Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/8ee7bd52-fc09-4c49-af31-341b51b405e0.roa
File: 8ee7bd52-fc09-4c49-af31-341b51b405e0.roa (raw, json)
Hash identifier: tSRUlbz60oFXulq7YH11Uu29fkwu4L53UBLHUVZTopg=
Subject key identifier: E9:D7:E5:B0:91:60:FF:16:37:86:60:AD:8E:84:68:B2:63:16:55:77
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 3123B37FFB5C1951502612D73F0365283E0468E4
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/8ee7bd52-fc09-4c49-af31-341b51b405e0.roa
Signing time: Sat 28 Feb 2026 06:30:12 +0000
ROA not before: Sat 28 Feb 2026 06:30:12 +0000
ROA not after: Fri 29 May 2026 23:59:59 +0000
asID: 16509
IP address blocks: 194.234.0.0/15 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 15:00:27 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
31:23:b3:7f:fb:5c:19:51:50:26:12:d7:3f:03:65:28:3e:04:68:e4
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Feb 28 06:30:12 2026 GMT
Not After : May 29 23:59:59 2026 GMT
Subject: serialNumber=3597d501411452972142356180df8bffef1466fb6d7f7a16fcc3c976d3232f7b, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a3:25:ba:63:e9:f1:a9:78:e3:61:1e:78:2e:be:
8d:64:50:6f:98:d4:53:c7:85:d0:e1:7f:a7:ad:b7:
ef:a2:c1:70:2a:73:e6:ef:2a:e1:a4:be:5a:c5:41:
a3:37:c1:42:b4:24:b2:84:fd:da:95:3e:cb:c7:ee:
1c:88:98:e0:e9:4a:90:0a:35:68:26:35:4c:00:2e:
fa:01:db:35:4c:78:87:e4:7e:4d:9d:84:fe:0b:c5:
89:a4:1f:4c:9b:89:2d:0d:c9:5c:64:cd:44:31:5e:
09:20:74:82:90:57:a4:a9:b6:76:c9:6a:0e:f6:9b:
fc:16:63:a1:47:73:44:43:0b:1c:96:9b:b9:74:30:
de:08:fd:7d:84:e6:30:20:25:c6:20:15:15:92:a0:
36:df:81:4b:91:a4:61:f9:86:2d:1f:fe:2d:87:9e:
0e:69:9b:d7:91:41:7d:44:04:66:3b:c5:44:95:d5:
0f:32:92:60:1d:5a:96:68:de:f6:3f:6f:1e:f6:38:
49:98:7f:9c:a5:f3:b2:86:ca:e3:02:85:03:53:bf:
74:e0:cc:bd:84:6d:46:6b:2e:9e:3f:fe:51:ef:f1:
f5:0b:4d:ed:cc:11:5a:7c:0d:19:c1:84:b0:e4:d6:
37:b4:20:ee:2f:f2:d5:e7:53:95:64:fc:75:57:9b:
87:ff
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E9:D7:E5:B0:91:60:FF:16:37:86:60:AD:8E:84:68:B2:63:16:55:77
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/8ee7bd52-fc09-4c49-af31-341b51b405e0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
194.234.0.0/15
Signature Algorithm: sha256WithRSAEncryption
ab:03:53:c6:73:05:5f:be:9a:00:64:2a:c4:b7:7a:be:cd:80:
17:0e:f2:7c:19:a0:38:ad:c7:13:25:c7:26:c5:e5:1b:37:f5:
56:f3:dd:d1:c4:3b:b3:6f:2a:d1:57:3b:0b:63:23:dc:fc:87:
f9:a0:a8:b4:70:c0:7f:bd:8b:f3:0e:b9:07:e7:ca:42:9e:65:
f4:59:62:34:7e:75:69:8f:10:94:d1:1f:ff:27:18:d3:92:e5:
40:ba:14:ac:7c:6a:cc:f1:24:ff:27:99:8a:09:0a:b2:eb:ed:
b8:99:ce:07:cb:17:1a:b6:e9:8c:37:2b:35:21:e3:bb:ef:3d:
5b:70:1d:7f:07:10:02:d4:78:90:7c:c3:48:fe:fc:1b:b7:06:
64:29:91:d9:39:5c:de:f5:2f:c9:ff:08:a4:34:69:bf:b0:43:
00:bf:65:6b:3f:e3:34:cb:1b:7a:40:76:5d:19:3a:58:71:fd:
17:10:39:54:fb:5c:80:55:c9:7b:44:f3:01:12:93:69:db:99:
0b:9b:e5:b4:dd:36:32:d4:23:43:57:ad:e8:d7:f1:94:37:ac:
7b:0c:62:cb:ae:11:6c:c9:2b:ca:7d:c2:6a:72:4c:87:36:95:
d5:09:fc:35:1c:bc:07:0f:29:da:bf:7c:47:97:c0:4f:89:20:
19:03:02:4b
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUMSOzf/tcGVFQJhLXPwNlKD4EaOQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNjAyMjgwNjMwMTJaFw0yNjA1MjkyMzU5NTlaMHoxSTBHBgNV
BAUTQDM1OTdkNTAxNDExNDUyOTcyMTQyMzU2MTgwZGY4YmZmZWYxNDY2ZmI2ZDdm
N2ExNmZjYzNjOTc2ZDMyMzJmN2IxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKMlumPp8al442EeeC6+jWRQb5jUU8eF0OF/p62376LBcCpz5u8q4aS+WsVB
ozfBQrQksoT92pU+y8fuHIiY4OlKkAo1aCY1TAAu+gHbNUx4h+R+TZ2E/gvFiaQf
TJuJLQ3JXGTNRDFeCSB0gpBXpKm2dslqDvab/BZjoUdzREMLHJabuXQw3gj9fYTm
MCAlxiAVFZKgNt+BS5GkYfmGLR/+LYeeDmmb15FBfUQEZjvFRJXVDzKSYB1almje
9j9vHvY4SZh/nKXzsobK4wKFA1O/dODMvYRtRmsunj/+Ue/x9QtN7cwRWnwNGcGE
sOTWN7Qg7i/y1edTlWT8dVebh/8CAwEAAaOCAiAwggIcMB0GA1UdDgQWBBTp1+Ww
kWD/FjeGYK2OhGiyYxZVdzAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
OGVlN2JkNTItZmMwOS00YzQ5LWFmMzEtMzQxYjUxYjQwNWUwLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDAcLqMA0G
CSqGSIb3DQEBCwUAA4IBAQCrA1PGcwVfvpoAZCrEt3q+zYAXDvJ8GaA4rccTJccm
xeUbN/VW893RxDuzbyrRVzsLYyPc/If5oKi0cMB/vYvzDrkH58pCnmX0WWI0fnVp
jxCU0R//JxjTkuVAuhSsfGrM8ST/J5mKCQqy6+24mc4HyxcatumMNys1IeO77z1b
cB1/BxAC1HiQfMNI/vwbtwZkKZHZOVze9S/J/wikNGm/sEMAv2VrP+M0yxt6QHZd
GTpYcf0XEDlU+1yAVcl7RPMBEpNp25kLm+W03TYy1CNDV63o1/GUN6x7DGLLrhFs
ySvKfcJqckyHNpXVCfw1HLwHDynav3xHl8BPiSAZAwJL
-----END CERTIFICATE-----
Generated at Sun Mar 1 22:14:54 2026 by rpki-client