Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/3bba584e-2e0b-4492-94b0-e70177c8f2cd.roa
File: 3bba584e-2e0b-4492-94b0-e70177c8f2cd.roa (raw, json)
Hash identifier: 92l/dGXsY0dyRehuKIp7YWd8rrH9/aDw3mIiukjL7i4=
Subject key identifier: 5B:52:BC:56:AE:04:24:10:A4:E8:86:39:E9:07:A9:11:D4:51:4F:5B
Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Certificate serial: 0314CB4EC1BF6BDD48E07E0F90674A27DD79E1B4
Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/3bba584e-2e0b-4492-94b0-e70177c8f2cd.roa
Signing time: Mon 04 May 2026 15:30:08 +0000
ROA not before: Mon 04 May 2026 15:30:08 +0000
ROA not after: Sun 02 Aug 2026 23:59:59 +0000
asID: 16509
IP address blocks: 57.104.0.0/13 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft
rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 13 May 2026 14:18:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
03:14:cb:4e:c1:bf:6b:dd:48:e0:7e:0f:90:67:4a:27:dd:79:e1:b4
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf
Validity
Not Before: May 4 15:30:08 2026 GMT
Not After : Aug 2 23:59:59 2026 GMT
Subject: serialNumber=18a8c96c3825eb1e5c60222bac36a57829527173d11465023ae52bd2e61a0b5f, CN=c336411a-6651-4f13-8ef9-de681c7c9444
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bb:bb:a0:36:25:59:98:ed:76:7e:9d:cd:b7:0b:
42:4b:40:4a:19:cd:b4:07:73:5c:e1:01:7f:96:46:
9a:6e:fa:47:16:a2:7c:70:26:ea:b4:c4:60:67:9c:
fb:85:5d:32:41:c5:a8:76:5d:26:26:15:7a:36:17:
ef:ae:12:2e:89:be:1b:28:40:8c:5e:10:9c:b9:3e:
d1:8b:8d:fc:aa:3b:15:62:52:04:ef:b0:eb:31:95:
b5:07:eb:09:40:3f:75:9c:d7:3f:b3:89:fb:1e:75:
77:d9:47:74:86:42:60:98:1c:25:33:d1:d2:e5:8d:
aa:38:6c:59:e7:17:31:35:6c:b9:1d:dd:1e:a4:92:
e0:b6:40:c5:bd:e4:d7:e0:60:e5:e0:b6:73:f1:94:
81:32:22:40:61:c1:f4:c1:32:c4:c7:3d:64:33:4b:
1c:52:e0:be:56:90:e9:9d:14:1e:47:bd:09:e6:ea:
73:38:e8:44:be:46:4f:7d:a2:bd:95:6d:e1:45:bf:
98:5b:09:6c:17:95:6e:dd:b7:17:69:7a:ff:54:5d:
5b:0c:c5:09:a3:37:c7:94:6c:b5:fc:b4:4b:dc:f5:
08:81:38:75:11:2c:da:22:b9:42:c3:d1:d5:99:6f:
09:1f:6b:41:26:db:6f:91:c4:e4:dd:f8:fa:b1:f8:
8b:05
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5B:52:BC:56:AE:04:24:10:A4:E8:86:39:E9:07:A9:11:D4:51:4F:5B
X509v3 Authority Key Identifier:
keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/3bba584e-2e0b-4492-94b0-e70177c8f2cd.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
57.104.0.0/13
Signature Algorithm: sha256WithRSAEncryption
