Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/d485a465-65e9-4a19-a397-f29d1a36d166.roa
File: d485a465-65e9-4a19-a397-f29d1a36d166.roa (raw, json)
Hash identifier: i/vfnQ5lSPTzjDj42WHJAK2jRxAZNc3N3yNxoOlGCpg=
Subject key identifier: F5:D8:C1:01:37:CA:8C:DF:C6:E4:F0:13:BB:37:23:7A:97:21:85:0F
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 0C6004C4B4F5D9ECB5EC2DF8F0957D7104A294E7
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/d485a465-65e9-4a19-a397-f29d1a36d166.roa
Signing time: Sat 28 Feb 2026 06:40:49 +0000
ROA not before: Sat 28 Feb 2026 06:40:49 +0000
ROA not after: Fri 29 May 2026 23:59:59 +0000
asID: 16509
IP address blocks: 195.17.0.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 18:00:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
0c:60:04:c4:b4:f5:d9:ec:b5:ec:2d:f8:f0:95:7d:71:04:a2:94:e7
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Feb 28 06:40:49 2026 GMT
Not After : May 29 23:59:59 2026 GMT
Subject: serialNumber=435afe857544b89461f06f93b97ae0b212a40815434dd9e180838e43ba988937, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:dd:a4:7d:18:13:41:7f:b7:48:6a:b6:8d:f0:20:
ec:3b:e1:59:43:d0:dd:df:15:f9:57:0b:4c:46:4f:
ac:78:37:89:2a:00:7b:06:34:38:95:a6:7f:45:a2:
8d:7d:ff:13:67:91:e8:2b:ff:53:f3:75:12:ab:23:
85:07:3a:01:eb:79:bd:49:fa:a6:1d:64:87:d9:29:
02:bd:6f:c9:22:9b:bb:05:5c:14:28:23:7c:54:a1:
2e:bf:8d:f5:14:04:fd:59:38:68:c9:c5:84:fa:18:
1b:e8:51:e2:7b:fc:31:68:a4:86:4e:72:6b:0d:53:
c6:bf:d1:e8:6f:56:20:1b:67:a9:9b:76:0b:41:0f:
35:96:b1:6b:f0:d2:24:0c:c9:c2:81:bb:db:95:eb:
7f:b4:93:03:9d:49:85:e5:91:31:60:d7:30:5c:89:
29:74:d6:3a:71:c2:5e:c4:96:14:3f:54:1e:75:af:
19:83:91:08:72:42:88:11:56:b4:98:26:a9:2e:a2:
91:36:db:0b:0c:da:b4:8b:93:91:67:d0:11:ae:6f:
20:19:2d:06:4c:52:a4:ac:ee:37:2a:e1:89:fe:9f:
db:c6:d3:b4:a9:0e:35:38:0d:2b:23:b8:25:6e:dd:
8c:6c:9a:33:a1:03:05:97:60:5a:7c:40:05:83:e2:
fe:ab
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F5:D8:C1:01:37:CA:8C:DF:C6:E4:F0:13:BB:37:23:7A:97:21:85:0F
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/d485a465-65e9-4a19-a397-f29d1a36d166.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
195.17.0.0/24
Signature Algorithm: sha256WithRSAEncryption
94:c1:5d:a2:28:01:68:68:77:d2:05:25:af:56:5f:f2:60:71:
4c:dd:52:01:a8:ed:57:e4:e6:d2:e9:ce:ef:74:37:9c:57:a8:
d0:d7:47:62:83:56:05:4c:d7:3c:36:36:08:fe:7e:e7:f0:d0:
64:3a:c8:82:72:80:53:e4:77:21:cc:cd:c4:05:fd:ca:63:ea:
14:04:ed:7c:e7:f4:7e:d3:0f:dd:f7:9c:9d:07:c0:53:18:e2:
a0:1c:f5:29:36:4d:02:79:4d:b8:96:28:3e:45:fc:3c:a6:1d:
4e:57:bd:0b:58:d2:1f:be:d8:93:98:d4:cb:5f:da:ab:37:6e:
94:22:d1:e4:da:34:47:f3:75:0e:ad:4b:6b:fc:1b:e0:28:37:
a9:a1:5b:40:7b:a8:c2:dd:e3:ff:b4:07:71:d1:b0:f8:d5:7e:
7f:70:64:25:80:76:e4:ae:7e:0a:7b:11:b5:66:70:ca:bb:3f:
a6:e3:c6:63:b3:b2:91:d4:ec:88:bf:c7:6a:d9:c2:21:ee:19:
3c:62:69:e2:7e:7c:5b:d0:b3:c2:5d:49:0c:0f:cf:7a:4f:5a:
08:0a:b0:5f:c6:72:c8:79:d8:cb:a3:f0:00:03:cc:26:0c:40:
9e:ce:e3:f8:0e:fc:d9:2c:8a:59:3b:4c:17:25:aa:9f:3a:96:
d4:33:6f:28
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUDGAExLT12ey17C348JV9cQSilOcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNjAyMjgwNjQwNDlaFw0yNjA1MjkyMzU5NTlaMHoxSTBHBgNV
BAUTQDQzNWFmZTg1NzU0NGI4OTQ2MWYwNmY5M2I5N2FlMGIyMTJhNDA4MTU0MzRk
ZDllMTgwODM4ZTQzYmE5ODg5MzcxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAN2kfRgTQX+3SGq2jfAg7DvhWUPQ3d8V+VcLTEZPrHg3iSoAewY0OJWmf0Wi
jX3/E2eR6Cv/U/N1EqsjhQc6Aet5vUn6ph1kh9kpAr1vySKbuwVcFCgjfFShLr+N
9RQE/Vk4aMnFhPoYG+hR4nv8MWikhk5yaw1Txr/R6G9WIBtnqZt2C0EPNZaxa/DS
JAzJwoG725Xrf7STA51JheWRMWDXMFyJKXTWOnHCXsSWFD9UHnWvGYORCHJCiBFW
tJgmqS6ikTbbCwzatIuTkWfQEa5vIBktBkxSpKzuNyrhif6f28bTtKkONTgNKyO4
JW7djGyaM6EDBZdgWnxABYPi/qsCAwEAAaOCAiEwggIdMB0GA1UdDgQWBBT12MEB
N8qM38bk8BO7NyN6lyGFDzAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
ZDQ4NWE0NjUtNjVlOS00YTE5LWEzOTctZjI5ZDFhMzZkMTY2LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAMMRADAN
BgkqhkiG9w0BAQsFAAOCAQEAlMFdoigBaGh30gUlr1Zf8mBxTN1SAajtV+Tm0unO
73Q3nFeo0NdHYoNWBUzXPDY2CP5+5/DQZDrIgnKAU+R3IczNxAX9ymPqFATtfOf0
ftMP3fecnQfAUxjioBz1KTZNAnlNuJYoPkX8PKYdTle9C1jSH77Yk5jUy1/aqzdu
lCLR5No0R/N1Dq1La/wb4Cg3qaFbQHuowt3j/7QHcdGw+NV+f3BkJYB25K5+CnsR
tWZwyrs/puPGY7OykdTsiL/HatnCIe4ZPGJp4n58W9Czwl1JDA/Pek9aCAqwX8Zy
yHnYy6PwAAPMJgxAns7j+A782SyKWTtMFyWqnzqW1DNvKA==
-----END CERTIFICATE-----
Generated at Mon Mar 2 05:16:43 2026 by rpki-client