Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/ecf71776-ef54-415b-8543-7ec55f9b1d9d.roa
File: ecf71776-ef54-415b-8543-7ec55f9b1d9d.roa (raw, json)
Hash identifier: AIi5lyXK6nQovp8ln+Lm2PW4IHpI9Pa54/CgGpC6w9I=
Subject key identifier: 28:78:6D:B1:D9:A8:D0:AF:9D:74:09:05:38:23:27:4B:F0:06:A4:BA
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 1DF23EAD35CAC1B37516BD4748E1BB0083080E6A
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/ecf71776-ef54-415b-8543-7ec55f9b1d9d.roa
Signing time: Fri 06 Feb 2026 00:40:25 +0000
ROA not before: Fri 06 Feb 2026 00:40:25 +0000
ROA not after: Thu 07 May 2026 23:59:59 +0000
asID: 16509
IP address blocks: 51.44.0.0/16 maxlen: 16
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 15:00:27 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
1d:f2:3e:ad:35:ca:c1:b3:75:16:bd:47:48:e1:bb:00:83:08:0e:6a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Feb 6 00:40:25 2026 GMT
Not After : May 7 23:59:59 2026 GMT
Subject: serialNumber=a2cfc760eb700cc9138178c4037abaa7bfd66b2247b0d5e4778899b215cc846a, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a5:b7:7a:e8:86:3e:96:d5:3a:31:2e:1f:8a:98:
43:61:66:30:d5:1d:a1:b3:ce:54:b9:36:5f:87:fc:
61:9a:f9:43:92:ce:94:3e:85:45:41:33:e5:c6:84:
07:a7:f6:e9:99:40:c6:4c:b8:5b:53:fa:7a:15:46:
35:8b:87:ad:15:65:5c:db:05:9f:5f:96:df:90:69:
79:c2:27:a5:26:0d:3b:43:db:74:50:63:ea:aa:75:
db:51:7a:0e:6c:8f:3a:0b:bf:49:ac:53:95:57:24:
b7:69:ef:ee:22:46:df:8e:40:6c:f3:54:54:7e:3a:
f3:26:31:1c:5b:c4:57:e1:2b:d1:22:46:1c:45:77:
da:29:53:57:3b:16:82:a8:81:a0:7c:4a:f5:d9:db:
db:0a:e7:ef:bb:d9:8e:20:bf:33:46:65:f3:03:6e:
89:0e:c6:49:99:c6:72:c1:f1:9b:99:57:e7:fa:92:
7e:71:57:d6:4c:93:34:2a:be:95:ad:e3:64:43:d3:
6d:28:e7:7c:22:ab:32:45:4c:de:75:3d:80:b9:93:
8d:f1:3c:cd:2d:14:c9:5e:ea:b2:12:3f:ec:73:22:
34:18:46:f0:13:89:d7:b4:8a:a7:14:ea:f1:c9:30:
41:4f:94:9e:f6:a0:3e:63:25:fa:9b:0b:fc:37:7b:
61:c3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
28:78:6D:B1:D9:A8:D0:AF:9D:74:09:05:38:23:27:4B:F0:06:A4:BA
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/ecf71776-ef54-415b-8543-7ec55f9b1d9d.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
51.44.0.0/16
Signature Algorithm: sha256WithRSAEncryption
91:8c:46:d6:04:bf:1f:3b:2f:a8:69:20:64:82:12:1f:d3:15:
c6:4c:d7:29:41:b1:91:74:25:9f:5a:f8:74:ed:6a:95:d7:b8:
29:a0:b2:a4:54:a3:d3:19:fa:53:ea:d4:b0:37:38:e6:76:95:
71:6e:96:bc:e3:89:45:ce:04:10:f1:19:e4:6f:6c:1c:47:57:
63:61:6b:a2:4f:01:b4:e5:d5:a2:cc:70:e1:81:ea:77:cc:56:
6a:c0:2d:be:40:1f:f4:49:47:30:ef:0c:36:8b:2f:49:56:b9:
86:90:f5:fb:bd:59:c7:12:2b:7a:99:2d:cb:9b:27:64:60:88:
0a:c6:79:a5:0a:5a:6d:44:37:ac:c4:e4:cc:7c:7e:ce:79:98:
70:09:05:60:03:8e:48:53:db:a4:06:f7:b0:64:7b:b0:37:9a:
74:d4:ee:62:2e:95:a5:2c:bc:56:04:6b:4a:95:55:8d:42:67:
fe:8e:89:4c:ea:1c:0a:cf:72:ba:fe:ba:c2:54:c0:bd:0a:7e:
1a:73:bb:4d:12:cf:eb:7a:dd:59:a0:6f:6a:5b:91:1f:d0:26:
48:f4:55:91:87:57:07:a1:5f:0d:9b:8a:0f:c0:c0:75:84:fd:
82:80:32:c9:e4:76:a0:10:6b:d6:bb:20:49:96:54:3b:02:3e:
bb:ef:0b:18
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUHfI+rTXKwbN1Fr1HSOG7AIMIDmowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNjAyMDYwMDQwMjVaFw0yNjA1MDcyMzU5NTlaMHoxSTBHBgNV
BAUTQGEyY2ZjNzYwZWI3MDBjYzkxMzgxNzhjNDAzN2FiYWE3YmZkNjZiMjI0N2Iw
ZDVlNDc3ODg5OWIyMTVjYzg0NmExLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKW3euiGPpbVOjEuH4qYQ2FmMNUdobPOVLk2X4f8YZr5Q5LOlD6FRUEz5caE
B6f26ZlAxky4W1P6ehVGNYuHrRVlXNsFn1+W35BpecInpSYNO0PbdFBj6qp121F6
DmyPOgu/SaxTlVckt2nv7iJG345AbPNUVH468yYxHFvEV+Er0SJGHEV32ilTVzsW
gqiBoHxK9dnb2wrn77vZjiC/M0Zl8wNuiQ7GSZnGcsHxm5lX5/qSfnFX1kyTNCq+
la3jZEPTbSjnfCKrMkVM3nU9gLmTjfE8zS0UyV7qshI/7HMiNBhG8BOJ17SKpxTq
8ckwQU+UnvagPmMl+psL/Dd7YcMCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBQoeG2x
2ajQr510CQU4IydL8AakujAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
ZWNmNzE3NzYtZWY1NC00MTViLTg1NDMtN2VjNTVmOWIxZDlkLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDADMsMA0G
CSqGSIb3DQEBCwUAA4IBAQCRjEbWBL8fOy+oaSBkghIf0xXGTNcpQbGRdCWfWvh0
7WqV17gpoLKkVKPTGfpT6tSwNzjmdpVxbpa844lFzgQQ8Rnkb2wcR1djYWuiTwG0
5dWizHDhgep3zFZqwC2+QB/0SUcw7ww2iy9JVrmGkPX7vVnHEit6mS3LmydkYIgK
xnmlClptRDesxOTMfH7OeZhwCQVgA45IU9ukBvewZHuwN5p01O5iLpWlLLxWBGtK
lVWNQmf+jolM6hwKz3K6/rrCVMC9Cn4ac7tNEs/ret1ZoG9qW5Ef0CZI9FWRh1cH
oV8Nm4oPwMB1hP2CgDLJ5HagEGvWuyBJllQ7Aj677wsY
-----END CERTIFICATE-----
Generated at Sun Mar 1 21:49:18 2026 by rpki-client