Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/4eb66819-e335-446d-8ca8-7436f3cd196d.roa
File: 4eb66819-e335-446d-8ca8-7436f3cd196d.roa (raw, json)
Hash identifier: QELZUtEHL1nFYNiTMZRD1jBtmwz6Ln8EpU/t1G0Oi7s=
Subject key identifier: 43:45:BD:A3:B2:C4:6E:16:03:0B:BD:58:CE:BA:81:6D:3B:70:05:23
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 3BCD79B0FE4D9E26D84D79697FB39761E109E1F1
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/4eb66819-e335-446d-8ca8-7436f3cd196d.roa
Signing time: Sat 28 Feb 2026 06:30:15 +0000
ROA not before: Sat 28 Feb 2026 06:30:15 +0000
ROA not after: Fri 29 May 2026 23:59:59 +0000
asID: 16509
IP address blocks: 143.65.128.0/18 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 15:00:27 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
3b:cd:79:b0:fe:4d:9e:26:d8:4d:79:69:7f:b3:97:61:e1:09:e1:f1
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Feb 28 06:30:15 2026 GMT
Not After : May 29 23:59:59 2026 GMT
Subject: serialNumber=07c48badc7999e52acd0a3eb16bfe5d9ce6e01978758eaa8f5f9fe41fbb9c489, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8d:38:69:e7:1c:76:c2:35:fe:03:64:a6:06:15:
57:44:8f:2b:a9:2e:7d:e8:2e:a1:7e:d2:f0:78:34:
94:7c:24:41:29:35:3e:7b:50:15:22:e2:9e:fb:74:
96:c5:b6:81:d4:8f:fd:1f:d6:95:17:38:e1:8d:31:
b0:2c:dd:49:d4:e4:a7:97:43:68:58:7d:37:73:aa:
4b:75:86:4a:02:19:89:53:df:72:3d:57:aa:96:07:
52:0d:e8:ac:22:09:2f:5a:5b:2f:7a:a0:6b:35:a5:
d7:d1:5e:72:ff:dd:0e:e3:bb:66:38:65:13:22:f1:
09:35:bb:1f:16:00:c0:bc:65:8d:0d:30:2d:33:8b:
07:21:7a:5c:3c:11:95:6e:32:ef:a0:16:4c:7d:7a:
69:19:f8:f1:b7:cf:d0:6f:7e:49:27:dc:f5:7a:d7:
44:9b:fc:fe:9e:ff:e6:89:f9:64:bb:f6:a5:97:0d:
79:d8:cc:1f:66:bf:56:c7:eb:3e:d5:9b:6a:3a:22:
92:97:d0:de:64:a9:51:c5:d2:70:2b:61:fb:f2:44:
fe:38:b3:15:b6:a4:41:79:b8:08:eb:8f:ab:07:c0:
8b:e9:66:19:c8:69:09:01:be:19:1a:4a:09:a8:ec:
a0:74:98:cf:d2:f8:7a:46:53:02:b3:d4:a5:46:73:
88:9d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
43:45:BD:A3:B2:C4:6E:16:03:0B:BD:58:CE:BA:81:6D:3B:70:05:23
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/4eb66819-e335-446d-8ca8-7436f3cd196d.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
143.65.128.0/18
Signature Algorithm: sha256WithRSAEncryption
0c:fb:88:a2:5c:c1:dc:ef:c1:ed:89:84:54:cb:5f:69:dd:6e:
d4:c8:69:0f:82:36:c4:f1:8e:e9:45:ff:86:97:75:0b:96:d5:
23:2b:64:af:c5:4d:21:56:c3:30:36:85:b7:3f:d1:c9:ea:da:
5c:26:7b:f2:0d:91:5d:be:72:95:c8:bb:ee:b1:f3:a4:b2:b4:
43:d1:1f:95:ae:8c:77:26:d2:d4:f0:70:03:46:91:1c:4a:9c:
6d:43:a2:a9:77:2f:83:ec:4d:f8:4e:6f:64:d8:be:e5:d3:2e:
9b:fc:c0:b6:76:43:2d:4e:cd:90:f2:be:a4:d7:d5:02:c9:9b:
75:dc:68:df:dc:fa:ee:0e:db:76:88:ac:3b:48:11:88:d0:d8:
64:62:a1:43:62:65:2b:70:20:3c:c5:07:30:cd:fa:04:19:f3:
ef:39:79:52:bf:19:82:e4:a9:67:bc:5f:ed:a4:b7:69:9f:bf:
3d:28:42:f7:67:91:5e:74:d2:46:af:75:4d:28:be:d1:a7:31:
60:e6:34:46:54:fa:e1:5c:65:85:c2:1e:26:c6:35:1f:a9:21:
35:dc:fb:88:30:e6:80:ae:8a:4e:e5:d1:51:5c:93:0a:2b:c8:
4a:df:4d:97:9e:e4:1e:a2:c6:10:ee:15:d9:6b:1b:bd:8d:ed:
f5:0a:cc:53
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUO815sP5NnibYTXlpf7OXYeEJ4fEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNjAyMjgwNjMwMTVaFw0yNjA1MjkyMzU5NTlaMHoxSTBHBgNV
BAUTQDA3YzQ4YmFkYzc5OTllNTJhY2QwYTNlYjE2YmZlNWQ5Y2U2ZTAxOTc4NzU4
ZWFhOGY1ZjlmZTQxZmJiOWM0ODkxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAI04aeccdsI1/gNkpgYVV0SPK6kufeguoX7S8Hg0lHwkQSk1PntQFSLinvt0
lsW2gdSP/R/WlRc44Y0xsCzdSdTkp5dDaFh9N3OqS3WGSgIZiVPfcj1XqpYHUg3o
rCIJL1pbL3qgazWl19Fecv/dDuO7ZjhlEyLxCTW7HxYAwLxljQ0wLTOLByF6XDwR
lW4y76AWTH16aRn48bfP0G9+SSfc9XrXRJv8/p7/5on5ZLv2pZcNedjMH2a/Vsfr
PtWbajoikpfQ3mSpUcXScCth+/JE/jizFbakQXm4COuPqwfAi+lmGchpCQG+GRpK
CajsoHSYz9L4ekZTArPUpUZziJ0CAwEAAaOCAiEwggIdMB0GA1UdDgQWBBRDRb2j
ssRuFgMLvVjOuoFtO3AFIzAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
NGViNjY4MTktZTMzNS00NDZkLThjYTgtNzQzNmYzY2QxOTZkLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEBo9BgDAN
BgkqhkiG9w0BAQsFAAOCAQEADPuIolzB3O/B7YmEVMtfad1u1MhpD4I2xPGO6UX/
hpd1C5bVIytkr8VNIVbDMDaFtz/RyeraXCZ78g2RXb5ylci77rHzpLK0Q9Efla6M
dybS1PBwA0aRHEqcbUOiqXcvg+xN+E5vZNi+5dMum/zAtnZDLU7NkPK+pNfVAsmb
ddxo39z67g7bdoisO0gRiNDYZGKhQ2JlK3AgPMUHMM36BBnz7zl5Ur8ZguSpZ7xf
7aS3aZ+/PShC92eRXnTSRq91TSi+0acxYOY0RlT64VxlhcIeJsY1H6khNdz7iDDm
gK6KTuXRUVyTCivISt9Nl57kHqLGEO4V2WsbvY3t9QrMUw==
-----END CERTIFICATE-----
Generated at Sun Mar 1 23:21:14 2026 by rpki-client