Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/1ccfa364-07ab-4a5e-81a9-99f9d6b3a067.roa
File: 1ccfa364-07ab-4a5e-81a9-99f9d6b3a067.roa (raw, json)
Hash identifier: fgnssBiImtoqY/R8XDwUaZxjM3bL2XAMS95ClyCIvDs=
Subject key identifier: F0:67:71:14:1A:7F:2D:45:C9:86:22:17:F4:02:90:69:39:BD:EF:DC
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 4B6BE2E974627A63CE52945571BCD3151E8EFDC2
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/1ccfa364-07ab-4a5e-81a9-99f9d6b3a067.roa
Signing time: Sat 28 Feb 2026 05:10:36 +0000
ROA not before: Sat 28 Feb 2026 05:10:36 +0000
ROA not after: Fri 29 May 2026 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d06f:e000::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 15:00:27 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
4b:6b:e2:e9:74:62:7a:63:ce:52:94:55:71:bc:d3:15:1e:8e:fd:c2
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Feb 28 05:10:36 2026 GMT
Not After : May 29 23:59:59 2026 GMT
Subject: serialNumber=dfc81dfb467a655eebd4e626aa60cb8021905717cba53d013a3202e01ef70de6, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d0:1f:f0:85:47:68:41:66:85:ad:1d:cb:a2:50:
37:f1:83:52:dc:af:e9:92:af:ff:6e:7b:d6:66:a5:
c3:17:0c:71:41:ce:18:21:ae:3e:61:b5:b4:97:f6:
03:ed:9c:f3:6c:18:01:c8:cf:72:e6:2b:3c:00:73:
9f:99:a0:4e:ea:d0:e4:bb:f1:b3:4d:72:16:21:d0:
cd:23:a0:bd:77:e9:50:4f:44:70:a1:72:cf:1b:d3:
29:bf:4f:7e:94:46:3f:29:9d:58:a9:03:dc:1b:34:
13:a8:ab:87:59:26:07:88:d8:92:c2:e4:4b:5a:af:
d3:f2:50:56:fe:cc:72:1c:5f:ce:71:e9:95:61:9a:
41:a1:1a:d5:03:54:d6:14:53:0b:ab:b8:e0:6b:ea:
7d:72:ff:52:bc:e1:26:66:6a:a7:d4:ea:ff:4e:f8:
7a:cf:5f:bf:f0:5e:3c:69:d8:5b:b4:01:45:30:a7:
13:b1:ea:6c:4a:42:95:5b:49:bf:74:95:79:8e:c4:
cc:c2:16:00:00:c1:90:99:5a:d5:f3:a9:dc:ab:53:
61:d7:82:26:25:6d:68:64:db:db:57:46:de:36:61:
9d:87:10:e0:c2:15:ec:6a:a8:39:c7:e0:0c:29:98:
26:a8:53:0c:8b:1e:b4:31:00:5a:52:be:4d:e1:77:
11:57
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F0:67:71:14:1A:7F:2D:45:C9:86:22:17:F4:02:90:69:39:BD:EF:DC
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/1ccfa364-07ab-4a5e-81a9-99f9d6b3a067.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d06f:e000::/40
Signature Algorithm: sha256WithRSAEncryption
38:20:e9:62:48:db:95:4b:b7:ec:79:7a:2b:c3:5f:5d:84:0e:
c3:af:af:e0:bf:b2:12:0a:b6:7b:36:d3:16:27:a9:dc:f3:36:
10:79:34:39:0e:94:38:df:05:a8:a9:8f:f5:a5:a4:55:65:46:
49:95:22:9b:3a:40:01:46:bc:0b:dd:f0:e4:3d:19:bc:25:5b:
eb:08:c1:73:cf:ec:cf:d0:1f:65:ad:4b:67:1e:05:d4:2c:51:
fe:14:a7:77:2c:c9:f6:9f:5c:5e:64:86:d7:e4:25:a4:2e:6f:
89:36:6e:9f:52:e1:26:e4:c5:d8:92:23:6e:66:88:08:cd:a0:
96:5d:74:66:b5:dd:c3:2c:15:02:17:c1:45:44:64:c7:8e:a2:
f2:26:da:6b:3b:93:d7:2f:f6:c3:d3:8f:01:bd:db:a0:b8:dc:
3a:2e:3c:7a:45:17:3c:a6:d4:eb:cf:16:43:ab:23:c5:39:da:
82:74:9e:a1:5b:bc:3f:cf:1f:ae:87:0e:d7:d7:27:9c:53:52:
de:4a:ac:b5:14:5c:b7:43:bb:32:4f:d6:b2:6a:5d:e5:14:62:
10:0a:8d:7f:ed:93:ed:1b:be:13:c8:6d:7b:da:4f:e9:7e:c8:
e1:a1:f3:05:cd:7a:db:9a:2e:3d:3b:f4:48:f1:ce:4f:a5:23:
cc:59:78:de
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUS2vi6XRiemPOUpRVcbzTFR6O/cIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNjAyMjgwNTEwMzZaFw0yNjA1MjkyMzU5NTlaMHoxSTBHBgNV
BAUTQGRmYzgxZGZiNDY3YTY1NWVlYmQ0ZTYyNmFhNjBjYjgwMjE5MDU3MTdjYmE1
M2QwMTNhMzIwMmUwMWVmNzBkZTYxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANAf8IVHaEFmha0dy6JQN/GDUtyv6ZKv/2571malwxcMcUHOGCGuPmG1tJf2
A+2c82wYAcjPcuYrPABzn5mgTurQ5Lvxs01yFiHQzSOgvXfpUE9EcKFyzxvTKb9P
fpRGPymdWKkD3Bs0E6irh1kmB4jYksLkS1qv0/JQVv7MchxfznHplWGaQaEa1QNU
1hRTC6u44GvqfXL/UrzhJmZqp9Tq/074es9fv/BePGnYW7QBRTCnE7HqbEpClVtJ
v3SVeY7EzMIWAADBkJla1fOp3KtTYdeCJiVtaGTb21dG3jZhnYcQ4MIV7GqoOcfg
DCmYJqhTDIsetDEAWlK+TeF3EVcCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBTwZ3EU
Gn8tRcmGIhf0ApBpOb3v3DAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MWNjZmEzNjQtMDdhYi00YTVlLTgxYTktOTlmOWQ2YjNhMDY3LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0G/g
MA0GCSqGSIb3DQEBCwUAA4IBAQA4IOliSNuVS7fseXorw19dhA7Dr6/gv7ISCrZ7
NtMWJ6nc8zYQeTQ5DpQ43wWoqY/1paRVZUZJlSKbOkABRrwL3fDkPRm8JVvrCMFz
z+zP0B9lrUtnHgXULFH+FKd3LMn2n1xeZIbX5CWkLm+JNm6fUuEm5MXYkiNuZogI
zaCWXXRmtd3DLBUCF8FFRGTHjqLyJtprO5PXL/bD048BvduguNw6Ljx6RRc8ptTr
zxZDqyPFOdqCdJ6hW7w/zx+uhw7X1yecU1LeSqy1FFy3Q7syT9ayal3lFGIQCo1/
7ZPtG74TyG172k/pfsjhofMFzXrbmi49O/RI8c5PpSPMWXje
-----END CERTIFICATE-----
Generated at Sun Mar 1 21:48:20 2026 by rpki-client