Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/ef3e6945-57bf-41fe-9e98-2db6c2800547.roa
File: ef3e6945-57bf-41fe-9e98-2db6c2800547.roa (raw, json)
Hash identifier: nl2en+gSeoiq2nSsNs/bHFT6ik2pSHaE31r90eIKEhM=
Subject key identifier: D8:69:68:7B:9A:31:67:F3:C2:8D:CF:E9:8E:BF:DB:A1:81:32:D5:3D
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 611DF6A1813D14382C7701E603542F0024036F45
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/ef3e6945-57bf-41fe-9e98-2db6c2800547.roa
Signing time: Sat 28 Feb 2026 06:30:09 +0000
ROA not before: Sat 28 Feb 2026 06:30:09 +0000
ROA not after: Fri 29 May 2026 23:59:59 +0000
asID: 16509
IP address blocks: 51.208.0.0/15 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 15:00:27 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
61:1d:f6:a1:81:3d:14:38:2c:77:01:e6:03:54:2f:00:24:03:6f:45
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Feb 28 06:30:09 2026 GMT
Not After : May 29 23:59:59 2026 GMT
Subject: serialNumber=244a339dd95cb2ce1324256d1aa722877aa3c32ed8ef30d332ce99bc851e9eab, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e5:68:80:f2:cf:3b:3c:e0:3a:e5:18:5b:29:cb:
91:1d:0c:d8:3d:44:bf:a1:3d:95:70:ec:72:60:fb:
65:dc:07:80:31:0e:11:00:a1:da:da:79:45:04:be:
4b:82:95:de:ff:c0:96:dc:59:dc:bf:86:c9:28:eb:
27:20:73:a9:76:88:78:71:9c:bb:a4:24:5f:1c:a5:
50:50:df:bf:e8:ba:b6:48:05:44:f0:4a:1a:41:6d:
c2:73:36:af:e2:f6:ad:1d:be:ec:e2:f7:06:ee:52:
0c:43:2b:61:92:34:c7:2d:8d:06:8b:f3:88:c6:cd:
b7:e9:20:d4:02:a6:a9:98:1e:d9:33:eb:c4:00:2f:
36:3c:bf:a8:3c:e8:55:55:e9:35:1d:41:9a:7e:eb:
26:15:1c:2b:f1:33:b0:62:d2:b3:ae:1e:92:8a:aa:
b6:66:42:e7:57:de:13:0b:68:4b:1e:25:43:1a:89:
99:19:02:17:51:76:55:53:6e:8c:43:33:b2:0c:90:
ef:72:61:83:97:45:96:bc:17:6d:4a:88:db:be:7e:
e4:1b:dd:13:6d:66:a5:ed:4d:e4:a8:3e:28:c2:8e:
d9:24:2b:2e:23:33:70:43:55:2d:5f:0c:51:e7:5c:
06:94:e3:77:28:31:c0:62:fc:d6:3e:73:cf:cc:5d:
5a:95
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D8:69:68:7B:9A:31:67:F3:C2:8D:CF:E9:8E:BF:DB:A1:81:32:D5:3D
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/ef3e6945-57bf-41fe-9e98-2db6c2800547.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
51.208.0.0/15
Signature Algorithm: sha256WithRSAEncryption
36:ab:b3:fe:11:c5:e9:a6:36:af:49:48:5f:84:5f:c0:64:84:
59:f1:bb:25:a9:d3:cc:ac:29:33:0b:8b:1e:a3:bd:c7:e3:bd:
8e:cf:9d:c0:6c:29:6d:77:df:0f:01:df:21:2f:6f:87:f8:fc:
a6:e0:ff:42:c2:0e:89:29:75:79:24:ce:2b:57:f8:87:b9:87:
0c:fe:13:a0:0f:59:ca:c5:d1:70:fb:77:45:49:a8:71:64:bc:
88:74:4c:f8:94:d3:cf:ea:7c:95:b7:b3:3f:49:55:8c:b8:12:
ae:14:2b:05:8a:e1:21:a2:cf:59:d3:8c:97:ba:ec:a9:3b:c2:
5a:71:4c:93:88:3b:6a:17:cf:a4:97:41:c0:b1:db:95:a1:ab:
43:10:5e:fe:83:5f:a8:dd:69:61:4b:24:f3:d5:07:0a:4d:f8:
14:26:d9:91:44:7e:99:4f:b8:55:f9:8b:a3:1c:89:8b:ca:a5:
4a:a9:eb:d7:69:9c:fe:a6:21:16:2c:55:99:c7:48:20:b3:c8:
27:23:1b:5c:81:38:af:a2:c2:09:f5:db:57:ed:30:34:a0:48:
dc:6b:3e:93:dd:22:e7:6d:ee:9f:0b:55:5f:17:3c:cf:a1:af:
89:4e:2c:74:52:7c:f1:43:09:84:74:6e:81:eb:e0:7f:85:86:
28:f6:52:4f
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUYR32oYE9FDgsdwHmA1QvACQDb0UwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNjAyMjgwNjMwMDlaFw0yNjA1MjkyMzU5NTlaMHoxSTBHBgNV
BAUTQDI0NGEzMzlkZDk1Y2IyY2UxMzI0MjU2ZDFhYTcyMjg3N2FhM2MzMmVkOGVm
MzBkMzMyY2U5OWJjODUxZTllYWIxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAOVogPLPOzzgOuUYWynLkR0M2D1Ev6E9lXDscmD7ZdwHgDEOEQCh2tp5RQS+
S4KV3v/AltxZ3L+GySjrJyBzqXaIeHGcu6QkXxylUFDfv+i6tkgFRPBKGkFtwnM2
r+L2rR2+7OL3Bu5SDEMrYZI0xy2NBovziMbNt+kg1AKmqZge2TPrxAAvNjy/qDzo
VVXpNR1Bmn7rJhUcK/EzsGLSs64ekoqqtmZC51feEwtoSx4lQxqJmRkCF1F2VVNu
jEMzsgyQ73Jhg5dFlrwXbUqI275+5BvdE21mpe1N5Kg+KMKO2SQrLiMzcENVLV8M
UedcBpTjdygxwGL81j5zz8xdWpUCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBTYaWh7
mjFn88KNz+mOv9uhgTLVPTAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
ZWYzZTY5NDUtNTdiZi00MWZlLTllOTgtMmRiNmMyODAwNTQ3LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDATPQMA0G
CSqGSIb3DQEBCwUAA4IBAQA2q7P+EcXppjavSUhfhF/AZIRZ8bslqdPMrCkzC4se
o73H472Oz53AbCltd98PAd8hL2+H+Pym4P9Cwg6JKXV5JM4rV/iHuYcM/hOgD1nK
xdFw+3dFSahxZLyIdEz4lNPP6nyVt7M/SVWMuBKuFCsFiuEhos9Z04yXuuypO8Ja
cUyTiDtqF8+kl0HAsduVoatDEF7+g1+o3WlhSyTz1QcKTfgUJtmRRH6ZT7hV+Yuj
HImLyqVKqevXaZz+piEWLFWZx0ggs8gnIxtcgTivosIJ9dtX7TA0oEjcaz6T3SLn
be6fC1VfFzzPoa+JTix0UnzxQwmEdG6B6+B/hYYo9lJP
-----END CERTIFICATE-----
Generated at Mon Mar 2 01:24:15 2026 by rpki-client