Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/60c12693-1526-46ae-aa45-d5276a0c0f79.roa
File: 60c12693-1526-46ae-aa45-d5276a0c0f79.roa (raw, json)
Hash identifier: Dl6oPuxnItjH7X/gNKJ8kOxMVTKBCuybPIncqte/L1E=
Subject key identifier: DC:E1:3A:3D:BC:32:9F:A3:74:62:86:7E:56:A6:B4:11:1F:87:B5:D5
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 21B135CFCF2484A45D2929D36B631B32A13CEA17
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/60c12693-1526-46ae-aa45-d5276a0c0f79.roa
Signing time: Mon 27 Apr 2026 00:40:32 +0000
ROA not before: Mon 27 Apr 2026 00:40:32 +0000
ROA not after: Sun 26 Jul 2026 23:59:59 +0000
asID: 16509
IP address blocks: 51.86.0.0/15 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 04 May 2026 11:00:49 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
21:b1:35:cf:cf:24:84:a4:5d:29:29:d3:6b:63:1b:32:a1:3c:ea:17
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: Apr 27 00:40:32 2026 GMT
Not After : Jul 26 23:59:59 2026 GMT
Subject: serialNumber=0fafaa0d0241641346134d540db33ddbc14a56b43b7563332a1e54aaad201e5e, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:99:34:82:d7:5a:ac:22:d7:8e:42:4e:9a:f9:a2:
79:3e:c3:5c:49:23:2e:10:87:62:ca:3e:fe:85:0d:
fe:71:5f:ca:00:e9:52:6f:20:ca:0a:b6:d6:19:77:
ae:cf:fe:fe:63:48:70:e7:b4:ce:8a:4d:67:24:f9:
25:dc:42:eb:b1:78:de:fb:37:18:ca:6b:6c:a7:e9:
e1:78:ee:f3:6b:9a:86:32:72:58:5e:47:06:c6:9a:
a1:29:e5:11:87:dd:f1:10:42:76:48:11:3f:07:46:
cc:40:9c:66:9a:93:98:55:81:70:bf:0a:43:79:ca:
98:ee:53:d1:60:fc:0f:26:ec:02:dc:7e:e5:98:22:
4d:a2:19:ef:6e:94:7b:cc:9f:09:40:05:cb:70:4f:
f7:fb:45:91:95:be:0f:f7:c7:c2:9e:9a:05:d7:d4:
53:0a:64:24:e2:72:dc:48:46:e1:ec:f1:4c:18:b5:
81:fb:b6:f2:01:5f:95:90:cd:06:d9:f4:a6:39:57:
99:1c:f6:14:af:68:5e:60:c8:dc:a2:a5:26:0e:8f:
76:52:77:ef:62:07:6a:54:db:8a:ac:41:87:ca:8a:
c4:c1:a3:1e:bc:c9:45:a3:1f:af:9a:96:dd:60:11:
47:f0:59:07:aa:17:0c:05:c3:72:82:cf:a0:25:05:
5e:eb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DC:E1:3A:3D:BC:32:9F:A3:74:62:86:7E:56:A6:B4:11:1F:87:B5:D5
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/60c12693-1526-46ae-aa45-d5276a0c0f79.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
51.86.0.0/15
Signature Algorithm: sha256WithRSAEncryption
10:bb:44:46:43:e4:75:c6:cd:8e:55:f7:9b:07:f2:50:28:50:
f8:82:f5:40:29:ad:98:bb:ca:e9:a0:89:d3:07:77:0e:e5:1f:
24:b4:0a:a1:42:94:05:dd:35:52:04:ab:c9:15:c1:66:41:01:
67:11:5b:b6:6f:a5:1d:9d:16:66:7d:99:3c:e1:f6:71:21:8b:
79:8c:e5:f9:37:69:70:4e:49:60:57:ea:c8:4e:01:02:1a:25:
68:3f:16:64:b5:94:30:81:8a:86:a7:65:b8:70:e1:db:4c:d6:
c5:58:e3:58:7b:f3:69:6e:5e:f7:ce:42:8f:24:25:f4:ba:57:
66:44:31:79:79:64:91:9e:5c:d2:7a:62:6f:28:87:87:f4:4c:
55:c0:be:ab:35:b9:27:b2:95:cd:69:d4:a3:ee:79:01:1e:b2:
a7:4e:dc:7a:0e:d0:23:f2:b3:a8:63:24:5a:24:b7:69:11:fd:
f4:81:f6:30:34:5f:f7:6b:63:70:62:a1:dc:f6:5b:bd:e4:bd:
83:84:60:a5:cb:8b:6b:75:7b:d1:a8:42:a6:b0:43:4c:39:18:
f8:39:36:72:bd:cd:cb:26:e8:c5:6e:dc:a7:49:6c:9d:c5:83:
dc:93:1a:dd:12:de:2e:36:03:ad:28:48:09:c1:ec:bd:0f:e5:
96:74:ed:7e
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUIbE1z88khKRdKSnTa2MbMqE86hcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNjA0MjcwMDQwMzJaFw0yNjA3MjYyMzU5NTlaMHoxSTBHBgNV
BAUTQDBmYWZhYTBkMDI0MTY0MTM0NjEzNGQ1NDBkYjMzZGRiYzE0YTU2YjQzYjc1
NjMzMzJhMWU1NGFhYWQyMDFlNWUxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJk0gtdarCLXjkJOmvmieT7DXEkjLhCHYso+/oUN/nFfygDpUm8gygq21hl3
rs/+/mNIcOe0zopNZyT5JdxC67F43vs3GMprbKfp4Xju82uahjJyWF5HBsaaoSnl
EYfd8RBCdkgRPwdGzECcZpqTmFWBcL8KQ3nKmO5T0WD8DybsAtx+5ZgiTaIZ726U
e8yfCUAFy3BP9/tFkZW+D/fHwp6aBdfUUwpkJOJy3EhG4ezxTBi1gfu28gFflZDN
Btn0pjlXmRz2FK9oXmDI3KKlJg6PdlJ372IHalTbiqxBh8qKxMGjHrzJRaMfr5qW
3WARR/BZB6oXDAXDcoLPoCUFXusCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBTc4To9
vDKfo3Rihn5WprQRH4e11TAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
NjBjMTI2OTMtMTUyNi00NmFlLWFhNDUtZDUyNzZhMGMwZjc5LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDATNWMA0G
CSqGSIb3DQEBCwUAA4IBAQAQu0RGQ+R1xs2OVfebB/JQKFD4gvVAKa2Yu8rpoInT
B3cO5R8ktAqhQpQF3TVSBKvJFcFmQQFnEVu2b6UdnRZmfZk84fZxIYt5jOX5N2lw
TklgV+rITgECGiVoPxZktZQwgYqGp2W4cOHbTNbFWONYe/Npbl73zkKPJCX0uldm
RDF5eWSRnlzSemJvKIeH9ExVwL6rNbknspXNadSj7nkBHrKnTtx6DtAj8rOoYyRa
JLdpEf30gfYwNF/3a2NwYqHc9lu95L2DhGCly4trdXvRqEKmsENMORj4OTZyvc3L
JujFbtynSWydxYPckxrdEt4uNgOtKEgJwey9D+WWdO1+
-----END CERTIFICATE-----
Generated at Sun May 3 16:52:23 2026 by rpki-client