Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/dc5d2309-ce0f-4816-b8d0-260ce079f694.roa
File: dc5d2309-ce0f-4816-b8d0-260ce079f694.roa (raw, json)
Hash identifier: YdD98xehrhwH8favi/+yqO16ba+yD9jzIoGJiDdqCH4=
Subject key identifier: 4E:FC:D5:A7:F5:15:77:C1:68:AA:0B:81:F0:1A:68:9E:01:79:21:94
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 21983EF4C0FF5AE653EA57E7D51786C0B9CB594A
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/dc5d2309-ce0f-4816-b8d0-260ce079f694.roa
Signing time: Sat 28 Feb 2026 06:30:59 +0000
ROA not before: Sat 28 Feb 2026 06:30:59 +0000
ROA not after: Fri 29 May 2026 23:59:59 +0000
asID: 16509
IP address blocks: 212.255.0.0/16 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 15:00:27 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
21:98:3e:f4:c0:ff:5a:e6:53:ea:57:e7:d5:17:86:c0:b9:cb:59:4a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Feb 28 06:30:59 2026 GMT
Not After : May 29 23:59:59 2026 GMT
Subject: serialNumber=02b9d46bedb20d8d65074c3fb2e30fbf713c27e89b0fbb8b34012a202242f135, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bd:10:33:6e:17:46:8c:66:6c:a6:9a:6e:b1:14:
03:64:7e:50:ae:90:4b:21:94:fd:9c:46:fc:21:7f:
06:09:ff:07:29:2e:2c:24:60:8f:34:78:21:6e:82:
aa:2f:24:b4:d7:ae:a5:60:e7:66:e6:68:34:87:d7:
ca:82:bc:69:02:26:5c:3c:79:64:bd:57:d0:23:bf:
8c:c4:30:8c:13:cf:a9:c7:dc:58:68:c4:24:3d:79:
b2:2b:d8:89:80:e9:62:97:bf:ae:71:1d:dc:5c:48:
5b:49:5d:2d:e1:81:8d:7c:91:2f:49:d7:68:02:a8:
53:f8:b4:52:77:b2:2b:77:7e:14:13:a5:26:1a:73:
dc:0c:35:1c:59:53:b9:6f:34:74:59:6d:48:e9:21:
9f:52:ce:6a:ae:c1:14:18:92:3a:8e:0c:0b:b3:f0:
27:62:31:ac:29:55:b8:70:af:27:8c:00:ca:a7:be:
5b:59:80:ae:95:de:5e:d3:5e:8b:69:36:fb:0d:8d:
22:df:c1:dd:68:27:11:fe:25:c2:b6:02:a5:42:b6:
31:61:9b:17:e3:43:d5:57:ee:31:7f:88:41:39:c1:
c9:eb:96:a7:24:34:b3:73:16:cc:33:71:7c:dc:cc:
85:83:a6:07:0a:96:34:04:92:db:b4:c0:72:4f:c0:
f5:57
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4E:FC:D5:A7:F5:15:77:C1:68:AA:0B:81:F0:1A:68:9E:01:79:21:94
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/dc5d2309-ce0f-4816-b8d0-260ce079f694.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
212.255.0.0/16
Signature Algorithm: sha256WithRSAEncryption
74:81:75:67:d2:6b:a9:19:ca:1c:cd:c0:94:e7:80:9a:72:63:
4c:bd:85:39:5e:e6:2a:e9:cf:9a:06:c5:e7:9e:e8:d9:a4:cd:
30:df:e1:1c:87:6b:f4:83:fc:2d:e2:da:12:49:c8:87:54:53:
2e:b3:89:1b:3b:1c:a8:0a:ad:a4:bc:30:8e:76:98:e1:a7:00:
e8:3a:6f:da:6f:bc:81:83:6b:af:e8:bf:ad:be:d4:b0:e9:d6:
09:55:26:00:c5:30:91:e9:48:4a:4a:5b:9f:be:9d:b3:d0:fc:
00:40:a2:c7:59:7e:21:cf:06:87:36:d4:23:12:ca:fc:72:64:
17:2c:3a:fc:d8:ed:ea:bf:64:82:33:4b:b9:aa:c0:31:39:a9:
db:8c:7c:0d:cd:5d:e5:6b:46:ce:e8:a9:ed:74:c3:4d:24:a6:
d8:8b:29:c5:d3:3c:cb:6b:b8:e5:44:26:d4:a9:3d:15:1c:1c:
32:4a:8e:4a:76:34:98:79:94:a3:06:21:00:0e:04:9e:73:d6:
31:a1:a7:e5:cd:46:9c:f1:3d:2f:aa:f4:b7:2e:56:9a:9c:97:
fb:a4:cd:23:e0:b2:b8:23:93:28:32:43:43:88:f3:0d:b8:32:
6f:39:5e:d7:31:3c:20:26:65:91:76:cb:a5:f6:e0:87:d4:30:
eb:2a:07:b8
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUIZg+9MD/WuZT6lfn1ReGwLnLWUowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNjAyMjgwNjMwNTlaFw0yNjA1MjkyMzU5NTlaMHoxSTBHBgNV
BAUTQDAyYjlkNDZiZWRiMjBkOGQ2NTA3NGMzZmIyZTMwZmJmNzEzYzI3ZTg5YjBm
YmI4YjM0MDEyYTIwMjI0MmYxMzUxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAL0QM24XRoxmbKaabrEUA2R+UK6QSyGU/ZxG/CF/Bgn/BykuLCRgjzR4IW6C
qi8ktNeupWDnZuZoNIfXyoK8aQImXDx5ZL1X0CO/jMQwjBPPqcfcWGjEJD15sivY
iYDpYpe/rnEd3FxIW0ldLeGBjXyRL0nXaAKoU/i0UneyK3d+FBOlJhpz3Aw1HFlT
uW80dFltSOkhn1LOaq7BFBiSOo4MC7PwJ2IxrClVuHCvJ4wAyqe+W1mArpXeXtNe
i2k2+w2NIt/B3WgnEf4lwrYCpUK2MWGbF+ND1VfuMX+IQTnByeuWpyQ0s3MWzDNx
fNzMhYOmBwqWNASS27TAck/A9VcCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBRO/NWn
9RV3wWiqC4HwGmieAXkhlDAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
ZGM1ZDIzMDktY2UwZi00ODE2LWI4ZDAtMjYwY2UwNzlmNjk0LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDANT/MA0G
CSqGSIb3DQEBCwUAA4IBAQB0gXVn0mupGcoczcCU54CacmNMvYU5XuYq6c+aBsXn
nujZpM0w3+Ech2v0g/wt4toSSciHVFMus4kbOxyoCq2kvDCOdpjhpwDoOm/ab7yB
g2uv6L+tvtSw6dYJVSYAxTCR6UhKSlufvp2z0PwAQKLHWX4hzwaHNtQjEsr8cmQX
LDr82O3qv2SCM0u5qsAxOanbjHwNzV3la0bO6KntdMNNJKbYiynF0zzLa7jlRCbU
qT0VHBwySo5KdjSYeZSjBiEADgSec9YxoaflzUac8T0vqvS3LlaanJf7pM0j4LK4
I5MoMkNDiPMNuDJvOV7XMTwgJmWRdsul9uCH1DDrKge4
-----END CERTIFICATE-----
Generated at Sun Mar 1 21:48:35 2026 by rpki-client