Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/b41fa9b7-d736-4d41-9fc2-9feda5a87248.roa
File: b41fa9b7-d736-4d41-9fc2-9feda5a87248.roa (raw, json)
Hash identifier: 9IpSVolaFECzP6tzyxSRjLXvXb1isGhWKInYnpRxO6o=
Subject key identifier: E8:1A:A1:76:C7:DB:76:AA:5A:78:44:47:94:1C:D5:70:3F:DF:42:7F
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 63DF303AB506A13D2546C6C861E29E0C2B0ED5FE
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/b41fa9b7-d736-4d41-9fc2-9feda5a87248.roa
Signing time: Sun 01 Mar 2026 01:00:13 +0000
ROA not before: Sun 01 Mar 2026 01:00:13 +0000
ROA not after: Sat 30 May 2026 23:59:59 +0000
asID: 16509
IP address blocks: 51.16.255.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 18:00:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
63:df:30:3a:b5:06:a1:3d:25:46:c6:c8:61:e2:9e:0c:2b:0e:d5:fe
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Mar 1 01:00:13 2026 GMT
Not After : May 30 23:59:59 2026 GMT
Subject: serialNumber=eceb1fc9ef63bb7949280309a7cda50fa514435e579f1aedc30fff978afb9e97, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:96:5e:ba:5e:c2:fa:86:a4:7b:86:cd:60:39:90:
39:f8:89:ba:4c:cb:cc:1f:4d:07:8f:28:e8:b7:67:
94:e3:cc:6e:6b:bf:f6:05:56:51:87:f7:f9:25:0f:
18:39:04:d0:ae:07:17:d7:ae:62:08:36:e7:38:21:
dd:df:d4:23:2a:91:14:cb:ed:e3:7f:4f:80:32:bd:
ad:e0:22:ec:31:5f:30:8f:f4:12:7f:c8:90:e2:9c:
25:d1:53:88:6c:39:f7:85:67:ad:1b:c3:ff:8b:d7:
5d:7d:22:e7:37:17:79:89:0d:de:40:0c:a9:f4:44:
6a:4d:a7:73:b6:83:a7:27:b9:31:2e:9e:e7:4f:27:
b4:aa:18:6d:55:49:8f:39:46:d9:df:cf:a8:e7:05:
20:1b:42:e4:4e:c1:ee:53:dd:4f:a7:90:f9:d0:c8:
a9:d9:38:a1:1d:27:b7:81:3e:0a:33:9e:61:97:a1:
16:a7:18:55:55:ef:b5:47:4b:3c:28:b1:22:ee:f9:
58:be:43:6b:e7:0f:59:c5:02:6e:04:da:06:c3:67:
40:fe:ec:90:3c:8f:d8:b6:f4:14:b8:dc:f7:d7:06:
b8:21:d6:2a:7c:86:ff:fd:83:7f:d4:8b:d5:9b:7f:
11:3f:de:af:78:c5:9e:e6:e3:57:62:d4:fc:79:d6:
bc:73
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E8:1A:A1:76:C7:DB:76:AA:5A:78:44:47:94:1C:D5:70:3F:DF:42:7F
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/b41fa9b7-d736-4d41-9fc2-9feda5a87248.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
51.16.255.0/24
Signature Algorithm: sha256WithRSAEncryption
1d:3a:5c:65:52:47:e8:3e:99:08:1b:91:de:75:be:a8:69:9b:
86:b9:34:e3:ed:50:bb:9f:be:d2:de:2f:c1:0c:94:54:4a:65:
78:38:bd:26:e5:36:59:a9:2e:15:b4:5a:f1:3f:01:08:64:4e:
4a:4f:e0:e8:a3:1c:15:8b:34:09:8b:b9:ff:59:c5:2c:35:68:
ca:ca:e8:ac:a8:75:d6:33:e3:8b:17:42:04:55:a6:a4:71:13:
e8:64:db:25:a4:a6:00:26:21:44:1a:ab:03:75:f5:2d:0f:1f:
bd:0a:a5:b3:e2:e4:db:3b:69:d4:c8:22:6b:60:de:52:63:51:
8c:4e:f2:51:7a:fb:bb:c7:01:a0:55:cb:66:a2:98:c2:9f:a8:
5b:77:55:be:a7:ae:14:92:4b:f6:3c:a0:53:c5:83:ad:6c:2a:
fc:9d:b5:6b:fa:22:7e:19:f8:09:3d:37:87:ec:65:f0:7d:17:
91:ab:3e:a4:97:70:92:1f:9b:9e:61:e4:47:db:72:1e:8d:70:
52:2b:c2:af:32:7e:04:60:65:97:a7:59:16:4d:56:51:c7:79:
eb:75:45:7e:95:ed:22:49:11:c5:7d:40:95:58:a9:7f:b9:05:
83:94:0e:b1:9c:1f:00:b0:72:f2:fc:9b:3e:cf:1b:e9:22:71:
e1:18:6a:fe
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUY98wOrUGoT0lRsbIYeKeDCsO1f4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNjAzMDEwMTAwMTNaFw0yNjA1MzAyMzU5NTlaMHoxSTBHBgNV
BAUTQGVjZWIxZmM5ZWY2M2JiNzk0OTI4MDMwOWE3Y2RhNTBmYTUxNDQzNWU1Nzlm
MWFlZGMzMGZmZjk3OGFmYjllOTcxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJZeul7C+oake4bNYDmQOfiJukzLzB9NB48o6LdnlOPMbmu/9gVWUYf3+SUP
GDkE0K4HF9euYgg25zgh3d/UIyqRFMvt439PgDK9reAi7DFfMI/0En/IkOKcJdFT
iGw594VnrRvD/4vXXX0i5zcXeYkN3kAMqfREak2nc7aDpye5MS6e508ntKoYbVVJ
jzlG2d/PqOcFIBtC5E7B7lPdT6eQ+dDIqdk4oR0nt4E+CjOeYZehFqcYVVXvtUdL
PCixIu75WL5Da+cPWcUCbgTaBsNnQP7skDyP2Lb0FLjc99cGuCHWKnyG//2Df9SL
1Zt/ET/er3jFnubjV2LU/HnWvHMCAwEAAaOCAiEwggIdMB0GA1UdDgQWBBToGqF2
x9t2qlp4REeUHNVwP99CfzAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
YjQxZmE5YjctZDczNi00ZDQxLTlmYzItOWZlZGE1YTg3MjQ4LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEADMQ/zAN
BgkqhkiG9w0BAQsFAAOCAQEAHTpcZVJH6D6ZCBuR3nW+qGmbhrk04+1Qu5++0t4v
wQyUVEpleDi9JuU2WakuFbRa8T8BCGROSk/g6KMcFYs0CYu5/1nFLDVoysrorKh1
1jPjixdCBFWmpHET6GTbJaSmACYhRBqrA3X1LQ8fvQqls+Lk2ztp1Mgia2DeUmNR
jE7yUXr7u8cBoFXLZqKYwp+oW3dVvqeuFJJL9jygU8WDrWwq/J21a/oifhn4CT03
h+xl8H0Xkas+pJdwkh+bnmHkR9tyHo1wUivCrzJ+BGBll6dZFk1WUcd563VFfpXt
IkkRxX1AlVipf7kFg5QOsZwfALBy8vybPs8b6SJx4Rhq/g==
-----END CERTIFICATE-----
Generated at Mon Mar 2 02:45:53 2026 by rpki-client