Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/95019996-0ef4-4f98-90e2-dd7efc004375.roa
File: 95019996-0ef4-4f98-90e2-dd7efc004375.roa (raw, json)
Hash identifier: K4u6v2PLH6t+KgUiVIXjMg4AQnpKJtUklU7hM1pEwQU=
Subject key identifier: 1B:9E:AE:AA:C0:B8:45:BD:27:80:6B:FB:0C:6D:74:39:04:F1:BB:7A
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 387554BC592B8C106D68D2B5267A067E98BF4EBE
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/95019996-0ef4-4f98-90e2-dd7efc004375.roa
Signing time: Sat 28 Feb 2026 06:30:41 +0000
ROA not before: Sat 28 Feb 2026 06:30:41 +0000
ROA not after: Fri 29 May 2026 23:59:59 +0000
asID: 16509
IP address blocks: 159.244.0.0/16 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 15:00:27 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
38:75:54:bc:59:2b:8c:10:6d:68:d2:b5:26:7a:06:7e:98:bf:4e:be
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Feb 28 06:30:41 2026 GMT
Not After : May 29 23:59:59 2026 GMT
Subject: serialNumber=35f4ecf444a0df768f0c60206b89871f591581705c0c37183637bf2e11f08a31, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a0:ed:83:16:3b:11:09:e5:b1:00:fe:b8:61:fa:
6e:2b:ef:60:57:6a:50:3e:ba:15:4c:46:46:47:81:
a7:54:d7:6d:63:15:1c:61:eb:b9:cd:24:44:31:a1:
76:4d:52:cc:28:f5:9a:a2:ec:eb:92:cc:eb:b6:2f:
16:92:4d:d6:ab:d5:a1:f8:2e:8d:27:ab:d3:c9:eb:
d4:48:f1:c1:81:98:cd:10:24:78:5e:89:72:db:85:
ae:c6:99:49:ca:d5:b1:52:16:bf:7c:ff:f1:e4:c4:
42:86:1a:bd:af:a8:05:fb:c7:72:64:bd:45:e9:3b:
59:ef:97:8a:20:90:d4:ee:20:be:7b:88:3e:84:71:
b2:b0:69:1d:5f:d6:5f:38:c6:3e:63:ef:90:4d:70:
f1:7b:dc:91:d2:69:4a:f6:9a:89:a6:66:ed:e3:9d:
4f:b0:81:37:99:b8:3e:e8:96:b1:bd:9a:23:d3:85:
c7:e0:06:82:ed:88:51:78:20:22:26:4e:71:7b:12:
a5:b3:24:8e:5c:e7:0f:e1:1d:5a:86:9c:12:90:ec:
46:26:0b:91:59:aa:79:ec:db:7f:cc:ad:62:0a:bc:
b0:d4:be:ff:13:41:75:aa:34:74:5f:b3:d1:00:37:
da:2c:d3:3a:a6:f6:6a:39:60:83:9c:7b:9f:96:05:
2c:37
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1B:9E:AE:AA:C0:B8:45:BD:27:80:6B:FB:0C:6D:74:39:04:F1:BB:7A
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/95019996-0ef4-4f98-90e2-dd7efc004375.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
159.244.0.0/16
Signature Algorithm: sha256WithRSAEncryption
71:c2:7b:13:fe:30:80:db:bb:4d:3f:df:5e:2e:50:88:e7:06:
fa:3f:f6:67:b6:16:77:cc:86:01:c9:d4:3f:3d:3a:d5:0d:70:
29:d4:d0:b5:f0:26:cb:f8:e1:ef:4b:b9:03:20:d0:87:3e:22:
b8:4d:f7:2e:5f:fc:8f:1d:a2:1f:c2:30:79:59:f4:6d:3c:12:
57:88:83:a0:a6:2a:a9:78:cf:12:48:2f:57:a6:29:c5:46:ad:
a3:c8:0f:55:54:aa:25:fe:66:fd:b6:4e:ed:17:08:e2:05:69:
4f:ae:81:cc:e9:14:cd:a9:ff:dd:17:f1:e0:59:e9:81:42:c2:
4f:6b:41:45:7d:f1:31:88:07:13:7e:d4:0c:e5:19:2c:96:94:
a8:be:47:12:e6:c8:ad:92:bd:68:04:a0:7d:77:dd:b3:c3:66:
8c:49:52:51:76:d6:52:e4:0d:ef:cc:36:d9:28:67:f0:a7:d2:
82:ad:2d:07:d2:45:6f:c7:f6:74:1e:df:05:bb:78:fe:61:91:
5d:1d:ae:38:1b:ab:84:a5:09:70:11:8a:7c:45:34:56:7a:f8:
be:90:f6:9d:ea:51:ae:d5:01:38:33:7b:e0:2a:88:85:80:0c:
d2:c8:96:84:76:eb:91:11:9d:76:d2:a8:f4:7b:a6:28:cd:1e:
a0:e2:1e:9d
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUOHVUvFkrjBBtaNK1JnoGfpi/Tr4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNjAyMjgwNjMwNDFaFw0yNjA1MjkyMzU5NTlaMHoxSTBHBgNV
BAUTQDM1ZjRlY2Y0NDRhMGRmNzY4ZjBjNjAyMDZiODk4NzFmNTkxNTgxNzA1YzBj
MzcxODM2MzdiZjJlMTFmMDhhMzExLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKDtgxY7EQnlsQD+uGH6bivvYFdqUD66FUxGRkeBp1TXbWMVHGHruc0kRDGh
dk1SzCj1mqLs65LM67YvFpJN1qvVofgujSer08nr1EjxwYGYzRAkeF6JctuFrsaZ
ScrVsVIWv3z/8eTEQoYava+oBfvHcmS9Rek7We+XiiCQ1O4gvnuIPoRxsrBpHV/W
XzjGPmPvkE1w8XvckdJpSvaaiaZm7eOdT7CBN5m4PuiWsb2aI9OFx+AGgu2IUXgg
IiZOcXsSpbMkjlznD+EdWoacEpDsRiYLkVmqeezbf8ytYgq8sNS+/xNBdao0dF+z
0QA32izTOqb2ajlgg5x7n5YFLDcCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBQbnq6q
wLhFvSeAa/sMbXQ5BPG7ejAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
OTUwMTk5OTYtMGVmNC00Zjk4LTkwZTItZGQ3ZWZjMDA0Mzc1LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDAJ/0MA0G
CSqGSIb3DQEBCwUAA4IBAQBxwnsT/jCA27tNP99eLlCI5wb6P/ZnthZ3zIYBydQ/
PTrVDXAp1NC18CbL+OHvS7kDINCHPiK4TfcuX/yPHaIfwjB5WfRtPBJXiIOgpiqp
eM8SSC9XpinFRq2jyA9VVKol/mb9tk7tFwjiBWlProHM6RTNqf/dF/HgWemBQsJP
a0FFffExiAcTftQM5RkslpSovkcS5sitkr1oBKB9d92zw2aMSVJRdtZS5A3vzDbZ
KGfwp9KCrS0H0kVvx/Z0Ht8Fu3j+YZFdHa44G6uEpQlwEYp8RTRWevi+kPad6lGu
1QE4M3vgKoiFgAzSyJaEduuREZ120qj0e6YozR6g4h6d
-----END CERTIFICATE-----
Generated at Sun Mar 1 21:49:14 2026 by rpki-client