Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/7b957dae-110a-40bf-9710-191cf24c9e94.roa
File: 7b957dae-110a-40bf-9710-191cf24c9e94.roa (raw, json)
Hash identifier: hr5Gk2slExcASCjCgpiv4e0a2TIWmxOxtJlhfkjbZow=
Subject key identifier: 2D:5D:3A:99:A6:D9:CC:DF:69:77:C2:EF:0F:F9:95:64:6B:4E:AE:20
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 01C0C0D5CE8DD3BC230AC1E50695859CCAE500F8
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/7b957dae-110a-40bf-9710-191cf24c9e94.roa
Signing time: Sun 01 Mar 2026 01:00:10 +0000
ROA not before: Sun 01 Mar 2026 01:00:10 +0000
ROA not after: Sat 30 May 2026 23:59:59 +0000
asID: 16509
IP address blocks: 51.0.96.0/21 maxlen: 21
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 15:00:27 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:c0:c0:d5:ce:8d:d3:bc:23:0a:c1:e5:06:95:85:9c:ca:e5:00:f8
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Mar 1 01:00:10 2026 GMT
Not After : May 30 23:59:59 2026 GMT
Subject: serialNumber=2cb727b21ae64a66f1b2c16e30c86d12efe06df8cd2fdadbbfd6e2d6909e8b96, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d5:b8:8c:cc:bd:f8:e7:92:da:81:13:38:65:12:
f4:a0:9d:d7:e4:85:ff:f1:0c:9f:c2:d2:a6:06:f7:
1e:e3:94:f3:1e:15:13:2c:97:a8:e8:77:e9:56:d1:
56:4d:0a:fe:13:6b:42:8f:73:7c:c4:fa:03:b8:7a:
33:19:e3:95:4e:a6:3a:ba:19:7a:6c:ae:be:5a:dd:
fb:f4:0f:88:72:0b:67:12:70:7f:fe:05:24:33:24:
0c:3e:eb:5a:ce:19:08:ca:2f:20:5e:21:81:bd:53:
f3:c5:2a:a8:b7:45:c9:4a:10:98:b8:4b:91:c4:31:
ce:e0:b5:a3:98:10:fa:60:e2:42:69:95:96:c2:ee:
59:20:04:60:f8:59:c2:92:f2:6b:d1:ab:9f:ad:48:
54:4a:5b:30:80:02:dd:c9:0a:26:4c:e5:2e:87:89:
c3:54:dd:a6:4c:e9:e7:88:22:ee:f7:80:98:9a:c0:
2f:9c:36:ed:aa:5c:00:6d:ee:72:ea:d4:0b:6e:4b:
bc:72:cb:d7:d9:0f:68:cf:c4:7c:34:88:46:59:5d:
fb:e1:ba:53:09:68:9c:ea:00:6c:e9:5c:7d:17:4e:
f6:cb:4e:ad:3b:bc:42:7d:ce:26:e8:13:d1:7d:28:
3b:a0:f6:20:1c:cc:3d:56:9d:b6:e8:96:7f:2f:ba:
64:13
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2D:5D:3A:99:A6:D9:CC:DF:69:77:C2:EF:0F:F9:95:64:6B:4E:AE:20
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/7b957dae-110a-40bf-9710-191cf24c9e94.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
51.0.96.0/21
Signature Algorithm: sha256WithRSAEncryption
2f:d2:58:1f:6d:bc:c3:39:6b:f2:48:a8:32:e1:99:bd:64:8c:
2b:db:6e:3f:ba:f8:e7:b7:1f:0f:80:77:da:b9:86:b5:ae:ac:
b4:3e:c6:96:22:60:03:b6:82:7c:73:40:dd:90:2f:f8:15:f4:
10:ba:2b:a1:e1:27:cc:83:8d:d3:dc:17:f6:e3:ce:15:2a:01:
e8:79:0f:32:1a:88:ff:f5:a9:f5:22:51:b5:ee:c0:8b:e2:3d:
b8:98:34:47:a0:9d:54:11:24:d9:13:4a:aa:59:de:3c:96:8b:
b1:4c:44:90:8a:53:55:18:46:26:c5:5c:c5:f9:85:89:42:29:
8d:03:c2:9f:c9:9e:3c:63:90:08:2f:8f:63:df:eb:37:a2:f5:
6b:a5:fd:e7:e5:48:3e:a9:c4:d0:f0:0a:c6:90:fa:b1:8b:44:
93:43:67:cd:33:6a:a9:1e:23:d9:45:1a:57:2b:78:cf:eb:a3:
04:a2:dd:04:72:94:c4:f2:ce:1b:a7:f6:3d:4b:04:54:1c:31:
c1:0c:7a:ad:0c:a2:1c:09:46:f7:aa:79:5e:1c:e0:5d:66:2e:
cc:a2:0f:9b:00:94:82:4a:2d:7b:03:5e:14:ae:c5:7e:41:48:
cd:6d:78:ea:83:0a:0b:22:59:89:dd:21:f3:8c:b8:fa:da:19:
2c:63:22:23
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUAcDA1c6N07wjCsHlBpWFnMrlAPgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNjAzMDEwMTAwMTBaFw0yNjA1MzAyMzU5NTlaMHoxSTBHBgNV
BAUTQDJjYjcyN2IyMWFlNjRhNjZmMWIyYzE2ZTMwYzg2ZDEyZWZlMDZkZjhjZDJm
ZGFkYmJmZDZlMmQ2OTA5ZThiOTYxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANW4jMy9+OeS2oETOGUS9KCd1+SF//EMn8LSpgb3HuOU8x4VEyyXqOh36VbR
Vk0K/hNrQo9zfMT6A7h6MxnjlU6mOroZemyuvlrd+/QPiHILZxJwf/4FJDMkDD7r
Ws4ZCMovIF4hgb1T88UqqLdFyUoQmLhLkcQxzuC1o5gQ+mDiQmmVlsLuWSAEYPhZ
wpLya9Grn61IVEpbMIAC3ckKJkzlLoeJw1Tdpkzp54gi7veAmJrAL5w27apcAG3u
curUC25LvHLL19kPaM/EfDSIRlld++G6UwlonOoAbOlcfRdO9stOrTu8Qn3OJugT
0X0oO6D2IBzMPVadtuiWfy+6ZBMCAwEAAaOCAiEwggIdMB0GA1UdDgQWBBQtXTqZ
ptnM32l3wu8P+ZVka06uIDAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
N2I5NTdkYWUtMTEwYS00MGJmLTk3MTAtMTkxY2YyNGM5ZTk0LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAzMAYDAN
BgkqhkiG9w0BAQsFAAOCAQEAL9JYH228wzlr8kioMuGZvWSMK9tuP7r457cfD4B3
2rmGta6stD7GliJgA7aCfHNA3ZAv+BX0ELoroeEnzION09wX9uPOFSoB6HkPMhqI
//Wp9SJRte7Ai+I9uJg0R6CdVBEk2RNKqlnePJaLsUxEkIpTVRhGJsVcxfmFiUIp
jQPCn8mePGOQCC+PY9/rN6L1a6X95+VIPqnE0PAKxpD6sYtEk0NnzTNqqR4j2UUa
Vyt4z+ujBKLdBHKUxPLOG6f2PUsEVBwxwQx6rQyiHAlG96p5XhzgXWYuzKIPmwCU
gkotewNeFK7FfkFIzW146oMKCyJZid0h84y4+toZLGMiIw==
-----END CERTIFICATE-----
Generated at Sun Mar 1 21:52:35 2026 by rpki-client