDUfTh5ydi2SlOpROfaOLnns6JRXYBOQDR5
Yb7I+s6CeyZMgR7uq4MT3vFp4kx7QHtRz9P5wgvSTgiM1IEG1NGrvBBQJETBvJVi
gkySBCJLZeTz8xvCNDyb+2ilTYqghd7imb1B9AO5/zpbveItKR5z9lSmvOVMBnIx
ygZq7VnuTr36cGCsK2fDuJTKBfBASFNXThR/0oGyAchnqp1BLam01L90Q2lwegTE
6A3pkf3geMLjvX6s242sqAbhLaShiySfKCUFLpcKQXbfhnEmGdMEtTq9gZ/bRvhq
4dVZbyunT7ItaPzCLBSFk3ltCv8CAwEAAaOCAiAwggIcMB0GA1UdDgQWBBSISRyf
j8V9WqOetD86GnZ6avOEETAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
M2I2N2JiNjItOWJjZi00ZGFhLTk5YjUtNTM3NGMzMjg1MTc3LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDATMwMA0G
CSqGSIb3DQEBCwUAA4IBAQAfILQXNBb/sY83soKQdsc3GErTinWYYGJXy5px9XKJ
uPRB6BnHzCWiyM0AqZ5UI+ziUBQ4Q/7Gm08va3H/2DPxwXzzvD5lG6/51jsTBeDA
tEMJ3KjJacpy9eIW9P4olOuZXuxm4FpPAqgo5WDEbc3Sp5ygl8X2xDyHS5fy1F8W
Ug90C+elwqgA0q19WmfuyCdqeEq1R3Py+a8ezhGDY+pb/9CvkAzk9qHDZmQOoVXT
GdXae6xBXnATGVnIH/GiD8aot3rviX6sxsgtRcJqP7clLs6uvc/dad7aUIKmDMGH
+9z2dj35CFyhhP6EjEZ9URN3A4awihvc2kGHHfL+6HgV
-----END CERTIFICATE-----
Generated at Sun Mar 1 21:49:46 2026 by rpki-client