Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/0ca11d15-d37b-4319-9b90-152e667f85ef.roa
File: 0ca11d15-d37b-4319-9b90-152e667f85ef.roa (raw, json)
Hash identifier: d/PqqMOONqzJepKcGQMmB9DMqdf51biFzgy1qEjbJMw=
Subject key identifier: DE:9E:D1:CB:08:96:47:50:27:0E:BF:04:C3:92:E8:9C:EF:F2:94:B2
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 3BADF39614CB11D061A3F7BFC57795207667A6CB
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/0ca11d15-d37b-4319-9b90-152e667f85ef.roa
Signing time: Fri 06 Feb 2026 00:30:15 +0000
ROA not before: Fri 06 Feb 2026 00:30:15 +0000
ROA not after: Thu 07 May 2026 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d06d:6000::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 15:00:27 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
3b:ad:f3:96:14:cb:11:d0:61:a3:f7:bf:c5:77:95:20:76:67:a6:cb
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Feb 6 00:30:15 2026 GMT
Not After : May 7 23:59:59 2026 GMT
Subject: serialNumber=f47512eb19f942837580c1f3d86a0376557e003d345192abd5e134e41c682211, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e0:db:8f:02:ae:f8:c6:d1:7e:f1:b6:ae:71:fe:
28:61:2e:07:4d:25:28:58:75:87:45:a1:75:f9:ab:
0a:b9:3b:b8:1d:39:7f:c3:91:ee:03:7f:43:69:bd:
55:25:03:ea:88:d7:15:ef:c6:54:27:07:2c:22:c3:
87:a3:ff:f4:ad:98:d0:20:e4:6a:52:4a:95:4a:a9:
7f:92:ca:aa:21:10:85:cb:75:0c:20:d5:5c:cd:73:
19:fa:22:db:7c:3f:22:78:77:19:d8:46:6b:6e:ec:
96:18:0f:0a:97:92:7e:2d:b4:51:46:29:00:fa:82:
9c:fd:ea:1c:54:3d:08:46:40:8f:7f:01:1d:68:77:
72:dd:20:ad:3b:bd:1e:6d:7a:e3:a6:39:e4:9a:eb:
a5:d1:2f:a3:de:ee:9b:7b:6f:0e:ec:97:fc:bc:ce:
ad:35:ac:b8:33:ce:17:eb:0f:95:39:0f:c7:24:2c:
e6:5c:f9:6f:70:04:04:10:62:49:01:2b:56:e6:98:
5b:4c:b2:48:74:25:b7:71:27:fd:49:ad:aa:99:12:
51:55:6d:99:4b:1d:c8:93:2c:e0:13:2a:64:76:3f:
6a:5a:27:8d:34:09:55:8f:b1:5d:58:bd:91:14:4d:
f0:ae:79:21:46:5c:8e:44:33:9d:2e:aa:b8:20:d6:
22:37
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DE:9E:D1:CB:08:96:47:50:27:0E:BF:04:C3:92:E8:9C:EF:F2:94:B2
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/0ca11d15-d37b-4319-9b90-152e667f85ef.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d06d:6000::/40
Signature Algorithm: sha256WithRSAEncryption
9b:3c:29:b5:e2:07:c5:d2:47:63:cc:7d:cf:82:c8:f5:02:4c:
b3:44:01:ad:d1:c6:79:63:16:84:83:2a:2c:3e:f9:85:f5:81:
17:95:a9:17:e2:2d:65:32:4a:98:45:1e:1c:f0:1b:9b:23:68:
74:f3:9b:a8:d4:23:7f:2b:0b:a8:e6:88:0a:27:7d:69:cf:3f:
b3:58:4a:f6:9b:dc:ab:ca:1a:59:65:06:ab:8d:fd:47:7a:fc:
2c:e5:36:a8:7e:24:4b:35:d3:91:72:19:4d:3d:ab:63:e9:8e:
1b:61:0b:d9:db:2c:6a:0c:b0:87:e5:36:0c:cb:6a:e2:eb:5b:
f6:63:f8:70:d1:88:d3:fd:0c:8d:0f:e1:df:e9:e0:c4:f2:c8:
67:19:c2:4b:a7:6a:bc:41:81:78:36:14:a5:d2:8c:4c:42:ae:
84:50:cb:da:06:f3:10:3c:8b:f0:02:d4:ba:dc:7f:fb:83:44:
e1:9b:0c:4c:db:40:bc:9e:20:0c:90:fd:3e:dc:fa:f4:3f:ea:
b0:f2:b6:5a:73:c8:d9:91:f6:5e:46:e6:3c:a8:ba:30:53:13:
0a:32:be:9b:ff:91:fb:a2:62:34:fd:6c:54:ac:36:ab:97:73:
95:61:30:6a:a7:6e:63:e3:1f:07:95:86:c7:da:9d:c9:80:f4:
e4:6a:b8:9b
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUO63zlhTLEdBho/e/xXeVIHZnpsswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNjAyMDYwMDMwMTVaFw0yNjA1MDcyMzU5NTlaMHoxSTBHBgNV
BAUTQGY0NzUxMmViMTlmOTQyODM3NTgwYzFmM2Q4NmEwMzc2NTU3ZTAwM2QzNDUx
OTJhYmQ1ZTEzNGU0MWM2ODIyMTExLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAODbjwKu+MbRfvG2rnH+KGEuB00lKFh1h0WhdfmrCrk7uB05f8OR7gN/Q2m9
VSUD6ojXFe/GVCcHLCLDh6P/9K2Y0CDkalJKlUqpf5LKqiEQhct1DCDVXM1zGfoi
23w/Inh3GdhGa27slhgPCpeSfi20UUYpAPqCnP3qHFQ9CEZAj38BHWh3ct0grTu9
Hm1646Y55JrrpdEvo97um3tvDuyX/LzOrTWsuDPOF+sPlTkPxyQs5lz5b3AEBBBi
SQErVuaYW0yySHQlt3En/UmtqpkSUVVtmUsdyJMs4BMqZHY/alonjTQJVY+xXVi9
kRRN8K55IUZcjkQznS6quCDWIjcCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBTentHL
CJZHUCcOvwTDkuic7/KUsjAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MGNhMTFkMTUtZDM3Yi00MzE5LTliOTAtMTUyZTY2N2Y4NWVmLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0G1g
MA0GCSqGSIb3DQEBCwUAA4IBAQCbPCm14gfF0kdjzH3Pgsj1AkyzRAGt0cZ5YxaE
gyosPvmF9YEXlakX4i1lMkqYRR4c8BubI2h085uo1CN/Kwuo5ogKJ31pzz+zWEr2
m9yryhpZZQarjf1Hevws5TaofiRLNdORchlNPatj6Y4bYQvZ2yxqDLCH5TYMy2ri
61v2Y/hw0YjT/QyND+Hf6eDE8shnGcJLp2q8QYF4NhSl0oxMQq6EUMvaBvMQPIvw
AtS63H/7g0ThmwxM20C8niAMkP0+3Pr0P+qw8rZac8jZkfZeRuY8qLowUxMKMr6b
/5H7omI0/WxUrDarl3OVYTBqp25j4x8HlYbH2p3JgPTkarib
-----END CERTIFICATE-----
Generated at Sun Mar 1 21:49:47 2026 by rpki-client