Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/f0b62efe-867d-4733-9b0c-8354a04195f8.roa
File: f0b62efe-867d-4733-9b0c-8354a04195f8.roa (raw, json)
Hash identifier: abkMhes7ueAYzJ8D8+QnIFREEqioLtJtnFoESegCzs4=
Subject key identifier: 03:A6:94:37:6E:A0:EE:9F:1D:1C:97:C6:2D:C6:A0:A4:22:7C:7D:5A
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 69E8C39DDCD9DBD476015A7CA4DFD2FD4BD2AD44
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/f0b62efe-867d-4733-9b0c-8354a04195f8.roa
Signing time: Sat 28 Feb 2026 06:30:17 +0000
ROA not before: Sat 28 Feb 2026 06:30:17 +0000
ROA not after: Fri 29 May 2026 23:59:59 +0000
asID: 16509
IP address blocks: 51.128.0.0/16 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 18:00:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
69:e8:c3:9d:dc:d9:db:d4:76:01:5a:7c:a4:df:d2:fd:4b:d2:ad:44
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Feb 28 06:30:17 2026 GMT
Not After : May 29 23:59:59 2026 GMT
Subject: serialNumber=ad95d9a00aa399f55c0b2b29c91c2575838e7e0b9b9df85981caecf27f3e1a45, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c1:0d:64:8a:ab:2e:5f:22:f9:f7:c4:4d:45:48:
a9:33:7c:34:67:30:f6:c2:d2:d8:29:2e:24:f1:df:
50:ef:8f:43:8f:99:bc:a3:f7:9c:73:1b:e7:7b:b2:
dd:6d:cd:6e:9a:90:9d:0a:8c:f2:87:90:e8:cc:b7:
27:61:fc:99:71:94:81:42:ab:2b:5d:6b:92:bf:3c:
cc:b9:80:55:76:23:8b:63:95:cf:fb:cc:4b:10:51:
93:68:32:70:e3:9a:fe:8b:c9:ab:2b:a2:28:7c:eb:
d2:52:83:c1:17:37:72:41:f6:96:53:c2:3a:a9:79:
1e:19:62:7f:54:bb:20:e0:f4:d5:93:18:93:9f:b3:
ae:b4:70:5f:05:fe:15:93:7e:c2:24:ae:27:7d:37:
80:88:92:27:47:27:48:7d:96:1e:da:f4:f4:31:ee:
23:dd:5f:41:f7:1a:bf:60:ec:d3:db:a4:7a:77:40:
8e:ea:a4:b2:df:6e:f7:0a:d5:5a:07:4a:cb:17:d4:
23:8c:89:11:2e:a5:66:17:2e:a2:cd:4e:03:87:f0:
58:00:c5:c7:50:8a:16:07:7d:54:15:15:2b:1d:18:
a4:8a:49:6a:89:53:6c:e7:7e:2a:c0:d4:af:4f:bd:
96:ee:04:a8:2e:e0:e3:5f:09:c5:21:46:52:6b:a1:
58:55
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
03:A6:94:37:6E:A0:EE:9F:1D:1C:97:C6:2D:C6:A0:A4:22:7C:7D:5A
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/f0b62efe-867d-4733-9b0c-8354a04195f8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
51.128.0.0/16
Signature Algorithm: sha256WithRSAEncryption
38:df:f2:4a:17:c1:c7:ba:06:f6:bd:06:50:90:2e:61:e8:e9:
e6:5f:4d:f0:a4:ca:53:ed:fc:6a:97:c0:63:a4:c7:a2:a5:e7:
02:9e:04:8d:43:6d:9c:eb:65:d0:29:55:5a:87:1b:2b:9d:b6:
5b:23:4b:47:4e:05:9f:ac:76:f0:d3:54:d1:2c:5f:37:e5:a3:
1d:82:0e:5e:4f:f6:c2:c9:e2:df:f7:78:c2:0d:75:e3:38:65:
b8:f0:28:17:02:98:a0:b3:99:06:23:64:e2:45:35:e5:75:e1:
91:38:c2:f0:35:51:72:10:fb:cd:b0:1d:6a:8f:7d:be:9e:0d:
01:57:4d:fd:bf:c3:de:5b:a5:94:7c:7b:fd:4b:c8:8f:cc:6e:
6f:75:fc:aa:da:b9:f5:99:55:d5:2e:ab:d1:06:d8:dc:41:06:
82:2b:82:2f:6a:b7:9a:9a:4a:e8:81:55:e5:d6:7c:ab:69:92:
37:be:55:31:c9:d8:6c:33:c2:33:c0:21:aa:00:e2:5f:86:01:
d9:93:25:87:19:d4:64:25:c1:28:00:91:11:f5:8f:f4:f3:7b:
b3:f1:e7:ef:f3:15:34:72:55:24:41:2a:cd:2c:ef:cb:ca:b2:
e9:14:aa:df:79:06:f0:ce:38:94:8e:b8:26:39:1c:4f:6b:ff:
7d:61:fe:9f
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUaejDndzZ29R2AVp8pN/S/UvSrUQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNjAyMjgwNjMwMTdaFw0yNjA1MjkyMzU5NTlaMHoxSTBHBgNV
BAUTQGFkOTVkOWEwMGFhMzk5ZjU1YzBiMmIyOWM5MWMyNTc1ODM4ZTdlMGI5Yjlk
Zjg1OTgxY2FlY2YyN2YzZTFhNDUxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMENZIqrLl8i+ffETUVIqTN8NGcw9sLS2CkuJPHfUO+PQ4+ZvKP3nHMb53uy
3W3NbpqQnQqM8oeQ6My3J2H8mXGUgUKrK11rkr88zLmAVXYji2OVz/vMSxBRk2gy
cOOa/ovJqyuiKHzr0lKDwRc3ckH2llPCOql5Hhlif1S7IOD01ZMYk5+zrrRwXwX+
FZN+wiSuJ303gIiSJ0cnSH2WHtr09DHuI91fQfcav2Ds09ukendAjuqkst9u9wrV
WgdKyxfUI4yJES6lZhcuos1OA4fwWADFx1CKFgd9VBUVKx0YpIpJaolTbOd+KsDU
r0+9lu4EqC7g418JxSFGUmuhWFUCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBQDppQ3
bqDunx0cl8YtxqCkInx9WjAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
ZjBiNjJlZmUtODY3ZC00NzMzLTliMGMtODM1NGEwNDE5NWY4LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDADOAMA0G
CSqGSIb3DQEBCwUAA4IBAQA43/JKF8HHugb2vQZQkC5h6OnmX03wpMpT7fxql8Bj
pMeipecCngSNQ22c62XQKVVahxsrnbZbI0tHTgWfrHbw01TRLF835aMdgg5eT/bC
yeLf93jCDXXjOGW48CgXApigs5kGI2TiRTXldeGROMLwNVFyEPvNsB1qj32+ng0B
V039v8PeW6WUfHv9S8iPzG5vdfyq2rn1mVXVLqvRBtjcQQaCK4IvareamkrogVXl
1nyraZI3vlUxydhsM8IzwCGqAOJfhgHZkyWHGdRkJcEoAJER9Y/083uz8efv8xU0
clUkQSrNLO/LyrLpFKrfeQbwzjiUjrgmORxPa/99Yf6f
-----END CERTIFICATE-----
Generated at Mon Mar 2 03:23:43 2026 by rpki-client