Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/3558ad32-215e-47a4-9f5b-477ec71e940f.roa
File: 3558ad32-215e-47a4-9f5b-477ec71e940f.roa (raw, json)
Hash identifier: G/D0iZ9Ez/zTM8jOBQ/tvml1ucIvU9EPu5kxvQKLn7U=
Subject key identifier: BD:07:52:7A:69:B3:B6:97:18:F1:30:F5:A0:C8:D8:03:E3:4A:C6:7A
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 25B5CA09E9DA37DB1874FAD8D7798F075EB2DC03
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/3558ad32-215e-47a4-9f5b-477ec71e940f.roa
Signing time: Tue 19 May 2026 05:50:20 +0000
ROA not before: Tue 19 May 2026 05:50:20 +0000
ROA not after: Mon 17 Aug 2026 23:59:59 +0000
asID: 16509
IP address blocks: 2a01:578:3::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 09 Jun 2026 23:00:11 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
25:b5:ca:09:e9:da:37:db:18:74:fa:d8:d7:79:8f:07:5e:b2:dc:03
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: May 19 05:50:20 2026 GMT
Not After : Aug 17 23:59:59 2026 GMT
Subject: serialNumber=ba473b9324dc9e552ad131dc12ede715ddd21a9627313e13e16519fcb5dc4914, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c0:f9:28:f2:45:2a:54:78:a3:d9:87:1d:1e:9c:
53:0f:a2:00:1a:9a:15:5e:fb:d1:18:a7:6e:c8:15:
f7:eb:ed:ab:76:c8:85:db:59:ef:7d:2e:7c:db:42:
1c:65:08:80:c4:1e:8f:73:c7:10:79:c5:cc:26:79:
3e:06:e0:fc:25:dd:bc:af:f2:44:06:66:e3:26:9a:
0e:1c:46:93:ba:0b:94:58:ac:de:fe:d5:37:2e:df:
35:d7:bd:58:8c:25:22:c8:7c:d6:2c:49:a8:dc:bc:
90:d5:02:b3:83:a9:ad:f7:4c:79:92:a7:fa:80:5f:
e1:e0:33:fe:59:29:1e:f1:a6:2a:60:5a:cc:04:f3:
f4:06:d9:f2:e4:56:d5:f0:29:50:cc:cc:4e:7d:de:
66:da:e2:db:56:51:7a:ee:d3:48:dd:ae:71:2c:2d:
69:8a:97:b8:8c:1e:c2:89:ac:a7:c3:5c:28:39:b7:
26:d8:40:b2:b0:62:94:80:42:11:42:73:3c:6c:16:
c8:98:e3:0f:e2:7d:9f:bb:6f:e0:ab:6e:2b:97:c5:
9d:e3:f7:9c:95:e4:dc:0a:bd:03:18:42:35:14:de:
9a:ae:94:55:b0:41:7b:c5:48:7c:5f:54:02:97:53:
f5:bb:09:23:6b:e5:6d:40:82:39:77:9a:4f:5c:a8:
8a:e3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BD:07:52:7A:69:B3:B6:97:18:F1:30:F5:A0:C8:D8:03:E3:4A:C6:7A
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/3558ad32-215e-47a4-9f5b-477ec71e940f.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a01:578:3::/48
Signature Algorithm: sha256WithRSAEncryption
d7:7d:c6:e5:52:cd:fb:66:92:3b:dd:64:b6:b8:5f:4d:c0:bc:
db:55:49:b3:2a:93:86:1c:81:93:0f:d2:15:fe:a4:d2:fa:81:
dd:1e:c6:76:fc:de:db:52:7e:3d:d7:fe:74:89:9b:27:b0:f5:
61:91:5b:6a:23:c2:cf:31:2c:57:7e:b3:21:24:29:5e:86:ad:
c4:ab:1e:51:0d:23:78:43:de:a7:54:fa:db:d4:95:e8:61:d3:
8f:d4:0e:f5:12:66:e6:9b:a9:61:f1:42:7d:62:7f:3c:eb:1d:
5c:b4:b6:b3:39:eb:9e:d8:1a:8e:61:37:44:0a:d3:98:a9:c4:
4f:72:69:4c:7c:bc:a3:5c:f2:1e:d8:eb:7c:9b:65:78:ad:f8:
d0:7b:81:26:5f:97:65:a1:7c:53:82:c7:7b:47:77:4d:03:69:
9c:10:54:f0:fb:a1:77:81:5a:bd:08:71:f8:3f:8c:cd:89:3b:
81:73:f3:ad:2c:10:45:d9:f3:3c:72:28:89:08:a3:4c:d9:7a:
6f:45:38:3d:34:ab:62:e4:cb:b1:9d:a7:86:24:1f:e1:b1:8b:
8e:c5:74:47:32:da:08:02:18:da:7a:72:3e:8b:de:71:bb:18:
a7:c7:ad:76:f3:15:e2:f0:cf:45:9e:f6:ec:a9:fe:af:52:cc:
b4:e5:43:e4
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUJbXKCenaN9sYdPrY13mPB16y3AMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNjA1MTkwNTUwMjBaFw0yNjA4MTcyMzU5NTlaMHoxSTBHBgNV
BAUTQGJhNDczYjkzMjRkYzllNTUyYWQxMzFkYzEyZWRlNzE1ZGRkMjFhOTYyNzMx
M2UxM2UxNjUxOWZjYjVkYzQ5MTQxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMD5KPJFKlR4o9mHHR6cUw+iABqaFV770RinbsgV9+vtq3bIhdtZ730ufNtC
HGUIgMQej3PHEHnFzCZ5Pgbg/CXdvK/yRAZm4yaaDhxGk7oLlFis3v7VNy7fNde9
WIwlIsh81ixJqNy8kNUCs4OprfdMeZKn+oBf4eAz/lkpHvGmKmBazATz9AbZ8uRW
1fApUMzMTn3eZtri21ZReu7TSN2ucSwtaYqXuIwewomsp8NcKDm3JthAsrBilIBC
EUJzPGwWyJjjD+J9n7tv4KtuK5fFneP3nJXk3Aq9AxhCNRTemq6UVbBBe8VIfF9U
ApdT9bsJI2vlbUCCOXeaT1yoiuMCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBS9B1J6
abO2lxjxMPWgyNgD40rGejAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
MzU1OGFkMzItMjE1ZS00N2E0LTlmNWItNDc3ZWM3MWU5NDBmLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoBBXgA
AzANBgkqhkiG9w0BAQsFAAOCAQEA133G5VLN+2aSO91ktrhfTcC821VJsyqThhyB
kw/SFf6k0vqB3R7Gdvze21J+Pdf+dImbJ7D1YZFbaiPCzzEsV36zISQpXoatxKse
UQ0jeEPep1T629SV6GHTj9QO9RJm5pupYfFCfWJ/POsdXLS2sznrntgajmE3RArT
mKnET3JpTHy8o1zyHtjrfJtleK340HuBJl+XZaF8U4LHe0d3TQNpnBBU8Puhd4Fa
vQhx+D+MzYk7gXPzrSwQRdnzPHIoiQijTNl6b0U4PTSrYuTLsZ2nhiQf4bGLjsV0
RzLaCAIY2npyPovecbsYp8etdvMV4vDPRZ727Kn+r1LMtOVD5A==
-----END CERTIFICATE-----
Generated at Tue Jun 9 06:05:35 2026 by rpki-client