Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/25d38479-752d-418e-a4fb-397c5aa432f8.roa
File: 25d38479-752d-418e-a4fb-397c5aa432f8.roa (raw, json)
Hash identifier: stuC77om9xJOC4Mx0BUvU1lhMOTyu2dAPsfUeVj1nOU=
Subject key identifier: 5B:AB:0C:22:64:76:7A:81:31:15:4D:B5:CD:65:28:50:5F:88:A8:B5
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 25C069DF6F0F5D352CFCEB28A8A7DEE8A367CDAF
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/25d38479-752d-418e-a4fb-397c5aa432f8.roa
Signing time: Wed 25 Feb 2026 03:00:06 +0000
ROA not before: Wed 25 Feb 2026 03:00:06 +0000
ROA not after: Tue 26 May 2026 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d032:800::/40 maxlen: 40
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 15:00:27 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
25:c0:69:df:6f:0f:5d:35:2c:fc:eb:28:a8:a7:de:e8:a3:67:cd:af
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Feb 25 03:00:06 2026 GMT
Not After : May 26 23:59:59 2026 GMT
Subject: serialNumber=c6fdef95b2bb3e6b14562ffc0568dd6666dc419c0f8e03cc6ef17e75dfaf6247, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c8:30:52:7b:09:c1:0c:05:5f:37:28:df:00:fb:
6d:3d:90:09:ed:38:21:05:fc:b9:a6:cf:e2:e5:54:
71:ec:8b:22:c9:88:09:68:77:64:92:75:9d:b3:76:
3b:5a:6f:e7:6a:5e:3d:7e:f8:6c:5d:99:9f:28:78:
e8:64:47:67:a7:03:7a:1c:1c:44:73:2a:2c:2e:04:
c0:1a:8b:bf:b0:3b:7e:de:eb:cc:22:82:a5:3e:e7:
24:a6:36:91:77:65:21:e6:ae:98:d4:7b:ce:4f:22:
10:89:39:0c:8c:18:44:33:ac:f3:11:9b:e8:b8:c3:
95:3f:be:f2:a0:ea:bf:b0:49:18:43:8f:f9:fb:2d:
73:d0:ac:da:84:e1:d5:b3:62:45:a5:f8:1f:30:c7:
20:01:b3:2c:c0:de:e7:65:6c:39:5d:6a:96:b2:57:
5d:c1:d0:27:01:d6:8d:ba:a9:7e:0f:09:3d:f7:9b:
3f:9b:d2:16:d7:24:ed:45:7a:0e:4d:99:b3:1b:b5:
4f:86:c5:8d:fd:92:6c:4e:43:dd:dd:45:d0:5f:73:
92:ef:0d:7f:e8:57:73:06:8e:1d:12:21:62:f6:9a:
f0:2b:33:e8:ff:3c:49:2b:86:e5:13:ec:27:3e:bb:
0a:b1:e6:8c:49:16:85:c8:e6:3e:02:ac:fa:94:e2:
27:09
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5B:AB:0C:22:64:76:7A:81:31:15:4D:B5:CD:65:28:50:5F:88:A8:B5
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/25d38479-752d-418e-a4fb-397c5aa432f8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d032:800::/40
Signature Algorithm: sha256WithRSAEncryption
13:8c:90:6d:ad:29:69:f0:ee:df:ab:f4:4c:7c:84:d6:ec:db:
a9:a9:14:39:d2:85:5e:5a:9e:17:37:c5:fb:99:22:e5:a2:08:
93:2a:d0:fb:55:0c:d5:3d:bb:83:7c:fa:6c:2f:44:0a:31:31:
1c:56:ed:e0:f0:4d:3d:b9:39:65:21:8b:86:25:83:74:5c:3f:
db:4a:50:5d:55:b6:64:d0:48:61:88:8e:fc:5c:92:de:5c:08:
9b:b3:99:28:28:1a:3a:fe:98:96:9f:97:88:ab:79:13:0b:ba:
1e:cb:db:4e:72:17:1f:3b:3e:1c:2b:9e:9b:99:6b:88:05:df:
32:47:5b:77:1f:d6:3b:d9:e6:2e:2a:ad:6d:18:a0:fa:91:0b:
17:1d:db:24:08:de:3f:8a:61:cc:7e:20:ad:4e:34:e4:90:94:
bf:3d:31:2d:57:cd:98:91:66:ed:9e:21:51:dd:bc:eb:2c:5a:
9a:03:b6:48:c1:66:df:1b:ff:59:32:f9:4b:23:d8:0c:52:72:
25:03:a8:3f:7f:3f:58:5a:a9:d6:a5:22:92:60:79:25:a8:40:
65:3c:a1:24:55:fd:91:cc:05:ac:f6:b3:24:74:1f:4f:9c:62:
26:9d:9c:59:d1:b2:11:5b:5e:3a:17:ad:bc:d4:a2:7c:0f:d9:
7e:51:81:cc
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUJcBp328PXTUs/OsoqKfe6KNnza8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNjAyMjUwMzAwMDZaFw0yNjA1MjYyMzU5NTlaMHoxSTBHBgNV
BAUTQGM2ZmRlZjk1YjJiYjNlNmIxNDU2MmZmYzA1NjhkZDY2NjZkYzQxOWMwZjhl
MDNjYzZlZjE3ZTc1ZGZhZjYyNDcxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMgwUnsJwQwFXzco3wD7bT2QCe04IQX8uabP4uVUceyLIsmICWh3ZJJ1nbN2
O1pv52pePX74bF2Znyh46GRHZ6cDehwcRHMqLC4EwBqLv7A7ft7rzCKCpT7nJKY2
kXdlIeaumNR7zk8iEIk5DIwYRDOs8xGb6LjDlT++8qDqv7BJGEOP+fstc9Cs2oTh
1bNiRaX4HzDHIAGzLMDe52VsOV1qlrJXXcHQJwHWjbqpfg8JPfebP5vSFtck7UV6
Dk2Zsxu1T4bFjf2SbE5D3d1F0F9zku8Nf+hXcwaOHRIhYvaa8Csz6P88SSuG5RPs
Jz67CrHmjEkWhcjmPgKs+pTiJwkCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBRbqwwi
ZHZ6gTEVTbXNZShQX4iotTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MjVkMzg0NzktNzUyZC00MThlLWE0ZmItMzk3YzVhYTQzMmY4LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0DII
MA0GCSqGSIb3DQEBCwUAA4IBAQATjJBtrSlp8O7fq/RMfITW7NupqRQ50oVeWp4X
N8X7mSLlogiTKtD7VQzVPbuDfPpsL0QKMTEcVu3g8E09uTllIYuGJYN0XD/bSlBd
VbZk0EhhiI78XJLeXAibs5koKBo6/piWn5eIq3kTC7oey9tOchcfOz4cK56bmWuI
Bd8yR1t3H9Y72eYuKq1tGKD6kQsXHdskCN4/imHMfiCtTjTkkJS/PTEtV82YkWbt
niFR3bzrLFqaA7ZIwWbfG/9ZMvlLI9gMUnIlA6g/fz9YWqnWpSKSYHklqEBlPKEk
Vf2RzAWs9rMkdB9PnGImnZxZ0bIRW146F6281KJ8D9l+UYHM
-----END CERTIFICATE-----
Generated at Sun Mar 1 21:54:22 2026 by rpki-client