Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/42f47c85-e9fe-40f9-ae1c-57ea1b805412.roa
File: 42f47c85-e9fe-40f9-ae1c-57ea1b805412.roa (raw, json)
Hash identifier: Y7w+KP91iP0abjgm4fEpM4BldzvPaDAsHezwnQNaCnM=
Subject key identifier: 99:00:59:AC:58:CA:EC:48:BA:8E:E1:AB:A6:85:5D:A5:5B:79:FD:50
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 5F9B6221D147796CCB3FC1C08B9B16B21C187466
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/42f47c85-e9fe-40f9-ae1c-57ea1b805412.roa
Signing time: Fri 06 Feb 2026 00:40:30 +0000
ROA not before: Fri 06 Feb 2026 00:40:30 +0000
ROA not after: Thu 07 May 2026 23:59:59 +0000
asID: 16509
IP address blocks: 51.24.0.0/16 maxlen: 16
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 18:00:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
5f:9b:62:21:d1:47:79:6c:cb:3f:c1:c0:8b:9b:16:b2:1c:18:74:66
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Feb 6 00:40:30 2026 GMT
Not After : May 7 23:59:59 2026 GMT
Subject: serialNumber=8a6971044f0c0dc0b9a74a8965af0a6e8b86522fd0c951ef9889e9c6a3597599, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ca:76:13:de:62:59:a2:70:38:5a:74:e8:c3:a3:
df:95:e5:eb:fa:34:78:01:69:1c:2d:d4:cf:16:e9:
21:2e:c1:c0:17:d0:95:c6:8c:af:9c:c5:0a:bb:3d:
5c:ab:6d:f9:c3:8b:e2:60:14:8e:63:dc:de:7a:9c:
b8:37:30:62:fe:34:ba:55:f6:60:67:b3:c7:01:94:
8b:c2:b9:78:eb:70:79:a0:35:97:02:ba:92:03:89:
06:fc:4e:d9:5d:f9:76:cc:8b:81:33:6c:84:6f:69:
7e:a3:0e:5d:3a:15:c7:94:e7:7f:aa:73:a0:cc:19:
76:8b:91:f0:85:3d:59:89:94:54:f8:df:0c:e4:4e:
59:9f:8d:bb:6a:1a:14:2d:a4:07:d2:44:3d:f8:cb:
38:a7:c0:4f:17:ea:13:b0:50:58:19:95:83:4a:b3:
ca:ec:7e:f1:d1:e0:85:f8:05:98:2f:dd:30:34:ce:
dd:f8:63:e7:fa:86:d8:17:68:f3:f5:96:fa:21:a1:
03:c2:56:5b:0c:f2:83:88:65:ac:a6:73:f3:dc:e9:
bc:df:1b:a4:9b:58:b3:fe:d0:69:f4:03:02:d4:ea:
f8:fc:d2:53:e7:10:80:98:85:6c:ca:bf:0b:ab:5e:
68:89:fa:e8:77:4c:a9:3e:8a:03:57:9b:9d:be:67:
e0:35
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
99:00:59:AC:58:CA:EC:48:BA:8E:E1:AB:A6:85:5D:A5:5B:79:FD:50
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/42f47c85-e9fe-40f9-ae1c-57ea1b805412.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
51.24.0.0/16
Signature Algorithm: sha256WithRSAEncryption
af:bd:f0:b9:7d:31:72:6e:cb:5e:e8:fc:42:9d:30:68:e5:5c:
a8:02:34:f1:63:bb:98:a0:d2:88:47:84:63:03:f1:70:39:ae:
78:fa:01:12:74:98:71:0f:fb:74:13:b5:1f:15:a0:8e:06:18:
02:52:51:c4:a9:4c:c3:3d:ea:2d:bf:ad:ae:c4:eb:45:d7:99:
92:fc:ec:b5:10:64:c7:96:ee:b4:ec:92:fa:95:3e:12:1b:a9:
06:76:a5:86:11:db:f4:68:b4:a5:2f:a9:ce:aa:fe:e9:2b:db:
fb:77:a5:ed:65:fc:b9:cc:bc:0d:6b:10:8e:4c:a7:32:20:e0:
0f:86:7e:2d:65:74:63:70:20:de:10:71:eb:8a:5e:98:99:66:
14:7b:97:d2:a0:77:bd:98:3b:dd:9f:39:96:b0:8a:41:56:37:
04:bd:e0:fb:7b:34:d4:8c:21:2e:d1:bf:03:01:b7:e6:0d:29:
17:eb:68:fc:cf:e2:68:6f:5e:df:71:f2:d5:7f:cc:e4:b6:2b:
43:f4:af:1e:00:bf:81:2a:1f:aa:5f:e2:06:66:13:ab:c7:ab:
2e:9e:84:de:b1:25:aa:6c:3e:f9:bd:79:a2:7b:aa:4d:ca:6b:
b3:26:54:00:1a:37:be:75:85:6f:a8:e6:98:f4:0b:bb:59:44:
e1:0b:c2:f0
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUX5tiIdFHeWzLP8HAi5sWshwYdGYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNjAyMDYwMDQwMzBaFw0yNjA1MDcyMzU5NTlaMHoxSTBHBgNV
BAUTQDhhNjk3MTA0NGYwYzBkYzBiOWE3NGE4OTY1YWYwYTZlOGI4NjUyMmZkMGM5
NTFlZjk4ODllOWM2YTM1OTc1OTkxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMp2E95iWaJwOFp06MOj35Xl6/o0eAFpHC3UzxbpIS7BwBfQlcaMr5zFCrs9
XKtt+cOL4mAUjmPc3nqcuDcwYv40ulX2YGezxwGUi8K5eOtweaA1lwK6kgOJBvxO
2V35dsyLgTNshG9pfqMOXToVx5Tnf6pzoMwZdouR8IU9WYmUVPjfDOROWZ+Nu2oa
FC2kB9JEPfjLOKfATxfqE7BQWBmVg0qzyux+8dHghfgFmC/dMDTO3fhj5/qG2Bdo
8/WW+iGhA8JWWwzyg4hlrKZz89zpvN8bpJtYs/7QafQDAtTq+PzSU+cQgJiFbMq/
C6teaIn66HdMqT6KA1ebnb5n4DUCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBSZAFms
WMrsSLqO4aumhV2lW3n9UDAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
NDJmNDdjODUtZTlmZS00MGY5LWFlMWMtNTdlYTFiODA1NDEyLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDADMYMA0G
CSqGSIb3DQEBCwUAA4IBAQCvvfC5fTFybste6PxCnTBo5VyoAjTxY7uYoNKIR4Rj
A/FwOa54+gESdJhxD/t0E7UfFaCOBhgCUlHEqUzDPeotv62uxOtF15mS/Oy1EGTH
lu607JL6lT4SG6kGdqWGEdv0aLSlL6nOqv7pK9v7d6XtZfy5zLwNaxCOTKcyIOAP
hn4tZXRjcCDeEHHril6YmWYUe5fSoHe9mDvdnzmWsIpBVjcEveD7ezTUjCEu0b8D
AbfmDSkX62j8z+Job17fcfLVf8zktitD9K8eAL+BKh+qX+IGZhOrx6sunoTesSWq
bD75vXmie6pNymuzJlQAGje+dYVvqOaY9Au7WUThC8Lw
-----END CERTIFICATE-----
Generated at Mon Mar 2 04:50:14 2026 by rpki-client