Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/87cbc454-e777-437d-a43a-911995d2a7ce.roa
File: 87cbc454-e777-437d-a43a-911995d2a7ce.roa (raw, json)
Hash identifier: 4F3fkJKuezTfLPW7ChLVPTjuNd7qsteM3NGUSCltwS8=
Subject key identifier: A9:8E:ED:B3:DB:7A:31:CD:85:2D:91:31:ED:DD:60:1F:61:7A:76:18
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 5CCABBF8AD173F743A9F0EF7C30C30DF0EB48979
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/87cbc454-e777-437d-a43a-911995d2a7ce.roa
Signing time: Fri 06 Feb 2026 00:40:25 +0000
ROA not before: Fri 06 Feb 2026 00:40:25 +0000
ROA not after: Thu 07 May 2026 23:59:59 +0000
asID: 16509
IP address blocks: 51.21.0.0/16 maxlen: 16
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 15:00:27 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
5c:ca:bb:f8:ad:17:3f:74:3a:9f:0e:f7:c3:0c:30:df:0e:b4:89:79
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Feb 6 00:40:25 2026 GMT
Not After : May 7 23:59:59 2026 GMT
Subject: serialNumber=e436daf9dc4764f8ff16b51689ff8506c5f5632c85f6633cec25594980f9f286, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:94:4c:0c:a0:27:d1:fc:f9:03:88:65:02:c0:e7:
36:d5:e9:56:9d:23:cd:85:d4:e1:c2:a1:0d:4f:6a:
a3:b7:f8:43:73:e7:8b:2e:3e:8e:2f:2c:e3:29:53:
a9:3e:12:91:cc:51:08:7e:a9:c8:cb:24:b0:e2:c2:
d6:10:28:e2:23:fb:e4:fa:d4:f7:ff:fa:ce:a7:73:
81:74:d6:00:15:59:1e:d5:22:fd:fa:90:13:cb:2a:
1e:20:35:63:41:7f:6e:d5:58:ab:c9:87:5e:60:ca:
1c:fc:16:67:76:37:0e:71:99:c1:32:00:38:6f:da:
a6:42:cf:97:1c:e8:82:3c:99:c0:3b:03:22:14:72:
c5:6b:b3:d5:60:79:3d:55:25:d2:8b:c4:2c:06:9b:
98:fb:c3:95:f4:7a:62:94:a2:3b:d7:57:66:c9:7c:
5d:9c:0b:48:e3:46:9e:df:1c:f9:d4:1f:a0:f3:db:
5d:82:10:79:9d:ea:b8:f2:43:4e:76:7e:66:2c:2a:
27:ae:3d:f0:b1:9d:f6:38:e7:6b:58:aa:78:27:09:
24:9f:f6:49:3f:f6:de:39:91:56:6f:e9:64:75:de:
ac:0a:23:59:b9:4b:04:d4:07:57:59:02:2b:b7:bd:
91:0c:d9:0e:ea:f1:42:46:4e:0b:e1:86:90:7b:a4:
10:71
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A9:8E:ED:B3:DB:7A:31:CD:85:2D:91:31:ED:DD:60:1F:61:7A:76:18
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/87cbc454-e777-437d-a43a-911995d2a7ce.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
51.21.0.0/16
Signature Algorithm: sha256WithRSAEncryption
84:db:d4:f0:71:47:bf:63:4f:29:6a:fb:3d:3e:78:cf:2c:88:
20:4c:15:cd:f6:89:43:30:ea:d7:7d:3d:5e:8c:b5:45:4a:e3:
9b:90:e5:fb:fb:07:f4:a3:ef:29:20:06:bc:bc:76:64:80:93:
4a:38:2d:c1:d2:16:47:41:2b:6a:df:51:2f:33:d3:3e:74:ed:
79:1a:30:d1:ef:4b:27:3e:d6:b7:d0:c2:71:56:25:95:8b:f3:
6c:9e:11:66:50:19:c3:ba:0a:02:63:46:df:28:5a:80:81:8b:
6f:84:00:89:00:8b:8b:4f:d3:1f:67:1f:37:b2:e0:ee:4d:75:
55:e4:94:aa:e3:3f:7d:d8:0d:4c:14:47:a6:57:4c:8e:a8:cb:
11:66:73:8f:61:aa:e9:87:46:78:00:f6:7f:75:ef:c4:34:38:
cf:17:ce:05:5b:05:a8:28:c5:c7:11:98:76:0f:b6:d5:d8:ba:
30:a6:f2:68:2e:64:8a:1a:a8:69:b8:3a:ce:28:33:0e:f0:cf:
b0:0e:0b:d6:72:4c:b7:98:e5:1e:f6:b6:a3:9c:b5:cb:ca:70:
50:51:50:7a:de:50:b3:48:74:63:33:97:19:1e:d3:bc:5f:9f:
09:10:f1:35:9a:5b:ca:04:db:bb:8b:78:c1:2a:9a:75:c5:75:
83:ed:23:a0
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUXMq7+K0XP3Q6nw73wwww3w60iXkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNjAyMDYwMDQwMjVaFw0yNjA1MDcyMzU5NTlaMHoxSTBHBgNV
BAUTQGU0MzZkYWY5ZGM0NzY0ZjhmZjE2YjUxNjg5ZmY4NTA2YzVmNTYzMmM4NWY2
NjMzY2VjMjU1OTQ5ODBmOWYyODYxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJRMDKAn0fz5A4hlAsDnNtXpVp0jzYXU4cKhDU9qo7f4Q3Pniy4+ji8s4ylT
qT4SkcxRCH6pyMsksOLC1hAo4iP75PrU9//6zqdzgXTWABVZHtUi/fqQE8sqHiA1
Y0F/btVYq8mHXmDKHPwWZ3Y3DnGZwTIAOG/apkLPlxzogjyZwDsDIhRyxWuz1WB5
PVUl0ovELAabmPvDlfR6YpSiO9dXZsl8XZwLSONGnt8c+dQfoPPbXYIQeZ3quPJD
TnZ+ZiwqJ6498LGd9jjna1iqeCcJJJ/2ST/23jmRVm/pZHXerAojWblLBNQHV1kC
K7e9kQzZDurxQkZOC+GGkHukEHECAwEAAaOCAiAwggIcMB0GA1UdDgQWBBSpju2z
23oxzYUtkTHt3WAfYXp2GDAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
ODdjYmM0NTQtZTc3Ny00MzdkLWE0M2EtOTExOTk1ZDJhN2NlLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDADMVMA0G
CSqGSIb3DQEBCwUAA4IBAQCE29TwcUe/Y08pavs9PnjPLIggTBXN9olDMOrXfT1e
jLVFSuObkOX7+wf0o+8pIAa8vHZkgJNKOC3B0hZHQStq31EvM9M+dO15GjDR70sn
Pta30MJxViWVi/NsnhFmUBnDugoCY0bfKFqAgYtvhACJAIuLT9MfZx83suDuTXVV
5JSq4z992A1MFEemV0yOqMsRZnOPYarph0Z4APZ/de/ENDjPF84FWwWoKMXHEZh2
D7bV2LowpvJoLmSKGqhpuDrOKDMO8M+wDgvWcky3mOUe9rajnLXLynBQUVB63lCz
SHRjM5cZHtO8X58JEPE1mlvKBNu7i3jBKpp1xXWD7SOg
-----END CERTIFICATE-----
Generated at Sun Mar 1 21:45:25 2026 by rpki-client