Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/bacf843a-17ee-4ca1-9e3b-8f3728814d21.roa
File: bacf843a-17ee-4ca1-9e3b-8f3728814d21.roa (raw, json)
Hash identifier: IsALXkzoxbtpVWDw3O/UfKajyOIa7t0dytXkfqbL/Kk=
Subject key identifier: BF:6D:5C:F8:3C:C2:0E:5A:FF:3F:97:5B:42:09:62:6E:71:26:DB:3F
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 7C93F366F043BBDEBB9D978F320DAF797F26E188
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/bacf843a-17ee-4ca1-9e3b-8f3728814d21.roa
Signing time: Sat 28 Feb 2026 06:30:47 +0000
ROA not before: Sat 28 Feb 2026 06:30:47 +0000
ROA not after: Fri 29 May 2026 23:59:59 +0000
asID: 14618
IP address blocks: 51.100.0.0/15 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 15:00:27 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
7c:93:f3:66:f0:43:bb:de:bb:9d:97:8f:32:0d:af:79:7f:26:e1:88
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Feb 28 06:30:47 2026 GMT
Not After : May 29 23:59:59 2026 GMT
Subject: serialNumber=c44210fb973683e71bd253d037252ded354d3537f5b9f2e8bcc602b0f538390e, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d1:d5:00:c1:2d:7c:b4:ab:5a:09:0d:99:a2:58:
18:8b:61:0b:a9:41:e4:ac:1f:28:ac:89:0e:b1:42:
6e:46:69:f1:4a:08:2e:d9:4e:13:66:57:db:c3:0e:
d2:08:55:83:5f:fd:9d:74:6c:94:65:ac:d7:74:71:
49:4a:4f:8f:2e:f6:1a:e3:02:a7:7d:6f:52:c0:da:
dd:a5:26:a2:b4:1c:51:b6:74:c2:7f:f1:33:64:22:
76:14:f1:81:d4:53:dc:88:29:23:35:a7:bb:15:f5:
2e:fe:5a:2a:b4:68:77:94:2e:d0:bc:1e:eb:6f:64:
ac:05:07:5a:78:99:0e:33:eb:1c:9f:e5:a2:28:94:
70:22:a4:89:eb:61:a4:0f:10:14:f6:bc:19:61:8b:
42:39:20:02:83:a5:ff:5d:5b:91:d5:e3:77:23:c2:
4d:bb:c2:bf:73:ca:e1:58:08:9b:05:15:02:cd:8c:
35:ef:03:4e:d9:46:6c:20:f5:1e:68:57:08:12:be:
86:d9:d7:ca:67:4f:e0:43:4e:e6:a6:a6:2a:6d:8b:
80:66:44:34:a6:07:d7:a8:77:f1:ff:f5:e0:77:18:
8a:20:a2:19:e9:19:e8:df:bf:94:b4:1a:42:64:ee:
b4:7f:91:c9:b6:4c:60:18:d8:eb:77:99:2b:0b:2f:
c8:51
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BF:6D:5C:F8:3C:C2:0E:5A:FF:3F:97:5B:42:09:62:6E:71:26:DB:3F
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/bacf843a-17ee-4ca1-9e3b-8f3728814d21.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
51.100.0.0/15
Signature Algorithm: sha256WithRSAEncryption
2d:65:23:e7:45:4f:09:b5:ea:84:d1:7c:76:de:aa:c4:10:80:
89:72:2a:4d:37:0e:cf:18:c0:87:ab:b9:b7:b5:32:53:a8:c8:
42:cf:4b:99:22:d7:c8:fc:e7:c8:ea:3f:37:e7:03:bd:e9:9d:
de:b5:89:5f:1c:95:24:a8:3c:7e:8c:ed:49:93:3b:5f:30:00:
bd:f3:78:68:d4:a8:43:04:c0:87:72:ce:f6:6c:cf:64:b2:04:
c6:7f:2c:6a:3a:b1:63:a6:d0:65:87:10:4e:3f:ae:9c:f0:d0:
90:8d:ad:ed:32:41:18:ab:00:2e:f7:14:a2:8d:ef:5f:1c:fe:
93:13:af:16:6d:55:92:e3:36:c5:c9:d5:0e:94:94:51:56:45:
24:01:2d:5d:40:03:61:b5:3d:2a:d8:b2:84:2f:e4:e2:44:57:
43:7b:23:a5:ce:28:c6:25:f5:cb:1d:10:30:1c:46:9e:a6:40:
08:25:62:63:70:a0:bd:e5:44:16:21:3f:14:33:64:4b:ef:5d:
47:51:08:8a:cb:e9:59:b5:49:4f:31:61:41:8f:7a:d3:41:30:
fd:5a:ef:7f:60:d2:36:51:3d:c6:1e:a2:bb:be:1c:5c:98:e4:
9f:40:ec:60:81:2b:11:23:61:db:b9:f2:87:ef:e3:f1:6a:1a:
ff:12:15:38
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUfJPzZvBDu967nZePMg2veX8m4YgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNjAyMjgwNjMwNDdaFw0yNjA1MjkyMzU5NTlaMHoxSTBHBgNV
BAUTQGM0NDIxMGZiOTczNjgzZTcxYmQyNTNkMDM3MjUyZGVkMzU0ZDM1MzdmNWI5
ZjJlOGJjYzYwMmIwZjUzODM5MGUxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANHVAMEtfLSrWgkNmaJYGIthC6lB5KwfKKyJDrFCbkZp8UoILtlOE2ZX28MO
0ghVg1/9nXRslGWs13RxSUpPjy72GuMCp31vUsDa3aUmorQcUbZ0wn/xM2QidhTx
gdRT3IgpIzWnuxX1Lv5aKrRod5Qu0Lwe629krAUHWniZDjPrHJ/loiiUcCKkieth
pA8QFPa8GWGLQjkgAoOl/11bkdXjdyPCTbvCv3PK4VgImwUVAs2MNe8DTtlGbCD1
HmhXCBK+htnXymdP4ENO5qamKm2LgGZENKYH16h38f/14HcYiiCiGekZ6N+/lLQa
QmTutH+RybZMYBjY63eZKwsvyFECAwEAAaOCAiAwggIcMB0GA1UdDgQWBBS/bVz4
PMIOWv8/l1tCCWJucSbbPzAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
YmFjZjg0M2EtMTdlZS00Y2ExLTllM2ItOGYzNzI4ODE0ZDIxLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDATNkMA0G
CSqGSIb3DQEBCwUAA4IBAQAtZSPnRU8JteqE0Xx23qrEEICJcipNNw7PGMCHq7m3
tTJTqMhCz0uZItfI/OfI6j835wO96Z3etYlfHJUkqDx+jO1JkztfMAC983ho1KhD
BMCHcs72bM9ksgTGfyxqOrFjptBlhxBOP66c8NCQja3tMkEYqwAu9xSije9fHP6T
E68WbVWS4zbFydUOlJRRVkUkAS1dQANhtT0q2LKEL+TiRFdDeyOlzijGJfXLHRAw
HEaepkAIJWJjcKC95UQWIT8UM2RL711HUQiKy+lZtUlPMWFBj3rTQTD9Wu9/YNI2
UT3GHqK7vhxcmOSfQOxggSsRI2HbufKH7+Pxahr/EhU4
-----END CERTIFICATE-----
Generated at Sun Mar 1 23:38:03 2026 by rpki-client