Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/21442095-1d11-4516-867c-53ad149e6c07.roa
File: 21442095-1d11-4516-867c-53ad149e6c07.roa (raw, json)
Hash identifier: 7EonAQZ6j0S/haV+Rg+VlKaBSHV3RCA16pDIcyuM11w=
Subject key identifier: 55:27:84:12:E6:01:BC:C9:52:5A:9D:0F:05:0C:1C:86:FD:88:95:C5
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 519985A00A22D0A082F88B1E3633D1AFE47B672D
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/21442095-1d11-4516-867c-53ad149e6c07.roa
Signing time: Tue 24 Feb 2026 03:00:10 +0000
ROA not before: Tue 24 Feb 2026 03:00:10 +0000
ROA not after: Mon 25 May 2026 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d035:800::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 15:00:27 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
51:99:85:a0:0a:22:d0:a0:82:f8:8b:1e:36:33:d1:af:e4:7b:67:2d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Feb 24 03:00:10 2026 GMT
Not After : May 25 23:59:59 2026 GMT
Subject: serialNumber=b8ce07641cbe24920c702bd30f5e6e662e4cdd512ff45c7792709cca5d3cf73d, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9c:9b:78:80:e6:50:fa:33:0d:76:d5:c1:20:e7:
4c:03:26:57:38:62:c2:6b:97:21:3b:60:b0:61:bf:
8c:54:62:c2:f4:79:f5:00:df:24:0e:0a:b7:ed:f0:
f4:df:0a:62:64:e8:71:6b:a2:7e:9a:5b:18:51:ca:
25:e7:9d:a8:a1:cc:5c:63:fa:24:d9:25:c3:ba:20:
df:52:30:14:3e:9d:30:f4:bf:8a:71:e4:eb:6d:5b:
93:bf:a5:78:f5:8d:51:ea:9a:c4:f3:ab:9d:4c:9c:
4f:0b:4c:a6:3f:49:19:14:30:c4:85:df:9f:6f:1c:
ba:d3:fd:26:cd:2c:83:1a:8d:16:ee:e9:ac:f4:90:
ae:ee:df:e5:77:a9:ca:a5:0e:28:e2:28:0d:0f:75:
ff:e9:a8:12:f3:0b:26:aa:cc:92:bb:dc:ff:f3:95:
ba:10:12:fa:1f:aa:3d:4b:be:da:33:da:b6:39:4e:
d0:bc:23:e6:ba:c5:8d:49:4a:c9:11:4f:c2:73:dc:
bf:23:e9:73:ce:0b:28:5f:aa:4a:fe:a4:20:46:87:
25:87:cc:99:5b:3d:0f:25:6a:38:c3:4b:8c:8e:52:
ec:de:a1:7a:01:52:29:c1:72:81:02:9d:79:2d:e8:
99:f7:56:12:ea:ec:ad:82:c4:01:ef:44:a2:a0:e5:
72:ad
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
55:27:84:12:E6:01:BC:C9:52:5A:9D:0F:05:0C:1C:86:FD:88:95:C5
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/21442095-1d11-4516-867c-53ad149e6c07.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d035:800::/40
Signature Algorithm: sha256WithRSAEncryption
98:90:0e:2d:08:c1:f8:2d:fa:b5:60:e7:b4:d7:a8:2e:e5:ba:
29:aa:d6:17:ab:af:59:5b:05:4e:b5:d7:1d:da:fa:f4:39:05:
5b:50:48:22:71:e7:79:b8:dd:7e:19:d5:3e:44:25:54:12:0c:
e0:1c:a5:96:85:1d:39:77:ca:a4:56:c2:e2:12:cd:41:83:e6:
f8:7b:f6:70:a9:a0:ff:5d:dc:e8:a6:8c:30:c5:62:1d:46:f6:
b9:41:20:52:76:2e:3a:b4:ce:cc:44:f5:49:8b:f6:a2:ac:18:
ce:15:c5:74:a3:1a:82:42:35:ba:53:58:72:a4:42:3c:d7:7a:
64:bb:68:be:b7:4f:58:86:19:a5:36:ee:b6:8f:ce:4f:47:9a:
15:8d:9d:0a:b1:f7:5e:48:58:9b:27:51:84:fa:5a:68:bf:41:
57:4d:5d:ba:98:03:3c:1c:00:3a:4a:2d:33:ef:14:5a:cb:8e:
e3:23:e6:7c:bb:ae:50:aa:a0:b2:8d:de:81:bc:ca:bc:a4:b8:
cb:0d:0b:30:c2:3f:d0:a2:39:b6:83:72:cc:3e:44:6f:5f:60:
3c:cd:a3:e2:fd:bd:a7:f3:a9:df:e7:6c:db:5d:c3:72:50:86:
8e:7d:dd:b4:02:9f:4e:d8:aa:62:b3:d6:81:e9:aa:4f:0e:9a:
f5:33:de:87
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUUZmFoAoi0KCC+IseNjPRr+R7Zy0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNjAyMjQwMzAwMTBaFw0yNjA1MjUyMzU5NTlaMHoxSTBHBgNV
BAUTQGI4Y2UwNzY0MWNiZTI0OTIwYzcwMmJkMzBmNWU2ZTY2MmU0Y2RkNTEyZmY0
NWM3NzkyNzA5Y2NhNWQzY2Y3M2QxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJybeIDmUPozDXbVwSDnTAMmVzhiwmuXITtgsGG/jFRiwvR59QDfJA4Kt+3w
9N8KYmTocWuifppbGFHKJeedqKHMXGP6JNklw7og31IwFD6dMPS/inHk621bk7+l
ePWNUeqaxPOrnUycTwtMpj9JGRQwxIXfn28cutP9Js0sgxqNFu7prPSQru7f5Xep
yqUOKOIoDQ91/+moEvMLJqrMkrvc//OVuhAS+h+qPUu+2jPatjlO0Lwj5rrFjUlK
yRFPwnPcvyPpc84LKF+qSv6kIEaHJYfMmVs9DyVqOMNLjI5S7N6hegFSKcFygQKd
eS3omfdWEursrYLEAe9EoqDlcq0CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBRVJ4QS
5gG8yVJanQ8FDByG/YiVxTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MjE0NDIwOTUtMWQxMS00NTE2LTg2N2MtNTNhZDE0OWU2YzA3LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0DUI
MA0GCSqGSIb3DQEBCwUAA4IBAQCYkA4tCMH4Lfq1YOe016gu5bopqtYXq69ZWwVO
tdcd2vr0OQVbUEgiced5uN1+GdU+RCVUEgzgHKWWhR05d8qkVsLiEs1Bg+b4e/Zw
qaD/XdzopowwxWIdRva5QSBSdi46tM7MRPVJi/airBjOFcV0oxqCQjW6U1hypEI8
13pku2i+t09YhhmlNu62j85PR5oVjZ0KsfdeSFibJ1GE+lpov0FXTV26mAM8HAA6
Si0z7xRay47jI+Z8u65QqqCyjd6BvMq8pLjLDQswwj/Qojm2g3LMPkRvX2A8zaPi
/b2n86nf52zbXcNyUIaOfd20Ap9O2Kpis9aB6apPDpr1M96H
-----END CERTIFICATE-----
Generated at Sun Mar 1 23:47:42 2026 by rpki-client