Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/ef3e6945-57bf-41fe-9e98-2db6c2800547.roa
File: ef3e6945-57bf-41fe-9e98-2db6c2800547.roa (raw, json)
Hash identifier: vfaCse58nBg5A7ncQXDwsp37cywlbTLDoduQya67vXs=
Subject key identifier: D8:8B:4F:1C:46:36:33:76:7D:94:E3:3E:35:3E:D0:DF:80:E0:C2:10
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 4B1B287F330D0A030A7703161D97664455810BFD
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/ef3e6945-57bf-41fe-9e98-2db6c2800547.roa
Signing time: Tue 19 May 2026 05:50:07 +0000
ROA not before: Tue 19 May 2026 05:50:07 +0000
ROA not after: Mon 17 Aug 2026 23:59:59 +0000
asID: 16509
IP address blocks: 51.208.0.0/15 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 14 Jun 2026 01:00:11 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
4b:1b:28:7f:33:0d:0a:03:0a:77:03:16:1d:97:66:44:55:81:0b:fd
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: May 19 05:50:07 2026 GMT
Not After : Aug 17 23:59:59 2026 GMT
Subject: serialNumber=28798bcd2eb41a14637ed4a0ee0e8ccb7fd08afd621a8b1f148b56963015bb4a, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c7:b6:58:ec:30:69:31:38:96:c9:be:ff:4f:b2:
8f:35:46:08:ef:12:16:f0:44:9f:a0:4f:4d:43:c8:
ef:8f:b1:47:ae:71:ee:4e:d6:25:0e:b5:bb:da:56:
7b:9d:e9:72:26:6a:ab:f0:ef:b6:c4:b9:a7:da:4b:
2a:ac:fc:b7:71:04:8c:92:d6:a9:56:58:c6:f4:64:
95:e4:38:38:e4:10:df:9e:db:7c:ee:47:4f:02:f2:
05:97:e7:6b:13:d9:15:2d:61:0e:ba:f4:6d:67:34:
8a:51:52:97:15:2f:d1:07:12:fe:6a:31:1e:24:10:
71:aa:a6:5b:9c:18:ac:47:0e:f2:b8:1d:45:d9:4a:
3d:e6:58:82:cf:d3:11:d3:ec:3d:d6:6b:aa:c1:f2:
ee:ce:c8:72:8f:38:2f:5b:ae:e3:7d:be:66:82:16:
28:75:c6:42:76:47:bf:0c:34:94:cd:47:cf:fd:cc:
cf:4a:ac:cd:53:ab:bf:67:41:84:c0:80:5e:63:03:
df:b9:c3:70:e4:d9:3c:da:02:96:5d:44:eb:89:5d:
0f:96:df:10:bd:df:f5:6e:ac:cb:ae:6b:53:21:47:
10:7f:a3:11:36:10:ff:58:94:ef:8a:3f:c8:03:66:
e6:b5:45:81:16:be:e7:f2:80:81:59:66:4d:52:81:
09:35
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D8:8B:4F:1C:46:36:33:76:7D:94:E3:3E:35:3E:D0:DF:80:E0:C2:10
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/ef3e6945-57bf-41fe-9e98-2db6c2800547.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
51.208.0.0/15
Signature Algorithm: sha256WithRSAEncryption
a2:04:bb:53:74:c0:53:01:83:af:3c:26:22:e5:08:8a:ff:c9:
2a:cc:8a:72:bd:a2:2b:9e:6e:41:07:e7:3d:bc:e4:50:d6:9b:
17:a8:34:2b:fa:ba:d5:00:22:77:03:5e:dc:b2:99:20:e0:35:
8c:6d:21:c6:79:1c:03:08:73:66:ce:bc:c0:56:1a:2d:a9:c9:
a0:26:e4:63:34:d7:41:de:aa:fa:d6:6e:45:76:ea:70:e3:47:
47:ca:f0:6c:32:c1:5b:fe:45:24:a7:ae:54:40:e5:33:15:ba:
48:43:eb:69:ba:db:05:36:71:40:fe:94:e1:64:1b:d6:5e:aa:
3a:ea:71:fd:ca:57:f5:f6:29:51:d0:ee:2d:db:88:b8:a7:45:
c4:52:b1:7e:01:c4:c0:8f:8d:a3:c6:77:38:05:bc:2e:56:04:
b6:3a:a2:bb:42:17:23:41:97:d1:56:63:69:79:70:5d:f1:2c:
9c:ad:e4:1d:7e:a2:f4:c2:70:e9:73:a1:aa:07:ff:51:cc:ec:
63:b3:d2:f3:f3:67:71:d1:d7:9b:d8:f3:9e:c9:84:c1:aa:92:
8b:95:a0:6f:28:3e:61:f2:a9:98:2b:de:71:60:26:c2:58:98:
06:bd:48:cd:ef:b4:da:ba:72:43:cd:01:0e:83:0b:79:46:c5:
e2:cc:3f:7c
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUSxsofzMNCgMKdwMWHZdmRFWBC/0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNjA1MTkwNTUwMDdaFw0yNjA4MTcyMzU5NTlaMHoxSTBHBgNV
BAUTQDI4Nzk4YmNkMmViNDFhMTQ2MzdlZDRhMGVlMGU4Y2NiN2ZkMDhhZmQ2MjFh
OGIxZjE0OGI1Njk2MzAxNWJiNGExLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMe2WOwwaTE4lsm+/0+yjzVGCO8SFvBEn6BPTUPI74+xR65x7k7WJQ61u9pW
e53pciZqq/DvtsS5p9pLKqz8t3EEjJLWqVZYxvRkleQ4OOQQ357bfO5HTwLyBZfn
axPZFS1hDrr0bWc0ilFSlxUv0QcS/moxHiQQcaqmW5wYrEcO8rgdRdlKPeZYgs/T
EdPsPdZrqsHy7s7Ico84L1uu432+ZoIWKHXGQnZHvww0lM1Hz/3Mz0qszVOrv2dB
hMCAXmMD37nDcOTZPNoCll1E64ldD5bfEL3f9W6sy65rUyFHEH+jETYQ/1iU74o/
yANm5rVFgRa+5/KAgVlmTVKBCTUCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBTYi08c
RjYzdn2U4z41PtDfgODCEDAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
ZWYzZTY5NDUtNTdiZi00MWZlLTllOTgtMmRiNmMyODAwNTQ3LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDATPQMA0G
CSqGSIb3DQEBCwUAA4IBAQCiBLtTdMBTAYOvPCYi5QiK/8kqzIpyvaIrnm5BB+c9
vORQ1psXqDQr+rrVACJ3A17cspkg4DWMbSHGeRwDCHNmzrzAVhotqcmgJuRjNNdB
3qr61m5Fdupw40dHyvBsMsFb/kUkp65UQOUzFbpIQ+tputsFNnFA/pThZBvWXqo6
6nH9ylf19ilR0O4t24i4p0XEUrF+AcTAj42jxnc4BbwuVgS2OqK7QhcjQZfRVmNp
eXBd8SycreQdfqL0wnDpc6GqB/9RzOxjs9Lz82dx0deb2POeyYTBqpKLlaBvKD5h
8qmYK95xYCbCWJgGvUjN77TaunJDzQEOgwt5RsXizD98
-----END CERTIFICATE-----
Generated at Sat Jun 13 07:58:57 2026 by rpki-client