Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/10aa39be-4f99-4b39-b428-f034a0b57d69.roa
File: 10aa39be-4f99-4b39-b428-f034a0b57d69.roa (raw, json)
Hash identifier: 6tyNoes0QHhtxoYOe9BFxFOs6KVNPeF03DsOn95VZ3c=
Subject key identifier: D1:40:A2:23:9D:BD:BF:91:D1:47:CB:AE:8C:02:D3:1C:0D:F2:E6:E2
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 57051C40B86A8C7E9A5B99BD1090C1A77D4FCF9C
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/10aa39be-4f99-4b39-b428-f034a0b57d69.roa
Signing time: Sat 28 Feb 2026 05:40:46 +0000
ROA not before: Sat 28 Feb 2026 05:40:46 +0000
ROA not after: Fri 29 May 2026 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d000:b000::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 18:00:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
57:05:1c:40:b8:6a:8c:7e:9a:5b:99:bd:10:90:c1:a7:7d:4f:cf:9c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Feb 28 05:40:46 2026 GMT
Not After : May 29 23:59:59 2026 GMT
Subject: serialNumber=2ac8adda6ee9d107174aa0b7036e0aa02505789ff3876c9f51196363037517d0, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a9:a1:0a:00:4d:62:d3:cb:98:55:5d:ec:98:82:
77:be:b4:c4:8b:5b:b2:a6:76:fe:8a:d0:ce:d4:d8:
00:4d:88:78:c5:2b:b7:ae:a1:18:ec:07:6a:08:8a:
92:cd:01:25:49:fd:cc:6e:6f:3c:d4:67:ab:7f:8c:
a7:6e:62:2c:a2:c1:dc:2e:91:d6:4e:7c:14:4b:25:
21:b4:fd:7e:12:5d:7b:1b:aa:b0:ff:b9:3a:59:6a:
cd:62:c6:84:2f:0f:b9:9c:a3:28:2c:e3:e9:fc:f1:
6c:c4:de:2d:84:cb:4b:13:40:3b:4b:82:0d:36:da:
4b:95:2d:41:b2:6e:23:b5:cd:40:61:78:14:f0:e5:
a6:ae:64:b0:f5:14:22:98:37:16:49:82:8c:bb:47:
b1:4e:65:69:16:1d:f5:d4:6d:97:8d:ef:79:f8:bb:
36:c5:0e:24:a0:3a:a3:6d:8e:48:82:0c:8f:18:80:
63:3e:5c:0c:b5:25:9f:27:f3:b0:a9:7b:8d:59:53:
2d:6c:60:fe:af:9f:bd:01:cd:e2:ac:ad:34:45:37:
f4:aa:8a:56:94:36:ac:de:31:58:03:93:dd:a1:3c:
44:6c:46:bc:7b:89:29:d9:84:a0:20:27:bf:93:ec:
5f:9f:6d:f2:4b:a1:b3:e1:19:d3:e1:74:87:3b:d1:
44:5d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D1:40:A2:23:9D:BD:BF:91:D1:47:CB:AE:8C:02:D3:1C:0D:F2:E6:E2
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/10aa39be-4f99-4b39-b428-f034a0b57d69.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d000:b000::/40
Signature Algorithm: sha256WithRSAEncryption
6c:1a:78:5d:9a:2d:8f:89:db:e9:63:a0:e6:50:5a:06:d4:3a:
30:db:4f:56:21:2c:16:14:64:dd:35:46:f4:3a:ca:df:73:5c:
ab:05:14:8e:4b:28:80:dd:54:d8:d1:7e:1f:19:21:bd:a8:91:
01:3f:93:07:fb:6b:7e:db:39:59:98:63:de:d5:c3:d3:e7:45:
3a:3b:c8:d5:1a:86:6f:2a:ae:7b:cb:83:aa:99:b5:99:22:0e:
d6:b5:ba:e9:10:96:f1:63:d3:ca:10:40:39:5e:2e:f0:eb:4e:
e4:e9:27:d3:6c:9f:4b:0b:34:b8:f5:bd:92:34:f3:12:ac:f4:
1e:60:fc:a3:98:48:e5:19:97:b7:64:7d:ab:84:59:2e:ea:a8:
9d:ac:c5:bb:24:1d:1e:8e:cc:2a:96:62:ac:a2:92:34:44:38:
7d:f9:50:a5:75:0e:df:3b:1b:28:5d:2c:3a:5f:65:55:65:df:
f3:9e:3f:57:e7:c3:ce:8b:91:23:3c:54:fe:d9:b4:d7:5c:8c:
b4:c0:51:a3:16:bb:70:1c:26:52:e3:5a:e5:b3:77:9f:3d:d9:
a9:4b:a1:90:f1:50:63:5b:eb:77:42:38:a6:56:27:47:e7:57:
9b:2a:8c:9b:61:97:70:0d:2c:3d:35:19:b8:5d:e5:64:c2:4a:
32:34:7a:19
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUVwUcQLhqjH6aW5m9EJDBp31Pz5wwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNjAyMjgwNTQwNDZaFw0yNjA1MjkyMzU5NTlaMHoxSTBHBgNV
BAUTQDJhYzhhZGRhNmVlOWQxMDcxNzRhYTBiNzAzNmUwYWEwMjUwNTc4OWZmMzg3
NmM5ZjUxMTk2MzYzMDM3NTE3ZDAxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKmhCgBNYtPLmFVd7JiCd760xItbsqZ2/orQztTYAE2IeMUrt66hGOwHagiK
ks0BJUn9zG5vPNRnq3+Mp25iLKLB3C6R1k58FEslIbT9fhJdexuqsP+5OllqzWLG
hC8PuZyjKCzj6fzxbMTeLYTLSxNAO0uCDTbaS5UtQbJuI7XNQGF4FPDlpq5ksPUU
Ipg3FkmCjLtHsU5laRYd9dRtl43vefi7NsUOJKA6o22OSIIMjxiAYz5cDLUlnyfz
sKl7jVlTLWxg/q+fvQHN4qytNEU39KqKVpQ2rN4xWAOT3aE8RGxGvHuJKdmEoCAn
v5PsX59t8kuhs+EZ0+F0hzvRRF0CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBTRQKIj
nb2/kdFHy66MAtMcDfLm4jAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MTBhYTM5YmUtNGY5OS00YjM5LWI0MjgtZjAzNGEwYjU3ZDY5LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0ACw
MA0GCSqGSIb3DQEBCwUAA4IBAQBsGnhdmi2PidvpY6DmUFoG1Dow209WISwWFGTd
NUb0Osrfc1yrBRSOSyiA3VTY0X4fGSG9qJEBP5MH+2t+2zlZmGPe1cPT50U6O8jV
GoZvKq57y4OqmbWZIg7WtbrpEJbxY9PKEEA5Xi7w607k6SfTbJ9LCzS49b2SNPMS
rPQeYPyjmEjlGZe3ZH2rhFku6qidrMW7JB0ejswqlmKsopI0RDh9+VCldQ7fOxso
XSw6X2VVZd/znj9X58POi5EjPFT+2bTXXIy0wFGjFrtwHCZS41rls3efPdmpS6GQ
8VBjW+t3QjimVidH51ebKoybYZdwDSw9NRm4XeVkwkoyNHoZ
-----END CERTIFICATE-----
Generated at Mon Mar 2 03:22:07 2026 by rpki-client