Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/709c8cf6-9d5d-47d6-8b70-40eff8390658.roa
File: 709c8cf6-9d5d-47d6-8b70-40eff8390658.roa (raw, json)
Hash identifier: PIn3b/T3xb+teQtvsTa3ftP/aL5uBVph8B/jbMjNGao=
Subject key identifier: DA:DC:32:13:C5:D9:77:AC:2B:3D:F8:05:33:76:17:1F:C4:25:48:DE
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 14247EDCC489A1FEF905A74383F41D73241CDC1B
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/709c8cf6-9d5d-47d6-8b70-40eff8390658.roa
Signing time: Sat 28 Feb 2026 06:30:56 +0000
ROA not before: Sat 28 Feb 2026 06:30:56 +0000
ROA not after: Fri 29 May 2026 23:59:59 +0000
asID: 16509
IP address blocks: 51.220.0.0/15 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 15:00:27 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
14:24:7e:dc:c4:89:a1:fe:f9:05:a7:43:83:f4:1d:73:24:1c:dc:1b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Feb 28 06:30:56 2026 GMT
Not After : May 29 23:59:59 2026 GMT
Subject: serialNumber=5878e57cc4d1b08d9573420f62f5bd5234c08fe7853159f39ba93e63d923a7a0, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d0:ea:e8:bc:af:46:bd:1f:9e:8d:eb:44:a9:18:
13:c2:4f:b4:ef:9b:ed:37:7f:7f:2d:b6:83:ef:45:
4b:17:bb:13:54:3f:4b:22:0d:69:c6:70:75:0e:f9:
74:ac:95:f7:e4:cb:b2:a6:ff:5a:3d:e7:1d:58:e6:
44:af:69:3f:be:0c:1a:3c:32:e8:67:07:b4:7a:3b:
24:8e:32:d7:57:58:cb:7a:08:41:09:0c:47:de:40:
f4:6f:0f:9e:2d:54:5d:a5:af:52:65:03:b5:61:a8:
80:5c:3f:98:d7:8a:1e:7e:65:48:16:4f:26:d0:85:
0a:bb:64:5b:55:35:bb:c1:9a:57:cc:3b:b0:c5:b8:
97:70:19:f2:e8:33:cb:42:eb:b5:7d:26:4b:dc:07:
9c:ba:cc:ad:6f:f3:29:79:13:4a:d4:c8:1b:75:39:
e1:b4:55:32:51:18:91:b4:1b:27:fe:30:3d:b8:58:
f1:52:8c:8f:a2:6a:88:e6:e9:9d:22:ae:75:00:80:
7d:04:22:51:6a:79:23:97:06:08:9a:5b:59:ac:8f:
be:b7:4f:81:28:37:df:6e:f8:f5:49:82:2f:3b:9c:
de:d4:1e:fe:cc:07:a2:66:9f:81:fe:b7:b9:a4:3d:
d4:09:28:58:38:79:7b:2b:0d:1c:97:63:75:0e:64:
cc:a3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DA:DC:32:13:C5:D9:77:AC:2B:3D:F8:05:33:76:17:1F:C4:25:48:DE
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/709c8cf6-9d5d-47d6-8b70-40eff8390658.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
51.220.0.0/15
Signature Algorithm: sha256WithRSAEncryption
d2:9f:3a:77:a5:09:89:23:c4:4a:30:60:bc:9b:5f:25:81:be:
7f:e5:83:e6:4f:ac:c3:75:2f:d6:6a:78:5c:ba:94:6e:6a:8e:
86:e4:01:9d:b3:e4:87:31:da:10:18:af:c0:3b:a0:5e:d0:e6:
71:63:a7:3c:00:d0:3d:84:80:b3:dd:ab:d0:85:14:ec:05:05:
3b:fe:d2:aa:79:29:84:3e:6b:e3:72:39:ac:0f:74:f8:a1:15:
aa:05:5c:fb:ad:aa:b1:a9:c7:e4:c0:14:1f:18:66:42:8c:e3:
e6:b8:94:ab:0e:dd:88:12:5a:08:dc:7f:20:37:03:48:d6:57:
27:e8:f9:bf:0c:4d:f6:a7:cb:6b:e7:9b:a0:10:81:4d:5c:50:
94:6b:e6:0f:ab:af:f5:13:2c:96:c8:3f:9c:f9:89:81:d0:cd:
75:e6:04:1d:0e:4b:69:f2:93:a5:f0:76:d3:2d:09:92:74:67:
62:dc:9d:14:7b:03:e6:9a:a9:85:5a:3f:ee:3b:eb:e0:0e:37:
bb:54:ca:eb:36:9a:0f:40:13:1c:32:e3:53:27:16:40:bd:c4:
0e:fe:3d:d4:48:42:0a:06:e7:f7:cd:ee:30:d4:b3:40:fc:d6:
fa:5e:41:25:89:ab:12:8a:05:f7:93:22:c1:9f:fb:5e:9f:74:
c3:64:ff:79
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUFCR+3MSJof75BadDg/QdcyQc3BswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNjAyMjgwNjMwNTZaFw0yNjA1MjkyMzU5NTlaMHoxSTBHBgNV
BAUTQDU4NzhlNTdjYzRkMWIwOGQ5NTczNDIwZjYyZjViZDUyMzRjMDhmZTc4NTMx
NTlmMzliYTkzZTYzZDkyM2E3YTAxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANDq6LyvRr0fno3rRKkYE8JPtO+b7Td/fy22g+9FSxe7E1Q/SyINacZwdQ75
dKyV9+TLsqb/Wj3nHVjmRK9pP74MGjwy6GcHtHo7JI4y11dYy3oIQQkMR95A9G8P
ni1UXaWvUmUDtWGogFw/mNeKHn5lSBZPJtCFCrtkW1U1u8GaV8w7sMW4l3AZ8ugz
y0LrtX0mS9wHnLrMrW/zKXkTStTIG3U54bRVMlEYkbQbJ/4wPbhY8VKMj6JqiObp
nSKudQCAfQQiUWp5I5cGCJpbWayPvrdPgSg332749UmCLzuc3tQe/swHomafgf63
uaQ91AkoWDh5eysNHJdjdQ5kzKMCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBTa3DIT
xdl3rCs9+AUzdhcfxCVI3jAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
NzA5YzhjZjYtOWQ1ZC00N2Q2LThiNzAtNDBlZmY4MzkwNjU4LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDATPcMA0G
CSqGSIb3DQEBCwUAA4IBAQDSnzp3pQmJI8RKMGC8m18lgb5/5YPmT6zDdS/Wanhc
upRuao6G5AGds+SHMdoQGK/AO6Be0OZxY6c8ANA9hICz3avQhRTsBQU7/tKqeSmE
PmvjcjmsD3T4oRWqBVz7raqxqcfkwBQfGGZCjOPmuJSrDt2IEloI3H8gNwNI1lcn
6Pm/DE32p8tr55ugEIFNXFCUa+YPq6/1EyyWyD+c+YmB0M115gQdDktp8pOl8HbT
LQmSdGdi3J0UewPmmqmFWj/uO+vgDje7VMrrNpoPQBMcMuNTJxZAvcQO/j3USEIK
Buf3ze4w1LNA/Nb6XkEliasSigX3kyLBn/ten3TDZP95
-----END CERTIFICATE-----
Generated at Sun Mar 1 21:48:47 2026 by rpki-client