Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/9c5a1a14-73c1-4c49-8b22-7d10c4379e08.roa
File: 9c5a1a14-73c1-4c49-8b22-7d10c4379e08.roa (raw, json)
Hash identifier: Jb3H7WpjMQcSJFUZRxNL1YB6k6Hp5vlSlsOSI2nRB4U=
Subject key identifier: 28:E6:53:A2:71:52:58:23:65:E8:8A:A6:BB:8E:CD:21:5C:4D:7D:85
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 644EACE1A46F945E6E65AE7A321F55B2E177895F
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/9c5a1a14-73c1-4c49-8b22-7d10c4379e08.roa
Signing time: Fri 13 Feb 2026 15:30:14 +0000
ROA not before: Fri 13 Feb 2026 15:30:14 +0000
ROA not after: Thu 14 May 2026 23:59:59 +0000
asID: 16509
IP address blocks: 51.70.0.0/16 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 15:00:27 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
64:4e:ac:e1:a4:6f:94:5e:6e:65:ae:7a:32:1f:55:b2:e1:77:89:5f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Feb 13 15:30:14 2026 GMT
Not After : May 14 23:59:59 2026 GMT
Subject: serialNumber=d040e32a286df2ee89bbd9ba0b85465281531cd1fe83f7f1d757422ab0f8e629, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d6:e2:1f:4f:43:8d:e3:28:b5:86:2d:64:7d:6f:
60:ff:0d:41:30:5a:9f:30:7a:37:eb:67:15:a1:cf:
b5:cf:7d:81:b1:2e:54:2b:44:b9:f5:90:6f:44:fc:
d0:43:6f:f3:0e:d4:49:8e:19:c0:e3:16:93:c4:c0:
d1:e6:48:81:39:61:e3:da:bf:8f:5f:8f:cf:15:c5:
a0:da:ad:b2:6c:f4:c7:9a:1f:33:9e:9d:36:2f:fc:
d8:d3:1f:a1:cf:ca:d2:8d:ea:66:ff:4a:5e:61:31:
37:b5:89:a8:82:16:ae:12:a6:55:a1:1e:ea:30:1a:
95:c6:86:ca:33:e2:7d:0d:87:4f:d5:1c:ee:c7:8a:
9c:b3:1c:6e:d4:65:41:07:dc:04:a1:ea:ab:d0:8a:
8c:2b:dc:3e:d7:ca:9c:26:e4:31:3d:18:18:7b:82:
10:a1:af:bf:20:3c:72:ff:65:e2:ef:6d:71:59:93:
2c:82:32:9d:71:2e:67:cb:29:c0:92:83:08:04:b3:
56:03:26:86:75:dd:02:93:a9:2f:67:39:05:72:6b:
e5:65:00:78:23:43:05:a1:f2:78:da:a7:38:bb:db:
90:7d:50:fe:66:c7:6b:c8:57:9e:2c:61:ae:09:ca:
82:9d:29:2d:9e:a6:4f:30:2f:af:44:e9:a8:60:12:
2e:17
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
28:E6:53:A2:71:52:58:23:65:E8:8A:A6:BB:8E:CD:21:5C:4D:7D:85
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/9c5a1a14-73c1-4c49-8b22-7d10c4379e08.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
51.70.0.0/16
Signature Algorithm: sha256WithRSAEncryption
62:c3:5b:b2:5d:0b:59:3e:d3:8b:23:71:d9:c6:d4:bb:fe:5f:
d2:f8:e0:ee:83:23:13:d3:f5:a0:be:67:d3:51:66:0b:45:b1:
86:5d:f1:95:d7:4f:d6:e8:d7:e8:99:2b:6b:ad:e0:dd:51:e7:
1b:1a:6e:36:9e:ae:77:92:20:e6:d0:d9:09:25:b4:af:49:61:
ac:d1:1f:9b:7b:58:13:d2:fc:4c:3a:f7:d8:ed:b7:08:62:31:
28:b2:cc:ae:fe:4f:f6:dc:90:7e:6a:5b:25:1d:f6:c2:2e:f2:
68:cf:cb:89:b1:41:df:3a:ac:db:8c:c8:61:87:5d:51:34:f8:
da:b2:6c:e1:ca:e5:82:75:f2:d1:d5:ab:d2:9a:e3:f1:60:52:
60:c7:50:fa:12:06:16:36:de:a0:33:69:ec:d8:f3:3d:cf:4c:
a8:da:f3:dc:b6:df:9a:e8:38:2d:34:e5:0c:d9:2f:16:73:98:
4b:c0:66:65:97:ab:49:c6:50:c0:a0:cb:04:32:cf:81:f8:5d:
d2:f4:fe:a5:10:5e:0d:b9:52:3e:b7:2e:54:a4:88:fb:2c:8c:
d9:ab:8d:fd:f3:3c:51:5a:9e:01:9a:9e:7a:fd:b6:79:da:08:
b9:c5:c4:06:4e:93:77:a2:88:15:94:c1:19:1e:72:44:74:8f:
c8:de:cf:ae
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUZE6s4aRvlF5uZa56Mh9VsuF3iV8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNjAyMTMxNTMwMTRaFw0yNjA1MTQyMzU5NTlaMHoxSTBHBgNV
BAUTQGQwNDBlMzJhMjg2ZGYyZWU4OWJiZDliYTBiODU0NjUyODE1MzFjZDFmZTgz
ZjdmMWQ3NTc0MjJhYjBmOGU2MjkxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANbiH09DjeMotYYtZH1vYP8NQTBanzB6N+tnFaHPtc99gbEuVCtEufWQb0T8
0ENv8w7USY4ZwOMWk8TA0eZIgTlh49q/j1+PzxXFoNqtsmz0x5ofM56dNi/82NMf
oc/K0o3qZv9KXmExN7WJqIIWrhKmVaEe6jAalcaGyjPifQ2HT9Uc7seKnLMcbtRl
QQfcBKHqq9CKjCvcPtfKnCbkMT0YGHuCEKGvvyA8cv9l4u9tcVmTLIIynXEuZ8sp
wJKDCASzVgMmhnXdApOpL2c5BXJr5WUAeCNDBaHyeNqnOLvbkH1Q/mbHa8hXnixh
rgnKgp0pLZ6mTzAvr0TpqGASLhcCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBQo5lOi
cVJYI2Xoiqa7js0hXE19hTAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
OWM1YTFhMTQtNzNjMS00YzQ5LThiMjItN2QxMGM0Mzc5ZTA4LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDADNGMA0G
CSqGSIb3DQEBCwUAA4IBAQBiw1uyXQtZPtOLI3HZxtS7/l/S+ODugyMT0/WgvmfT
UWYLRbGGXfGV10/W6NfomStrreDdUecbGm42nq53kiDm0NkJJbSvSWGs0R+be1gT
0vxMOvfY7bcIYjEossyu/k/23JB+alslHfbCLvJoz8uJsUHfOqzbjMhhh11RNPja
smzhyuWCdfLR1avSmuPxYFJgx1D6EgYWNt6gM2ns2PM9z0yo2vPctt+a6DgtNOUM
2S8Wc5hLwGZll6tJxlDAoMsEMs+B+F3S9P6lEF4NuVI+ty5UpIj7LIzZq4398zxR
Wp4Bmp56/bZ52gi5xcQGTpN3oogVlMEZHnJEdI/I3s+u
-----END CERTIFICATE-----
Generated at Sun Mar 1 23:40:34 2026 by rpki-client