Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/6df8accc-a525-49ec-ad13-7401de62f775.roa
File: 6df8accc-a525-49ec-ad13-7401de62f775.roa (raw, json)
Hash identifier: 8TgLjBRBHsBf+uYGx6I8DkfIVxueLpQwmUzO2S9HT1c=
Subject key identifier: DB:BB:79:D5:CD:A6:88:62:A6:59:06:00:07:DB:83:F8:1E:E5:5F:43
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 510A65B85C69462BB414C1DDA4A8D0AE78D7BA38
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/6df8accc-a525-49ec-ad13-7401de62f775.roa
Signing time: Sat 28 Feb 2026 06:30:43 +0000
ROA not before: Sat 28 Feb 2026 06:30:43 +0000
ROA not after: Fri 29 May 2026 23:59:59 +0000
asID: 16509
IP address blocks: 159.109.0.0/16 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 03 Mar 2026 00:00:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
51:0a:65:b8:5c:69:46:2b:b4:14:c1:dd:a4:a8:d0:ae:78:d7:ba:38
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Feb 28 06:30:43 2026 GMT
Not After : May 29 23:59:59 2026 GMT
Subject: serialNumber=37e5abf9747e8e92102210609c633f05f8c3faaea9b217965b130fbccb37c794, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9c:f7:e4:02:5c:65:33:e9:19:4a:32:09:2b:13:
78:b4:22:1a:95:f8:57:66:3e:88:c6:43:fe:e7:25:
cf:57:f6:5a:35:c3:27:41:53:6b:c4:ae:f6:89:66:
2d:96:15:94:29:83:9e:51:7f:81:5a:89:1c:e8:94:
74:1b:e9:bd:9f:ca:0b:cc:d1:a5:19:1d:2a:e2:b8:
36:89:6d:ea:0e:ef:db:6c:c6:7f:92:69:31:d7:08:
e3:77:19:41:bb:82:c6:2f:e7:bc:72:41:11:27:29:
c6:86:49:6f:b2:78:ee:ae:68:50:52:df:0f:64:4c:
6a:91:80:ef:cc:4f:2e:d7:2e:1d:ec:ec:07:73:a0:
17:d9:3c:ad:de:20:3d:cf:97:7b:bc:f9:f8:3c:d1:
b2:24:9a:44:5a:40:18:78:72:03:59:a9:14:74:b0:
49:16:70:40:6c:07:fc:3f:a2:53:2f:52:47:f2:ec:
8b:e4:d2:f9:6c:14:20:16:f4:e0:28:d5:c6:33:4f:
d3:9a:f6:84:6b:58:c5:6b:b7:1f:54:a7:4e:b6:1f:
0f:70:7c:32:1f:05:be:b9:bc:38:b9:d2:c2:b7:5c:
8d:04:09:45:41:37:b7:84:53:65:75:0b:88:a4:4f:
fd:3e:a7:0c:d1:4e:c0:ba:f4:3d:e9:05:2e:b8:25:
81:6d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DB:BB:79:D5:CD:A6:88:62:A6:59:06:00:07:DB:83:F8:1E:E5:5F:43
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/6df8accc-a525-49ec-ad13-7401de62f775.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
159.109.0.0/16
Signature Algorithm: sha256WithRSAEncryption
d6:93:17:e9:ec:3a:05:f5:1b:ed:cd:37:4c:63:5e:3e:07:c7:
d8:d1:2b:1f:6b:89:83:4a:23:78:b9:7b:46:16:88:c5:80:e1:
66:62:3e:a9:3b:fc:72:4d:da:5d:4e:47:38:f4:cb:74:e0:40:
76:ca:87:81:55:4d:98:af:20:0c:4d:5d:4a:80:d6:e9:1e:0a:
fe:87:04:71:9f:78:4b:a2:06:9e:34:0d:6f:1c:2f:f0:ca:8b:
a9:8a:6a:21:2b:65:d5:ae:4f:30:01:9b:fb:53:20:92:eb:19:
0b:64:7d:fa:fa:be:5a:91:1e:9c:3b:6f:95:d8:3b:86:20:ff:
e4:e3:c2:59:7e:28:b0:e9:2d:6f:da:7b:19:18:75:8d:e8:ec:
54:fc:22:f1:6c:cf:7a:2a:ee:7b:29:25:d6:89:30:66:44:dc:
a5:a6:b5:0c:00:94:fd:9b:b5:8a:30:ed:82:31:7d:8a:48:81:
ed:5b:f1:76:96:73:33:b2:a8:3a:2f:ec:3d:88:aa:e6:19:bb:
2f:f6:0e:e1:5c:b3:22:bf:a9:f6:28:6e:09:35:1b:ad:a3:01:
36:8c:c0:44:e6:44:08:19:c1:0b:49:a8:38:7a:cd:3e:94:0c:
ad:3c:70:39:c6:a6:70:d2:79:29:cf:df:b3:67:0b:98:b1:86:
d9:88:51:c5
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUUQpluFxpRiu0FMHdpKjQrnjXujgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNjAyMjgwNjMwNDNaFw0yNjA1MjkyMzU5NTlaMHoxSTBHBgNV
BAUTQDM3ZTVhYmY5NzQ3ZThlOTIxMDIyMTA2MDljNjMzZjA1ZjhjM2ZhYWVhOWIy
MTc5NjViMTMwZmJjY2IzN2M3OTQxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJz35AJcZTPpGUoyCSsTeLQiGpX4V2Y+iMZD/uclz1f2WjXDJ0FTa8Su9olm
LZYVlCmDnlF/gVqJHOiUdBvpvZ/KC8zRpRkdKuK4Nolt6g7v22zGf5JpMdcI43cZ
QbuCxi/nvHJBEScpxoZJb7J47q5oUFLfD2RMapGA78xPLtcuHezsB3OgF9k8rd4g
Pc+Xe7z5+DzRsiSaRFpAGHhyA1mpFHSwSRZwQGwH/D+iUy9SR/Lsi+TS+WwUIBb0
4CjVxjNP05r2hGtYxWu3H1SnTrYfD3B8Mh8Fvrm8OLnSwrdcjQQJRUE3t4RTZXUL
iKRP/T6nDNFOwLr0PekFLrglgW0CAwEAAaOCAiAwggIcMB0GA1UdDgQWBBTbu3nV
zaaIYqZZBgAH24P4HuVfQzAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
NmRmOGFjY2MtYTUyNS00OWVjLWFkMTMtNzQwMWRlNjJmNzc1LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDAJ9tMA0G
CSqGSIb3DQEBCwUAA4IBAQDWkxfp7DoF9RvtzTdMY14+B8fY0Ssfa4mDSiN4uXtG
FojFgOFmYj6pO/xyTdpdTkc49Mt04EB2yoeBVU2YryAMTV1KgNbpHgr+hwRxn3hL
ogaeNA1vHC/wyoupimohK2XVrk8wAZv7UyCS6xkLZH36+r5akR6cO2+V2DuGIP/k
48JZfiiw6S1v2nsZGHWN6OxU/CLxbM96Ku57KSXWiTBmRNylprUMAJT9m7WKMO2C
MX2KSIHtW/F2lnMzsqg6L+w9iKrmGbsv9g7hXLMiv6n2KG4JNRutowE2jMBE5kQI
GcELSag4es0+lAytPHA5xqZw0nkpz9+zZwuYsYbZiFHF
-----END CERTIFICATE-----
Generated at Mon Mar 2 06:48:07 2026 by rpki-client