Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/94c2a36e-245b-439a-bf61-04132c5df5a4.roa
File: 94c2a36e-245b-439a-bf61-04132c5df5a4.roa (raw, json)
Hash identifier: P2UpX1kdGDk1kqrwM76ALTtH4FzO8ITRWujHeH/FPjs=
Subject key identifier: 7E:D7:FB:5C:E5:0E:20:9B:B5:DC:A2:93:3D:FA:BF:3F:C4:33:BD:69
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 717A2C10F8CA8FDC5ADD0BE97E2FB958967B09AB
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/94c2a36e-245b-439a-bf61-04132c5df5a4.roa
Signing time: Sat 28 Feb 2026 06:30:53 +0000
ROA not before: Sat 28 Feb 2026 06:30:53 +0000
ROA not after: Fri 29 May 2026 23:59:59 +0000
asID: 16509
IP address blocks: 51.35.0.0/16 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 15:00:27 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
71:7a:2c:10:f8:ca:8f:dc:5a:dd:0b:e9:7e:2f:b9:58:96:7b:09:ab
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Feb 28 06:30:53 2026 GMT
Not After : May 29 23:59:59 2026 GMT
Subject: serialNumber=3a722c6ba1f604d6e286504a21708c1df7c446fb9db6e6ffdc6e84abd8653635, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a0:ab:91:8c:5c:94:b9:f7:6c:8c:89:4f:01:73:
a9:67:8b:54:fa:46:f7:05:a3:85:ec:02:68:74:78:
34:59:37:f3:6f:3f:3d:c0:b8:dd:5c:06:7f:c7:29:
2a:67:f7:85:d6:47:23:f3:37:9c:6d:df:f9:c6:ed:
e6:a9:ff:5e:a6:8c:31:d8:f0:d5:2b:6d:83:e6:98:
a4:14:80:a0:ff:5c:ac:34:dc:e0:5d:af:22:4e:30:
4a:8a:b7:07:a7:bb:b0:94:b5:61:29:fa:6c:8b:fa:
87:47:bc:89:68:eb:75:41:97:91:e1:a1:a3:6d:cb:
8e:92:d5:cc:c9:b3:5d:ec:fe:50:b6:f3:74:27:71:
74:94:6d:6b:f7:43:1e:48:63:82:f4:02:48:82:3e:
83:b8:28:64:cb:0b:e3:d7:f9:00:b5:ab:1c:32:50:
ee:60:4d:14:ed:c8:d3:30:98:d5:2d:46:8b:ad:21:
5c:44:74:d8:2c:d0:a7:86:d8:1b:fc:7a:f4:34:7b:
7c:74:93:36:e4:e5:b1:dc:b2:46:cb:bb:86:88:56:
77:48:6b:a4:ec:59:83:ec:18:7e:12:8b:1a:ec:51:
fc:cf:53:35:9b:62:4c:53:19:53:3d:58:18:4a:a4:
a5:af:2f:ad:98:7b:7a:09:f5:7d:3f:29:05:79:b4:
bb:17
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7E:D7:FB:5C:E5:0E:20:9B:B5:DC:A2:93:3D:FA:BF:3F:C4:33:BD:69
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/94c2a36e-245b-439a-bf61-04132c5df5a4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
51.35.0.0/16
Signature Algorithm: sha256WithRSAEncryption
42:4b:1f:59:48:b5:5b:54:35:77:28:cc:f8:2f:d3:98:21:5f:
d6:6c:c8:6c:9a:23:90:80:5c:47:35:13:e1:fc:1a:5b:7a:1f:
c2:89:29:82:fa:37:a5:3c:e8:7c:9a:b5:61:90:46:ac:bc:23:
e8:8b:ee:89:c3:a7:38:e4:a2:86:05:b0:29:c3:5f:c6:ad:79:
f4:cf:98:d9:52:73:5a:5c:f7:9e:49:77:79:b4:03:ee:86:23:
76:1e:56:a0:d4:b7:dc:8e:88:68:7d:2b:76:7e:d2:bc:c0:3a:
06:3d:c7:e8:ac:d9:36:f1:d4:39:44:32:a8:1e:3f:5f:39:1e:
ad:30:6d:73:b0:7a:eb:25:80:ea:96:ae:16:61:f3:c6:a8:ea:
40:72:7d:80:a1:15:9b:77:50:25:c9:f4:1d:75:a5:21:aa:08:
ec:75:bf:2a:c0:22:fe:17:3a:9a:2f:7d:e5:44:8e:0c:01:b6:
c2:00:7e:3a:26:0b:2c:56:c3:83:d6:dd:1a:5c:15:e2:a6:02:
7a:3d:b0:e2:f4:0e:34:52:6f:01:a1:f5:7c:19:65:d1:a2:34:
9d:79:4f:7a:70:ff:c9:0e:81:14:b2:79:96:c2:77:14:0f:cd:
fc:6a:19:9a:77:41:e3:e3:c2:00:3f:de:82:02:a6:15:31:10:
be:82:68:85
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUcXosEPjKj9xa3Qvpfi+5WJZ7CaswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNjAyMjgwNjMwNTNaFw0yNjA1MjkyMzU5NTlaMHoxSTBHBgNV
BAUTQDNhNzIyYzZiYTFmNjA0ZDZlMjg2NTA0YTIxNzA4YzFkZjdjNDQ2ZmI5ZGI2
ZTZmZmRjNmU4NGFiZDg2NTM2MzUxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKCrkYxclLn3bIyJTwFzqWeLVPpG9wWjhewCaHR4NFk3828/PcC43VwGf8cp
Kmf3hdZHI/M3nG3f+cbt5qn/XqaMMdjw1Sttg+aYpBSAoP9crDTc4F2vIk4wSoq3
B6e7sJS1YSn6bIv6h0e8iWjrdUGXkeGho23LjpLVzMmzXez+ULbzdCdxdJRta/dD
HkhjgvQCSII+g7goZMsL49f5ALWrHDJQ7mBNFO3I0zCY1S1Gi60hXER02CzQp4bY
G/x69DR7fHSTNuTlsdyyRsu7hohWd0hrpOxZg+wYfhKLGuxR/M9TNZtiTFMZUz1Y
GEqkpa8vrZh7egn1fT8pBXm0uxcCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBR+1/tc
5Q4gm7XcopM9+r8/xDO9aTAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
OTRjMmEzNmUtMjQ1Yi00MzlhLWJmNjEtMDQxMzJjNWRmNWE0LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDADMjMA0G
CSqGSIb3DQEBCwUAA4IBAQBCSx9ZSLVbVDV3KMz4L9OYIV/WbMhsmiOQgFxHNRPh
/Bpbeh/CiSmC+jelPOh8mrVhkEasvCPoi+6Jw6c45KKGBbApw1/GrXn0z5jZUnNa
XPeeSXd5tAPuhiN2Hlag1LfcjohofSt2ftK8wDoGPcforNk28dQ5RDKoHj9fOR6t
MG1zsHrrJYDqlq4WYfPGqOpAcn2AoRWbd1AlyfQddaUhqgjsdb8qwCL+FzqaL33l
RI4MAbbCAH46JgssVsOD1t0aXBXipgJ6PbDi9A40Um8BofV8GWXRojSdeU96cP/J
DoEUsnmWwncUD838ahmad0Hj48IAP96CAqYVMRC+gmiF
-----END CERTIFICATE-----
Generated at Sun Mar 1 21:52:21 2026 by rpki-client