Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/1aa38486-cd53-4f48-891d-a0191edf04a1.roa
File: 1aa38486-cd53-4f48-891d-a0191edf04a1.roa (raw, json)
Hash identifier: BfviPlBYHuvaf5v5HMEipKDoFBfUlTpUJvmvU8hOiIE=
Subject key identifier: DB:9A:3F:91:51:24:9B:90:42:65:E3:74:F4:2E:39:AF:39:FF:6A:44
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 31034982D643A1D231991B20CE5A4EC4F6A44029
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/1aa38486-cd53-4f48-891d-a0191edf04a1.roa
Signing time: Sat 28 Feb 2026 05:41:26 +0000
ROA not before: Sat 28 Feb 2026 05:41:26 +0000
ROA not after: Fri 29 May 2026 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d000:90c0::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 15:00:27 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
31:03:49:82:d6:43:a1:d2:31:99:1b:20:ce:5a:4e:c4:f6:a4:40:29
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Feb 28 05:41:26 2026 GMT
Not After : May 29 23:59:59 2026 GMT
Subject: serialNumber=29913f7f26875a7f945cf531b935e89e821cc78a346d19b13e4407611123a003, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:df:a3:03:91:41:89:16:9c:79:bb:0c:8d:bd:41:
4b:c2:bf:0a:94:90:21:12:82:9e:15:04:1d:31:b2:
73:aa:22:98:f1:d4:48:e6:75:70:1b:4e:f0:83:90:
86:1f:fa:10:3f:34:9b:f9:9c:2a:dc:d8:75:92:71:
25:5e:1c:6d:2b:9b:18:c4:92:24:06:3e:4f:af:3a:
63:33:72:9c:62:d2:bb:3b:a1:89:d4:e6:4b:38:76:
97:00:e9:38:cb:55:ce:4f:3f:c2:af:1d:96:d3:56:
ba:a5:02:43:39:64:57:78:da:6a:f0:30:13:9b:ae:
23:0f:f6:47:40:5e:18:e2:f3:40:3c:bd:61:c8:a2:
f2:4a:d3:4f:8e:f4:50:a6:17:98:bc:f1:e3:5f:6c:
ca:ed:dc:87:50:53:79:41:d3:f5:cc:fc:8f:09:44:
3c:5b:c3:03:c1:10:f4:1b:0a:91:48:6f:26:c9:bd:
fa:af:e5:17:5d:9d:70:c3:d7:dd:1a:0c:d6:20:38:
b6:20:36:d1:e5:fd:fb:9d:d0:b8:69:70:c5:0a:a6:
34:f1:f8:c6:61:0d:3f:04:8b:d3:d5:3c:64:f6:d5:
97:ac:41:ce:1c:0e:d4:0b:d3:ee:d6:e0:fa:c2:88:
62:1b:c0:b5:18:df:4b:04:78:11:4b:89:1a:4e:04:
c1:ed
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DB:9A:3F:91:51:24:9B:90:42:65:E3:74:F4:2E:39:AF:39:FF:6A:44
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/1aa38486-cd53-4f48-891d-a0191edf04a1.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d000:90c0::/48
Signature Algorithm: sha256WithRSAEncryption
44:d9:4e:b5:f0:a8:f7:dc:da:10:5f:b5:eb:8b:26:5c:99:28:
b7:24:25:cf:5a:60:34:46:7b:0c:49:ac:35:f8:fc:71:76:b3:
3d:dc:11:61:00:6b:32:f2:cb:17:57:97:7f:e3:56:17:7e:7d:
6a:b2:5b:c0:5b:10:74:d2:cf:8f:1e:48:6b:1c:06:19:c5:4f:
9c:71:45:5f:78:e0:5d:9a:2d:1c:99:c4:38:36:2f:05:bf:ad:
da:04:8d:6d:67:c5:0d:92:5b:d8:d8:af:3b:d7:98:c6:e3:9c:
6d:c7:ff:e4:da:47:81:78:44:b1:7d:4c:d5:f5:4e:e0:58:fa:
d4:66:5c:4f:bb:e0:0e:1b:bf:34:c8:37:8d:c8:a0:10:68:92:
57:c6:a3:5b:d8:80:9a:e1:79:f6:42:68:87:5a:86:fa:23:7b:
1f:5f:fb:0f:0a:b1:4a:36:ca:c6:15:e2:66:13:c1:de:f1:46:
82:8b:9a:64:d1:8a:cd:5f:c7:c8:fe:48:61:70:a8:63:79:9f:
a9:ab:4c:64:7e:92:44:5c:50:5a:32:14:70:aa:63:45:11:c0:
32:c8:73:1b:68:26:fb:0b:0a:ef:c4:7c:fa:7a:03:d1:98:25:
24:8d:9a:27:d1:61:f2:05:3d:b9:2c:61:09:f2:a0:c3:80:61:
b7:23:58:6d
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUMQNJgtZDodIxmRsgzlpOxPakQCkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNjAyMjgwNTQxMjZaFw0yNjA1MjkyMzU5NTlaMHoxSTBHBgNV
BAUTQDI5OTEzZjdmMjY4NzVhN2Y5NDVjZjUzMWI5MzVlODllODIxY2M3OGEzNDZk
MTliMTNlNDQwNzYxMTEyM2EwMDMxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAN+jA5FBiRacebsMjb1BS8K/CpSQIRKCnhUEHTGyc6oimPHUSOZ1cBtO8IOQ
hh/6ED80m/mcKtzYdZJxJV4cbSubGMSSJAY+T686YzNynGLSuzuhidTmSzh2lwDp
OMtVzk8/wq8dltNWuqUCQzlkV3jaavAwE5uuIw/2R0BeGOLzQDy9Ycii8krTT470
UKYXmLzx419syu3ch1BTeUHT9cz8jwlEPFvDA8EQ9BsKkUhvJsm9+q/lF12dcMPX
3RoM1iA4tiA20eX9+53QuGlwxQqmNPH4xmENPwSL09U8ZPbVl6xBzhwO1AvT7tbg
+sKIYhvAtRjfSwR4EUuJGk4Ewe0CAwEAAaOCAiQwggIgMB0GA1UdDgQWBBTbmj+R
USSbkEJl43T0LjmvOf9qRDAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MWFhMzg0ODYtY2Q1My00ZjQ4LTg5MWQtYTAxOTFlZGYwNGExLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0ACQ
wDANBgkqhkiG9w0BAQsFAAOCAQEARNlOtfCo99zaEF+164smXJkotyQlz1pgNEZ7
DEmsNfj8cXazPdwRYQBrMvLLF1eXf+NWF359arJbwFsQdNLPjx5IaxwGGcVPnHFF
X3jgXZotHJnEODYvBb+t2gSNbWfFDZJb2NivO9eYxuOcbcf/5NpHgXhEsX1M1fVO
4Fj61GZcT7vgDhu/NMg3jcigEGiSV8ajW9iAmuF59kJoh1qG+iN7H1/7DwqxSjbK
xhXiZhPB3vFGgouaZNGKzV/HyP5IYXCoY3mfqatMZH6SRFxQWjIUcKpjRRHAMshz
G2gm+wsK78R8+noD0ZglJI2aJ9Fh8gU9uSxhCfKgw4BhtyNYbQ==
-----END CERTIFICATE-----
Generated at Sun Mar 1 23:34:42 2026 by rpki-client