Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/83d64fad-2f6b-441a-9079-e9e60d149aec.roa
File: 83d64fad-2f6b-441a-9079-e9e60d149aec.roa (raw, json)
Hash identifier: ANdStzjjdPSriyHTQ9Pgjq2rtdTmaAEjV8T3T5NNwXI=
Subject key identifier: 22:E1:51:D4:4C:F7:1D:F0:68:C6:42:48:CE:B3:3F:BD:36:D2:2C:86
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 2278D1DEF1498569273CC0327075FF87BC96FECA
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/83d64fad-2f6b-441a-9079-e9e60d149aec.roa
Signing time: Sun 01 Mar 2026 01:00:09 +0000
ROA not before: Sun 01 Mar 2026 01:00:09 +0000
ROA not after: Sat 30 May 2026 23:59:59 +0000
asID: 16509
IP address blocks: 51.17.0.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 18:00:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
22:78:d1:de:f1:49:85:69:27:3c:c0:32:70:75:ff:87:bc:96:fe:ca
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Mar 1 01:00:09 2026 GMT
Not After : May 30 23:59:59 2026 GMT
Subject: serialNumber=2ae378b4d31d32bc38625c8bebbf187b84bd8fd629c54cadc67ec13fe370b0da, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d0:ae:e0:7d:4c:6f:df:ab:00:a7:ec:0c:c9:af:
9d:da:62:4c:f1:bd:df:a7:63:68:33:2a:61:ff:58:
68:24:84:b7:b0:57:32:29:0a:c9:e0:c6:b4:1e:94:
8b:9a:40:fe:8e:9e:84:8c:c3:fd:92:9c:2c:0d:27:
5b:7c:8d:cf:56:5a:ce:d5:dc:23:e6:67:82:15:c1:
26:74:3f:7a:65:ed:fe:53:f2:3a:fc:5e:52:66:0a:
91:e2:0f:bc:c8:f2:2b:4b:51:88:45:6c:94:6f:1f:
9e:0a:6e:8d:56:6a:27:8f:9a:7d:32:ea:20:1c:f5:
c4:1b:6d:d6:7b:3f:db:59:6c:fd:19:8a:ac:0d:08:
bc:20:12:05:66:f5:86:08:7d:0a:fb:62:3c:2a:63:
46:04:36:6a:c3:7c:8d:7f:0b:18:46:29:24:4e:9a:
f5:bf:6f:b7:3e:4e:6a:8c:a3:64:60:61:ff:9b:58:
a2:c5:10:7e:59:93:27:6e:ba:6f:9f:22:51:9a:4b:
9a:92:6b:f3:05:b3:7c:58:f3:47:6b:dd:50:52:9a:
71:c4:33:c1:85:df:7c:d7:9f:62:26:bb:4b:e9:60:
a5:53:9a:0f:24:b9:c0:91:f5:55:21:76:e3:48:e9:
23:66:f6:d4:c4:02:8b:c3:17:8d:46:7d:66:eb:d8:
35:3d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
22:E1:51:D4:4C:F7:1D:F0:68:C6:42:48:CE:B3:3F:BD:36:D2:2C:86
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/83d64fad-2f6b-441a-9079-e9e60d149aec.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
51.17.0.0/24
Signature Algorithm: sha256WithRSAEncryption
bc:fb:09:06:8d:51:b9:8e:ba:80:be:4e:04:f4:e5:57:ea:a2:
3e:1a:0b:21:d2:88:3f:be:f8:b2:f5:f7:46:07:fa:10:75:57:
7d:25:fe:f9:c7:1b:bc:61:7a:f6:4f:4d:2a:b5:0f:4d:76:63:
69:65:67:00:21:00:fb:83:39:7f:9b:c8:f7:80:99:ba:57:6f:
0b:06:8e:85:8f:26:b4:3a:51:e9:79:3f:b9:b4:ce:7b:09:b2:
22:5f:c8:ed:7b:67:a0:c8:87:c6:10:97:bb:9c:89:ed:f4:b2:
73:e9:1b:23:ab:8e:6c:16:88:71:1d:1f:d7:84:11:9f:fe:27:
e4:35:e8:5a:7a:f6:32:64:eb:47:38:f5:1b:fe:2d:f6:30:ee:
9a:86:55:6f:40:f6:84:21:59:d7:b8:d9:ab:8a:66:2f:44:15:
af:ba:02:0d:da:dc:8a:5d:17:55:35:15:f6:57:82:9b:88:a2:
bf:8f:15:14:62:8f:21:32:15:e1:f9:0d:ba:b3:d4:a1:be:16:
07:7d:ad:12:10:71:42:2c:ec:0f:4f:11:5c:73:7b:dc:6f:6e:
f9:9f:56:74:9a:2a:dd:da:08:0a:48:b0:e2:7d:f0:d7:42:79:
6b:e2:93:f6:11:b1:9b:04:3e:07:98:bf:66:9f:49:a2:84:6a:
c5:3a:0a:c4
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUInjR3vFJhWknPMAycHX/h7yW/sowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNjAzMDEwMTAwMDlaFw0yNjA1MzAyMzU5NTlaMHoxSTBHBgNV
BAUTQDJhZTM3OGI0ZDMxZDMyYmMzODYyNWM4YmViYmYxODdiODRiZDhmZDYyOWM1
NGNhZGM2N2VjMTNmZTM3MGIwZGExLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANCu4H1Mb9+rAKfsDMmvndpiTPG936djaDMqYf9YaCSEt7BXMikKyeDGtB6U
i5pA/o6ehIzD/ZKcLA0nW3yNz1ZaztXcI+ZnghXBJnQ/emXt/lPyOvxeUmYKkeIP
vMjyK0tRiEVslG8fngpujVZqJ4+afTLqIBz1xBtt1ns/21ls/RmKrA0IvCASBWb1
hgh9CvtiPCpjRgQ2asN8jX8LGEYpJE6a9b9vtz5OaoyjZGBh/5tYosUQflmTJ266
b58iUZpLmpJr8wWzfFjzR2vdUFKaccQzwYXffNefYia7S+lgpVOaDyS5wJH1VSF2
40jpI2b21MQCi8MXjUZ9ZuvYNT0CAwEAAaOCAiEwggIdMB0GA1UdDgQWBBQi4VHU
TPcd8GjGQkjOsz+9NtIshjAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
ODNkNjRmYWQtMmY2Yi00NDFhLTkwNzktZTllNjBkMTQ5YWVjLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEADMRADAN
BgkqhkiG9w0BAQsFAAOCAQEAvPsJBo1RuY66gL5OBPTlV+qiPhoLIdKIP774svX3
Rgf6EHVXfSX++ccbvGF69k9NKrUPTXZjaWVnACEA+4M5f5vI94CZuldvCwaOhY8m
tDpR6Xk/ubTOewmyIl/I7XtnoMiHxhCXu5yJ7fSyc+kbI6uObBaIcR0f14QRn/4n
5DXoWnr2MmTrRzj1G/4t9jDumoZVb0D2hCFZ17jZq4pmL0QVr7oCDdrcil0XVTUV
9leCm4iiv48VFGKPITIV4fkNurPUob4WB32tEhBxQizsD08RXHN73G9u+Z9WdJoq
3doICkiw4n3w10J5a+KT9hGxmwQ+B5i/Zp9JooRqxToKxA==
-----END CERTIFICATE-----
Generated at Mon Mar 2 02:46:20 2026 by rpki-client