Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/cf5e86ef-0733-4056-8b1b-683470ef90f1.roa
File: cf5e86ef-0733-4056-8b1b-683470ef90f1.roa (raw, json)
Hash identifier: rdti6ZvzWVPPiPfov6WCEXzq1QRoup/7lPRE835UYik=
Subject key identifier: 5D:F4:EA:6F:41:72:A0:A6:D7:E6:2E:92:AB:F0:D3:8A:CA:17:43:FF
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 580D2E1F4D33148F0BC6746DBFAB69B629B2C623
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/cf5e86ef-0733-4056-8b1b-683470ef90f1.roa
Signing time: Sun 01 Mar 2026 01:00:31 +0000
ROA not before: Sun 01 Mar 2026 01:00:31 +0000
ROA not after: Sat 30 May 2026 23:59:59 +0000
asID: 16509
IP address blocks: 51.0.112.0/21 maxlen: 21
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 03 Mar 2026 09:00:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
58:0d:2e:1f:4d:33:14:8f:0b:c6:74:6d:bf:ab:69:b6:29:b2:c6:23
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Mar 1 01:00:31 2026 GMT
Not After : May 30 23:59:59 2026 GMT
Subject: serialNumber=13d1168bf74216dd3317a3e461c7b05b1de051c5d8b9e6f3336bbfc67c78c5bc, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e4:58:49:7c:e2:9b:51:11:19:b7:45:bc:6d:cd:
2f:ef:12:70:00:0d:15:07:3c:76:6d:80:e1:cb:e7:
5e:8f:86:1a:15:23:f7:c3:b8:3d:6c:31:41:07:ff:
2c:e0:ab:5f:f3:f4:ea:af:eb:4f:83:61:c3:9b:ea:
ec:b5:41:a6:ae:31:83:90:f4:25:0d:69:e7:ad:98:
14:ae:af:af:3e:66:52:0d:45:01:60:e5:08:0b:79:
20:cc:45:e4:28:42:68:f4:24:d3:24:6d:a1:6d:8c:
15:92:c9:19:cf:a1:c9:33:44:b8:a6:9f:84:b1:f9:
b1:61:9e:d3:a0:49:49:d2:cc:5f:47:7b:0c:69:55:
53:84:fc:be:0f:87:b7:af:fc:9e:26:25:ca:4b:9f:
f7:8e:7e:74:f8:9c:a0:58:2e:3a:3c:6d:db:31:a0:
e2:a3:b8:bf:0a:ab:44:8b:04:10:f3:86:5c:bd:d8:
74:d7:dd:71:8d:98:02:44:95:4e:a8:26:3d:06:1a:
78:e8:b6:bf:eb:e1:7d:3e:b6:0e:bc:0d:4d:a1:63:
e6:75:98:c3:cf:31:ec:00:a7:df:a1:9e:b1:32:13:
62:6d:8b:de:50:fb:e6:56:77:a1:9f:39:66:82:34:
41:44:c8:b5:29:16:59:8f:2d:e7:8f:3e:b5:10:e9:
8c:df
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5D:F4:EA:6F:41:72:A0:A6:D7:E6:2E:92:AB:F0:D3:8A:CA:17:43:FF
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/cf5e86ef-0733-4056-8b1b-683470ef90f1.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
51.0.112.0/21
Signature Algorithm: sha256WithRSAEncryption
47:d4:c3:b5:25:34:99:9d:d6:f9:5f:35:bd:92:f8:d1:81:04:
d7:68:da:40:60:d0:9a:9f:f2:7e:de:ad:80:be:f2:ef:8a:74:
b3:f4:59:0f:7c:78:f4:5b:a4:fa:5e:30:52:e8:fd:6c:24:74:
44:ea:34:56:06:96:74:34:be:ec:a6:94:a3:fa:35:e4:44:a4:
14:02:7c:4b:48:97:7a:93:0f:3c:87:b7:51:68:e3:c6:41:56:
92:49:44:b6:3a:d0:01:4d:9d:ae:0a:ec:25:7c:8b:38:53:5a:
ef:f2:98:7f:d5:86:cb:41:27:83:39:0b:56:55:1d:b4:95:9b:
c1:8d:92:40:6a:54:fe:5c:8b:25:f4:1b:af:7b:a1:02:dc:41:
d4:af:2e:19:01:4a:18:9d:7c:c4:1d:a6:0b:83:94:5f:71:d2:
01:da:ed:06:98:a4:ca:86:b0:cf:88:2a:67:88:8f:f0:86:48:
e6:a2:24:65:b1:6e:83:a2:80:bb:c9:2c:88:44:f2:cb:b1:89:
2b:e3:04:0b:d2:10:6c:d2:0a:3a:b9:da:78:d4:8c:5b:fc:28:
e6:3e:3a:87:8f:47:43:f8:e8:1f:bc:a6:00:85:05:b8:37:df:
30:a7:4b:14:4b:7f:a6:71:c6:fa:31:79:29:77:b1:14:15:6e:
f0:e1:6f:87
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUWA0uH00zFI8LxnRtv6tptimyxiMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNjAzMDEwMTAwMzFaFw0yNjA1MzAyMzU5NTlaMHoxSTBHBgNV
BAUTQDEzZDExNjhiZjc0MjE2ZGQzMzE3YTNlNDYxYzdiMDViMWRlMDUxYzVkOGI5
ZTZmMzMzNmJiZmM2N2M3OGM1YmMxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAORYSXzim1ERGbdFvG3NL+8ScAANFQc8dm2A4cvnXo+GGhUj98O4PWwxQQf/
LOCrX/P06q/rT4Nhw5vq7LVBpq4xg5D0JQ1p562YFK6vrz5mUg1FAWDlCAt5IMxF
5ChCaPQk0yRtoW2MFZLJGc+hyTNEuKafhLH5sWGe06BJSdLMX0d7DGlVU4T8vg+H
t6/8niYlykuf945+dPicoFguOjxt2zGg4qO4vwqrRIsEEPOGXL3YdNfdcY2YAkSV
TqgmPQYaeOi2v+vhfT62DrwNTaFj5nWYw88x7ACn36GesTITYm2L3lD75lZ3oZ85
ZoI0QUTItSkWWY8t548+tRDpjN8CAwEAAaOCAiEwggIdMB0GA1UdDgQWBBRd9Opv
QXKgptfmLpKr8NOKyhdD/zAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
Y2Y1ZTg2ZWYtMDczMy00MDU2LThiMWItNjgzNDcwZWY5MGYxLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAzMAcDAN
BgkqhkiG9w0BAQsFAAOCAQEAR9TDtSU0mZ3W+V81vZL40YEE12jaQGDQmp/yft6t
gL7y74p0s/RZD3x49Fuk+l4wUuj9bCR0ROo0VgaWdDS+7KaUo/o15ESkFAJ8S0iX
epMPPIe3UWjjxkFWkklEtjrQAU2drgrsJXyLOFNa7/KYf9WGy0EngzkLVlUdtJWb
wY2SQGpU/lyLJfQbr3uhAtxB1K8uGQFKGJ18xB2mC4OUX3HSAdrtBpikyoawz4gq
Z4iP8IZI5qIkZbFug6KAu8ksiETyy7GJK+MEC9IQbNIKOrnaeNSMW/wo5j46h49H
Q/joH7ymAIUFuDffMKdLFEt/pnHG+jF5KXexFBVu8OFvhw==
-----END CERTIFICATE-----
Generated at Mon Mar 2 12:59:42 2026 by rpki-client