Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/f5f17520-2ea0-4b9a-a01c-04329523a547.roa
File: f5f17520-2ea0-4b9a-a01c-04329523a547.roa (raw, json)
Hash identifier: RD8O5OdKLv2xMoENdTVzox0D6Qxi+KsJDk3DMYxDioA=
Subject key identifier: 99:02:F2:49:5C:5C:E8:95:75:EC:C7:DE:59:EC:17:1E:E4:F1:A6:DA
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 5D5ECD888EC7DBAEDA2645735709ACBDC7BA729F
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/f5f17520-2ea0-4b9a-a01c-04329523a547.roa
Signing time: Fri 13 Feb 2026 15:30:35 +0000
ROA not before: Fri 13 Feb 2026 15:30:35 +0000
ROA not after: Thu 14 May 2026 23:59:59 +0000
asID: 16509
IP address blocks: 195.61.0.0/16 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 15:00:27 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
5d:5e:cd:88:8e:c7:db:ae:da:26:45:73:57:09:ac:bd:c7:ba:72:9f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Feb 13 15:30:35 2026 GMT
Not After : May 14 23:59:59 2026 GMT
Subject: serialNumber=1a92e074f21ed4d3e03e7952343be8e35b5d58cb204c98df2a1f8094644afcf9, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:db:33:cd:49:8e:07:7d:be:8d:3c:39:a3:98:b7:
a9:1e:c6:83:26:5f:d4:1e:61:6c:43:71:a1:c6:8d:
93:e6:f7:33:98:01:80:6f:39:40:34:97:e5:73:21:
f5:e5:32:17:30:9f:cc:1f:f0:46:ae:50:aa:34:b2:
8f:0f:bd:75:af:e6:5e:c9:38:ba:54:6d:d4:6a:55:
e1:be:d7:ae:4b:e3:81:73:14:3b:d2:c2:d7:9f:2f:
35:06:43:4e:fd:10:dd:b5:f4:3b:c2:53:b6:0c:d3:
1d:e4:a2:57:d5:07:c5:3f:6e:e2:fd:d7:60:6e:99:
e2:cf:bc:4d:6b:8b:53:96:0e:56:17:0b:b3:24:dc:
ff:0f:0b:33:d8:37:36:74:cc:e7:14:82:61:6c:27:
88:86:94:79:1e:c7:35:88:b9:24:b0:ff:6d:7e:a7:
7b:f6:f5:d2:55:f2:a6:59:8c:4c:4a:d4:cc:58:08:
5e:a8:48:02:5e:d5:59:e8:51:9a:9d:77:eb:f2:20:
bf:1f:48:85:98:6c:15:8c:b1:e9:80:e5:c7:b9:a5:
fb:23:b8:b9:e0:21:38:38:d2:c6:ff:2a:24:ec:47:
1a:5d:7b:2b:fb:af:89:aa:fb:60:5a:11:5c:76:ec:
ce:c4:f7:b2:2c:47:b2:1e:d0:40:46:6a:43:ab:9b:
87:df
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
99:02:F2:49:5C:5C:E8:95:75:EC:C7:DE:59:EC:17:1E:E4:F1:A6:DA
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/f5f17520-2ea0-4b9a-a01c-04329523a547.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
195.61.0.0/16
Signature Algorithm: sha256WithRSAEncryption
ab:1d:08:7e:ba:ba:d5:fd:69:43:3d:6b:a6:ed:e1:67:43:e3:
d1:c6:0e:08:9c:52:3b:c5:b4:aa:68:d6:aa:9a:88:60:18:49:
03:6b:a3:70:61:58:90:2d:82:38:bb:2c:da:90:f3:d9:46:e4:
7c:18:ca:dc:c4:93:9c:80:26:fc:82:6c:ab:94:70:a9:c1:82:
db:25:97:a2:c9:74:9e:51:72:de:b7:b0:55:00:fe:da:49:95:
9b:93:15:c2:fa:24:ef:89:ea:48:7d:71:8e:18:10:84:de:af:
10:b6:ce:41:0e:6c:7a:61:29:93:3b:26:6a:38:27:b5:9f:ca:
63:e0:31:30:03:fb:78:ff:55:26:04:e6:aa:7b:c8:19:2f:db:
b8:91:c0:a9:a5:ff:f5:68:22:37:5d:68:42:2d:f6:b0:b3:bd:
18:8b:68:81:bf:fe:6a:01:a5:42:01:7d:20:f6:52:4f:d6:cd:
dd:b1:ad:1c:e1:eb:c6:d5:cc:30:91:9c:70:17:64:15:b4:69:
d8:12:98:3d:92:29:92:4e:c3:17:15:85:21:5d:a1:5a:9a:b5:
ff:25:09:bc:2b:52:2b:91:98:56:93:52:6b:b2:08:02:2a:dd:
7e:fa:54:cb:d2:2c:3a:12:8d:80:ae:d7:ef:1d:4d:27:f3:ed:
9f:32:51:b9
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUXV7NiI7H267aJkVzVwmsvce6cp8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNjAyMTMxNTMwMzVaFw0yNjA1MTQyMzU5NTlaMHoxSTBHBgNV
BAUTQDFhOTJlMDc0ZjIxZWQ0ZDNlMDNlNzk1MjM0M2JlOGUzNWI1ZDU4Y2IyMDRj
OThkZjJhMWY4MDk0NjQ0YWZjZjkxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANszzUmOB32+jTw5o5i3qR7GgyZf1B5hbENxocaNk+b3M5gBgG85QDSX5XMh
9eUyFzCfzB/wRq5QqjSyjw+9da/mXsk4ulRt1GpV4b7XrkvjgXMUO9LC158vNQZD
Tv0Q3bX0O8JTtgzTHeSiV9UHxT9u4v3XYG6Z4s+8TWuLU5YOVhcLsyTc/w8LM9g3
NnTM5xSCYWwniIaUeR7HNYi5JLD/bX6ne/b10lXyplmMTErUzFgIXqhIAl7VWehR
mp136/Igvx9IhZhsFYyx6YDlx7ml+yO4ueAhODjSxv8qJOxHGl17K/uviar7YFoR
XHbszsT3sixHsh7QQEZqQ6ubh98CAwEAAaOCAiAwggIcMB0GA1UdDgQWBBSZAvJJ
XFzolXXsx95Z7Bce5PGm2jAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
ZjVmMTc1MjAtMmVhMC00YjlhLWEwMWMtMDQzMjk1MjNhNTQ3LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDAMM9MA0G
CSqGSIb3DQEBCwUAA4IBAQCrHQh+urrV/WlDPWum7eFnQ+PRxg4InFI7xbSqaNaq
mohgGEkDa6NwYViQLYI4uyzakPPZRuR8GMrcxJOcgCb8gmyrlHCpwYLbJZeiyXSe
UXLet7BVAP7aSZWbkxXC+iTviepIfXGOGBCE3q8Qts5BDmx6YSmTOyZqOCe1n8pj
4DEwA/t4/1UmBOaqe8gZL9u4kcCppf/1aCI3XWhCLfaws70Yi2iBv/5qAaVCAX0g
9lJP1s3dsa0c4evG1cwwkZxwF2QVtGnYEpg9kimSTsMXFYUhXaFamrX/JQm8K1Ir
kZhWk1JrsggCKt1++lTL0iw6Eo2ArtfvHU0n8+2fMlG5
-----END CERTIFICATE-----
Generated at Mon Mar 2 01:27:11 2026 by rpki-client