Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/296e983c-f59b-4a15-a74d-56b2bff88779.roa
File: 296e983c-f59b-4a15-a74d-56b2bff88779.roa (raw, json)
Hash identifier: 9OY2qG/iagZkacQY4OXwt6CcIZTttFO8Zg4gG7zHX2U=
Subject key identifier: 63:2B:97:1B:E3:9C:34:A4:59:8B:78:3F:45:8B:F9:03:1A:A5:07:C7
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 4111030DEB93A7B9E33A130A0E328C73ADCCEE08
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/296e983c-f59b-4a15-a74d-56b2bff88779.roa
Signing time: Fri 20 Feb 2026 01:51:06 +0000
ROA not before: Fri 20 Feb 2026 01:51:06 +0000
ROA not after: Thu 21 May 2026 23:59:59 +0000
asID: 16509
IP address blocks: 176.34.48.0/20 maxlen: 20
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 15:00:27 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
41:11:03:0d:eb:93:a7:b9:e3:3a:13:0a:0e:32:8c:73:ad:cc:ee:08
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Feb 20 01:51:06 2026 GMT
Not After : May 21 23:59:59 2026 GMT
Subject: serialNumber=51b22eac22399ae59a41c9223704ad5d4e1f3060afc023c37fdcfb78c78108cd, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a4:72:59:7a:67:d5:8c:58:be:f3:0b:f7:f3:e1:
0b:ff:f1:55:74:83:a6:c3:25:76:20:bf:89:90:ef:
29:0e:3b:2e:0f:a9:5f:a9:1c:5c:f4:80:cb:25:a0:
0f:67:0d:1a:9d:e5:f4:f0:82:ee:ca:c0:45:80:4b:
1d:9e:8b:53:bd:cb:eb:6d:85:1c:95:37:84:d8:96:
d5:cc:f6:55:e5:ec:ae:c3:5c:85:6f:ae:ad:93:66:
dd:cd:7c:58:db:34:84:d0:25:9b:59:93:65:d6:33:
22:2c:38:1b:4b:15:00:02:b0:8c:8c:be:f6:fa:43:
22:d3:26:3d:fb:c3:bb:61:55:94:4e:70:0b:86:bc:
d9:58:55:aa:b2:84:58:f7:9a:05:8d:40:97:89:73:
84:d3:74:58:a2:6a:40:79:9b:b0:bb:13:51:71:77:
49:18:03:62:26:54:aa:c9:16:40:90:f4:ed:59:47:
63:8d:8b:c6:3b:cf:86:51:4d:6e:f8:26:67:39:a2:
9a:3c:ba:a9:1a:fd:27:af:58:53:6d:8e:8b:ae:5c:
40:af:1e:9f:61:42:15:8b:fb:07:01:df:0c:6f:ca:
06:16:35:6f:0e:81:d7:b9:d2:58:53:a6:3d:b5:56:
6f:cf:64:74:34:ee:fa:fd:e3:2c:93:c3:25:58:91:
73:2d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
63:2B:97:1B:E3:9C:34:A4:59:8B:78:3F:45:8B:F9:03:1A:A5:07:C7
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/296e983c-f59b-4a15-a74d-56b2bff88779.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
176.34.48.0/20
Signature Algorithm: sha256WithRSAEncryption
bc:4f:fa:e4:71:a3:c6:05:b9:45:ee:5d:f0:bd:42:ac:41:c7:
06:75:3d:1c:db:b6:30:76:52:6d:e0:99:bf:7d:13:2e:b8:51:
75:d1:6e:90:b2:d3:85:73:32:73:47:b2:a6:ec:26:1d:7b:31:
f9:b6:b5:51:78:82:7d:d0:8d:05:63:6e:4a:01:20:a4:a5:8c:
b7:ff:d3:4e:61:c6:3e:79:80:2e:76:a8:77:bf:d2:b8:d5:4f:
0f:00:5c:72:e5:08:c9:39:e2:d0:30:f9:c5:b0:94:ca:bb:c3:
7e:de:8e:1d:b8:16:01:46:1a:c8:c9:4d:8a:f6:dd:66:8e:ae:
f2:08:f9:a9:a5:c7:93:47:95:16:2d:8d:7d:a2:4b:3a:ac:f5:
9f:94:1f:c9:62:de:92:4f:b1:29:59:91:9f:02:7e:87:72:5a:
66:92:46:d1:80:bb:cb:cb:7a:b2:6a:28:1e:ce:6c:8e:df:f8:
bf:df:c5:3d:9f:5c:07:2e:39:81:56:00:c6:f2:56:97:ea:b1:
33:33:54:07:27:bf:08:d6:38:6b:f3:88:47:9b:f7:74:c7:ed:
be:90:31:be:4b:1c:eb:d6:39:32:fa:3f:f3:74:71:53:e9:5c:
7b:79:71:db:20:1f:7b:33:90:95:ad:4b:13:77:11:42:b0:21:
a2:d2:cf:e7
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUQREDDeuTp7njOhMKDjKMc63M7ggwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNjAyMjAwMTUxMDZaFw0yNjA1MjEyMzU5NTlaMHoxSTBHBgNV
BAUTQDUxYjIyZWFjMjIzOTlhZTU5YTQxYzkyMjM3MDRhZDVkNGUxZjMwNjBhZmMw
MjNjMzdmZGNmYjc4Yzc4MTA4Y2QxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKRyWXpn1YxYvvML9/PhC//xVXSDpsMldiC/iZDvKQ47Lg+pX6kcXPSAyyWg
D2cNGp3l9PCC7srARYBLHZ6LU73L622FHJU3hNiW1cz2VeXsrsNchW+urZNm3c18
WNs0hNAlm1mTZdYzIiw4G0sVAAKwjIy+9vpDItMmPfvDu2FVlE5wC4a82VhVqrKE
WPeaBY1Al4lzhNN0WKJqQHmbsLsTUXF3SRgDYiZUqskWQJD07VlHY42LxjvPhlFN
bvgmZzmimjy6qRr9J69YU22Oi65cQK8en2FCFYv7BwHfDG/KBhY1bw6B17nSWFOm
PbVWb89kdDTu+v3jLJPDJViRcy0CAwEAAaOCAiEwggIdMB0GA1UdDgQWBBRjK5cb
45w0pFmLeD9Fi/kDGqUHxzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
Mjk2ZTk4M2MtZjU5Yi00YTE1LWE3NGQtNTZiMmJmZjg4Nzc5LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEBLAiMDAN
BgkqhkiG9w0BAQsFAAOCAQEAvE/65HGjxgW5Re5d8L1CrEHHBnU9HNu2MHZSbeCZ
v30TLrhRddFukLLThXMyc0eypuwmHXsx+ba1UXiCfdCNBWNuSgEgpKWMt//TTmHG
PnmALnaod7/SuNVPDwBccuUIyTni0DD5xbCUyrvDft6OHbgWAUYayMlNivbdZo6u
8gj5qaXHk0eVFi2NfaJLOqz1n5QfyWLekk+xKVmRnwJ+h3JaZpJG0YC7y8t6smoo
Hs5sjt/4v9/FPZ9cBy45gVYAxvJWl+qxMzNUBye/CNY4a/OIR5v3dMftvpAxvksc
69Y5Mvo/83RxU+lce3lx2yAfezOQla1LE3cRQrAhotLP5w==
-----END CERTIFICATE-----
Generated at Sun Mar 1 22:10:51 2026 by rpki-client