Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/fd04a54b-459a-491a-a013-59d0ed55825f.roa
File: fd04a54b-459a-491a-a013-59d0ed55825f.roa (raw, json)
Hash identifier: BL42yMTpXORqKgzjRodvQqCffAiztY+KvqgiYjfHExA=
Subject key identifier: 71:75:2F:65:D9:5F:55:11:BA:0B:08:9F:43:11:99:85:EE:E1:3A:6C
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 4777734373C1DD9E37088603DBF953F8FD2ED104
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/fd04a54b-459a-491a-a013-59d0ed55825f.roa
Signing time: Sat 28 Feb 2026 06:30:13 +0000
ROA not before: Sat 28 Feb 2026 06:30:13 +0000
ROA not after: Fri 29 May 2026 23:59:59 +0000
asID: 16509
IP address blocks: 51.131.0.0/16 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 15:00:27 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
47:77:73:43:73:c1:dd:9e:37:08:86:03:db:f9:53:f8:fd:2e:d1:04
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Feb 28 06:30:13 2026 GMT
Not After : May 29 23:59:59 2026 GMT
Subject: serialNumber=db60b301de7644809049fdf4673f1273f83af25641d59a2ee4b85e01dd541ce8, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c0:14:55:45:7c:34:3d:08:13:76:d8:62:f7:19:
d5:28:a0:b9:29:96:53:be:1c:24:23:bc:94:48:bd:
d9:c9:6e:a7:e7:ee:f7:39:4c:30:b1:5b:fa:1c:0a:
a0:93:a1:a3:c5:89:7d:0a:6a:25:31:d3:fd:40:a7:
0c:a7:a2:01:c0:af:14:06:4c:e0:ae:66:86:06:61:
9a:33:bf:72:51:0d:52:1d:f0:51:1d:2c:ce:16:6a:
6a:60:3b:81:9f:ee:69:c9:3e:3e:d6:07:f7:f3:bb:
7b:af:04:42:bd:fe:04:56:0e:40:dc:85:b7:d0:e3:
14:85:40:ef:6b:fb:85:e4:a2:57:19:f4:f8:18:71:
ef:cc:1e:07:87:6d:b2:30:7e:ab:c4:b8:cf:63:05:
e7:ad:cd:6a:76:59:bb:99:ca:fd:72:7f:07:89:d4:
59:4e:45:15:9f:1f:52:c0:9c:a2:a4:6e:67:27:04:
8a:4b:70:e2:8a:fd:32:79:a3:ac:c0:75:3e:d4:1d:
96:f4:f3:2f:2d:0c:2e:7c:53:db:96:b3:65:67:3a:
f8:ba:33:0d:89:9d:55:a5:02:00:53:ac:62:1c:07:
85:6b:33:22:4b:f1:6e:0a:68:ea:e9:c6:e8:47:e7:
61:1f:90:f8:e8:6f:5f:72:f2:09:e9:73:df:0c:f1:
73:35
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
71:75:2F:65:D9:5F:55:11:BA:0B:08:9F:43:11:99:85:EE:E1:3A:6C
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/fd04a54b-459a-491a-a013-59d0ed55825f.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
51.131.0.0/16
Signature Algorithm: sha256WithRSAEncryption
02:a2:2e:04:b4:e9:a9:d2:0a:8f:41:e2:51:cc:85:76:42:ce:
32:a7:0c:43:bf:5a:fb:28:ef:72:10:f5:61:77:72:05:ac:06:
30:dc:df:be:a1:b8:09:54:7b:20:87:93:61:62:b1:ca:5c:b3:
8f:db:ac:73:9d:aa:35:b4:06:f0:7c:4b:de:6b:e6:71:ea:7d:
58:f8:11:94:63:9d:88:af:a1:49:e6:9f:7d:33:47:99:d8:5e:
dc:93:95:18:d0:c3:4f:a1:4c:e5:29:22:65:cd:92:ca:00:67:
f6:31:d5:db:91:fb:b4:b9:e8:95:82:a9:5c:32:38:9c:4b:33:
4b:a8:d1:1c:2f:11:c6:33:e7:35:aa:c0:5f:e8:93:5b:b4:81:
27:f2:18:eb:1b:79:f5:3c:ec:d4:53:3f:65:3c:aa:54:4c:56:
a5:01:9a:0f:65:f8:ec:f4:98:92:9c:5b:de:0f:75:9b:85:04:
b8:60:ef:c3:19:cc:d6:14:9d:cb:49:69:69:16:1c:18:6a:15:
30:34:d6:52:78:8f:91:2e:bc:55:3b:19:22:82:6f:a8:15:02:
23:f2:d0:93:3f:f0:81:fa:65:de:6a:fe:99:9f:99:cb:e2:e1:
06:65:5c:08:ac:2f:e6:9a:71:45:db:fa:28:4b:67:27:9b:3d:
6d:27:b4:5d
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUR3dzQ3PB3Z43CIYD2/lT+P0u0QQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNjAyMjgwNjMwMTNaFw0yNjA1MjkyMzU5NTlaMHoxSTBHBgNV
BAUTQGRiNjBiMzAxZGU3NjQ0ODA5MDQ5ZmRmNDY3M2YxMjczZjgzYWYyNTY0MWQ1
OWEyZWU0Yjg1ZTAxZGQ1NDFjZTgxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMAUVUV8ND0IE3bYYvcZ1SiguSmWU74cJCO8lEi92clup+fu9zlMMLFb+hwK
oJOho8WJfQpqJTHT/UCnDKeiAcCvFAZM4K5mhgZhmjO/clENUh3wUR0szhZqamA7
gZ/uack+PtYH9/O7e68EQr3+BFYOQNyFt9DjFIVA72v7heSiVxn0+Bhx78weB4dt
sjB+q8S4z2MF563NanZZu5nK/XJ/B4nUWU5FFZ8fUsCcoqRuZycEiktw4or9Mnmj
rMB1PtQdlvTzLy0MLnxT25azZWc6+LozDYmdVaUCAFOsYhwHhWszIkvxbgpo6unG
6EfnYR+Q+OhvX3LyCelz3wzxczUCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBRxdS9l
2V9VEboLCJ9DEZmF7uE6bDAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
ZmQwNGE1NGItNDU5YS00OTFhLWEwMTMtNTlkMGVkNTU4MjVmLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDADODMA0G
CSqGSIb3DQEBCwUAA4IBAQACoi4EtOmp0gqPQeJRzIV2Qs4ypwxDv1r7KO9yEPVh
d3IFrAYw3N++obgJVHsgh5NhYrHKXLOP26xznao1tAbwfEvea+Zx6n1Y+BGUY52I
r6FJ5p99M0eZ2F7ck5UY0MNPoUzlKSJlzZLKAGf2MdXbkfu0ueiVgqlcMjicSzNL
qNEcLxHGM+c1qsBf6JNbtIEn8hjrG3n1POzUUz9lPKpUTFalAZoPZfjs9JiSnFve
D3WbhQS4YO/DGczWFJ3LSWlpFhwYahUwNNZSeI+RLrxVOxkigm+oFQIj8tCTP/CB
+mXeav6Zn5nL4uEGZVwIrC/mmnFF2/ooS2cnmz1tJ7Rd
-----END CERTIFICATE-----
Generated at Sun Mar 1 21:51:13 2026 by rpki-client