Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/207860c2-8f39-42e7-9631-e06b6a545c7d.roa
File: 207860c2-8f39-42e7-9631-e06b6a545c7d.roa (raw, json)
Hash identifier: RjvnkCqBldgWNxpmCfcu8ptpdGxUAhtdXxWffIzKwmw=
Subject key identifier: 9A:9F:1D:6B:85:62:A4:D4:6D:0D:58:0B:28:5F:7F:93:B4:A1:29:CB
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 76237B9A17D672AEBFE4029AE71F692D173B7DAE
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/207860c2-8f39-42e7-9631-e06b6a545c7d.roa
Signing time: Sat 28 Feb 2026 05:50:39 +0000
ROA not before: Sat 28 Feb 2026 05:50:39 +0000
ROA not after: Fri 29 May 2026 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d031:60c0::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 15:00:27 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
76:23:7b:9a:17:d6:72:ae:bf:e4:02:9a:e7:1f:69:2d:17:3b:7d:ae
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Feb 28 05:50:39 2026 GMT
Not After : May 29 23:59:59 2026 GMT
Subject: serialNumber=1a50f560df55790b3322345f13989ee68561104660adc95b6bf1766b974292f7, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f6:5c:e1:dd:35:2e:e5:cd:56:21:dd:a3:9f:03:
3b:75:75:d6:ff:ad:6c:61:b9:2d:e4:0f:e5:9c:bb:
ee:ca:1b:c9:c0:3a:10:d7:45:14:a3:89:25:44:cb:
d8:bf:1e:92:73:53:2f:97:97:07:94:34:3f:fd:43:
9d:7b:e9:54:ae:68:a4:29:91:45:45:c5:d9:b9:c0:
e9:b1:4c:fa:8c:1e:05:43:b9:f7:12:65:f2:54:00:
b6:84:f0:82:01:0f:d3:0f:82:5e:b1:46:72:3c:ec:
3d:53:37:d9:da:8c:95:29:00:79:d5:b1:c0:f7:19:
18:26:90:18:5c:e1:b8:b8:de:90:9e:26:1d:6f:37:
5f:c1:4f:37:54:35:ad:00:8f:b4:07:82:72:04:a1:
25:eb:c5:9e:14:d1:94:b0:73:80:f7:d2:07:a7:05:
d0:e3:02:1a:9d:21:36:ea:87:cb:99:c9:ac:e3:6e:
be:15:cd:8c:62:6b:a0:4b:c2:b5:25:0a:9c:c2:28:
88:83:8e:de:70:54:49:fa:a6:f2:df:c4:1f:21:21:
82:45:a4:3b:ff:e6:43:3c:bb:c7:36:5a:6e:27:38:
f0:44:3f:5d:91:58:42:92:bc:d5:05:f8:d2:b2:43:
58:68:ed:5b:9f:64:72:a6:eb:fe:e6:7c:c9:33:b8:
de:d3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9A:9F:1D:6B:85:62:A4:D4:6D:0D:58:0B:28:5F:7F:93:B4:A1:29:CB
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/207860c2-8f39-42e7-9631-e06b6a545c7d.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d031:60c0::/48
Signature Algorithm: sha256WithRSAEncryption
65:b7:34:39:cf:b1:8b:c8:2b:53:ca:75:6f:8c:91:8e:9b:ac:
62:33:07:09:68:9f:92:73:5d:29:fe:6f:88:bf:e3:3a:ab:ef:
94:7e:59:2b:46:a0:2f:c9:cc:5f:15:57:cd:22:b6:c9:ac:d1:
a4:ec:7f:d8:ec:fb:2a:45:f3:4c:1d:ea:5c:b5:d6:2d:68:5c:
6a:31:91:cd:51:05:8b:99:26:03:e0:98:e8:0d:db:07:f0:84:
46:b4:ad:7f:87:9b:56:aa:8a:05:0d:b1:d2:5d:54:87:60:5f:
29:07:82:09:63:d6:7d:1b:bc:ac:4c:44:ce:3b:5b:40:66:b8:
77:a9:c7:e3:87:3d:84:f2:6f:52:6c:98:5b:14:52:de:12:08:
ae:3a:c6:c9:47:b1:4c:f1:d3:0b:4e:9f:8a:1c:1c:37:08:3a:
a8:36:30:4c:45:8c:f2:62:ca:44:89:02:1f:e8:e8:8b:9f:0d:
98:c3:32:cb:03:58:0b:ad:3a:fb:05:df:81:1d:89:b1:0a:74:
7a:c0:29:e4:97:53:eb:d7:68:38:b9:6a:da:d8:bc:bf:e4:20:
72:77:46:f8:f6:98:c4:c3:ea:c1:65:43:9a:4e:b0:c5:2a:85:
49:99:52:db:a8:ec:d5:a3:31:a5:3d:1f:88:8c:12:21:e8:88:
98:45:3e:8e
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUdiN7mhfWcq6/5AKa5x9pLRc7fa4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNjAyMjgwNTUwMzlaFw0yNjA1MjkyMzU5NTlaMHoxSTBHBgNV
BAUTQDFhNTBmNTYwZGY1NTc5MGIzMzIyMzQ1ZjEzOTg5ZWU2ODU2MTEwNDY2MGFk
Yzk1YjZiZjE3NjZiOTc0MjkyZjcxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAPZc4d01LuXNViHdo58DO3V11v+tbGG5LeQP5Zy77sobycA6ENdFFKOJJUTL
2L8eknNTL5eXB5Q0P/1DnXvpVK5opCmRRUXF2bnA6bFM+oweBUO59xJl8lQAtoTw
ggEP0w+CXrFGcjzsPVM32dqMlSkAedWxwPcZGCaQGFzhuLjekJ4mHW83X8FPN1Q1
rQCPtAeCcgShJevFnhTRlLBzgPfSB6cF0OMCGp0hNuqHy5nJrONuvhXNjGJroEvC
tSUKnMIoiIOO3nBUSfqm8t/EHyEhgkWkO//mQzy7xzZabic48EQ/XZFYQpK81QX4
0rJDWGjtW59kcqbr/uZ8yTO43tMCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBSanx1r
hWKk1G0NWAsoX3+TtKEpyzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MjA3ODYwYzItOGYzOS00MmU3LTk2MzEtZTA2YjZhNTQ1YzdkLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0DFg
wDANBgkqhkiG9w0BAQsFAAOCAQEAZbc0Oc+xi8grU8p1b4yRjpusYjMHCWifknNd
Kf5viL/jOqvvlH5ZK0agL8nMXxVXzSK2yazRpOx/2Oz7KkXzTB3qXLXWLWhcajGR
zVEFi5kmA+CY6A3bB/CERrStf4ebVqqKBQ2x0l1Uh2BfKQeCCWPWfRu8rExEzjtb
QGa4d6nH44c9hPJvUmyYWxRS3hIIrjrGyUexTPHTC06fihwcNwg6qDYwTEWM8mLK
RIkCH+joi58NmMMyywNYC606+wXfgR2JsQp0esAp5JdT69doOLlq2ti8v+QgcndG
+PaYxMPqwWVDmk6wxSqFSZlS26js1aMxpT0fiIwSIeiImEU+jg==
-----END CERTIFICATE-----
Generated at Sun Mar 1 21:42:55 2026 by rpki-client