31:38:05:43:4c:2c:fa:5f:d0:fc:c7:30:09:d8:5a:84:6d:26:
cd:c7:34:d2:f9:32:e4:14:4a:1a:f2:85:b1:4a:e2:e9:e2:55:
11:48:2d:a4:c4:86:91:9b:32:aa:26:14:31:3d:58:50:70:ee:
8e:80:02:d8:16:56:fc:bd:c6:a3:2f:2a:2b:af:97:d4:46:f4:
9a:49:7d:ab:3a:7c:1c:29:7c:6a:d0:dc:a5:ae:90:77:cf:16:
9c:18:94:12:6f:0b:ef:75:17:f0:b4:22:4c:e4:8c:78:25:7f:
10:b5:97:c6:43:64:d1:78:e9:d6:13:e2:cc:94:c2:d8:6f:17:
0f:ae:db:49:40:c2:ce:3c:a0:dd:1e:8e:8f:4f:a9:db:94:f2:
e4:a2:27:a3:10:80:49:22:f8:c0:50:86:35:24:15:2f:f2:ce:
8d:30:05:83:d8:62:2b:47:73:25:93:b6:a2:00:30:31:a0:f8:
1b:10:55:7b:18:4b:15:ff:81:a1:51:24:a2:5c:ff:62:e5:cf:
e7:24:1c:d3:a8:02:50:7d:79:9c:27:a1:2f:3a:63:7d:c7:40:
5d:9b:40:43:be:da:31:6d:53:d3:c4:bd:c0:98:8f:2e:06:15:
98:be:05:20:43:c2:55:58:b1:ec:d9:c7:b7:8f:e2:fd:04:36:
41:46:c9:f1
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgIUAxTLTsG/a91I4H4PkGdKJ9154bQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw
ZTVjODdjZjAeFw0yNjA1MDQxNTMwMDhaFw0yNjA4MDIyMzU5NTlaMHoxSTBHBgNV
BAUTQDE4YThjOTZjMzgyNWViMWU1YzYwMjIyYmFjMzZhNTc4Mjk1MjcxNzNkMTE0
NjUwMjNhZTUyYmQyZTYxYTBiNWYxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx
My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALu7oDYlWZjtdn6dzbcLQktAShnNtAdzXOEBf5ZGmm76RxaifHAm6rTEYGec
+4VdMkHFqHZdJiYVejYX764SLom+GyhAjF4QnLk+0YuN/Ko7FWJSBO+w6zGVtQfr
CUA/dZzXP7OJ+x51d9lHdIZCYJgcJTPR0uWNqjhsWecXMTVsuR3dHqSS4LZAxb3k
1+Bg5eC2c/GUgTIiQGHB9MEyxMc9ZDNLHFLgvlaQ6Z0UHke9CebqczjoRL5GT32i
vZVt4UW/mFsJbBeVbt23F2l6/1RdWwzFCaM3x5Rstfy0S9z1CIE4dREs2iK5QsPR
1ZlvCR9rQSbbb5HE5N34+rH4iwUCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBRbUrxW
rgQkEKTohjnpB6kR1FFPWzAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH
zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP
S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv
M2JiYTU4NGUtMmUwYi00NDkyLTk0YjAtZTcwMTc3YzhmMmNkLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw
ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDAzloMA0G
CSqGSIb3DQEBCwUAA4IBAQAxOAVDTCz6X9D8xzAJ2FqEbSbNxzTS+TLkFEoa8oWx
SuLp4lURSC2kxIaRmzKqJhQxPVhQcO6OgALYFlb8vcajLyorr5fURvSaSX2rOnwc
KXxq0NylrpB3zxacGJQSbwvvdRfwtCJM5Ix4JX8QtZfGQ2TReOnWE+LMlMLYbxcP
rttJQMLOPKDdHo6PT6nblPLkoiejEIBJIvjAUIY1JBUv8s6NMAWD2GIrR3Mlk7ai
ADAxoPgbEFV7GEsV/4GhUSSiXP9i5c/nJBzTqAJQfXmcJ6EvOmN9x0Bdm0BDvtox
bVPTxL3AmI8uBhWYvgUgQ8JVWLHs2ce3j+L9BDZBRsnx
-----END CERTIFICATE-----
Generated at Tue May 12 23:36:22 2026 by rpki-client