Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/9adb83e6-fa36-47fa-b5be-856fd7247898.roa
File: 9adb83e6-fa36-47fa-b5be-856fd7247898.roa (raw, json)
Hash identifier: 4wJVS0ndAd5Tue6yePGL+tzhGiy9E/Spw6rdiUc7Jaw=
Subject key identifier: A5:A7:27:DB:36:72:94:A5:51:07:55:60:00:B4:00:F6:65:A2:14:6D
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 30CBB2EDAD5DFCA0241C46F2DC7A595917775AF3
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/9adb83e6-fa36-47fa-b5be-856fd7247898.roa
Signing time: Sun 01 Mar 2026 01:00:07 +0000
ROA not before: Sun 01 Mar 2026 01:00:07 +0000
ROA not after: Sat 30 May 2026 23:59:59 +0000
asID: 16509
IP address blocks: 51.16.104.0/23 maxlen: 23
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 15:00:27 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
30:cb:b2:ed:ad:5d:fc:a0:24:1c:46:f2:dc:7a:59:59:17:77:5a:f3
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Mar 1 01:00:07 2026 GMT
Not After : May 30 23:59:59 2026 GMT
Subject: serialNumber=5acffa2b0d245c0ed53bec32501e58ab85f7b50f98428ccd67f7a2e08ed8f29d, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:95:d7:45:7d:72:86:78:4e:9b:8a:c9:b7:ba:14:
1c:e1:ff:bb:87:6d:ab:b2:fb:f5:1d:9c:60:06:a4:
5a:f1:8a:b5:b1:7e:e8:a2:b4:01:9e:dd:4a:1f:14:
3e:4a:a4:45:3a:be:20:98:b8:a5:f9:4e:9f:03:3c:
77:2e:41:ed:39:4a:9c:90:3a:1a:3b:5f:55:ea:ed:
97:09:b6:34:5d:58:c6:ad:20:b1:34:13:8e:59:46:
a1:69:36:76:3c:bc:be:e0:07:aa:e2:d1:6c:01:db:
32:52:e8:ff:5e:57:7b:4e:ef:dd:9e:bd:00:c7:42:
b5:bf:49:85:27:49:58:1c:c3:4b:f5:ff:aa:8e:4a:
4e:a5:da:16:b2:f0:2d:9f:87:15:81:ca:a9:ee:74:
98:45:2c:e7:fe:b5:70:5b:49:ff:e6:30:e6:ec:94:
e5:1a:9c:60:79:36:a3:ac:16:e2:85:f4:65:a3:a9:
63:4f:69:bc:9c:a9:ad:d6:12:5f:08:20:55:b7:25:
c1:f1:00:b6:8f:0a:41:8a:d4:31:19:fe:57:fe:7a:
e5:b2:c1:41:06:d8:7f:42:78:be:8c:65:55:f3:16:
04:8b:1a:7f:a7:df:a7:7f:59:a1:18:4d:66:00:88:
d1:a0:d1:6e:1b:94:6b:0c:54:dc:9e:65:8f:9e:7b:
4e:9d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A5:A7:27:DB:36:72:94:A5:51:07:55:60:00:B4:00:F6:65:A2:14:6D
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/9adb83e6-fa36-47fa-b5be-856fd7247898.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
51.16.104.0/23
Signature Algorithm: sha256WithRSAEncryption
5a:90:76:56:89:72:9f:53:46:7e:58:c0:c1:b6:98:9e:d1:a4:
d2:05:e4:bb:a3:7b:ea:a4:75:fb:e3:1d:54:0e:b8:78:7c:7f:
0e:23:6b:d5:35:6d:b3:55:2b:bb:f3:86:c2:1d:50:e2:d6:6c:
60:78:2a:47:75:58:c1:c5:d6:52:7f:60:53:c2:d0:df:6a:cb:
da:76:06:57:cb:35:07:4c:21:25:6c:83:4b:0e:a6:c3:76:fb:
a6:bf:ec:d6:3a:28:f4:93:81:34:b7:f4:04:19:a0:66:f9:e0:
07:a8:66:8f:36:c3:96:cb:14:aa:24:bb:74:13:72:0e:21:12:
df:2c:81:59:dc:a6:f1:46:dc:52:dd:32:20:1d:2e:7d:b9:ea:
2a:54:58:a6:2f:6f:09:00:e8:db:fb:b9:74:d8:ad:48:6c:7b:
8d:08:a1:86:5e:60:3a:4e:a0:74:e8:16:24:5c:a6:4b:b8:7e:
15:6c:4f:9e:e9:c8:cb:07:37:c4:17:ff:3f:55:02:ed:31:f9:
7b:33:d3:c9:1a:45:89:e6:de:a8:64:8e:a3:d8:df:19:e3:8a:
24:7b:70:e7:4e:12:e6:08:b5:28:c1:49:af:fd:44:83:71:a4:
66:34:ea:6f:4b:46:80:14:b7:3a:53:f6:4f:0d:85:f2:1f:37:
57:bf:f7:58
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUMMuy7a1d/KAkHEby3HpZWRd3WvMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNjAzMDEwMTAwMDdaFw0yNjA1MzAyMzU5NTlaMHoxSTBHBgNV
BAUTQDVhY2ZmYTJiMGQyNDVjMGVkNTNiZWMzMjUwMWU1OGFiODVmN2I1MGY5ODQy
OGNjZDY3ZjdhMmUwOGVkOGYyOWQxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJXXRX1yhnhOm4rJt7oUHOH/u4dtq7L79R2cYAakWvGKtbF+6KK0AZ7dSh8U
PkqkRTq+IJi4pflOnwM8dy5B7TlKnJA6GjtfVertlwm2NF1Yxq0gsTQTjllGoWk2
djy8vuAHquLRbAHbMlLo/15Xe07v3Z69AMdCtb9JhSdJWBzDS/X/qo5KTqXaFrLw
LZ+HFYHKqe50mEUs5/61cFtJ/+Yw5uyU5RqcYHk2o6wW4oX0ZaOpY09pvJyprdYS
XwggVbclwfEAto8KQYrUMRn+V/565bLBQQbYf0J4voxlVfMWBIsaf6ffp39ZoRhN
ZgCI0aDRbhuUawxU3J5lj557Tp0CAwEAAaOCAiEwggIdMB0GA1UdDgQWBBSlpyfb
NnKUpVEHVWAAtAD2ZaIUbTAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
OWFkYjgzZTYtZmEzNi00N2ZhLWI1YmUtODU2ZmQ3MjQ3ODk4LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEATMQaDAN
BgkqhkiG9w0BAQsFAAOCAQEAWpB2Volyn1NGfljAwbaYntGk0gXku6N76qR1++Md
VA64eHx/DiNr1TVts1Uru/OGwh1Q4tZsYHgqR3VYwcXWUn9gU8LQ32rL2nYGV8s1
B0whJWyDSw6mw3b7pr/s1joo9JOBNLf0BBmgZvngB6hmjzbDlssUqiS7dBNyDiES
3yyBWdym8UbcUt0yIB0ufbnqKlRYpi9vCQDo2/u5dNitSGx7jQihhl5gOk6gdOgW
JFymS7h+FWxPnunIywc3xBf/P1UC7TH5ezPTyRpFiebeqGSOo9jfGeOKJHtw504S
5gi1KMFJr/1Eg3GkZjTqb0tGgBS3OlP2Tw2F8h83V7/3WA==
-----END CERTIFICATE-----
Generated at Sun Mar 1 23:35:11 2026 by rpki-client