Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/63e023f1-83fd-412f-8365-33afe1ac80af.roa
File: 63e023f1-83fd-412f-8365-33afe1ac80af.roa (raw, json)
Hash identifier: HeMXFJXskRziRT6fPIXWLvJwirtg398k0mROcdUb+30=
Subject key identifier: 36:93:F9:2C:25:36:C1:62:54:36:91:AD:99:29:36:7A:EC:7A:89:CA
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 2798F265FDFFA61AB62D93567E0462B7E361E6D8
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/63e023f1-83fd-412f-8365-33afe1ac80af.roa
Signing time: Sat 28 Feb 2026 06:40:06 +0000
ROA not before: Sat 28 Feb 2026 06:40:06 +0000
ROA not after: Fri 29 May 2026 23:59:59 +0000
asID: 16509
IP address blocks: 51.160.0.0/16 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 15:00:27 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
27:98:f2:65:fd:ff:a6:1a:b6:2d:93:56:7e:04:62:b7:e3:61:e6:d8
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Feb 28 06:40:06 2026 GMT
Not After : May 29 23:59:59 2026 GMT
Subject: serialNumber=081b3fa066d53af9c79752426b3e4cf9154f2ee96df9547429e1629db1d1c430, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:df:cb:68:3d:9e:a6:0f:e8:36:71:74:ac:39:19:
01:de:fc:8a:69:50:b7:0a:f9:06:87:37:b5:2b:ad:
b8:86:2e:9f:d7:a1:c6:99:1b:13:52:10:0c:86:34:
a3:9f:b7:16:18:17:e9:b7:a8:5f:68:31:17:b6:02:
b9:df:a8:32:d0:8e:5c:df:7e:87:4d:bf:7c:31:eb:
67:2a:8f:a8:d3:da:70:a4:e9:f1:0d:fa:21:24:05:
57:9e:9a:c1:ed:19:03:2d:f4:42:56:26:45:a1:6f:
34:5b:e7:9a:23:d9:08:a2:99:5f:70:58:81:36:08:
6a:16:d7:36:06:b6:59:46:2b:c4:4d:f7:04:45:ca:
43:84:a2:b1:d8:c2:58:e6:94:7c:4e:d5:62:60:69:
7f:e6:ff:73:96:61:ae:62:6a:08:26:b8:3a:d2:03:
4f:fb:2b:1e:24:30:99:8d:d8:84:cf:66:5c:44:04:
bf:4f:c8:30:1e:61:b7:9f:64:07:18:fa:10:70:54:
bf:e5:46:3c:07:5d:dc:38:1d:0f:e0:a4:39:d7:7d:
87:b2:65:5e:3d:f5:d8:26:19:25:d8:f2:60:ba:15:
3f:b2:93:11:c2:53:9f:9f:aa:08:b0:37:64:96:51:
0a:16:16:4a:4b:86:df:34:fd:84:7b:8b:21:8b:ed:
2c:c1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
36:93:F9:2C:25:36:C1:62:54:36:91:AD:99:29:36:7A:EC:7A:89:CA
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/63e023f1-83fd-412f-8365-33afe1ac80af.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
51.160.0.0/16
Signature Algorithm: sha256WithRSAEncryption
8a:5c:14:21:4a:e8:ea:50:a8:96:43:26:fe:cb:91:1e:04:bd:
c7:a8:48:bf:71:2c:44:f6:1e:24:51:75:fe:8a:7b:0c:fc:d5:
d9:6f:26:65:c1:ab:fb:04:9f:0c:9e:f2:12:4f:39:4c:58:a3:
54:24:87:dd:42:05:4e:93:f7:6c:a2:0e:ae:6a:6c:b3:29:b2:
f8:02:04:34:bd:03:5f:51:88:c7:04:32:81:08:bc:0f:e4:f6:
17:ce:42:2d:b1:7b:b9:22:6a:25:68:f4:77:b3:d0:e7:f7:07:
88:6e:f7:c9:ed:9a:2f:38:49:86:b9:51:d6:06:47:34:d9:a8:
1f:f4:7f:9f:c4:55:09:96:95:f9:2d:92:0a:b3:bc:dd:3d:75:
56:45:7a:f6:cc:b8:4f:c3:c3:b8:b6:fb:b6:1e:5c:91:fc:fd:
33:97:cd:f7:13:dd:72:f2:bc:2c:4e:cb:1f:a7:5d:52:eb:83:
9a:77:da:fe:fe:2c:ba:8e:55:77:cb:3e:83:61:8f:5b:a9:92:
9c:65:df:c3:86:01:6f:18:04:c9:c3:d5:b5:06:32:e3:e7:6f:
4e:7b:e0:e8:a6:73:d5:0a:2a:1e:dd:d5:b7:8d:e6:29:c1:e6:
67:1a:23:6f:99:de:66:8a:a7:f8:3e:9e:74:91:73:80:8e:07:
88:38:3f:81
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUJ5jyZf3/phq2LZNWfgRit+Nh5tgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNjAyMjgwNjQwMDZaFw0yNjA1MjkyMzU5NTlaMHoxSTBHBgNV
BAUTQDA4MWIzZmEwNjZkNTNhZjljNzk3NTI0MjZiM2U0Y2Y5MTU0ZjJlZTk2ZGY5
NTQ3NDI5ZTE2MjlkYjFkMWM0MzAxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAN/LaD2epg/oNnF0rDkZAd78imlQtwr5Boc3tSutuIYun9ehxpkbE1IQDIY0
o5+3FhgX6beoX2gxF7YCud+oMtCOXN9+h02/fDHrZyqPqNPacKTp8Q36ISQFV56a
we0ZAy30QlYmRaFvNFvnmiPZCKKZX3BYgTYIahbXNga2WUYrxE33BEXKQ4SisdjC
WOaUfE7VYmBpf+b/c5ZhrmJqCCa4OtIDT/srHiQwmY3YhM9mXEQEv0/IMB5ht59k
Bxj6EHBUv+VGPAdd3DgdD+CkOdd9h7JlXj312CYZJdjyYLoVP7KTEcJTn5+qCLA3
ZJZRChYWSkuG3zT9hHuLIYvtLMECAwEAAaOCAiAwggIcMB0GA1UdDgQWBBQ2k/ks
JTbBYlQ2ka2ZKTZ67HqJyjAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
NjNlMDIzZjEtODNmZC00MTJmLTgzNjUtMzNhZmUxYWM4MGFmLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDADOgMA0G
CSqGSIb3DQEBCwUAA4IBAQCKXBQhSujqUKiWQyb+y5EeBL3HqEi/cSxE9h4kUXX+
insM/NXZbyZlwav7BJ8MnvISTzlMWKNUJIfdQgVOk/dsog6uamyzKbL4AgQ0vQNf
UYjHBDKBCLwP5PYXzkItsXu5ImolaPR3s9Dn9weIbvfJ7ZovOEmGuVHWBkc02agf
9H+fxFUJlpX5LZIKs7zdPXVWRXr2zLhPw8O4tvu2HlyR/P0zl833E91y8rwsTssf
p11S64Oad9r+/iy6jlV3yz6DYY9bqZKcZd/DhgFvGATJw9W1BjLj529Oe+DopnPV
Cioe3dW3jeYpweZnGiNvmd5miqf4Pp50kXOAjgeIOD+B
-----END CERTIFICATE-----
Generated at Sun Mar 1 23:49:16 2026 by rpki-client