Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/09a66d07-54a4-4c26-8a49-e43710070e4d.roa
File: 09a66d07-54a4-4c26-8a49-e43710070e4d.roa (raw, json)
Hash identifier: 1GcVpRHENBj7zFN/dEIHgYzzy5C8UBoi9ueyDMHsZBg=
Subject key identifier: D2:BB:52:B7:91:EA:00:CE:28:FB:9C:40:BE:55:51:7F:C6:64:B2:1C
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 6BFF20408A9896DA49C3489FE68A315D323B3CEB
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/09a66d07-54a4-4c26-8a49-e43710070e4d.roa
Signing time: Sat 28 Feb 2026 06:01:14 +0000
ROA not before: Sat 28 Feb 2026 06:01:14 +0000
ROA not after: Fri 29 May 2026 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d07f:1080::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 03 Mar 2026 00:00:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
6b:ff:20:40:8a:98:96:da:49:c3:48:9f:e6:8a:31:5d:32:3b:3c:eb
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Feb 28 06:01:14 2026 GMT
Not After : May 29 23:59:59 2026 GMT
Subject: serialNumber=58cee75d5b279a9426ce0e5da22887bbeab1b6e910e58db6ba3e31faf3a99121, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f4:ff:0a:b4:f9:10:f6:b9:1a:ad:2e:32:cc:ae:
09:89:95:e5:bb:96:3f:c4:be:17:8a:a1:b0:55:17:
40:bd:e6:a4:5b:3a:54:df:da:20:a6:0e:9a:30:12:
9b:e6:a4:a4:ec:09:2c:17:2a:8a:79:8e:8e:56:5b:
c4:8b:c8:af:4d:44:8e:65:c5:46:52:6d:28:bf:57:
0e:36:9f:d1:21:eb:34:bb:d3:39:c0:58:5e:d6:bc:
ca:2e:8b:50:06:53:4a:39:48:8a:ba:0d:b6:14:18:
d0:fd:3f:e3:97:de:c8:2f:fa:cb:34:42:f4:d7:51:
0d:27:c5:fc:53:c1:49:c6:8d:57:28:b8:ae:5f:95:
6e:91:12:84:be:ef:65:75:a0:17:dd:e4:f6:21:1a:
27:8d:28:4c:95:54:be:fd:41:eb:0f:0d:17:cc:3d:
ac:dc:96:6e:aa:0f:34:8a:f5:0f:58:7d:c5:75:fc:
78:20:94:f5:e5:59:07:e1:d4:35:b4:b7:26:1f:a6:
ad:1c:d7:8b:74:53:0b:f7:ac:cb:12:32:90:0f:53:
c0:6a:5b:db:ec:fc:fe:04:e7:92:00:e1:d2:c5:13:
b7:f1:c5:dd:96:4f:50:6d:c9:92:16:2f:61:26:84:
34:2d:be:1b:81:92:18:42:a4:49:c5:df:81:e0:39:
79:73
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D2:BB:52:B7:91:EA:00:CE:28:FB:9C:40:BE:55:51:7F:C6:64:B2:1C
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/09a66d07-54a4-4c26-8a49-e43710070e4d.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d07f:1080::/48
Signature Algorithm: sha256WithRSAEncryption
8c:3e:57:f4:51:4c:2f:8f:24:54:81:7e:b0:3c:fd:47:74:0f:
11:2c:19:00:83:53:9e:c7:50:8a:55:24:a3:10:5f:50:ab:c5:
17:3b:85:30:8b:f1:6c:41:09:cd:48:4b:db:b8:f0:e4:39:a3:
d2:db:2b:0e:61:2d:49:55:55:33:d0:d3:be:83:f8:31:16:64:
f0:fd:b0:d1:21:f0:d5:77:b3:30:45:b0:1d:66:aa:f2:a4:a9:
5d:8f:ef:a4:8d:a7:95:6e:88:9f:67:f1:a1:4f:c1:c4:0c:cd:
ea:46:94:18:03:e6:5c:b1:71:c8:b1:e0:1e:d3:4b:e3:43:d8:
b9:43:7b:46:29:9e:68:53:7b:9c:cc:9f:c3:ff:ba:97:8f:59:
75:d5:2d:c5:08:0c:6a:36:6f:27:3b:6f:5e:58:39:63:9b:1a:
b1:43:38:70:c4:43:62:2f:28:32:67:7a:2e:cb:1f:a3:2a:aa:
8f:18:d3:7f:ab:e2:85:78:95:7b:87:c2:19:1b:44:89:3a:89:
0b:4e:45:50:44:17:32:67:83:d9:92:aa:9a:79:f5:87:cd:27:
97:b5:e6:84:f0:1b:44:21:b1:63:f2:93:29:88:1a:0c:5d:12:
98:ec:88:25:c6:e7:82:93:e4:3d:be:ca:1d:73:9b:83:8b:eb:
e0:a2:36:e8
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUa/8gQIqYltpJw0if5ooxXTI7POswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNjAyMjgwNjAxMTRaFw0yNjA1MjkyMzU5NTlaMHoxSTBHBgNV
BAUTQDU4Y2VlNzVkNWIyNzlhOTQyNmNlMGU1ZGEyMjg4N2JiZWFiMWI2ZTkxMGU1
OGRiNmJhM2UzMWZhZjNhOTkxMjExLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAPT/CrT5EPa5Gq0uMsyuCYmV5buWP8S+F4qhsFUXQL3mpFs6VN/aIKYOmjAS
m+akpOwJLBcqinmOjlZbxIvIr01EjmXFRlJtKL9XDjaf0SHrNLvTOcBYXta8yi6L
UAZTSjlIiroNthQY0P0/45feyC/6yzRC9NdRDSfF/FPBScaNVyi4rl+VbpEShL7v
ZXWgF93k9iEaJ40oTJVUvv1B6w8NF8w9rNyWbqoPNIr1D1h9xXX8eCCU9eVZB+HU
NbS3Jh+mrRzXi3RTC/esyxIykA9TwGpb2+z8/gTnkgDh0sUTt/HF3ZZPUG3JkhYv
YSaENC2+G4GSGEKkScXfgeA5eXMCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBTSu1K3
keoAzij7nEC+VVF/xmSyHDAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MDlhNjZkMDctNTRhNC00YzI2LThhNDktZTQzNzEwMDcwZTRkLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0H8Q
gDANBgkqhkiG9w0BAQsFAAOCAQEAjD5X9FFML48kVIF+sDz9R3QPESwZAINTnsdQ
ilUkoxBfUKvFFzuFMIvxbEEJzUhL27jw5Dmj0tsrDmEtSVVVM9DTvoP4MRZk8P2w
0SHw1XezMEWwHWaq8qSpXY/vpI2nlW6In2fxoU/BxAzN6kaUGAPmXLFxyLHgHtNL
40PYuUN7RimeaFN7nMyfw/+6l49ZddUtxQgMajZvJztvXlg5Y5sasUM4cMRDYi8o
Mmd6LssfoyqqjxjTf6vihXiVe4fCGRtEiTqJC05FUEQXMmeD2ZKqmnn1h80nl7Xm
hPAbRCGxY/KTKYgaDF0SmOyIJcbngpPkPb7KHXObg4vr4KI26A==
-----END CERTIFICATE-----
Generated at Mon Mar 2 06:11:41 2026 by rpki-client