Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/aa15a3a6-022f-41a6-9a60-2175164bb741.roa
File: aa15a3a6-022f-41a6-9a60-2175164bb741.roa (raw, json)
Hash identifier: wzcE5o8iaIREgafqH4nw+LrIRfs+uE6ZWZgoPUFLxhQ=
Subject key identifier: F3:BC:1F:FE:F0:EC:74:D0:A6:C9:A3:D8:34:69:E2:0A:D0:2C:59:D6
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 0AFD43E9F519BBA4CC87EAF4FFD2389ABC66A61A
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/aa15a3a6-022f-41a6-9a60-2175164bb741.roa
Signing time: Sun 01 Mar 2026 01:00:11 +0000
ROA not before: Sun 01 Mar 2026 01:00:11 +0000
ROA not after: Sat 30 May 2026 23:59:59 +0000
asID: 16509
IP address blocks: 51.16.204.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 15:00:27 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
0a:fd:43:e9:f5:19:bb:a4:cc:87:ea:f4:ff:d2:38:9a:bc:66:a6:1a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Mar 1 01:00:11 2026 GMT
Not After : May 30 23:59:59 2026 GMT
Subject: serialNumber=b711f8d08d28e7520bfd0dcec202a5b2bc96f79b0a8e521129dbb1bb6683fecd, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ad:89:8a:0a:5a:f5:15:68:0a:68:be:42:77:c1:
16:22:6d:5b:bd:86:d5:e4:b5:56:9b:65:4d:35:b1:
16:f4:e3:51:0c:bc:0a:a3:01:b8:b9:e2:9f:89:33:
37:36:de:ec:97:2b:2d:83:8a:80:5a:fe:7e:78:18:
00:a3:5c:c5:5d:d9:06:4c:12:70:3a:4a:1f:76:46:
86:ed:db:c7:0e:ce:d7:d1:8f:34:93:3a:1a:04:81:
78:d5:d7:a8:1c:d5:db:86:b8:e9:f3:a9:0e:34:ec:
37:e6:b5:10:a3:5f:5c:23:21:55:f2:05:f4:80:52:
b2:c6:6e:4c:f6:9a:ef:dd:f9:65:a8:84:ed:09:35:
25:a6:ce:d7:65:8f:3e:02:d3:f8:c9:d0:8b:c1:53:
cc:4c:f6:46:0f:30:d8:99:9f:47:d1:12:77:c9:b1:
d2:67:81:3b:f4:16:e5:8a:f7:36:dd:34:eb:17:6c:
e6:ee:f1:7b:a6:ec:36:56:2b:e4:b3:b2:84:dd:b4:
8f:bc:20:05:9a:0a:e5:ed:dd:12:af:38:ac:70:2f:
48:09:d3:43:df:c6:f9:e3:ce:06:e9:e6:e1:c4:3d:
ef:8d:58:45:8f:39:cd:bf:79:aa:36:06:54:75:f0:
e0:2c:b8:25:d6:12:14:45:83:34:85:59:61:67:ee:
36:87
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F3:BC:1F:FE:F0:EC:74:D0:A6:C9:A3:D8:34:69:E2:0A:D0:2C:59:D6
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/aa15a3a6-022f-41a6-9a60-2175164bb741.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
51.16.204.0/24
Signature Algorithm: sha256WithRSAEncryption
3c:af:b8:d8:0a:04:d6:55:2c:85:cf:42:15:0c:f0:df:49:c1:
90:c5:42:56:17:b8:ad:d2:5c:04:c0:ce:ba:0d:d1:0a:99:19:
03:80:c9:5a:95:d7:90:0d:60:88:7c:a3:21:fb:7c:88:bf:fe:
df:e5:ee:9e:71:aa:a5:db:af:c1:32:e9:e7:cb:fd:a4:a9:60:
3d:b2:f7:66:f5:96:7d:3d:51:48:24:ba:39:e2:11:7b:04:06:
db:ea:1f:ac:a9:1e:42:d6:49:0e:b0:bc:0e:fc:e6:7a:5b:43:
66:50:ba:dd:25:c0:2c:87:cb:61:fc:5a:18:b8:67:ef:e1:17:
73:83:7a:c0:13:3d:a1:47:08:56:9d:41:03:fa:d9:1b:0f:81:
74:ae:c5:b7:16:86:f7:cc:0f:ad:5d:99:3e:1a:95:50:bb:21:
19:16:dc:33:7f:91:4a:f1:54:9b:57:12:89:7e:25:8a:af:d7:
46:03:ab:05:60:f1:4e:07:2e:bd:bd:e3:ee:a9:0a:41:00:06:
9b:46:04:60:2a:53:6b:70:93:f9:9f:0e:cc:c9:e5:cf:75:2d:
37:ff:f7:de:21:8b:1e:1f:0b:cd:92:3b:64:05:10:2a:e3:cf:
78:66:66:e0:bb:5c:54:63:03:8e:81:6c:0f:3f:f4:58:ef:dc:
9b:49:9f:2b
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUCv1D6fUZu6TMh+r0/9I4mrxmphowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNjAzMDEwMTAwMTFaFw0yNjA1MzAyMzU5NTlaMHoxSTBHBgNV
BAUTQGI3MTFmOGQwOGQyOGU3NTIwYmZkMGRjZWMyMDJhNWIyYmM5NmY3OWIwYThl
NTIxMTI5ZGJiMWJiNjY4M2ZlY2QxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAK2Jigpa9RVoCmi+QnfBFiJtW72G1eS1VptlTTWxFvTjUQy8CqMBuLnin4kz
Nzbe7JcrLYOKgFr+fngYAKNcxV3ZBkwScDpKH3ZGhu3bxw7O19GPNJM6GgSBeNXX
qBzV24a46fOpDjTsN+a1EKNfXCMhVfIF9IBSssZuTPaa7935ZaiE7Qk1JabO12WP
PgLT+MnQi8FTzEz2Rg8w2JmfR9ESd8mx0meBO/QW5Yr3Nt006xds5u7xe6bsNlYr
5LOyhN20j7wgBZoK5e3dEq84rHAvSAnTQ9/G+ePOBunm4cQ9741YRY85zb95qjYG
VHXw4Cy4JdYSFEWDNIVZYWfuNocCAwEAAaOCAiEwggIdMB0GA1UdDgQWBBTzvB/+
8Ox00KbJo9g0aeIK0CxZ1jAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
YWExNWEzYTYtMDIyZi00MWE2LTlhNjAtMjE3NTE2NGJiNzQxLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEADMQzDAN
BgkqhkiG9w0BAQsFAAOCAQEAPK+42AoE1lUshc9CFQzw30nBkMVCVhe4rdJcBMDO
ug3RCpkZA4DJWpXXkA1giHyjIft8iL/+3+XunnGqpduvwTLp58v9pKlgPbL3ZvWW
fT1RSCS6OeIRewQG2+ofrKkeQtZJDrC8DvzmeltDZlC63SXALIfLYfxaGLhn7+EX
c4N6wBM9oUcIVp1BA/rZGw+BdK7FtxaG98wPrV2ZPhqVULshGRbcM3+RSvFUm1cS
iX4liq/XRgOrBWDxTgcuvb3j7qkKQQAGm0YEYCpTa3CT+Z8OzMnlz3UtN//33iGL
Hh8LzZI7ZAUQKuPPeGZm4LtcVGMDjoFsDz/0WO/cm0mfKw==
-----END CERTIFICATE-----
Generated at Sun Mar 1 21:56:40 2026 by rpki-client