Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/ce87dbb9-4413-42c2-ba81-44ccdf95bd2c.roa
File: ce87dbb9-4413-42c2-ba81-44ccdf95bd2c.roa (raw, json)
Hash identifier: AZa5W/PRQPumwIFddIt35vbBTz9cfwIeeXi1Yom28CM=
Subject key identifier: 9A:34:34:D5:BD:05:D8:84:49:7F:36:33:FA:87:FA:9D:0A:1F:F4:52
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 2888AAE2A89C17C1EC607F381F85D4B3462EF205
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/ce87dbb9-4413-42c2-ba81-44ccdf95bd2c.roa
Signing time: Tue 19 May 2026 06:00:30 +0000
ROA not before: Tue 19 May 2026 06:00:30 +0000
ROA not after: Mon 17 Aug 2026 23:59:59 +0000
asID: 16509
IP address blocks: 57.99.0.0/16 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 02 Jun 2026 07:00:27 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
28:88:aa:e2:a8:9c:17:c1:ec:60:7f:38:1f:85:d4:b3:46:2e:f2:05
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: May 19 06:00:30 2026 GMT
Not After : Aug 17 23:59:59 2026 GMT
Subject: serialNumber=8953f2d051c22254d6bbb40f76b5a56d452d682785bccd41f566a19f0ca81073, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:be:c1:c7:62:31:f3:8f:c7:55:03:f3:10:2a:40:
b1:99:9a:fd:e3:57:43:4a:b8:40:7a:ca:95:95:06:
b5:96:ec:3c:39:aa:13:92:d7:5e:fb:2e:f1:2d:43:
99:75:34:5f:cf:3e:74:da:2e:7d:4c:3b:58:f6:8b:
aa:03:40:3d:f1:64:cc:62:d4:8c:cf:f6:24:a9:71:
4b:59:22:3a:f4:1c:42:59:c5:77:9c:bd:fe:19:74:
28:56:17:60:0f:bc:4b:6e:93:87:9f:3d:83:ba:35:
6b:e0:cd:6f:fd:e7:60:03:7a:ea:b3:b7:ae:d3:b5:
2f:36:f6:56:30:72:7c:e8:42:89:ec:a7:38:37:2c:
89:c0:c0:d2:85:c8:84:93:02:60:7e:cb:b3:c4:8b:
58:eb:6e:92:92:53:88:92:29:08:38:18:35:4a:8d:
7f:e0:0a:ba:17:63:46:b0:fb:75:6c:61:50:86:e0:
24:ab:b9:6d:3c:39:26:49:49:8d:f0:8d:a6:c4:96:
d9:e5:c3:b0:7e:2f:f1:08:c4:04:a8:33:cd:ac:3b:
8c:bb:54:ea:a8:f7:0a:0e:b2:21:0f:d1:8c:81:e2:
7f:20:99:41:d2:3f:7b:eb:a1:5d:9c:c3:99:3f:8a:
1d:97:0c:77:b6:c2:f4:5d:87:da:48:90:9c:c6:7e:
49:ef
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9A:34:34:D5:BD:05:D8:84:49:7F:36:33:FA:87:FA:9D:0A:1F:F4:52
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/ce87dbb9-4413-42c2-ba81-44ccdf95bd2c.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
57.99.0.0/16
Signature Algorithm: sha256WithRSAEncryption
10:1d:92:3f:02:62:34:82:6b:77:c9:94:90:88:43:a9:5c:c0:
e9:e3:54:1d:7d:f2:bb:b1:8f:df:66:82:04:9c:d2:9c:98:14:
f0:49:57:7d:48:76:c7:60:d6:9f:99:0a:10:56:6b:60:30:42:
52:de:57:4d:7f:b6:d9:1d:61:ac:d0:7a:09:9e:59:a1:51:61:
a9:d5:88:b0:e3:09:8e:02:16:36:c6:61:95:a9:f3:30:b9:bf:
93:81:9f:1d:c6:2d:d4:5a:d9:3e:c4:0c:47:72:43:3b:84:d5:
16:92:b0:db:af:85:8a:7e:78:d7:30:7e:50:7b:bb:2a:ae:cf:
d6:d0:42:87:f0:f0:d8:bc:b5:b7:f4:6c:a2:83:ca:26:7f:69:
66:37:0f:50:8c:f7:83:fb:cc:45:99:0b:53:75:8f:fc:92:ea:
eb:2e:f8:28:06:2e:c8:21:53:1c:bf:fa:ba:11:a4:56:9a:ad:
7c:28:5e:95:09:79:82:f6:65:45:b3:1a:3c:30:27:b7:ba:64:
80:f8:b8:59:6a:20:88:f4:22:68:73:f2:52:fd:35:cd:ba:af:
95:a5:28:ca:7e:e9:96:48:bf:12:d7:db:45:d7:e1:4a:15:1b:
36:38:8a:7c:5c:22:a1:c2:4b:9f:41:4d:11:62:44:00:3a:2d:
e8:d7:13:7b
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUKIiq4qicF8HsYH84H4XUs0Yu8gUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNjA1MTkwNjAwMzBaFw0yNjA4MTcyMzU5NTlaMHoxSTBHBgNV
BAUTQDg5NTNmMmQwNTFjMjIyNTRkNmJiYjQwZjc2YjVhNTZkNDUyZDY4Mjc4NWJj
Y2Q0MWY1NjZhMTlmMGNhODEwNzMxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAL7Bx2Ix84/HVQPzECpAsZma/eNXQ0q4QHrKlZUGtZbsPDmqE5LXXvsu8S1D
mXU0X88+dNoufUw7WPaLqgNAPfFkzGLUjM/2JKlxS1kiOvQcQlnFd5y9/hl0KFYX
YA+8S26Th589g7o1a+DNb/3nYAN66rO3rtO1Lzb2VjByfOhCieynODcsicDA0oXI
hJMCYH7Ls8SLWOtukpJTiJIpCDgYNUqNf+AKuhdjRrD7dWxhUIbgJKu5bTw5JklJ
jfCNpsSW2eXDsH4v8QjEBKgzzaw7jLtU6qj3Cg6yIQ/RjIHifyCZQdI/e+uhXZzD
mT+KHZcMd7bC9F2H2kiQnMZ+Se8CAwEAAaOCAiAwggIcMB0GA1UdDgQWBBSaNDTV
vQXYhEl/NjP6h/qdCh/0UjAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
Y2U4N2RiYjktNDQxMy00MmMyLWJhODEtNDRjY2RmOTViZDJjLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDADljMA0G
CSqGSIb3DQEBCwUAA4IBAQAQHZI/AmI0gmt3yZSQiEOpXMDp41QdffK7sY/fZoIE
nNKcmBTwSVd9SHbHYNafmQoQVmtgMEJS3ldNf7bZHWGs0HoJnlmhUWGp1Yiw4wmO
AhY2xmGVqfMwub+TgZ8dxi3UWtk+xAxHckM7hNUWkrDbr4WKfnjXMH5Qe7sqrs/W
0EKH8PDYvLW39Gyig8omf2lmNw9QjPeD+8xFmQtTdY/8kurrLvgoBi7IIVMcv/q6
EaRWmq18KF6VCXmC9mVFsxo8MCe3umSA+LhZaiCI9CJoc/JS/TXNuq+VpSjKfumW
SL8S19tF1+FKFRs2OIp8XCKhwkufQU0RYkQAOi3o1xN7
-----END CERTIFICATE-----
Generated at Mon Jun 1 13:21:23 2026 by rpki-client