Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/51429a37-e3fd-4b49-a184-1e07ed522f97.roa
File: 51429a37-e3fd-4b49-a184-1e07ed522f97.roa (raw, json)
Hash identifier: wCzCAFRUsR4MdDiUFoYyJHgbgQfLTtUu/v4v+vG3hg4=
Subject key identifier: AF:2A:21:B6:A4:5E:0C:A7:70:32:4F:D1:44:BC:CA:E3:C1:38:8D:28
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 5A1DDFC471DA372A60B6B9C70CA25A9F0FD5155A
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/51429a37-e3fd-4b49-a184-1e07ed522f97.roa
Signing time: Sat 28 Feb 2026 06:30:54 +0000
ROA not before: Sat 28 Feb 2026 06:30:54 +0000
ROA not after: Fri 29 May 2026 23:59:59 +0000
asID: 16509
IP address blocks: 51.3.0.0/16 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 15:00:27 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
5a:1d:df:c4:71:da:37:2a:60:b6:b9:c7:0c:a2:5a:9f:0f:d5:15:5a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Feb 28 06:30:54 2026 GMT
Not After : May 29 23:59:59 2026 GMT
Subject: serialNumber=c9154b6fd741b93bc346761ed9e9e758adfd8cf62dc501b3131a53a11ab1ea5b, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e5:58:e0:cc:35:65:10:b1:e5:f9:14:e9:ab:34:
25:81:a4:17:05:d1:c1:57:fc:f9:7e:29:e1:e1:e3:
db:e2:91:34:66:05:69:ce:50:11:63:5f:bb:9a:7b:
57:15:64:98:93:34:45:29:49:26:dd:a0:11:fd:72:
c7:3c:d6:e5:39:55:e2:6d:8b:5d:97:01:1b:b6:04:
af:13:8e:65:38:07:44:69:fa:15:e1:67:02:07:a9:
ae:b7:c1:40:c4:18:bf:21:91:af:71:2d:e8:c7:10:
7a:1b:9e:5f:d5:4b:dc:9c:fb:04:ad:b6:7d:3c:28:
e2:6b:23:91:33:fd:3d:07:c6:4d:5f:d2:fb:ee:b1:
f2:b1:01:63:ad:6e:20:b3:74:7b:12:4d:5e:69:48:
fe:23:94:18:c4:1b:cd:47:8f:06:42:18:6e:d8:56:
67:3d:28:04:15:80:93:df:ec:d0:df:da:bf:2e:80:
3c:6e:ba:97:13:18:ba:87:c3:c5:c0:da:08:88:6f:
e5:9a:32:24:17:c5:f8:0b:5f:54:b1:47:ac:31:1b:
56:24:ef:c4:9d:5f:ae:ec:29:b0:f5:73:2d:49:5c:
40:5f:19:f7:a5:f7:9b:91:81:47:b2:fc:7b:f1:3a:
a1:e1:3c:22:af:07:08:66:d3:65:38:c9:5a:eb:66:
d4:cf
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AF:2A:21:B6:A4:5E:0C:A7:70:32:4F:D1:44:BC:CA:E3:C1:38:8D:28
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/51429a37-e3fd-4b49-a184-1e07ed522f97.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
51.3.0.0/16
Signature Algorithm: sha256WithRSAEncryption
14:14:46:2d:1e:6e:e0:0a:dd:cd:c5:90:78:2c:5d:73:86:14:
a3:eb:56:88:f6:b1:84:e9:bc:dd:48:ba:c8:a3:a2:d5:6b:fb:
f3:93:90:ab:f5:16:58:48:a6:e4:a1:6e:84:8e:a7:c4:1e:fb:
3a:ed:f9:35:7c:53:47:6a:1c:ea:54:68:17:5f:40:f4:7b:d5:
14:cb:98:10:cd:57:04:09:23:da:6e:29:0d:11:92:41:ed:38:
93:cc:08:38:06:db:e8:eb:c4:79:b7:94:32:a8:71:b2:f7:df:
21:6d:5a:d2:4f:3b:ab:d2:12:57:db:44:0a:e9:90:2e:5f:43:
f6:84:94:28:00:91:fa:9e:67:d8:93:bd:95:4d:a9:69:cb:c1:
d3:54:0f:8c:43:d4:15:2c:fa:81:c6:a7:49:f0:0c:0a:a0:aa:
c2:de:18:ac:d6:fe:f7:b6:49:97:1a:e5:5e:3d:8a:6c:3b:25:
7a:91:ba:76:55:60:e9:70:40:8b:aa:c7:67:2b:a4:a0:8a:08:
b0:a2:1a:21:b8:36:ef:61:4d:b9:f0:59:c6:ad:ed:0b:fe:54:
a3:36:c9:91:f9:e9:7b:c2:22:3d:c1:f5:5f:af:00:7d:ef:c1:
40:39:14:8a:8a:04:65:85:64:e6:06:db:4f:ea:01:12:6a:98:
63:7c:65:3c
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUWh3fxHHaNypgtrnHDKJanw/VFVowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNjAyMjgwNjMwNTRaFw0yNjA1MjkyMzU5NTlaMHoxSTBHBgNV
BAUTQGM5MTU0YjZmZDc0MWI5M2JjMzQ2NzYxZWQ5ZTllNzU4YWRmZDhjZjYyZGM1
MDFiMzEzMWE1M2ExMWFiMWVhNWIxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAOVY4Mw1ZRCx5fkU6as0JYGkFwXRwVf8+X4p4eHj2+KRNGYFac5QEWNfu5p7
VxVkmJM0RSlJJt2gEf1yxzzW5TlV4m2LXZcBG7YErxOOZTgHRGn6FeFnAgeprrfB
QMQYvyGRr3Et6McQehueX9VL3Jz7BK22fTwo4msjkTP9PQfGTV/S++6x8rEBY61u
ILN0exJNXmlI/iOUGMQbzUePBkIYbthWZz0oBBWAk9/s0N/avy6APG66lxMYuofD
xcDaCIhv5ZoyJBfF+AtfVLFHrDEbViTvxJ1fruwpsPVzLUlcQF8Z96X3m5GBR7L8
e/E6oeE8Iq8HCGbTZTjJWutm1M8CAwEAAaOCAiAwggIcMB0GA1UdDgQWBBSvKiG2
pF4Mp3AyT9FEvMrjwTiNKDAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
NTE0MjlhMzctZTNmZC00YjQ5LWExODQtMWUwN2VkNTIyZjk3LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDADMDMA0G
CSqGSIb3DQEBCwUAA4IBAQAUFEYtHm7gCt3NxZB4LF1zhhSj61aI9rGE6bzdSLrI
o6LVa/vzk5Cr9RZYSKbkoW6EjqfEHvs67fk1fFNHahzqVGgXX0D0e9UUy5gQzVcE
CSPabikNEZJB7TiTzAg4Btvo68R5t5QyqHGy998hbVrSTzur0hJX20QK6ZAuX0P2
hJQoAJH6nmfYk72VTalpy8HTVA+MQ9QVLPqBxqdJ8AwKoKrC3his1v73tkmXGuVe
PYpsOyV6kbp2VWDpcECLqsdnK6SgigiwohohuDbvYU258FnGre0L/lSjNsmR+el7
wiI9wfVfrwB978FAORSKigRlhWTmBttP6gESaphjfGU8
-----END CERTIFICATE-----
Generated at Sun Mar 1 21:45:12 2026 by rpki-client