Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/0b28278f-4fad-45f4-a194-c2e785f1c443.roa
File: 0b28278f-4fad-45f4-a194-c2e785f1c443.roa (raw, json)
Hash identifier: D3+yMmEwHxjtdAfWUjQ8TUjzopsGIIBP6faZw7Iq3f0=
Subject key identifier: FF:52:08:E4:08:A1:89:3A:97:38:B1:E9:53:15:A8:0B:24:F9:36:C0
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 034353257C4C2A61CC6C9A1B6227C5397B77DDC1
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/0b28278f-4fad-45f4-a194-c2e785f1c443.roa
Signing time: Sat 28 Feb 2026 05:10:33 +0000
ROA not before: Sat 28 Feb 2026 05:10:33 +0000
ROA not after: Fri 29 May 2026 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d019:800::/38 maxlen: 38
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 15:00:27 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
03:43:53:25:7c:4c:2a:61:cc:6c:9a:1b:62:27:c5:39:7b:77:dd:c1
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Feb 28 05:10:33 2026 GMT
Not After : May 29 23:59:59 2026 GMT
Subject: serialNumber=5def0a88e699a70124635b07c7f13424505695e3fc6977503dc2987321c94a98, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bd:96:dc:e3:4d:05:c0:fd:89:90:3f:65:9e:ab:
d6:bf:3e:8f:36:af:e7:bd:a1:ec:31:a9:1a:fb:66:
e3:05:56:ef:fd:3b:10:af:35:5f:58:11:0c:dc:3c:
53:b5:27:63:8d:ea:15:8b:04:e9:60:24:21:14:6a:
95:b5:28:f7:3b:05:4c:ec:fd:45:52:45:68:47:42:
ae:08:73:54:6b:34:36:fe:b3:92:5d:68:ac:32:8f:
54:c6:42:1c:81:03:35:7f:b6:56:c4:4f:e6:85:82:
52:28:96:01:99:91:67:fd:7d:dd:06:a8:bd:53:9d:
bb:5f:1b:4d:ec:3b:64:8b:9b:64:4b:b1:2a:c7:03:
0d:a5:da:a7:9e:a8:46:ac:61:9b:ef:12:d3:f9:6a:
b6:00:fe:d2:43:32:21:12:00:bb:87:67:f0:a6:91:
3f:2b:e2:40:4f:3e:5c:47:14:9f:4c:68:11:06:e7:
75:a1:5a:c3:41:09:30:76:bb:18:bf:9e:e4:63:5b:
6c:25:10:a4:e8:2e:b0:8d:07:10:84:8c:08:9d:fb:
06:47:e9:22:25:3d:62:56:c2:90:ae:0d:5b:f9:21:
78:8a:75:77:4a:4a:af:4f:42:ab:4a:7d:14:d1:c5:
97:3f:6d:20:e7:01:d6:3f:e0:23:84:4a:fd:a1:96:
10:63
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FF:52:08:E4:08:A1:89:3A:97:38:B1:E9:53:15:A8:0B:24:F9:36:C0
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/0b28278f-4fad-45f4-a194-c2e785f1c443.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d019:800::/38
Signature Algorithm: sha256WithRSAEncryption
15:29:88:01:67:b1:d3:d3:de:a6:a5:c0:3d:1e:80:a6:e8:df:
73:9d:bf:13:e6:b6:bc:a7:52:c0:1d:13:6e:96:01:e3:21:73:
cf:c8:9f:41:13:ac:ad:47:d3:ad:89:5f:96:2e:48:c9:9a:fb:
cf:f5:7b:93:04:a4:8e:a0:32:c3:86:36:81:fa:b3:9f:6d:bb:
d7:42:9c:a7:94:0c:02:98:46:2a:f7:6e:a1:8b:27:ca:90:08:
7c:a2:d6:4f:83:4c:fb:f9:98:16:ab:84:8f:34:4e:87:4f:03:
7b:d9:16:2a:3c:39:01:70:08:53:98:b7:c9:09:3d:b7:73:da:
3f:44:6f:ce:b9:fa:ac:e0:c8:16:f5:00:1d:27:3c:20:f3:3e:
b8:95:36:47:8d:7a:88:03:d0:27:2c:ad:1b:cf:2c:33:36:b0:
9b:0c:7d:2f:ca:b2:3b:d8:e5:5a:6a:0a:03:d8:db:a7:99:94:
7d:28:dd:f3:e6:67:cd:7b:9f:6b:60:71:98:46:0f:f1:86:46:
1c:f8:89:48:e5:e5:cf:43:2d:aa:25:01:2f:c8:14:73:76:ef:
20:a6:22:5c:33:66:0d:79:29:4d:30:5f:70:06:00:20:c0:d4:
d9:d3:e1:b9:4c:dd:a9:e6:7a:ba:90:92:e2:8f:e2:bf:e8:1c:
55:ed:c6:59
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUA0NTJXxMKmHMbJobYifFOXt33cEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNjAyMjgwNTEwMzNaFw0yNjA1MjkyMzU5NTlaMHoxSTBHBgNV
BAUTQDVkZWYwYTg4ZTY5OWE3MDEyNDYzNWIwN2M3ZjEzNDI0NTA1Njk1ZTNmYzY5
Nzc1MDNkYzI5ODczMjFjOTRhOTgxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAL2W3ONNBcD9iZA/ZZ6r1r8+jzav572h7DGpGvtm4wVW7/07EK81X1gRDNw8
U7UnY43qFYsE6WAkIRRqlbUo9zsFTOz9RVJFaEdCrghzVGs0Nv6zkl1orDKPVMZC
HIEDNX+2VsRP5oWCUiiWAZmRZ/193QaovVOdu18bTew7ZIubZEuxKscDDaXap56o
Rqxhm+8S0/lqtgD+0kMyIRIAu4dn8KaRPyviQE8+XEcUn0xoEQbndaFaw0EJMHa7
GL+e5GNbbCUQpOgusI0HEISMCJ37BkfpIiU9YlbCkK4NW/kheIp1d0pKr09Cq0p9
FNHFlz9tIOcB1j/gI4RK/aGWEGMCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBT/Ugjk
CKGJOpc4selTFagLJPk2wDAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MGIyODI3OGYtNGZhZC00NWY0LWExOTQtYzJlNzg1ZjFjNDQzLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGAioF0BkI
MA0GCSqGSIb3DQEBCwUAA4IBAQAVKYgBZ7HT096mpcA9HoCm6N9znb8T5ra8p1LA
HRNulgHjIXPPyJ9BE6ytR9OtiV+WLkjJmvvP9XuTBKSOoDLDhjaB+rOfbbvXQpyn
lAwCmEYq926hiyfKkAh8otZPg0z7+ZgWq4SPNE6HTwN72RYqPDkBcAhTmLfJCT23
c9o/RG/Oufqs4MgW9QAdJzwg8z64lTZHjXqIA9AnLK0bzywzNrCbDH0vyrI72OVa
agoD2NunmZR9KN3z5mfNe59rYHGYRg/xhkYc+IlI5eXPQy2qJQEvyBRzdu8gpiJc
M2YNeSlNMF9wBgAgwNTZ0+G5TN2p5nq6kJLij+K/6BxV7cZZ
-----END CERTIFICATE-----
Generated at Sun Mar 1 21:51:16 2026 by rpki-client