Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/57870f13-82ea-4955-953f-742413b6a651.roa
File: 57870f13-82ea-4955-953f-742413b6a651.roa (raw, json)
Hash identifier: rtHXroY/ydSCAWUSqJLSewmGdvVr3H5wyQA/Ul9N5GU=
Subject key identifier: 2E:C7:D7:7D:D5:8B:AE:A0:0E:40:C8:BC:5F:4A:FA:33:7A:E9:C7:11
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 2173753022C4655678EE8E1230A411C38E32B6BC
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/57870f13-82ea-4955-953f-742413b6a651.roa
Signing time: Sun 01 Mar 2026 01:00:10 +0000
ROA not before: Sun 01 Mar 2026 01:00:10 +0000
ROA not after: Sat 30 May 2026 23:59:59 +0000
asID: 16509
IP address blocks: 2a01:578::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 15:00:27 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
21:73:75:30:22:c4:65:56:78:ee:8e:12:30:a4:11:c3:8e:32:b6:bc
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Mar 1 01:00:10 2026 GMT
Not After : May 30 23:59:59 2026 GMT
Subject: serialNumber=f1a2b526deb0222b28e550db55a4e0dc42b0aa3e22021d3c51930b5111cea01a, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b0:e0:38:1a:a7:a6:d0:b7:61:44:ab:07:8b:1a:
5b:ae:aa:ac:da:b9:ad:f1:31:01:bd:5e:6e:16:cc:
b4:93:9a:69:c3:bd:41:10:88:ad:d0:69:a6:66:9c:
62:3a:6d:c7:2e:7e:14:60:74:41:8a:39:77:86:ee:
c6:fc:53:05:99:eb:8c:cf:ef:32:84:59:f1:16:79:
79:f3:a2:65:0c:4d:91:b7:48:68:bd:44:fd:16:64:
12:63:09:51:58:8c:f5:f8:86:27:e4:8a:30:81:39:
b5:ad:87:42:0f:75:9e:4f:3c:f4:4b:41:fc:91:2e:
f4:89:49:df:b0:ce:57:ac:8b:00:9c:f4:dd:9c:10:
86:aa:46:c9:a6:f9:84:e2:e8:ef:e7:30:17:cf:e8:
b2:af:54:4a:af:d5:08:d0:57:aa:07:0a:6b:d4:59:
ab:3f:10:9b:32:49:13:6e:ef:5d:f0:e0:a6:5c:1e:
5b:62:74:22:38:7b:74:8f:60:1a:f5:07:f3:58:d8:
1d:26:21:f1:14:1c:0d:f6:27:e1:a8:aa:ed:3c:35:
2c:4b:1c:4e:d4:3d:6c:dd:5c:db:43:a9:d3:20:b3:
fc:10:b1:dc:db:00:8f:d4:02:b0:7a:78:fb:c4:ca:
97:c6:76:a4:b5:02:b5:21:6f:d2:34:64:d8:74:86:
4f:e5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2E:C7:D7:7D:D5:8B:AE:A0:0E:40:C8:BC:5F:4A:FA:33:7A:E9:C7:11
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/57870f13-82ea-4955-953f-742413b6a651.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a01:578::/48
Signature Algorithm: sha256WithRSAEncryption
34:f1:fd:04:db:eb:61:84:44:c3:a3:5f:32:d0:c0:93:5d:d3:
7e:71:52:96:f4:43:e4:73:57:bd:d1:2e:f5:e0:c9:ae:e4:ea:
f2:ca:82:d9:ab:3b:b6:95:6c:f9:22:ff:6a:d0:ee:6c:e7:8a:
f3:83:a2:aa:9e:48:df:b7:58:8c:15:49:de:7e:8c:27:ad:50:
86:83:92:67:d2:ac:49:17:05:ac:5f:a0:87:50:bf:5e:23:58:
1a:a7:1f:ce:69:c4:53:fb:9b:88:3b:4d:cc:60:02:52:f2:8a:
f8:c2:90:cc:73:c3:38:93:01:e3:96:33:11:22:b9:d9:71:aa:
e5:43:ec:7f:11:c3:21:c8:cf:93:1e:5b:0b:26:46:8d:e5:54:
06:79:84:95:5c:2a:8d:61:cc:eb:b3:a5:f4:d6:b7:32:53:7e:
8a:92:1f:e7:c3:e5:3f:5c:23:09:a8:9f:cc:77:55:ef:32:ce:
d0:1c:b1:cc:c1:fb:f5:95:a3:4c:19:ce:1b:06:ac:63:e8:d1:
51:9b:a1:4e:b5:80:6e:66:c8:fa:77:20:7d:fc:8c:00:c7:f4:
f0:2a:ae:4a:8b:b6:59:1e:63:52:71:1a:c5:03:73:df:a8:56:
54:19:0c:a8:58:43:08:a6:df:bb:01:c6:6d:07:b2:24:c6:cd:
4e:5d:49:71
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUIXN1MCLEZVZ47o4SMKQRw44ytrwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNjAzMDEwMTAwMTBaFw0yNjA1MzAyMzU5NTlaMHoxSTBHBgNV
BAUTQGYxYTJiNTI2ZGViMDIyMmIyOGU1NTBkYjU1YTRlMGRjNDJiMGFhM2UyMjAy
MWQzYzUxOTMwYjUxMTFjZWEwMWExLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALDgOBqnptC3YUSrB4saW66qrNq5rfExAb1ebhbMtJOaacO9QRCIrdBppmac
Yjptxy5+FGB0QYo5d4buxvxTBZnrjM/vMoRZ8RZ5efOiZQxNkbdIaL1E/RZkEmMJ
UViM9fiGJ+SKMIE5ta2HQg91nk889EtB/JEu9IlJ37DOV6yLAJz03ZwQhqpGyab5
hOLo7+cwF8/osq9USq/VCNBXqgcKa9RZqz8QmzJJE27vXfDgplweW2J0Ijh7dI9g
GvUH81jYHSYh8RQcDfYn4aiq7Tw1LEscTtQ9bN1c20Op0yCz/BCx3NsAj9QCsHp4
+8TKl8Z2pLUCtSFv0jRk2HSGT+UCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBQux9d9
1YuuoA5AyLxfSvozeunHETAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
NTc4NzBmMTMtODJlYS00OTU1LTk1M2YtNzQyNDEzYjZhNjUxLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoBBXgA
ADANBgkqhkiG9w0BAQsFAAOCAQEANPH9BNvrYYREw6NfMtDAk13TfnFSlvRD5HNX
vdEu9eDJruTq8sqC2as7tpVs+SL/atDubOeK84Oiqp5I37dYjBVJ3n6MJ61QhoOS
Z9KsSRcFrF+gh1C/XiNYGqcfzmnEU/ubiDtNzGACUvKK+MKQzHPDOJMB45YzESK5
2XGq5UPsfxHDIcjPkx5bCyZGjeVUBnmElVwqjWHM67Ol9Na3MlN+ipIf58PlP1wj
CaifzHdV7zLO0ByxzMH79ZWjTBnOGwasY+jRUZuhTrWAbmbI+ncgffyMAMf08Cqu
Sou2WR5jUnEaxQNz36hWVBkMqFhDCKbfuwHGbQeyJMbNTl1JcQ==
-----END CERTIFICATE-----
Generated at Mon Mar 2 01:43:20 2026 by rpki-client