Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/60c12693-1526-46ae-aa45-d5276a0c0f79.roa
File: 60c12693-1526-46ae-aa45-d5276a0c0f79.roa (raw, json)
Hash identifier: OAcW1pw5r8YPhUEFUYi2BuhepgQpb1rJu+S7zVj4BhI=
Subject key identifier: 76:C6:23:F5:E2:DA:BE:ED:A4:A0:3D:9C:2E:09:8B:1F:CF:15:0F:D9
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 56CC562A1D580E22D4EED044EFE86EFB53C09D20
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/60c12693-1526-46ae-aa45-d5276a0c0f79.roa
Signing time: Fri 06 Feb 2026 00:40:07 +0000
ROA not before: Fri 06 Feb 2026 00:40:07 +0000
ROA not after: Thu 07 May 2026 23:59:59 +0000
asID: 16509
IP address blocks: 51.86.0.0/15 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 15:00:27 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
56:cc:56:2a:1d:58:0e:22:d4:ee:d0:44:ef:e8:6e:fb:53:c0:9d:20
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Feb 6 00:40:07 2026 GMT
Not After : May 7 23:59:59 2026 GMT
Subject: serialNumber=45fc438bcc33477382a1040c6ce75c47cea8a4db71ff94617ccba5092d076c03, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d9:12:3a:8b:2e:14:72:df:0d:e8:5e:89:4e:53:
be:4a:a1:0c:41:5c:eb:c0:20:3c:91:7f:97:a1:96:
a1:f5:7f:c0:81:73:fa:9e:0f:c8:a8:64:13:48:21:
72:bb:57:43:3a:ed:1b:64:2c:f7:b4:ae:4a:19:1d:
66:1e:60:ff:7f:d7:7b:80:16:e7:31:cf:b1:26:98:
ff:a6:50:bd:53:e0:a0:cb:99:2e:6b:54:84:11:9a:
72:af:63:47:11:5f:47:5e:2d:22:99:91:c4:81:5a:
fa:b2:b3:dc:b6:7e:d1:1c:0d:de:7a:2b:bb:f1:46:
6e:17:2c:07:7e:2f:3d:cf:86:1a:0b:a9:5d:d2:a8:
66:5a:c9:2b:3a:e9:9e:80:e6:e4:b3:29:f4:56:b5:
fe:cf:7e:68:c5:5d:cb:7d:97:3d:b7:ef:d0:bf:67:
7f:4d:39:d0:5a:52:76:9f:94:73:f2:6a:c7:fe:3f:
b4:31:49:a9:a4:03:32:8d:9d:78:05:3d:22:4d:c1:
7b:db:d3:76:2f:f6:86:04:55:70:3d:cc:49:d5:9b:
70:87:bf:ba:39:08:55:1c:d4:b0:f7:b2:c7:9a:e5:
15:a7:ff:75:0e:ef:40:95:93:26:67:97:a9:53:63:
b3:63:37:2a:b9:16:8c:03:59:f3:1c:a0:db:d7:ad:
cd:21
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
76:C6:23:F5:E2:DA:BE:ED:A4:A0:3D:9C:2E:09:8B:1F:CF:15:0F:D9
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/60c12693-1526-46ae-aa45-d5276a0c0f79.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
51.86.0.0/15
Signature Algorithm: sha256WithRSAEncryption
2d:5e:b1:cb:5e:66:58:f9:46:2b:43:13:df:c4:2c:4a:e0:20:
34:ff:41:36:3d:b4:10:0a:92:d4:53:fa:3c:b2:4a:34:e1:8a:
3f:1c:32:7f:8e:6d:72:cc:0c:2a:1e:69:9e:e8:bf:06:c4:50:
80:64:f5:3b:e4:1f:67:03:69:58:a8:62:45:e9:cd:18:83:6f:
67:0b:26:d0:15:4d:a2:b2:d8:96:b1:ca:04:e4:9c:26:8f:ff:
1d:6a:9a:e6:7e:84:15:bf:4f:eb:4c:c4:db:36:da:91:aa:b9:
6e:cb:e9:0d:54:aa:08:93:d1:3f:f7:0e:35:9d:5d:6d:b2:c1:
e8:c9:94:eb:3c:7b:0c:87:92:33:30:63:bb:a4:26:47:ce:f6:
7e:9b:0a:ca:c6:f6:a0:1f:56:5b:2b:a2:f5:b8:6c:c7:6f:a0:
a8:11:76:98:f0:14:c2:e7:68:b3:eb:a9:bf:cb:f5:1f:0a:8d:
a7:24:a8:95:d9:b9:ad:29:4e:b8:08:5c:8d:e5:02:65:c5:41:
f9:16:c8:66:b8:a9:d6:37:73:9b:e6:48:8e:c9:32:2d:6d:b4:
78:b6:17:9b:5a:19:a8:3a:4a:10:86:b8:01:bf:cc:86:b0:97:
ae:aa:ce:17:ef:de:24:51:5a:ec:a0:19:65:b3:86:b9:21:ab:
70:21:a4:84
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUVsxWKh1YDiLU7tBE7+hu+1PAnSAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNjAyMDYwMDQwMDdaFw0yNjA1MDcyMzU5NTlaMHoxSTBHBgNV
BAUTQDQ1ZmM0MzhiY2MzMzQ3NzM4MmExMDQwYzZjZTc1YzQ3Y2VhOGE0ZGI3MWZm
OTQ2MTdjY2JhNTA5MmQwNzZjMDMxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANkSOosuFHLfDeheiU5TvkqhDEFc68AgPJF/l6GWofV/wIFz+p4PyKhkE0gh
crtXQzrtG2Qs97SuShkdZh5g/3/Xe4AW5zHPsSaY/6ZQvVPgoMuZLmtUhBGacq9j
RxFfR14tIpmRxIFa+rKz3LZ+0RwN3noru/FGbhcsB34vPc+GGgupXdKoZlrJKzrp
noDm5LMp9Fa1/s9+aMVdy32XPbfv0L9nf0050FpSdp+Uc/Jqx/4/tDFJqaQDMo2d
eAU9Ik3Be9vTdi/2hgRVcD3MSdWbcIe/ujkIVRzUsPeyx5rlFaf/dQ7vQJWTJmeX
qVNjs2M3KrkWjANZ8xyg29etzSECAwEAAaOCAiAwggIcMB0GA1UdDgQWBBR2xiP1
4tq+7aSgPZwuCYsfzxUP2TAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
NjBjMTI2OTMtMTUyNi00NmFlLWFhNDUtZDUyNzZhMGMwZjc5LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDATNWMA0G
CSqGSIb3DQEBCwUAA4IBAQAtXrHLXmZY+UYrQxPfxCxK4CA0/0E2PbQQCpLUU/o8
sko04Yo/HDJ/jm1yzAwqHmme6L8GxFCAZPU75B9nA2lYqGJF6c0Yg29nCybQFU2i
stiWscoE5Jwmj/8daprmfoQVv0/rTMTbNtqRqrluy+kNVKoIk9E/9w41nV1tssHo
yZTrPHsMh5IzMGO7pCZHzvZ+mwrKxvagH1ZbK6L1uGzHb6CoEXaY8BTC52iz66m/
y/UfCo2nJKiV2bmtKU64CFyN5QJlxUH5FshmuKnWN3Ob5kiOyTItbbR4thebWhmo
OkoQhrgBv8yGsJeuqs4X794kUVrsoBlls4a5IatwIaSE
-----END CERTIFICATE-----
Generated at Sun Mar 1 23:40:37 2026 by rpki-client