Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/2c5ba673-6d9a-4ef2-b8a0-11d0ddbf302c.roa
File: 2c5ba673-6d9a-4ef2-b8a0-11d0ddbf302c.roa (raw, json)
Hash identifier: Kw2qDjwAaQc1hlxmlBFzsnamY2bObw/mtZa63Y6PRdU=
Subject key identifier: E3:A1:15:68:75:A9:AC:7F:6C:7A:B8:B1:EE:F4:BB:3C:8F:B3:42:92
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 04128B82758FDBE18F7DBD4FF1F82542EABA4A3B
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/2c5ba673-6d9a-4ef2-b8a0-11d0ddbf302c.roa
Signing time: Sun 01 Mar 2026 00:00:34 +0000
ROA not before: Sun 01 Mar 2026 00:00:34 +0000
ROA not after: Sat 30 May 2026 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d014::/35 maxlen: 35
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 15:00:27 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
04:12:8b:82:75:8f:db:e1:8f:7d:bd:4f:f1:f8:25:42:ea:ba:4a:3b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Mar 1 00:00:34 2026 GMT
Not After : May 30 23:59:59 2026 GMT
Subject: serialNumber=3552f8ec0291bbcb266769e008efef6aa1d26d79cf366a26d27bb0fec347eac9, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c9:98:87:5c:95:1e:5b:60:ab:f1:ac:90:9c:fc:
f5:84:22:99:d6:ef:dd:f9:cf:15:c8:8c:7e:69:8e:
fa:18:9e:e5:6b:8e:57:e1:0f:f9:8c:ac:d0:d6:93:
ef:96:b0:d4:70:bc:ce:57:78:cf:27:79:e7:fe:74:
76:60:a2:7f:67:15:cf:a6:82:4c:94:a7:b7:48:e2:
60:64:4d:7a:ad:c6:76:10:f7:f5:a0:d8:7b:0c:90:
23:18:08:dd:02:4a:7a:45:48:c9:69:94:63:e4:cf:
81:ac:c6:38:03:22:73:93:58:c5:a4:4a:35:51:55:
33:a8:00:9a:cd:e6:a4:36:b6:38:b3:4d:5f:60:cc:
4d:94:b8:92:1f:16:ad:b7:1f:85:d4:82:40:cb:c4:
16:85:90:a9:5e:98:f6:a4:f5:05:2e:ea:7b:17:5e:
7c:07:fe:a1:bb:ee:75:47:b9:95:0f:ab:3f:f3:7f:
49:45:82:be:ac:1c:1e:90:cd:45:80:a0:eb:e4:c5:
66:9e:76:bf:06:23:97:4a:c5:0e:84:f4:c1:75:78:
2a:72:98:53:de:20:8b:ab:f9:e2:8f:0f:f7:fd:b2:
f3:c3:d2:e5:3b:0c:5d:b0:78:d1:d3:c9:f8:1b:b0:
18:43:5b:3e:1e:d3:ed:77:b4:a5:af:58:c0:98:8f:
41:c7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E3:A1:15:68:75:A9:AC:7F:6C:7A:B8:B1:EE:F4:BB:3C:8F:B3:42:92
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/2c5ba673-6d9a-4ef2-b8a0-11d0ddbf302c.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d014::/35
Signature Algorithm: sha256WithRSAEncryption
63:3e:52:49:f4:f3:a7:92:83:a9:d4:11:34:32:e8:24:f3:be:
4c:fb:c6:6b:ba:6b:c3:83:00:2a:02:f2:0a:a7:b6:b9:c6:9a:
09:3f:84:e4:20:fb:da:d3:6b:27:c1:93:f9:07:b6:db:e6:c4:
d5:61:91:5c:5a:3e:f1:c0:c4:a5:6a:43:d8:af:4b:cb:f7:44:
63:3d:4c:2c:81:55:7c:e6:ed:c5:2e:12:6c:93:63:20:52:1b:
f7:79:9f:e9:08:1c:a3:9f:7a:97:06:3f:f0:77:84:bf:b2:98:
89:00:81:b6:df:95:e0:69:7b:d5:90:56:96:dc:4c:2c:ef:cd:
56:76:18:d1:6b:c5:1b:d4:fa:1f:9c:f8:90:b5:50:39:16:13:
20:c4:22:ab:9c:fd:0f:3e:1f:fe:e4:f1:4f:2e:51:6f:b4:4d:
ce:eb:1b:95:a3:94:d9:3a:e5:54:ea:d6:8e:c9:7f:9f:29:c8:
0d:a8:b4:7f:be:e8:35:72:89:a2:6c:2b:7c:eb:df:ae:45:f9:
e3:85:5f:85:e4:02:66:c9:79:46:3d:35:21:96:6e:6f:cf:56:
fd:24:8b:31:7d:64:e8:e7:b3:b8:7d:39:d2:94:7b:ee:4d:b8:
16:b8:89:98:03:9e:25:6a:c4:56:34:71:20:b5:39:77:e3:9f:
23:c3:62:02
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUBBKLgnWP2+GPfb1P8fglQuq6SjswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNjAzMDEwMDAwMzRaFw0yNjA1MzAyMzU5NTlaMHoxSTBHBgNV
BAUTQDM1NTJmOGVjMDI5MWJiY2IyNjY3NjllMDA4ZWZlZjZhYTFkMjZkNzljZjM2
NmEyNmQyN2JiMGZlYzM0N2VhYzkxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMmYh1yVHltgq/GskJz89YQimdbv3fnPFciMfmmO+hie5WuOV+EP+Yys0NaT
75aw1HC8zld4zyd55/50dmCif2cVz6aCTJSnt0jiYGRNeq3GdhD39aDYewyQIxgI
3QJKekVIyWmUY+TPgazGOAMic5NYxaRKNVFVM6gAms3mpDa2OLNNX2DMTZS4kh8W
rbcfhdSCQMvEFoWQqV6Y9qT1BS7qexdefAf+obvudUe5lQ+rP/N/SUWCvqwcHpDN
RYCg6+TFZp52vwYjl0rFDoT0wXV4KnKYU94gi6v54o8P9/2y88PS5TsMXbB40dPJ
+BuwGENbPh7T7Xe0pa9YwJiPQccCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBTjoRVo
damsf2x6uLHu9Ls8j7NCkjAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MmM1YmE2NzMtNmQ5YS00ZWYyLWI4YTAtMTFkMGRkYmYzMDJjLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGBSoF0BQA
MA0GCSqGSIb3DQEBCwUAA4IBAQBjPlJJ9POnkoOp1BE0Mugk875M+8ZrumvDgwAq
AvIKp7a5xpoJP4TkIPva02snwZP5B7bb5sTVYZFcWj7xwMSlakPYr0vL90RjPUws
gVV85u3FLhJsk2MgUhv3eZ/pCByjn3qXBj/wd4S/spiJAIG235XgaXvVkFaW3Ews
781WdhjRa8Ub1PofnPiQtVA5FhMgxCKrnP0PPh/+5PFPLlFvtE3O6xuVo5TZOuVU
6taOyX+fKcgNqLR/vug1comibCt869+uRfnjhV+F5AJmyXlGPTUhlm5vz1b9JIsx
fWTo57O4fTnSlHvuTbgWuImYA54lasRWNHEgtTl3458jw2IC
-----END CERTIFICATE-----
Generated at Mon Mar 2 01:07:58 2026 by rpki-client