Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/a02f9994-3943-4a2f-8467-87935bf3bf9e.roa
File: a02f9994-3943-4a2f-8467-87935bf3bf9e.roa (raw, json)
Hash identifier: 7mlFkdWoii66Ag6CtibLkLGpY2GYXM/kTGMRM4Ul5Og=
Subject key identifier: 26:53:4F:A0:BB:DF:4D:2D:F3:CD:17:11:A9:DB:FE:06:09:13:DE:0A
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 2C67718BBE4D58616B1B5C27FCC0CD90A948C6B3
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/a02f9994-3943-4a2f-8467-87935bf3bf9e.roa
Signing time: Sat 28 Feb 2026 06:30:43 +0000
ROA not before: Sat 28 Feb 2026 06:30:43 +0000
ROA not after: Fri 29 May 2026 23:59:59 +0000
asID: 16509
IP address blocks: 51.69.0.0/16 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 15:00:27 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
2c:67:71:8b:be:4d:58:61:6b:1b:5c:27:fc:c0:cd:90:a9:48:c6:b3
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Feb 28 06:30:43 2026 GMT
Not After : May 29 23:59:59 2026 GMT
Subject: serialNumber=ab04bd5d29407f0e5597bbe298f4478c1cc7e293bbb304bc75fb640640c1b09c, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ba:21:1d:dd:f1:9f:56:ef:eb:5f:77:39:8a:79:
24:6b:c8:86:ef:95:24:00:82:91:55:fb:34:14:e2:
61:7c:27:81:4e:1e:1b:d2:56:d6:48:97:9c:44:38:
64:9e:21:ea:b0:aa:a7:a9:e7:42:e8:53:8a:43:ee:
fb:71:8d:b4:51:51:f1:bb:58:ab:98:c9:70:3a:62:
5e:71:f8:40:3d:79:d3:26:ab:d2:91:f9:03:c2:a1:
da:e2:e0:6a:57:20:f8:b3:a8:c4:9d:9d:a4:a3:c9:
a3:af:19:f2:6b:ac:7b:78:df:dc:22:fc:4f:b4:e3:
4f:fb:b6:a9:f3:91:06:78:2c:96:e2:ae:92:63:0e:
19:1b:3e:68:af:91:bb:84:f9:e8:80:b0:fa:61:99:
9b:82:1b:6d:24:fd:63:d6:81:15:19:dd:55:0b:98:
ea:d4:2a:85:3a:62:44:ec:b9:3c:46:6e:38:6c:19:
8c:99:93:fa:85:89:1d:1e:6f:67:c3:71:64:8a:c0:
b0:1d:2e:29:71:f5:65:25:06:be:2a:31:85:4a:38:
15:ca:49:b6:a4:32:70:e6:5d:7b:cc:31:d5:68:cd:
eb:37:8a:85:77:04:aa:3c:5d:0a:5a:f4:11:4b:26:
9d:4a:72:1d:12:54:60:8b:08:eb:90:b3:da:e1:0f:
c2:ad
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
26:53:4F:A0:BB:DF:4D:2D:F3:CD:17:11:A9:DB:FE:06:09:13:DE:0A
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/a02f9994-3943-4a2f-8467-87935bf3bf9e.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
51.69.0.0/16
Signature Algorithm: sha256WithRSAEncryption
83:a0:c3:fd:d1:c9:75:20:73:46:15:73:b4:25:8b:b3:50:24:
0c:58:3d:bc:70:04:c6:fd:3e:7d:b6:c1:fc:f6:0f:89:96:b3:
fd:63:cf:c0:d6:c2:7e:91:69:94:bf:14:8a:aa:a9:2f:96:4b:
c7:23:9a:46:f3:87:86:22:ee:d8:23:bc:4c:9e:95:53:e7:5b:
87:fe:12:07:ac:66:fc:e8:b9:6e:8b:5a:bb:90:27:b5:eb:40:
c2:6f:3d:49:8a:1e:22:80:1f:e2:73:15:ce:c0:6d:5c:72:ee:
08:bb:94:ec:ac:ef:77:e7:b0:9e:3a:25:87:5b:79:0d:f4:54:
c2:8e:96:da:09:3a:5e:f0:0f:2d:07:20:e0:0b:42:48:d1:a6:
95:f4:c8:1d:00:a5:73:a8:bf:90:3c:aa:9c:c4:80:ae:07:ee:
7e:0f:f0:21:c2:37:57:7b:60:cb:bd:43:91:2c:71:11:ca:b7:
b5:49:cc:0f:0a:d2:ee:0d:a1:6e:dc:36:bb:ef:d2:ff:08:c5:
96:1d:46:5a:98:bf:91:ac:64:e3:1a:c6:42:cc:a3:08:ed:cd:
66:4a:aa:67:a9:b6:10:97:18:a9:bf:30:da:36:89:11:6c:64:
ff:81:88:01:f0:90:e9:14:30:63:66:73:37:c6:3f:10:dd:ce:
04:c0:dd:6d
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIULGdxi75NWGFrG1wn/MDNkKlIxrMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNjAyMjgwNjMwNDNaFw0yNjA1MjkyMzU5NTlaMHoxSTBHBgNV
BAUTQGFiMDRiZDVkMjk0MDdmMGU1NTk3YmJlMjk4ZjQ0NzhjMWNjN2UyOTNiYmIz
MDRiYzc1ZmI2NDA2NDBjMWIwOWMxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALohHd3xn1bv6193OYp5JGvIhu+VJACCkVX7NBTiYXwngU4eG9JW1kiXnEQ4
ZJ4h6rCqp6nnQuhTikPu+3GNtFFR8btYq5jJcDpiXnH4QD150yar0pH5A8Kh2uLg
alcg+LOoxJ2dpKPJo68Z8muse3jf3CL8T7TjT/u2qfORBngsluKukmMOGRs+aK+R
u4T56ICw+mGZm4IbbST9Y9aBFRndVQuY6tQqhTpiROy5PEZuOGwZjJmT+oWJHR5v
Z8NxZIrAsB0uKXH1ZSUGvioxhUo4FcpJtqQycOZde8wx1WjN6zeKhXcEqjxdClr0
EUsmnUpyHRJUYIsI65Cz2uEPwq0CAwEAAaOCAiAwggIcMB0GA1UdDgQWBBQmU0+g
u99NLfPNFxGp2/4GCRPeCjAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
YTAyZjk5OTQtMzk0My00YTJmLTg0NjctODc5MzViZjNiZjllLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDADNFMA0G
CSqGSIb3DQEBCwUAA4IBAQCDoMP90cl1IHNGFXO0JYuzUCQMWD28cATG/T59tsH8
9g+JlrP9Y8/A1sJ+kWmUvxSKqqkvlkvHI5pG84eGIu7YI7xMnpVT51uH/hIHrGb8
6Llui1q7kCe160DCbz1Jih4igB/icxXOwG1ccu4Iu5TsrO9357CeOiWHW3kN9FTC
jpbaCTpe8A8tByDgC0JI0aaV9MgdAKVzqL+QPKqcxICuB+5+D/AhwjdXe2DLvUOR
LHERyre1ScwPCtLuDaFu3Da779L/CMWWHUZamL+RrGTjGsZCzKMI7c1mSqpnqbYQ
lxipvzDaNokRbGT/gYgB8JDpFDBjZnM3xj8Q3c4EwN1t
-----END CERTIFICATE-----
Generated at Sun Mar 1 21:48:26 2026 by rpki-client