Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/7dc90e26-05aa-40c8-bbd0-967e095d6485.roa
File: 7dc90e26-05aa-40c8-bbd0-967e095d6485.roa (raw, json)
Hash identifier: lbiBhWvuypxQGkD6VDssagoPI168IklDcKjffh6PJiQ=
Subject key identifier: 0D:BA:05:E5:71:A4:DC:7B:60:F5:5B:7F:2E:DD:AE:ED:01:37:DD:00
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 431DA4B68B642FB0FBAEF9C10B6243503E0FBF34
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/7dc90e26-05aa-40c8-bbd0-967e095d6485.roa
Signing time: Sat 28 Feb 2026 06:40:07 +0000
ROA not before: Sat 28 Feb 2026 06:40:07 +0000
ROA not after: Fri 29 May 2026 23:59:59 +0000
asID: 16509
IP address blocks: 143.65.0.0/17 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 03 Mar 2026 00:00:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
43:1d:a4:b6:8b:64:2f:b0:fb:ae:f9:c1:0b:62:43:50:3e:0f:bf:34
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Feb 28 06:40:07 2026 GMT
Not After : May 29 23:59:59 2026 GMT
Subject: serialNumber=604eb960a5ece46d3ab247d5f64cece36c974821dab6b38e45df651946cae8f7, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a4:e6:66:08:3f:80:46:e6:28:f1:21:56:65:79:
7b:5d:85:0b:2d:a3:06:b5:c4:a4:4f:53:ce:96:e2:
8c:f8:3e:3e:cb:ad:1a:df:3c:5c:4d:a3:9f:b5:18:
4b:91:6c:4d:4b:5f:05:c8:67:2f:bc:62:5f:51:47:
43:25:ff:34:5f:a7:0f:31:c3:87:15:1c:58:e9:02:
6b:b7:9e:6b:11:ba:7e:5d:72:a7:e3:31:b5:d7:c1:
7f:8a:46:6e:6e:0c:74:8d:ed:05:e8:97:ec:aa:1d:
20:24:87:f6:4f:d2:fb:58:20:b0:80:27:eb:16:42:
ec:ae:77:ce:43:b5:f8:92:6b:6c:f9:36:1f:3b:88:
11:40:b9:23:6e:2a:9e:80:3b:28:5f:96:1b:a5:f9:
15:4d:70:9a:f1:29:d5:48:da:c1:0c:b0:6e:10:a0:
e6:ee:70:65:cd:8e:e7:b1:77:77:e6:40:00:3a:b0:
89:b3:68:40:27:7d:f6:c4:07:7d:c7:4d:88:bd:91:
50:5e:a2:26:a6:da:57:71:3e:4f:a0:a4:c1:ff:aa:
c5:d5:69:81:30:97:f7:a3:c6:9b:4d:25:4f:8f:30:
4b:b3:de:46:aa:b0:35:42:50:bb:38:ea:7b:39:94:
cf:4f:1f:0e:c1:75:b4:9b:7c:47:1d:06:2c:77:af:
e4:29
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0D:BA:05:E5:71:A4:DC:7B:60:F5:5B:7F:2E:DD:AE:ED:01:37:DD:00
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/7dc90e26-05aa-40c8-bbd0-967e095d6485.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
143.65.0.0/17
Signature Algorithm: sha256WithRSAEncryption
9d:25:a5:56:97:2e:cd:d7:17:a6:76:a0:f7:ba:00:b0:5a:a3:
82:27:9f:f3:1d:27:78:63:67:9a:27:b6:24:19:d6:08:92:34:
58:17:6c:1d:2e:b3:9a:fa:11:22:b7:64:d0:a2:2d:6a:ef:e0:
7d:ee:8c:07:d2:10:b7:69:02:7a:ff:ad:f4:40:18:82:8e:70:
9d:1b:7c:e6:a1:70:47:1a:71:3a:c6:87:94:d9:5a:59:6b:d7:
ed:fe:c1:31:79:06:34:7e:bb:d6:f5:47:fd:17:2c:5e:12:e3:
a0:9a:4d:f7:3e:72:36:dc:b7:3f:2f:10:a4:3c:13:24:85:97:
07:44:c4:5d:0e:7b:97:61:5d:59:ef:56:46:5a:a2:0b:05:7d:
c3:a9:05:91:68:b0:ab:e2:20:35:dd:d8:b7:bc:48:31:2b:60:
a4:59:02:fd:a5:f9:e7:10:4f:7f:1b:65:bb:a8:53:8f:1a:b6:
db:0c:b2:c2:ba:90:ce:4e:08:2b:00:bd:70:2f:1a:26:42:6a:
bc:7f:24:86:db:6e:8a:d8:87:c2:05:8c:44:b7:53:5b:a7:3c:
c4:7d:53:dd:a7:63:e4:0d:a3:9c:ec:b4:9a:81:6b:79:e5:0b:
00:3b:7b:3c:06:15:84:b5:5d:35:b6:0d:f1:3d:92:ea:43:93:
20:50:51:92
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUQx2ktotkL7D7rvnBC2JDUD4PvzQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNjAyMjgwNjQwMDdaFw0yNjA1MjkyMzU5NTlaMHoxSTBHBgNV
BAUTQDYwNGViOTYwYTVlY2U0NmQzYWIyNDdkNWY2NGNlY2UzNmM5NzQ4MjFkYWI2
YjM4ZTQ1ZGY2NTE5NDZjYWU4ZjcxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKTmZgg/gEbmKPEhVmV5e12FCy2jBrXEpE9TzpbijPg+PsutGt88XE2jn7UY
S5FsTUtfBchnL7xiX1FHQyX/NF+nDzHDhxUcWOkCa7eeaxG6fl1yp+MxtdfBf4pG
bm4MdI3tBeiX7KodICSH9k/S+1ggsIAn6xZC7K53zkO1+JJrbPk2HzuIEUC5I24q
noA7KF+WG6X5FU1wmvEp1UjawQywbhCg5u5wZc2O57F3d+ZAADqwibNoQCd99sQH
fcdNiL2RUF6iJqbaV3E+T6Ckwf+qxdVpgTCX96PGm00lT48wS7PeRqqwNUJQuzjq
ezmUz08fDsF1tJt8Rx0GLHev5CkCAwEAAaOCAiEwggIdMB0GA1UdDgQWBBQNugXl
caTce2D1W38u3a7tATfdADAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
N2RjOTBlMjYtMDVhYS00MGM4LWJiZDAtOTY3ZTA5NWQ2NDg1LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEB49BADAN
BgkqhkiG9w0BAQsFAAOCAQEAnSWlVpcuzdcXpnag97oAsFqjgief8x0neGNnmie2
JBnWCJI0WBdsHS6zmvoRIrdk0KItau/gfe6MB9IQt2kCev+t9EAYgo5wnRt85qFw
RxpxOsaHlNlaWWvX7f7BMXkGNH671vVH/RcsXhLjoJpN9z5yNty3Py8QpDwTJIWX
B0TEXQ57l2FdWe9WRlqiCwV9w6kFkWiwq+IgNd3Yt7xIMStgpFkC/aX55xBPfxtl
u6hTjxq22wyywrqQzk4IKwC9cC8aJkJqvH8khttuitiHwgWMRLdTW6c8xH1T3adj
5A2jnOy0moFreeULADt7PAYVhLVdNbYN8T2S6kOTIFBRkg==
-----END CERTIFICATE-----
Generated at Mon Mar 2 09:38:00 2026 by rpki-client