Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/c2c395e2-491c-4141-ba1e-1b3717841063.roa
File: c2c395e2-491c-4141-ba1e-1b3717841063.roa (raw, json)
Hash identifier: C6eq9N3sgbu6aVvq6NH944wu2JsNeIBGHg0EjmN6NyY=
Subject key identifier: 17:7C:39:BC:C5:2A:42:1D:03:5B:CB:23:28:4D:A2:2B:AB:2E:50:64
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 02000121FF2F9C7BB84ADEB188F93FDBA74FABC1
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/c2c395e2-491c-4141-ba1e-1b3717841063.roa
Signing time: Sat 28 Feb 2026 06:40:45 +0000
ROA not before: Sat 28 Feb 2026 06:40:45 +0000
ROA not after: Fri 29 May 2026 23:59:59 +0000
asID: 16509
IP address blocks: 51.152.0.0/15 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 15:00:27 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
02:00:01:21:ff:2f:9c:7b:b8:4a:de:b1:88:f9:3f:db:a7:4f:ab:c1
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Feb 28 06:40:45 2026 GMT
Not After : May 29 23:59:59 2026 GMT
Subject: serialNumber=3ef61a5fe2cd0da74e42dad3df23959f291a7eac9fab1bde9c13028473b23dfb, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:be:a3:e1:39:06:78:20:76:7b:d1:3b:6d:a6:7c:
c9:8c:5b:8b:af:78:f9:2a:76:f7:bc:c8:a4:c4:0d:
49:ec:f2:da:b1:14:58:6f:a6:a6:b8:28:82:30:6c:
bb:e4:95:46:00:2d:e7:97:34:3d:94:ce:5c:9b:e3:
e0:17:20:43:b4:6c:d8:c8:25:18:60:63:56:9c:4c:
77:69:0e:1d:b3:58:ab:d5:49:dd:98:db:ce:1f:56:
f6:5e:64:b1:4c:25:ae:c7:cb:89:73:d3:b0:4e:5d:
ea:a9:bf:a9:bf:51:44:0a:6a:fe:7c:94:b1:67:c8:
fd:18:42:cb:00:c0:e9:2f:64:e1:24:7f:cd:21:a8:
82:83:c1:8f:48:3e:17:9b:07:f8:7e:1c:a7:6b:83:
4b:00:e4:bf:4b:e1:4d:bc:b9:6e:bc:5c:8c:1b:7b:
6d:6f:aa:54:e4:93:f5:f5:47:80:7f:13:d8:6c:58:
46:45:79:6d:e1:2b:80:9f:7f:9c:4e:2c:16:00:7c:
42:ec:89:58:aa:5e:3f:7b:c2:43:c6:e4:34:de:82:
a9:e2:1c:3f:57:6f:01:1c:b3:0a:bb:a9:f3:1e:8c:
fb:a3:1e:97:e7:e8:cb:48:3f:7d:3a:71:92:ce:66:
da:94:4a:09:84:8c:96:c2:3c:93:8f:04:a1:11:3a:
b6:37
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
17:7C:39:BC:C5:2A:42:1D:03:5B:CB:23:28:4D:A2:2B:AB:2E:50:64
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/c2c395e2-491c-4141-ba1e-1b3717841063.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
51.152.0.0/15
Signature Algorithm: sha256WithRSAEncryption
79:23:55:c8:74:60:50:6e:f2:d5:17:9d:2a:56:de:2e:18:44:
97:2d:8c:3b:6f:72:06:d3:b8:27:bc:de:29:38:5e:69:6f:9d:
17:c3:14:a4:b0:3b:d6:90:ce:02:bb:53:c1:0e:9a:c0:dd:29:
11:80:53:6a:d6:8c:0f:98:23:8d:fb:a2:5f:d6:c8:ba:eb:9f:
7a:b0:b3:64:f0:ff:d8:84:88:1f:6c:8a:70:2e:b7:80:43:00:
7d:c9:8b:c9:10:c1:b4:31:76:5a:c6:00:c6:a6:c8:e3:2d:92:
1f:80:07:08:5c:ec:b2:b8:4e:4b:64:97:92:e8:b8:d9:6f:b6:
ba:7b:27:8e:0d:5c:19:55:03:26:ae:db:0f:82:f6:e6:06:e8:
77:c6:a9:1e:f0:12:6f:72:cd:da:3d:bf:38:0c:4d:a1:45:a0:
2e:ba:2a:53:81:19:47:29:2b:2d:b3:4e:aa:46:37:60:ed:88:
48:a3:57:a6:34:c1:12:dd:94:49:5a:b2:8e:a4:ef:c1:a7:f4:
44:72:e4:71:f3:d6:08:7f:cd:58:3a:c0:9e:57:69:f9:db:3b:
72:86:a5:e4:99:95:f2:e8:88:18:e4:d9:4a:f4:7f:09:00:f1:
cc:ca:92:d7:b2:3f:71:97:65:ec:0d:9c:c0:6d:dd:81:16:f8:
b7:b6:3c:e5
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUAgABIf8vnHu4St6xiPk/26dPq8EwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNjAyMjgwNjQwNDVaFw0yNjA1MjkyMzU5NTlaMHoxSTBHBgNV
BAUTQDNlZjYxYTVmZTJjZDBkYTc0ZTQyZGFkM2RmMjM5NTlmMjkxYTdlYWM5ZmFi
MWJkZTljMTMwMjg0NzNiMjNkZmIxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAL6j4TkGeCB2e9E7baZ8yYxbi694+Sp297zIpMQNSezy2rEUWG+mprgogjBs
u+SVRgAt55c0PZTOXJvj4BcgQ7Rs2MglGGBjVpxMd2kOHbNYq9VJ3Zjbzh9W9l5k
sUwlrsfLiXPTsE5d6qm/qb9RRApq/nyUsWfI/RhCywDA6S9k4SR/zSGogoPBj0g+
F5sH+H4cp2uDSwDkv0vhTby5brxcjBt7bW+qVOST9fVHgH8T2GxYRkV5beErgJ9/
nE4sFgB8QuyJWKpeP3vCQ8bkNN6CqeIcP1dvARyzCrup8x6M+6Mel+foy0g/fTpx
ks5m2pRKCYSMlsI8k48EoRE6tjcCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBQXfDm8
xSpCHQNbyyMoTaIrqy5QZDAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
YzJjMzk1ZTItNDkxYy00MTQxLWJhMWUtMWIzNzE3ODQxMDYzLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDATOYMA0G
CSqGSIb3DQEBCwUAA4IBAQB5I1XIdGBQbvLVF50qVt4uGESXLYw7b3IG07gnvN4p
OF5pb50XwxSksDvWkM4Cu1PBDprA3SkRgFNq1owPmCON+6Jf1si66596sLNk8P/Y
hIgfbIpwLreAQwB9yYvJEMG0MXZaxgDGpsjjLZIfgAcIXOyyuE5LZJeS6LjZb7a6
eyeODVwZVQMmrtsPgvbmBuh3xqke8BJvcs3aPb84DE2hRaAuuipTgRlHKSsts06q
Rjdg7YhIo1emNMES3ZRJWrKOpO/Bp/REcuRx89YIf81YOsCeV2n52ztyhqXkmZXy
6IgY5NlK9H8JAPHMypLXsj9xl2XsDZzAbd2BFvi3tjzl
-----END CERTIFICATE-----
Generated at Sun Mar 1 21:56:50 2026 by rpki-client