Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/1d9a8425-e89b-4598-a680-84c5b341edfd.roa
File: 1d9a8425-e89b-4598-a680-84c5b341edfd.roa (raw, json)
Hash identifier: kFPyjMuMUrg8DjIO2k66iAX5F+D5oM1gFlflr1G9f74=
Subject key identifier: A2:5D:5C:AD:C8:46:37:43:4E:14:CB:20:DC:58:9D:19:68:A0:EE:FD
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 10A870CFE985836B2B96FABC3B774F10A07E36F2
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/1d9a8425-e89b-4598-a680-84c5b341edfd.roa
Signing time: Sat 28 Feb 2026 05:31:32 +0000
ROA not before: Sat 28 Feb 2026 05:31:32 +0000
ROA not after: Fri 29 May 2026 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d050:2000::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 15:00:27 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
10:a8:70:cf:e9:85:83:6b:2b:96:fa:bc:3b:77:4f:10:a0:7e:36:f2
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Feb 28 05:31:32 2026 GMT
Not After : May 29 23:59:59 2026 GMT
Subject: serialNumber=bc53a0bb88144234a4bb73c3c3eae699db40d4e11be8698a3c5db07f25c5a040, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c9:27:df:bb:7b:bb:20:69:ab:b7:b1:44:3b:ef:
84:be:23:e5:c2:02:8e:f1:c2:dd:95:3e:02:79:66:
d6:88:f3:ed:0c:5e:c3:1e:2a:f3:8a:92:5d:eb:f5:
06:1c:99:1a:89:02:5c:45:63:ac:63:70:a8:45:c5:
a5:fd:b1:76:a8:47:ae:01:75:0e:49:a0:57:02:c1:
79:0f:68:5a:69:16:39:9e:3d:70:44:02:2e:a4:b5:
e0:b1:64:63:15:33:25:d5:9b:97:4e:e3:22:5c:e1:
c5:bb:d9:4f:3f:8d:99:4d:77:ff:86:57:4d:a8:9a:
63:56:7f:ae:3d:62:d3:70:33:60:8b:06:ea:56:bd:
9f:61:ae:ed:77:a2:2d:41:28:71:04:86:2e:df:4d:
1c:7a:ae:79:51:47:d4:82:24:86:2c:e5:14:92:35:
7d:f2:04:17:db:07:3d:42:2d:f1:78:dc:eb:e9:d6:
34:9e:86:0a:d2:c9:7f:3a:f6:15:c9:cd:0b:40:4f:
ee:20:c5:ed:bb:c4:ec:08:de:d6:ba:66:3a:9f:1e:
4a:fe:7a:b7:03:75:7b:19:2a:44:8d:cb:9f:a5:83:
07:90:d4:97:28:ea:0d:2e:87:83:87:43:50:eb:60:
fc:21:bd:32:42:46:ed:95:0e:04:e7:ef:dc:45:f5:
0d:df
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A2:5D:5C:AD:C8:46:37:43:4E:14:CB:20:DC:58:9D:19:68:A0:EE:FD
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/1d9a8425-e89b-4598-a680-84c5b341edfd.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d050:2000::/40
Signature Algorithm: sha256WithRSAEncryption
37:8b:e1:28:dc:15:61:8e:60:70:39:de:3c:d3:08:6c:de:15:
f8:52:96:f1:05:81:f7:e9:cd:6a:1d:44:41:0e:90:18:2c:f2:
94:8a:3c:e6:a9:68:87:be:46:80:c1:e3:77:5a:4d:81:e0:80:
13:93:c3:b2:88:ea:47:ff:e6:f6:86:4a:5a:63:5a:a6:cf:ad:
d0:67:cb:55:ab:69:05:a9:29:d4:1a:a5:ef:b2:98:99:74:06:
66:c5:ec:2d:56:7b:4d:9f:14:fa:fe:0a:d6:e8:57:20:be:45:
63:26:a4:33:01:7e:12:b7:d0:cf:35:a9:25:39:fb:d7:c0:84:
93:cb:f7:80:7c:8b:35:71:7c:d4:ec:ae:f4:a2:c9:68:f9:fc:
87:6d:a6:33:36:2d:f5:aa:90:26:83:0e:a4:04:44:c0:43:79:
f3:79:50:db:e2:df:73:97:88:39:b0:41:c4:d5:23:2d:8a:51:
b7:aa:68:41:f4:6d:b3:a1:74:1d:16:75:b5:1b:ab:ae:e0:7a:
2a:25:ae:30:39:57:50:49:6a:6b:64:2c:96:ba:d8:75:3d:a3:
9e:09:fb:49:18:1b:c4:48:8b:f6:99:55:73:35:9a:a9:68:c1:
e1:1d:b6:ad:dd:bc:76:84:70:dc:ad:c5:10:62:b1:fd:94:43:
02:38:cb:ee
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUEKhwz+mFg2srlvq8O3dPEKB+NvIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNjAyMjgwNTMxMzJaFw0yNjA1MjkyMzU5NTlaMHoxSTBHBgNV
BAUTQGJjNTNhMGJiODgxNDQyMzRhNGJiNzNjM2MzZWFlNjk5ZGI0MGQ0ZTExYmU4
Njk4YTNjNWRiMDdmMjVjNWEwNDAxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMkn37t7uyBpq7exRDvvhL4j5cICjvHC3ZU+Anlm1ojz7Qxewx4q84qSXev1
BhyZGokCXEVjrGNwqEXFpf2xdqhHrgF1DkmgVwLBeQ9oWmkWOZ49cEQCLqS14LFk
YxUzJdWbl07jIlzhxbvZTz+NmU13/4ZXTaiaY1Z/rj1i03AzYIsG6la9n2Gu7Xei
LUEocQSGLt9NHHqueVFH1IIkhizlFJI1ffIEF9sHPUIt8Xjc6+nWNJ6GCtLJfzr2
FcnNC0BP7iDF7bvE7Aje1rpmOp8eSv56twN1exkqRI3Ln6WDB5DUlyjqDS6Hg4dD
UOtg/CG9MkJG7ZUOBOfv3EX1Dd8CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBSiXVyt
yEY3Q04UyyDcWJ0ZaKDu/TAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MWQ5YTg0MjUtZTg5Yi00NTk4LWE2ODAtODRjNWIzNDFlZGZkLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0FAg
MA0GCSqGSIb3DQEBCwUAA4IBAQA3i+Eo3BVhjmBwOd480whs3hX4UpbxBYH36c1q
HURBDpAYLPKUijzmqWiHvkaAweN3Wk2B4IATk8OyiOpH/+b2hkpaY1qmz63QZ8tV
q2kFqSnUGqXvspiZdAZmxewtVntNnxT6/grW6FcgvkVjJqQzAX4St9DPNaklOfvX
wISTy/eAfIs1cXzU7K70oslo+fyHbaYzNi31qpAmgw6kBETAQ3nzeVDb4t9zl4g5
sEHE1SMtilG3qmhB9G2zoXQdFnW1G6uu4HoqJa4wOVdQSWprZCyWuth1PaOeCftJ
GBvESIv2mVVzNZqpaMHhHbat3bx2hHDcrcUQYrH9lEMCOMvu
-----END CERTIFICATE-----
Generated at Sun Mar 1 23:20:15 2026 by rpki-client