Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/84c43b95-85d3-4c1d-a6be-cf17906f11c4.roa
File: 84c43b95-85d3-4c1d-a6be-cf17906f11c4.roa (raw, json)
Hash identifier: 6hPQzHC9cfBM7V9PvScMxkq5+gJirxvDvCND4PMn7YU=
Subject key identifier: B7:4A:DF:3D:A4:2E:95:B5:AE:5B:49:5B:D1:E7:DD:BA:06:70:EC:57
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 0C91B9B356C066A8BE47E2E84D9C6E7A49334B7C
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/84c43b95-85d3-4c1d-a6be-cf17906f11c4.roa
Signing time: Sat 28 Feb 2026 06:40:45 +0000
ROA not before: Sat 28 Feb 2026 06:40:45 +0000
ROA not after: Fri 29 May 2026 23:59:59 +0000
asID: 16509
IP address blocks: 51.236.0.0/15 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 15:00:27 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
0c:91:b9:b3:56:c0:66:a8:be:47:e2:e8:4d:9c:6e:7a:49:33:4b:7c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Feb 28 06:40:45 2026 GMT
Not After : May 29 23:59:59 2026 GMT
Subject: serialNumber=ad0b212ac9a9313741da2b0eebcd5559f863417ec87a0c75fd0d3618a3f98ced, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:dd:74:db:cc:1c:2f:a0:e9:46:a1:87:ff:41:36:
9d:43:ce:18:a6:f6:77:58:f6:c9:2f:b9:03:d1:49:
bf:eb:7c:1c:d7:ab:a8:11:0f:62:8f:05:4c:7b:0d:
75:2e:38:37:cb:15:56:44:f9:db:77:e3:92:37:f9:
f2:40:07:ab:3a:44:24:8e:54:d7:9f:ca:08:a9:a6:
65:88:85:15:2f:72:8c:9c:6e:a0:c0:b4:0f:26:d1:
d9:f6:3a:06:6b:18:45:78:b0:ac:ce:ea:b3:14:6a:
7a:f7:48:da:b0:4d:ad:55:e5:92:11:32:ed:fd:20:
6b:23:57:b7:5c:98:01:19:5b:99:54:10:50:37:7b:
81:84:1e:0f:ba:3c:d7:07:28:23:20:98:ea:34:57:
b2:ea:50:0b:96:a8:bc:de:77:87:47:b1:f2:80:da:
08:a0:68:16:97:7d:8f:d5:4d:39:74:a6:ae:23:ea:
79:16:92:05:05:f9:47:56:a8:8e:e4:1a:1a:70:9f:
0c:00:51:f7:aa:9d:bc:1f:77:34:9f:4e:11:93:c6:
e4:35:e7:ca:69:f3:93:9b:b9:6b:1f:63:38:70:08:
f9:fe:b3:0e:10:66:76:99:fa:e4:be:00:6c:e4:12:
3d:3c:5d:a6:ce:00:10:87:7f:c5:ae:8f:34:b9:04:
6a:a1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B7:4A:DF:3D:A4:2E:95:B5:AE:5B:49:5B:D1:E7:DD:BA:06:70:EC:57
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/84c43b95-85d3-4c1d-a6be-cf17906f11c4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
51.236.0.0/15
Signature Algorithm: sha256WithRSAEncryption
89:b0:52:2b:89:34:a9:1e:30:7d:61:87:b9:25:5a:b2:78:77:
e2:07:aa:fd:fb:e3:00:47:00:4d:e3:07:6a:fb:9b:29:ed:46:
0b:88:10:69:6a:bc:54:10:77:b7:df:c6:cb:e3:a9:8e:42:79:
58:d0:4f:22:ff:d8:da:01:35:b1:81:86:47:ff:79:1d:80:43:
dc:7d:64:24:6a:a8:44:72:d8:8e:25:df:f2:39:70:62:32:14:
8e:e1:48:6c:ec:cd:24:b1:56:b5:c8:ce:26:d2:cf:aa:de:6e:
b1:5c:bd:14:ec:12:e6:ff:68:0d:35:8f:18:38:5c:34:3d:cc:
90:bf:f0:23:da:d1:54:61:1a:76:4a:b9:5c:9a:07:7d:cb:5d:
27:8f:6f:41:c1:80:b7:42:1d:4b:8b:fa:5a:1d:62:f3:6b:5a:
9a:75:32:f8:c2:22:67:00:09:b1:8d:40:d6:60:73:57:3f:65:
bb:d1:4c:fa:da:60:cd:3a:a4:a2:71:5c:c5:e4:71:24:ec:22:
6d:c4:8e:4e:66:ed:b7:13:75:f4:71:bd:d2:10:ac:3f:ee:73:
51:6f:e8:f0:38:69:67:ca:ab:fc:2d:b7:c0:a0:68:8b:c3:59:
d1:8f:22:ed:d8:e6:5e:38:b0:83:d5:6f:ca:6c:91:7f:d9:ab:
ce:53:41:0c
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUDJG5s1bAZqi+R+LoTZxuekkzS3wwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNjAyMjgwNjQwNDVaFw0yNjA1MjkyMzU5NTlaMHoxSTBHBgNV
BAUTQGFkMGIyMTJhYzlhOTMxMzc0MWRhMmIwZWViY2Q1NTU5Zjg2MzQxN2VjODdh
MGM3NWZkMGQzNjE4YTNmOThjZWQxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAN1028wcL6DpRqGH/0E2nUPOGKb2d1j2yS+5A9FJv+t8HNerqBEPYo8FTHsN
dS44N8sVVkT523fjkjf58kAHqzpEJI5U15/KCKmmZYiFFS9yjJxuoMC0DybR2fY6
BmsYRXiwrM7qsxRqevdI2rBNrVXlkhEy7f0gayNXt1yYARlbmVQQUDd7gYQeD7o8
1wcoIyCY6jRXsupQC5aovN53h0ex8oDaCKBoFpd9j9VNOXSmriPqeRaSBQX5R1ao
juQaGnCfDABR96qdvB93NJ9OEZPG5DXnymnzk5u5ax9jOHAI+f6zDhBmdpn65L4A
bOQSPTxdps4AEId/xa6PNLkEaqECAwEAAaOCAiAwggIcMB0GA1UdDgQWBBS3St89
pC6Vta5bSVvR5926BnDsVzAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
ODRjNDNiOTUtODVkMy00YzFkLWE2YmUtY2YxNzkwNmYxMWM0LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDATPsMA0G
CSqGSIb3DQEBCwUAA4IBAQCJsFIriTSpHjB9YYe5JVqyeHfiB6r9++MARwBN4wdq
+5sp7UYLiBBparxUEHe338bL46mOQnlY0E8i/9jaATWxgYZH/3kdgEPcfWQkaqhE
ctiOJd/yOXBiMhSO4Uhs7M0ksVa1yM4m0s+q3m6xXL0U7BLm/2gNNY8YOFw0PcyQ
v/Aj2tFUYRp2Srlcmgd9y10nj29BwYC3Qh1Li/paHWLza1qadTL4wiJnAAmxjUDW
YHNXP2W70Uz62mDNOqSicVzF5HEk7CJtxI5OZu23E3X0cb3SEKw/7nNRb+jwOGln
yqv8LbfAoGiLw1nRjyLt2OZeOLCD1W/KbJF/2avOU0EM
-----END CERTIFICATE-----
Generated at Sun Mar 1 21:51:49 2026 by rpki-client