Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/2636a453-2dd9-4fde-9f15-753f76341841.roa
File: 2636a453-2dd9-4fde-9f15-753f76341841.roa (raw, json)
Hash identifier: ymhJ8arp3HWjqFzDr44ngAgh06LP+j8KJ/LKm0dbTTI=
Subject key identifier: D3:D5:EC:2F:86:F5:82:97:2A:EA:8A:F3:A3:6B:D8:A0:42:BE:C2:DF
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 722A752FD4DEEA50ED9EFA9A99F22A78FA71B0DA
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/2636a453-2dd9-4fde-9f15-753f76341841.roa
Signing time: Tue 17 Feb 2026 03:10:23 +0000
ROA not before: Tue 17 Feb 2026 03:10:23 +0000
ROA not after: Mon 18 May 2026 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d074:a000::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 15:00:27 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
72:2a:75:2f:d4:de:ea:50:ed:9e:fa:9a:99:f2:2a:78:fa:71:b0:da
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Feb 17 03:10:23 2026 GMT
Not After : May 18 23:59:59 2026 GMT
Subject: serialNumber=a1abcc8f433ba82f1593e5fd3e96d859b20ccfcdca2f5d8a818480a36fea3f5c, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:dd:24:05:5c:93:b3:02:f8:0f:4b:67:59:1c:6d:
d3:90:77:f1:ff:20:a7:22:38:7b:14:f4:51:47:48:
9e:45:5c:af:63:3b:00:73:ff:49:92:c4:a8:fa:58:
e0:6e:56:65:11:14:73:ea:e5:d8:2f:c4:17:e2:49:
a5:c7:0b:77:80:6b:f5:5c:62:85:21:03:69:10:ac:
76:77:a1:b8:3c:1e:c0:9e:19:d1:c7:e7:fd:bc:f8:
c7:57:a4:8a:74:9b:5c:86:f2:b5:82:f0:97:fe:bb:
0b:4a:a3:bc:48:70:88:4e:28:19:38:24:04:59:02:
c6:4f:a5:f9:e9:08:f0:5a:59:93:c2:50:06:be:18:
54:7d:dc:28:d7:74:17:a2:c3:8f:1b:e8:b7:d4:9f:
ef:b7:46:b0:fb:9e:4b:fb:8b:8f:94:db:f2:0d:ee:
5a:20:c9:bc:6d:0e:e5:40:26:2f:24:04:61:05:cd:
07:da:6d:2d:90:3d:be:ff:d8:fa:ee:9b:e0:ee:78:
74:08:14:f6:32:52:2e:f4:fb:26:73:51:45:12:21:
f8:5a:3a:ad:e0:77:68:f3:01:7f:20:ca:98:3b:4d:
15:9f:fc:79:69:ed:02:35:7f:fe:10:29:8c:3e:b2:
40:fe:65:52:d0:41:b3:13:5c:e0:c6:e3:ef:ab:ec:
80:b7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D3:D5:EC:2F:86:F5:82:97:2A:EA:8A:F3:A3:6B:D8:A0:42:BE:C2:DF
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/2636a453-2dd9-4fde-9f15-753f76341841.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d074:a000::/40
Signature Algorithm: sha256WithRSAEncryption
98:e1:37:e7:88:5b:d9:f7:8c:74:5c:b1:72:ad:8e:de:50:82:
9d:28:21:4f:0e:b9:6f:11:21:b3:de:f2:92:6b:54:f3:88:9f:
15:43:b7:a2:43:17:18:a8:bf:44:63:d7:4d:be:b2:07:ac:60:
96:64:94:f2:1d:bd:f0:61:8a:83:f9:40:09:3e:bf:87:36:11:
e6:8d:2a:24:8b:6e:d4:f9:df:05:db:0d:99:30:94:72:31:40:
ab:8a:12:b2:9c:0f:cb:3e:c9:b5:1b:92:1c:84:17:66:c8:ac:
b6:ee:fd:01:a8:54:61:f0:7e:25:a1:da:71:3b:7d:34:68:dd:
62:5d:0a:98:b6:c0:ce:e3:a7:55:30:8c:28:88:55:60:8d:f8:
11:15:92:ac:ea:cc:73:8e:89:50:fa:4a:08:b1:ab:d9:83:1e:
71:b2:7c:e0:f5:23:da:77:76:63:09:94:35:9e:0c:4b:59:01:
ea:60:fd:0c:66:cb:b8:ff:dc:5c:52:a4:ed:97:ad:76:a2:b2:
3e:a0:e2:5c:19:09:82:dd:2e:15:13:d8:a1:50:bc:af:28:f3:
c1:4e:a7:56:20:81:60:af:f8:1f:6a:8e:71:3a:a3:72:a6:fe:
7f:bb:d4:38:0e:f5:a4:4e:d3:b3:8d:35:af:b4:2a:d2:27:c3:
0c:c8:ac:98
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUcip1L9Te6lDtnvqamfIqePpxsNowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNjAyMTcwMzEwMjNaFw0yNjA1MTgyMzU5NTlaMHoxSTBHBgNV
BAUTQGExYWJjYzhmNDMzYmE4MmYxNTkzZTVmZDNlOTZkODU5YjIwY2NmY2RjYTJm
NWQ4YTgxODQ4MGEzNmZlYTNmNWMxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAN0kBVyTswL4D0tnWRxt05B38f8gpyI4exT0UUdInkVcr2M7AHP/SZLEqPpY
4G5WZREUc+rl2C/EF+JJpccLd4Br9VxihSEDaRCsdnehuDwewJ4Z0cfn/bz4x1ek
inSbXIbytYLwl/67C0qjvEhwiE4oGTgkBFkCxk+l+ekI8FpZk8JQBr4YVH3cKNd0
F6LDjxvot9Sf77dGsPueS/uLj5Tb8g3uWiDJvG0O5UAmLyQEYQXNB9ptLZA9vv/Y
+u6b4O54dAgU9jJSLvT7JnNRRRIh+Fo6reB3aPMBfyDKmDtNFZ/8eWntAjV//hAp
jD6yQP5lUtBBsxNc4Mbj76vsgLcCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBTT1ewv
hvWClyrqivOja9igQr7C3zAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MjYzNmE0NTMtMmRkOS00ZmRlLTlmMTUtNzUzZjc2MzQxODQxLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0HSg
MA0GCSqGSIb3DQEBCwUAA4IBAQCY4TfniFvZ94x0XLFyrY7eUIKdKCFPDrlvESGz
3vKSa1TziJ8VQ7eiQxcYqL9EY9dNvrIHrGCWZJTyHb3wYYqD+UAJPr+HNhHmjSok
i27U+d8F2w2ZMJRyMUCrihKynA/LPsm1G5IchBdmyKy27v0BqFRh8H4lodpxO300
aN1iXQqYtsDO46dVMIwoiFVgjfgRFZKs6sxzjolQ+koIsavZgx5xsnzg9SPad3Zj
CZQ1ngxLWQHqYP0MZsu4/9xcUqTtl612orI+oOJcGQmC3S4VE9ihULyvKPPBTqdW
IIFgr/gfao5xOqNypv5/u9Q4DvWkTtOzjTWvtCrSJ8MMyKyY
-----END CERTIFICATE-----
Generated at Sun Mar 1 21:55:04 2026 by rpki-client