Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/9a3eae5c-027e-4c38-ab8e-330b3e5bad97.roa
File: 9a3eae5c-027e-4c38-ab8e-330b3e5bad97.roa (raw, json)
Hash identifier: BYAjfMJ10+jprGgeUE3j/KiJXncji3bdVzua5aMNR0A=
Subject key identifier: 76:6C:2B:1F:2B:84:7A:23:7B:B1:75:0F:1D:A4:A6:04:47:C0:5D:82
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 20CA220BFF887993B4B5943AA47C50BB4F91ED94
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/9a3eae5c-027e-4c38-ab8e-330b3e5bad97.roa
Signing time: Sat 28 Feb 2026 06:30:58 +0000
ROA not before: Sat 28 Feb 2026 06:30:58 +0000
ROA not after: Fri 29 May 2026 23:59:59 +0000
asID: 16509
IP address blocks: 51.139.0.0/16 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 15:00:27 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
20:ca:22:0b:ff:88:79:93:b4:b5:94:3a:a4:7c:50:bb:4f:91:ed:94
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Feb 28 06:30:58 2026 GMT
Not After : May 29 23:59:59 2026 GMT
Subject: serialNumber=5153ebd397a8ad7ed4e07e9512d7cc9b0f9c2c8a12c90c02c87fea891b02efcb, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:dd:7e:11:94:b0:d2:c2:79:dc:3f:38:07:99:9f:
20:9d:c5:d9:37:9b:6e:26:94:a3:ba:c4:43:b4:b6:
7c:bb:c2:96:76:11:20:30:5e:d5:8e:29:37:e9:7b:
03:d2:2e:7d:8e:0c:25:33:2f:f4:2f:68:95:2a:06:
e7:87:a3:c0:77:82:f6:d6:fe:8a:a8:60:0b:0b:e2:
10:d3:f2:d1:e7:7e:9a:63:03:4b:02:7f:f3:a0:8b:
be:5b:e2:50:f3:7f:78:72:ac:3c:72:3d:35:48:21:
c2:88:98:b1:7f:78:c7:8d:d5:5e:91:27:63:f3:31:
51:d9:8c:8e:75:a4:5c:5d:38:b5:a0:bf:d1:ee:b5:
85:dd:97:fa:33:b4:f6:5f:e0:ed:7a:53:26:2f:30:
f0:47:3d:fd:55:5d:f5:51:b6:2e:e5:22:14:c2:d6:
51:14:89:37:31:89:7a:58:19:35:9f:35:60:53:ba:
85:32:da:95:59:fd:50:7a:d5:b5:9a:5e:c2:ab:0e:
d4:33:35:e6:cf:1b:9a:67:89:b7:53:fe:e5:e6:f5:
9a:f0:95:7b:ef:a0:bf:43:89:11:e5:19:96:ae:8f:
30:1a:d7:15:b4:0a:83:fc:72:dc:8b:42:b3:d3:9c:
bf:80:b0:a5:50:67:51:8d:80:25:78:82:cf:94:d2:
13:8b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
76:6C:2B:1F:2B:84:7A:23:7B:B1:75:0F:1D:A4:A6:04:47:C0:5D:82
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/9a3eae5c-027e-4c38-ab8e-330b3e5bad97.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
51.139.0.0/16
Signature Algorithm: sha256WithRSAEncryption
51:9a:9d:17:fa:2d:fb:ee:b8:d9:52:d5:00:d3:e6:ec:e5:9d:
72:6e:e2:76:e9:f4:af:d3:0c:8e:14:09:4f:d3:e0:2d:d4:93:
c1:96:30:0c:7e:53:36:fe:e1:27:b8:54:6f:0b:b2:78:c5:40:
ed:00:52:a0:48:b2:4f:88:b0:dc:6e:cf:d3:90:fa:b0:45:a4:
d8:ba:2a:27:59:84:72:12:5d:d9:35:12:5e:9e:52:03:b3:f9:
f8:3d:fe:df:7d:c4:e5:a6:d3:27:3b:8e:91:28:38:cd:fa:1b:
07:5a:53:57:89:85:82:73:0e:f4:57:98:78:44:30:2b:b2:f9:
b6:1c:70:90:60:43:6d:f5:3f:cf:58:20:90:9b:25:9e:c2:d0:
e4:a8:65:d5:d8:49:fd:29:8e:8b:41:70:b3:b6:12:89:a1:e1:
49:f8:9b:f7:30:7e:cc:00:0e:ef:11:70:1a:e8:56:b9:44:5e:
01:5a:b7:16:c4:b0:1d:4d:84:8b:7c:a4:37:34:e4:b3:13:bc:
94:fa:4d:77:d4:aa:0f:a4:dd:da:0e:8a:2c:4e:68:c1:e4:72:
63:25:07:74:c7:63:29:c8:c8:0f:6d:d8:7e:08:0c:4c:47:d1:
13:5e:de:39:45:e2:bc:ed:af:ba:b9:a7:94:66:3b:7d:e1:fc:
c1:a0:09:2f
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUIMoiC/+IeZO0tZQ6pHxQu0+R7ZQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNjAyMjgwNjMwNThaFw0yNjA1MjkyMzU5NTlaMHoxSTBHBgNV
BAUTQDUxNTNlYmQzOTdhOGFkN2VkNGUwN2U5NTEyZDdjYzliMGY5YzJjOGExMmM5
MGMwMmM4N2ZlYTg5MWIwMmVmY2IxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAN1+EZSw0sJ53D84B5mfIJ3F2TebbiaUo7rEQ7S2fLvClnYRIDBe1Y4pN+l7
A9IufY4MJTMv9C9olSoG54ejwHeC9tb+iqhgCwviENPy0ed+mmMDSwJ/86CLvlvi
UPN/eHKsPHI9NUghwoiYsX94x43VXpEnY/MxUdmMjnWkXF04taC/0e61hd2X+jO0
9l/g7XpTJi8w8Ec9/VVd9VG2LuUiFMLWURSJNzGJelgZNZ81YFO6hTLalVn9UHrV
tZpewqsO1DM15s8bmmeJt1P+5eb1mvCVe++gv0OJEeUZlq6PMBrXFbQKg/xy3ItC
s9Ocv4CwpVBnUY2AJXiCz5TSE4sCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBR2bCsf
K4R6I3uxdQ8dpKYER8BdgjAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
OWEzZWFlNWMtMDI3ZS00YzM4LWFiOGUtMzMwYjNlNWJhZDk3LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDADOLMA0G
CSqGSIb3DQEBCwUAA4IBAQBRmp0X+i377rjZUtUA0+bs5Z1ybuJ26fSv0wyOFAlP
0+At1JPBljAMflM2/uEnuFRvC7J4xUDtAFKgSLJPiLDcbs/TkPqwRaTYuionWYRy
El3ZNRJenlIDs/n4Pf7ffcTlptMnO46RKDjN+hsHWlNXiYWCcw70V5h4RDArsvm2
HHCQYENt9T/PWCCQmyWewtDkqGXV2En9KY6LQXCzthKJoeFJ+Jv3MH7MAA7vEXAa
6Fa5RF4BWrcWxLAdTYSLfKQ3NOSzE7yU+k131KoPpN3aDoosTmjB5HJjJQd0x2Mp
yMgPbdh+CAxMR9ETXt45ReK87a+6uaeUZjt94fzBoAkv
-----END CERTIFICATE-----
Generated at Sun Mar 1 21:46:36 2026 by rpki-client