Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/bedc2172-50df-4ea7-8c38-eba2cdf2d5db.roa
File: bedc2172-50df-4ea7-8c38-eba2cdf2d5db.roa (raw, json)
Hash identifier: xTAXDm0SBmljgzoWqe9KUim0E7eRqrtBZyhyXTDkrA0=
Subject key identifier: EE:D5:8E:42:D1:3D:97:98:3E:2C:B5:99:F9:FC:8C:7C:87:AD:38:E7
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 25119AD7A2A07DD96A90F739D4DC2A538C97C65F
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/bedc2172-50df-4ea7-8c38-eba2cdf2d5db.roa
Signing time: Sat 28 Feb 2026 06:40:22 +0000
ROA not before: Sat 28 Feb 2026 06:40:22 +0000
ROA not after: Fri 29 May 2026 23:59:59 +0000
asID: 16509
IP address blocks: 152.134.0.0/16 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 03 Mar 2026 00:00:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
25:11:9a:d7:a2:a0:7d:d9:6a:90:f7:39:d4:dc:2a:53:8c:97:c6:5f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Feb 28 06:40:22 2026 GMT
Not After : May 29 23:59:59 2026 GMT
Subject: serialNumber=40274ed32b5e535cb2ecf74044179308412140d0f198b4c4f831ed6612cdc24c, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:eb:be:ba:d0:c4:55:88:e5:1b:65:12:80:c5:ad:
de:b0:98:d6:dc:80:aa:f4:62:a7:69:28:8c:a1:1a:
cb:d4:f5:d0:45:41:d1:57:0c:6b:94:58:21:67:4c:
6f:9f:ce:2c:aa:a2:14:c9:b0:6a:b6:ee:c0:1c:c0:
8b:86:46:cd:71:d5:2b:f4:4d:a0:35:4c:4d:c0:22:
d1:a6:03:41:0a:e8:cd:7a:10:80:00:84:e8:df:30:
cc:15:90:b0:a1:f4:b5:ea:be:f1:f2:80:21:32:e4:
15:52:e8:7c:8f:6a:fa:d3:df:8d:f6:d0:a6:dd:f7:
ae:13:0d:f3:e1:a9:0b:34:03:77:51:7b:e2:08:e1:
f2:31:b4:e1:e9:17:ac:0f:29:a6:f1:1b:02:40:05:
2b:be:2a:05:54:0c:46:fa:72:20:fb:49:18:fc:74:
2f:d1:24:e6:6d:de:07:7f:11:2e:20:f8:b7:f2:7f:
49:d8:c3:8a:c3:d5:f4:b7:82:5a:a1:9a:0e:ba:d4:
a2:7d:68:31:23:51:e8:87:26:65:15:29:5a:8c:a8:
ab:4f:71:fa:16:c9:4d:68:22:11:1f:3d:81:d9:8c:
25:a6:4e:c2:6f:ac:7f:fa:d6:4c:78:55:1b:cb:dd:
b4:05:2d:18:bd:c2:c4:6e:18:9a:11:28:22:05:27:
89:3b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
EE:D5:8E:42:D1:3D:97:98:3E:2C:B5:99:F9:FC:8C:7C:87:AD:38:E7
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/bedc2172-50df-4ea7-8c38-eba2cdf2d5db.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
152.134.0.0/16
Signature Algorithm: sha256WithRSAEncryption
a5:7b:41:d1:10:ca:29:75:25:6c:5e:e1:e7:db:86:94:89:77:
0a:4b:bd:8d:05:d4:73:73:75:10:f5:b4:ce:00:ac:6c:79:0b:
ea:62:ca:e1:42:aa:f0:93:19:73:51:62:f0:d8:35:91:29:42:
de:5a:38:34:a0:bc:f9:2e:a5:49:0b:a2:28:2c:31:b7:2a:ca:
24:70:99:e1:a0:c7:82:c9:02:d9:51:2c:ae:17:cd:42:cf:a1:
3a:b7:f3:a6:86:3f:43:e7:22:7d:99:e3:63:d6:24:c7:52:34:
d1:e6:30:7f:92:1a:86:00:b6:a5:11:5a:b6:2a:9f:cf:1b:a9:
dd:1c:75:91:40:d6:cb:ed:c8:ac:b4:00:ae:7d:f6:80:dd:2a:
a7:02:0b:15:e7:f5:8a:bf:5a:1c:ea:96:2d:24:a4:d6:65:7f:
ed:29:1c:63:ac:7e:18:8c:67:e3:4a:51:98:b4:44:27:d5:69:
d7:2d:51:0a:b5:5f:64:94:d9:8c:34:04:15:32:e7:0f:86:24:
de:24:c9:27:3c:27:a0:c4:39:98:ea:37:ce:c1:47:50:a0:0f:
a5:ee:e7:9f:df:46:a3:7a:3f:1d:00:2e:37:60:aa:9c:c1:f9:
3a:93:4b:33:73:0b:06:3a:66:17:3f:e4:da:87:76:a3:27:3b:
88:95:31:e0
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUJRGa16KgfdlqkPc51NwqU4yXxl8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNjAyMjgwNjQwMjJaFw0yNjA1MjkyMzU5NTlaMHoxSTBHBgNV
BAUTQDQwMjc0ZWQzMmI1ZTUzNWNiMmVjZjc0MDQ0MTc5MzA4NDEyMTQwZDBmMTk4
YjRjNGY4MzFlZDY2MTJjZGMyNGMxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAOu+utDEVYjlG2USgMWt3rCY1tyAqvRip2kojKEay9T10EVB0VcMa5RYIWdM
b5/OLKqiFMmwarbuwBzAi4ZGzXHVK/RNoDVMTcAi0aYDQQrozXoQgACE6N8wzBWQ
sKH0teq+8fKAITLkFVLofI9q+tPfjfbQpt33rhMN8+GpCzQDd1F74gjh8jG04ekX
rA8ppvEbAkAFK74qBVQMRvpyIPtJGPx0L9Ek5m3eB38RLiD4t/J/SdjDisPV9LeC
WqGaDrrUon1oMSNR6IcmZRUpWoyoq09x+hbJTWgiER89gdmMJaZOwm+sf/rWTHhV
G8vdtAUtGL3CxG4YmhEoIgUniTsCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBTu1Y5C
0T2XmD4stZn5/Ix8h6045zAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
YmVkYzIxNzItNTBkZi00ZWE3LThjMzgtZWJhMmNkZjJkNWRiLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDAJiGMA0G
CSqGSIb3DQEBCwUAA4IBAQCle0HREMopdSVsXuHn24aUiXcKS72NBdRzc3UQ9bTO
AKxseQvqYsrhQqrwkxlzUWLw2DWRKULeWjg0oLz5LqVJC6IoLDG3KsokcJnhoMeC
yQLZUSyuF81Cz6E6t/Omhj9D5yJ9meNj1iTHUjTR5jB/khqGALalEVq2Kp/PG6nd
HHWRQNbL7cistACuffaA3SqnAgsV5/WKv1oc6pYtJKTWZX/tKRxjrH4YjGfjSlGY
tEQn1WnXLVEKtV9klNmMNAQVMucPhiTeJMknPCegxDmY6jfOwUdQoA+l7uef30aj
ej8dAC43YKqcwfk6k0szcwsGOmYXP+Tah3ajJzuIlTHg
-----END CERTIFICATE-----
Generated at Mon Mar 2 09:38:17 2026 by rpki-client