Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/795bae65-e494-4497-8c64-6c78c5a4b388.roa
File: 795bae65-e494-4497-8c64-6c78c5a4b388.roa (raw, json)
Hash identifier: UkxqiAmDhlaX5ngR/0bKLocw1H1arh+r8C0xOfopXXY=
Subject key identifier: 8B:23:04:7B:AF:09:DE:7A:43:71:D7:3B:62:E2:65:9A:67:A9:A7:AA
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 5F4295774B3B1BF749DF64B247C35A622DAFECF3
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/795bae65-e494-4497-8c64-6c78c5a4b388.roa
Signing time: Sun 01 Mar 2026 01:00:13 +0000
ROA not before: Sun 01 Mar 2026 01:00:13 +0000
ROA not after: Sat 30 May 2026 23:59:59 +0000
asID: 16509
IP address blocks: 51.0.104.0/21 maxlen: 21
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 15:00:27 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
5f:42:95:77:4b:3b:1b:f7:49:df:64:b2:47:c3:5a:62:2d:af:ec:f3
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Mar 1 01:00:13 2026 GMT
Not After : May 30 23:59:59 2026 GMT
Subject: serialNumber=1ae58ea4509a60edb5cb7786308687b68b9eb36ad238cb6b60330ea77e3600a3, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:91:87:5f:30:c2:f9:5c:98:c9:f2:66:0d:cf:55:
8c:d3:93:2a:48:4f:d3:85:be:cc:2b:8f:bc:6b:6a:
d7:78:b9:9c:6d:e3:f2:f9:3f:c8:a7:07:37:8f:2d:
c5:27:2a:18:1d:8e:ad:b3:75:9b:76:98:dd:5a:ef:
90:e9:53:7e:47:86:41:bc:ab:be:44:a3:a5:1c:2f:
25:a7:8c:cf:d0:9d:7d:da:e1:20:33:13:d8:dc:c9:
f7:64:92:9e:6c:d2:78:c0:48:b0:b2:28:bf:4d:7c:
ad:d0:c1:0c:e6:f7:ee:4a:9d:92:6d:52:b9:dd:8f:
d9:80:7a:9b:ae:4e:72:7b:b6:75:6d:f1:43:a1:11:
62:93:d3:8a:17:a4:f0:f2:7a:68:b2:4c:ae:3c:c5:
98:03:d2:7b:bc:ba:2e:f9:72:fa:e8:02:cc:9b:4a:
5a:d0:ad:b6:69:59:1d:02:1a:f9:c6:49:cb:d4:0b:
d9:1d:02:b1:e2:97:1c:c7:7a:e3:b3:39:0d:b4:36:
37:3b:2a:81:bc:c6:48:8d:bf:c6:e2:64:89:34:fa:
c3:ae:1d:2d:4b:23:a5:50:bb:1e:1a:56:e0:3a:03:
00:4a:02:11:a8:ba:80:b6:32:fa:45:73:79:1d:8d:
60:83:e1:89:a6:43:10:81:6d:91:b7:59:66:e3:7d:
1b:99
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8B:23:04:7B:AF:09:DE:7A:43:71:D7:3B:62:E2:65:9A:67:A9:A7:AA
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/795bae65-e494-4497-8c64-6c78c5a4b388.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
51.0.104.0/21
Signature Algorithm: sha256WithRSAEncryption
ab:4b:78:33:a4:33:d1:c0:66:a6:c3:0e:69:da:c3:f1:2d:9d:
cd:77:93:b5:db:e7:65:ce:bf:a6:79:5d:1b:8a:2c:f6:a7:0c:
f0:75:f2:65:34:f0:ad:e1:a0:8d:7d:d1:e9:57:9b:7e:13:54:
4d:ab:55:64:f3:b1:06:a1:4b:f0:87:ca:3e:39:e6:23:bc:15:
f3:11:07:25:3a:af:6c:84:bc:5b:a2:d0:5c:b5:6a:1c:f2:b4:
7b:c3:f2:3c:e4:dd:87:2d:1b:e9:61:6f:a1:05:7e:8b:f5:17:
3b:dc:8f:bc:3a:4d:17:07:ff:5b:5f:db:8d:34:ae:ba:84:0c:
13:5f:b5:d3:37:bc:55:83:f9:41:d8:01:c9:f9:38:3f:42:c3:
e0:35:f1:46:b0:b5:1d:22:92:f7:22:b2:06:37:49:11:c5:60:
57:5c:70:14:e5:e1:62:08:60:5a:9e:e6:0b:68:b1:5d:b9:02:
93:dd:b6:04:17:86:0c:a6:90:0b:f4:49:39:f3:35:a9:94:3b:
09:db:a4:18:ca:f4:cf:f0:b1:03:7d:2c:d2:f1:f0:bb:7e:a9:
9f:e6:9a:97:e5:f7:ff:90:2a:1c:7b:d6:d6:37:37:ed:0d:df:
f2:6d:36:f3:ba:54:bc:71:f3:13:17:d3:e8:cc:75:e3:3f:24:
70:4e:11:96
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUX0KVd0s7G/dJ32SyR8NaYi2v7PMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNjAzMDEwMTAwMTNaFw0yNjA1MzAyMzU5NTlaMHoxSTBHBgNV
BAUTQDFhZTU4ZWE0NTA5YTYwZWRiNWNiNzc4NjMwODY4N2I2OGI5ZWIzNmFkMjM4
Y2I2YjYwMzMwZWE3N2UzNjAwYTMxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJGHXzDC+VyYyfJmDc9VjNOTKkhP04W+zCuPvGtq13i5nG3j8vk/yKcHN48t
xScqGB2OrbN1m3aY3VrvkOlTfkeGQbyrvkSjpRwvJaeMz9CdfdrhIDMT2NzJ92SS
nmzSeMBIsLIov018rdDBDOb37kqdkm1Sud2P2YB6m65Ocnu2dW3xQ6ERYpPTihek
8PJ6aLJMrjzFmAPSe7y6Lvly+ugCzJtKWtCttmlZHQIa+cZJy9QL2R0CseKXHMd6
47M5DbQ2NzsqgbzGSI2/xuJkiTT6w64dLUsjpVC7HhpW4DoDAEoCEai6gLYy+kVz
eR2NYIPhiaZDEIFtkbdZZuN9G5kCAwEAAaOCAiEwggIdMB0GA1UdDgQWBBSLIwR7
rwneekNx1zti4mWaZ6mnqjAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
Nzk1YmFlNjUtZTQ5NC00NDk3LThjNjQtNmM3OGM1YTRiMzg4LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAzMAaDAN
BgkqhkiG9w0BAQsFAAOCAQEAq0t4M6Qz0cBmpsMOadrD8S2dzXeTtdvnZc6/pnld
G4os9qcM8HXyZTTwreGgjX3R6VebfhNUTatVZPOxBqFL8IfKPjnmI7wV8xEHJTqv
bIS8W6LQXLVqHPK0e8PyPOTdhy0b6WFvoQV+i/UXO9yPvDpNFwf/W1/bjTSuuoQM
E1+10ze8VYP5QdgByfk4P0LD4DXxRrC1HSKS9yKyBjdJEcVgV1xwFOXhYghgWp7m
C2ixXbkCk922BBeGDKaQC/RJOfM1qZQ7CdukGMr0z/CxA30s0vHwu36pn+aal+X3
/5AqHHvW1jc37Q3f8m0287pUvHHzExfT6Mx14z8kcE4Rlg==
-----END CERTIFICATE-----
Generated at Mon Mar 2 01:26:58 2026 by rpki-client