Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/9a1fa391-4377-44ba-a6c7-c785fc9a7733.roa
File: 9a1fa391-4377-44ba-a6c7-c785fc9a7733.roa (raw, json)
Hash identifier: khZGA5kYfbZB9GqM9UJzSyZYsrVIdDPTySMaKVz6s1U=
Subject key identifier: A8:97:5F:2E:95:94:FC:5D:65:B8:6F:66:36:6E:B1:2F:F7:45:D2:E3
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 457790CE879FF44D25737623CD6B439315FCAA67
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/9a1fa391-4377-44ba-a6c7-c785fc9a7733.roa
Signing time: Fri 06 Feb 2026 00:40:04 +0000
ROA not before: Fri 06 Feb 2026 00:40:04 +0000
ROA not after: Thu 07 May 2026 23:59:59 +0000
asID: 16509
IP address blocks: 51.84.0.0/14 maxlen: 14
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 15:00:27 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
45:77:90:ce:87:9f:f4:4d:25:73:76:23:cd:6b:43:93:15:fc:aa:67
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Feb 6 00:40:04 2026 GMT
Not After : May 7 23:59:59 2026 GMT
Subject: serialNumber=b19681d60b372d130545e56a1ea9a23a3a42eb1968159fe3725e5d8cce2a1a5b, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d8:d8:e0:a0:c7:c9:35:1c:a9:52:75:12:50:59:
48:5d:1d:20:e9:73:41:d1:e2:57:a9:97:d3:ef:4d:
e9:d8:96:ed:c2:ed:7b:94:cb:c3:43:99:d9:03:f8:
8f:32:e5:8a:02:8a:a9:88:33:3d:4f:88:4e:42:43:
f8:8d:d0:da:a7:51:5e:2b:dc:48:a1:1d:96:61:cc:
66:7b:5a:3c:c2:4f:5b:46:33:0f:53:01:41:70:dc:
bb:6f:0a:94:52:03:c5:2a:4f:00:cb:bd:4a:0b:a4:
6d:d2:22:f6:a0:e0:2e:3c:4a:d4:18:65:b6:91:a0:
5f:be:f1:fe:76:c5:d3:d7:ef:10:a5:35:f9:b6:dc:
c0:24:6e:73:a3:51:35:6e:e7:38:c6:5c:89:b6:01:
07:98:a6:e9:2a:93:4a:0b:dc:9b:04:c5:ac:0d:b3:
40:cf:bd:fa:1e:7a:53:37:e8:59:62:0f:7b:2c:99:
29:07:06:db:d1:37:42:c1:11:f9:6a:84:13:7c:06:
e4:00:75:85:26:cc:2a:7b:89:2a:9b:ab:fe:f5:13:
10:06:b7:85:8e:8d:03:9a:fc:0f:f3:65:14:6f:e3:
31:58:c6:ca:61:00:69:85:30:58:33:4d:b0:1e:b5:
b1:1b:33:9b:30:30:c9:1a:96:25:b4:7e:a5:b6:03:
1a:d5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A8:97:5F:2E:95:94:FC:5D:65:B8:6F:66:36:6E:B1:2F:F7:45:D2:E3
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/9a1fa391-4377-44ba-a6c7-c785fc9a7733.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
51.84.0.0/14
Signature Algorithm: sha256WithRSAEncryption
b2:37:da:02:fa:b4:51:ca:e0:9a:01:45:43:86:e6:b6:f8:7d:
11:e7:be:9b:11:6f:39:3e:f2:e5:5d:cf:a8:d5:ec:0a:b6:98:
a2:fb:df:f6:f2:f4:e2:49:f3:d1:67:95:e9:b1:5d:f8:a0:f6:
7e:a7:01:57:a3:0a:37:86:c0:6b:0e:59:21:40:b8:21:c9:40:
8c:01:4f:98:c3:44:8b:1c:98:11:9c:a4:2a:75:bf:5e:79:84:
73:e1:86:d5:8f:61:50:61:c4:f2:da:d1:44:2f:87:df:b1:42:
88:e3:d8:63:fd:55:1c:a2:bc:e5:99:ec:68:26:4d:56:bf:55:
67:17:19:4a:b7:93:48:d5:a4:11:40:b7:38:a2:a4:88:a0:0c:
7b:54:c8:11:df:ef:3d:f7:38:ec:77:08:ed:ae:8c:f5:92:98:
77:87:88:b1:7e:71:23:53:1e:55:61:da:9a:4e:d8:56:20:24:
cc:6f:88:8d:58:ba:c6:b0:59:e7:4e:b8:0a:3d:7d:b8:68:05:
91:25:24:6d:25:84:94:c3:00:6a:16:da:a2:5e:2a:88:8b:0d:
e7:cb:13:9c:fa:f2:31:4a:84:04:eb:10:12:f9:56:dd:d9:15:
1d:3b:78:43:8e:6d:d4:bf:11:2b:46:06:ba:7f:a6:85:49:8e:
79:57:b7:8b
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIURXeQzoef9E0lc3YjzWtDkxX8qmcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNjAyMDYwMDQwMDRaFw0yNjA1MDcyMzU5NTlaMHoxSTBHBgNV
BAUTQGIxOTY4MWQ2MGIzNzJkMTMwNTQ1ZTU2YTFlYTlhMjNhM2E0MmViMTk2ODE1
OWZlMzcyNWU1ZDhjY2UyYTFhNWIxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANjY4KDHyTUcqVJ1ElBZSF0dIOlzQdHiV6mX0+9N6diW7cLte5TLw0OZ2QP4
jzLligKKqYgzPU+ITkJD+I3Q2qdRXivcSKEdlmHMZntaPMJPW0YzD1MBQXDcu28K
lFIDxSpPAMu9SgukbdIi9qDgLjxK1BhltpGgX77x/nbF09fvEKU1+bbcwCRuc6NR
NW7nOMZcibYBB5im6SqTSgvcmwTFrA2zQM+9+h56UzfoWWIPeyyZKQcG29E3QsER
+WqEE3wG5AB1hSbMKnuJKpur/vUTEAa3hY6NA5r8D/NlFG/jMVjGymEAaYUwWDNN
sB61sRszmzAwyRqWJbR+pbYDGtUCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBSol18u
lZT8XWW4b2Y2brEv90XS4zAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
OWExZmEzOTEtNDM3Ny00NGJhLWE2YzctYzc4NWZjOWE3NzMzLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDAjNUMA0G
CSqGSIb3DQEBCwUAA4IBAQCyN9oC+rRRyuCaAUVDhua2+H0R576bEW85PvLlXc+o
1ewKtpii+9/28vTiSfPRZ5XpsV34oPZ+pwFXowo3hsBrDlkhQLghyUCMAU+Yw0SL
HJgRnKQqdb9eeYRz4YbVj2FQYcTy2tFEL4ffsUKI49hj/VUcorzlmexoJk1Wv1Vn
FxlKt5NI1aQRQLc4oqSIoAx7VMgR3+899zjsdwjtroz1kph3h4ixfnEjUx5VYdqa
TthWICTMb4iNWLrGsFnnTrgKPX24aAWRJSRtJYSUwwBqFtqiXiqIiw3nyxOc+vIx
SoQE6xAS+Vbd2RUdO3hDjm3UvxErRga6f6aFSY55V7eL
-----END CERTIFICATE-----
Generated at Sun Mar 1 21:53:14 2026 by rpki-client