Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/67568c6a-cd1a-4586-a397-580b374dbdb0.roa
File: 67568c6a-cd1a-4586-a397-580b374dbdb0.roa (raw, json)
Hash identifier: a2ze7+w+wwNqbli9eWIKxj275yPIKQDkSVkYjEbSuA8=
Subject key identifier: 1D:5F:31:5D:BB:8F:50:A8:8F:0C:66:93:90:D7:B3:05:38:24:15:7B
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 13F68D0B58D04ADED61566B13EB93ACD043C0E63
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/67568c6a-cd1a-4586-a397-580b374dbdb0.roa
Signing time: Sat 28 Feb 2026 06:40:25 +0000
ROA not before: Sat 28 Feb 2026 06:40:25 +0000
ROA not after: Fri 29 May 2026 23:59:59 +0000
asID: 16509
IP address blocks: 51.60.0.0/16 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 15:00:27 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
13:f6:8d:0b:58:d0:4a:de:d6:15:66:b1:3e:b9:3a:cd:04:3c:0e:63
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Feb 28 06:40:25 2026 GMT
Not After : May 29 23:59:59 2026 GMT
Subject: serialNumber=b6f65470bb194121e35a27103135af24ad385b41d073aff85684745beeb7dcff, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:93:e4:93:27:37:d2:ec:17:89:de:9c:b7:97:6b:
29:35:51:f2:50:8b:5d:12:6b:19:e0:9f:b0:97:f3:
13:2e:66:44:d0:4d:21:c3:d4:d5:e9:74:f1:48:df:
34:96:dc:3b:f2:04:4a:7e:75:18:80:e3:b2:87:e3:
4c:b7:20:22:0d:d3:cd:5d:35:3f:11:8f:bd:55:fa:
a3:f0:f3:00:5c:28:9a:ee:33:50:db:97:e4:8a:af:
83:1b:36:8b:96:50:d6:c2:4f:b4:9f:d1:5f:92:3e:
63:c0:81:a2:50:32:ea:6f:fd:37:a6:83:58:96:f1:
3f:f9:75:fd:b5:d3:d7:df:5b:d1:be:0f:d2:a5:90:
33:d5:5a:69:1e:c3:d4:00:52:88:be:4c:df:02:5b:
8b:1a:63:a7:a8:30:a0:33:d0:4a:a3:f8:56:64:81:
bc:b4:aa:6d:d2:08:9e:9e:b3:43:8f:cd:a3:06:ce:
d5:a5:36:0b:04:52:75:9f:74:8c:fe:86:1b:8f:07:
13:24:8b:6f:59:e7:93:76:68:92:c9:cc:0e:60:a7:
f3:0c:ab:cc:ce:4b:3a:83:af:7b:8a:2b:3c:5a:ea:
35:8e:8a:f8:29:59:4e:89:1d:7d:3e:53:71:ad:d0:
f3:b5:5e:d0:eb:3e:8f:59:18:19:23:c8:52:00:50:
8c:45
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1D:5F:31:5D:BB:8F:50:A8:8F:0C:66:93:90:D7:B3:05:38:24:15:7B
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/67568c6a-cd1a-4586-a397-580b374dbdb0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
51.60.0.0/16
Signature Algorithm: sha256WithRSAEncryption
b1:55:07:65:a0:4f:4c:b8:a0:c2:c0:c2:7e:db:ff:15:01:f9:
5e:98:35:e6:89:e2:a1:35:71:d5:73:e5:85:94:83:57:ef:32:
82:7f:2f:b0:74:0e:7a:22:21:ac:21:d8:5c:19:6a:14:09:be:
e9:f6:00:88:2f:77:47:3b:cc:03:8f:ce:36:c1:82:b9:90:0a:
8d:c7:63:8c:81:66:93:e2:13:01:32:a6:df:83:e9:5b:4c:1a:
58:86:6c:68:ce:0c:0e:d4:06:6b:f8:25:87:ba:38:f2:39:30:
e8:9f:0f:f4:28:c9:6f:4b:27:b0:e8:3b:0b:2d:97:52:bb:16:
b3:ef:d6:f2:17:ce:54:a6:2b:87:b2:69:3e:08:3c:28:5c:d3:
b3:56:8e:9e:df:c9:18:b1:80:15:89:52:07:ad:72:54:56:9a:
d4:e4:43:55:74:89:6b:e5:ec:f8:3a:38:d0:93:69:16:5a:db:
b8:61:69:13:96:9c:55:60:a2:7f:39:1a:3e:f2:1a:61:22:77:
11:67:ce:62:57:76:67:f2:b0:9c:20:27:25:35:a8:e5:b0:29:
91:87:e4:62:25:a3:3a:9c:32:62:d6:d0:6a:d8:51:da:7a:32:
75:5d:77:72:78:cc:a3:5b:0f:bb:25:66:54:9d:cc:53:c5:d4:
20:19:5b:25
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUE/aNC1jQSt7WFWaxPrk6zQQ8DmMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNjAyMjgwNjQwMjVaFw0yNjA1MjkyMzU5NTlaMHoxSTBHBgNV
BAUTQGI2ZjY1NDcwYmIxOTQxMjFlMzVhMjcxMDMxMzVhZjI0YWQzODViNDFkMDcz
YWZmODU2ODQ3NDViZWViN2RjZmYxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJPkkyc30uwXid6ct5drKTVR8lCLXRJrGeCfsJfzEy5mRNBNIcPU1el08Ujf
NJbcO/IESn51GIDjsofjTLcgIg3TzV01PxGPvVX6o/DzAFwomu4zUNuX5Iqvgxs2
i5ZQ1sJPtJ/RX5I+Y8CBolAy6m/9N6aDWJbxP/l1/bXT199b0b4P0qWQM9VaaR7D
1ABSiL5M3wJbixpjp6gwoDPQSqP4VmSBvLSqbdIInp6zQ4/NowbO1aU2CwRSdZ90
jP6GG48HEySLb1nnk3ZoksnMDmCn8wyrzM5LOoOve4orPFrqNY6K+ClZTokdfT5T
ca3Q87Ve0Os+j1kYGSPIUgBQjEUCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBQdXzFd
u49QqI8MZpOQ17MFOCQVezAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
Njc1NjhjNmEtY2QxYS00NTg2LWEzOTctNTgwYjM3NGRiZGIwLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDADM8MA0G
CSqGSIb3DQEBCwUAA4IBAQCxVQdloE9MuKDCwMJ+2/8VAflemDXmieKhNXHVc+WF
lINX7zKCfy+wdA56IiGsIdhcGWoUCb7p9gCIL3dHO8wDj842wYK5kAqNx2OMgWaT
4hMBMqbfg+lbTBpYhmxozgwO1AZr+CWHujjyOTDonw/0KMlvSyew6DsLLZdSuxaz
79byF85UpiuHsmk+CDwoXNOzVo6e38kYsYAViVIHrXJUVprU5ENVdIlr5ez4OjjQ
k2kWWtu4YWkTlpxVYKJ/ORo+8hphIncRZ85iV3Zn8rCcICclNajlsCmRh+RiJaM6
nDJi1tBq2FHaejJ1XXdyeMyjWw+7JWZUncxTxdQgGVsl
-----END CERTIFICATE-----
Generated at Sun Mar 1 21:57:05 2026 by rpki-client