Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/af8582f5-d209-4e12-aacf-31186289c430.roa
File: af8582f5-d209-4e12-aacf-31186289c430.roa (raw, json)
Hash identifier: 1nELzCw2MG69PQQ6yy6Uq1iXyTFgPbw45l4maIYwM/0=
Subject key identifier: BC:3A:F2:90:C3:1D:04:F5:ED:35:9F:41:B8:F9:D8:7A:5B:97:5A:47
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 1CA2C44912B327E0078B626A1963CA0B8969092C
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/af8582f5-d209-4e12-aacf-31186289c430.roa
Signing time: Sat 28 Feb 2026 06:40:07 +0000
ROA not before: Sat 28 Feb 2026 06:40:07 +0000
ROA not after: Fri 29 May 2026 23:59:59 +0000
asID: 16509
IP address blocks: 51.216.0.0/15 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 15:00:27 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
1c:a2:c4:49:12:b3:27:e0:07:8b:62:6a:19:63:ca:0b:89:69:09:2c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Feb 28 06:40:07 2026 GMT
Not After : May 29 23:59:59 2026 GMT
Subject: serialNumber=9b6012f9662b0fbcad524deb892597b510cb1abebb4d8c8e099f826d411d121f, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c5:d6:99:e3:66:f0:01:c5:f7:ed:bd:b5:69:3c:
fd:75:6f:1b:e7:05:ac:4d:4f:e3:31:c0:a1:ec:bd:
23:90:b6:21:ca:f4:6d:19:9c:32:71:73:c0:47:07:
59:6f:54:27:4c:e0:32:88:f6:26:9d:52:a0:17:28:
8d:2e:1c:0b:28:be:73:a6:86:4e:00:33:07:bf:f8:
0a:6e:86:29:3d:0d:da:13:b0:6c:4b:5f:e6:32:45:
d2:d7:9e:ec:b5:8c:ef:df:bf:56:d2:13:95:59:8c:
15:5b:3d:44:fb:1d:e9:c1:eb:43:b0:4e:8c:7c:59:
b9:e0:8b:cc:91:69:af:78:0f:3e:00:40:8b:89:90:
60:b2:b5:7a:3f:92:0e:22:27:94:05:22:e2:9e:f9:
fa:53:8e:03:03:3e:73:e2:1d:bd:0e:d6:62:45:17:
3b:c4:0c:0a:95:b1:2b:4a:cb:fd:02:22:7a:c5:f9:
6e:f4:b9:15:e7:9f:08:fb:fc:32:48:66:3d:cb:cc:
94:34:72:3e:b6:9f:0a:37:82:4e:d5:2d:be:89:05:
fe:fd:22:64:e3:31:85:21:79:f4:2b:b7:72:1e:b5:
3d:d2:58:80:cf:42:7c:3d:14:8a:e9:e3:81:fe:4e:
22:ee:6c:d2:27:9d:7d:8e:ca:29:2c:b7:26:d5:24:
ff:73
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BC:3A:F2:90:C3:1D:04:F5:ED:35:9F:41:B8:F9:D8:7A:5B:97:5A:47
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/af8582f5-d209-4e12-aacf-31186289c430.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
51.216.0.0/15
Signature Algorithm: sha256WithRSAEncryption
ce:6f:8c:23:35:23:c9:93:1d:64:2f:55:7f:8d:d5:01:fa:e9:
ed:3a:f0:90:41:53:42:fd:a1:05:77:73:5f:cc:09:63:79:85:
bb:64:f5:d4:6a:79:55:45:4c:78:ce:55:02:1b:ec:92:0b:e7:
9f:be:f0:48:1b:70:69:be:76:ce:11:f0:d0:ba:03:a0:5d:50:
84:bd:75:02:0c:ce:fe:78:4f:2f:d6:52:80:c4:fc:8e:69:92:
fe:eb:14:6c:3a:83:44:90:9d:6b:cd:ad:7c:56:ff:bd:f5:03:
95:75:3e:d8:c3:15:4e:b5:2c:cf:1d:7e:4f:39:73:23:84:9b:
c8:9e:b6:41:a4:41:ca:a9:e1:10:f8:b2:a8:b9:6e:3c:5c:ce:
8d:26:f2:1c:a8:06:87:aa:30:49:98:b5:64:ee:25:84:49:95:
ce:9c:9e:a5:8b:7b:35:62:0a:98:c3:ae:67:10:60:1d:65:79:
f6:5f:a7:5b:0c:b4:93:7a:6e:f2:1f:8a:2e:cf:2f:85:a3:b0:
67:66:89:01:b3:05:fc:19:94:cc:26:a9:03:96:86:9f:33:e5:
39:25:6e:a1:0f:7d:78:fd:a0:52:2e:90:5e:e7:14:a8:0e:76:
75:62:90:fe:4a:72:8c:e0:b9:14:21:25:86:89:7d:d1:09:43:
67:fe:3d:9f
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUHKLESRKzJ+AHi2JqGWPKC4lpCSwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNjAyMjgwNjQwMDdaFw0yNjA1MjkyMzU5NTlaMHoxSTBHBgNV
BAUTQDliNjAxMmY5NjYyYjBmYmNhZDUyNGRlYjg5MjU5N2I1MTBjYjFhYmViYjRk
OGM4ZTA5OWY4MjZkNDExZDEyMWYxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMXWmeNm8AHF9+29tWk8/XVvG+cFrE1P4zHAoey9I5C2Icr0bRmcMnFzwEcH
WW9UJ0zgMoj2Jp1SoBcojS4cCyi+c6aGTgAzB7/4Cm6GKT0N2hOwbEtf5jJF0tee
7LWM79+/VtITlVmMFVs9RPsd6cHrQ7BOjHxZueCLzJFpr3gPPgBAi4mQYLK1ej+S
DiInlAUi4p75+lOOAwM+c+IdvQ7WYkUXO8QMCpWxK0rL/QIiesX5bvS5FeefCPv8
MkhmPcvMlDRyPrafCjeCTtUtvokF/v0iZOMxhSF59Cu3ch61PdJYgM9CfD0Uiunj
gf5OIu5s0iedfY7KKSy3JtUk/3MCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBS8OvKQ
wx0E9e01n0G4+dh6W5daRzAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
YWY4NTgyZjUtZDIwOS00ZTEyLWFhY2YtMzExODYyODljNDMwLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDATPYMA0G
CSqGSIb3DQEBCwUAA4IBAQDOb4wjNSPJkx1kL1V/jdUB+untOvCQQVNC/aEFd3Nf
zAljeYW7ZPXUanlVRUx4zlUCG+ySC+efvvBIG3BpvnbOEfDQugOgXVCEvXUCDM7+
eE8v1lKAxPyOaZL+6xRsOoNEkJ1rza18Vv+99QOVdT7YwxVOtSzPHX5POXMjhJvI
nrZBpEHKqeEQ+LKouW48XM6NJvIcqAaHqjBJmLVk7iWESZXOnJ6li3s1YgqYw65n
EGAdZXn2X6dbDLSTem7yH4ouzy+Fo7BnZokBswX8GZTMJqkDloafM+U5JW6hD314
/aBSLpBe5xSoDnZ1YpD+SnKM4LkUISWGiX3RCUNn/j2f
-----END CERTIFICATE-----
Generated at Sun Mar 1 23:37:52 2026 by rpki-client