Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/301d1d15-dd00-41e7-9f44-49159e46a51a.roa
File: 301d1d15-dd00-41e7-9f44-49159e46a51a.roa (raw, json)
Hash identifier: KLApkr+sVOA3/i7rdbIQbKEGfWFWifBQPCeuRG8r13I=
Subject key identifier: 97:B7:00:97:3B:A6:74:7C:9E:F7:99:32:E8:96:22:68:E2:1C:78:55
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 5A415BC6207330DAACF5A4F83F56A346A10D86D9
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/301d1d15-dd00-41e7-9f44-49159e46a51a.roa
Signing time: Sat 28 Feb 2026 05:41:09 +0000
ROA not before: Sat 28 Feb 2026 05:41:09 +0000
ROA not after: Fri 29 May 2026 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d000:8040::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 03 Mar 2026 00:00:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
5a:41:5b:c6:20:73:30:da:ac:f5:a4:f8:3f:56:a3:46:a1:0d:86:d9
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Feb 28 05:41:09 2026 GMT
Not After : May 29 23:59:59 2026 GMT
Subject: serialNumber=6bd05291d129ba6243fad0674d5fd6378b89c19451c866c67bf8ad8dd94d4e33, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d3:cb:05:86:06:2c:31:5d:0f:cc:ae:db:9d:d1:
81:c7:6e:30:3c:c9:e9:f8:41:ee:ed:65:60:38:72:
7a:d3:af:43:ac:d8:f9:c6:9b:25:49:ab:63:04:da:
56:35:4a:ef:1d:25:ef:99:76:9c:a8:93:a8:69:41:
e3:8a:35:a7:83:ea:de:56:b0:12:6e:24:ad:1a:4c:
2e:45:a3:f8:bf:12:73:b8:5f:af:3f:8c:ce:84:c8:
74:fd:9d:1e:f2:f5:ec:f8:d0:82:a9:c8:c2:70:fe:
5f:dc:1d:19:1b:d8:ee:f2:08:9f:61:a9:11:2f:b2:
62:93:cd:33:13:a5:c7:64:d2:4e:6b:2e:f2:f5:03:
62:09:d2:fc:62:a9:4d:63:af:20:0f:c7:99:cc:da:
c1:a5:17:f1:b2:d0:8b:9c:f5:ed:66:cd:19:30:e8:
d4:69:7b:51:b9:07:cb:3b:b8:d3:7e:32:45:41:59:
fb:ad:5a:f9:a5:e1:b2:3b:0b:28:66:0b:da:37:23:
44:a7:39:95:ec:25:47:b6:a0:e9:52:eb:54:ed:0e:
50:24:7a:f0:d1:71:ea:38:5c:e5:21:4c:61:d8:d5:
0d:bd:e0:95:9d:8a:e4:d3:6b:84:72:fb:50:93:45:
36:a2:ac:7d:31:7b:3f:d8:44:b9:42:35:05:25:a5:
0b:95
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
97:B7:00:97:3B:A6:74:7C:9E:F7:99:32:E8:96:22:68:E2:1C:78:55
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/301d1d15-dd00-41e7-9f44-49159e46a51a.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d000:8040::/48
Signature Algorithm: sha256WithRSAEncryption
9a:f8:37:f6:4f:2f:8b:bc:67:84:3f:8a:26:f8:df:b2:f0:5d:
66:3a:df:a2:eb:01:a6:0e:a9:a5:91:19:99:e9:2a:8e:a8:2c:
9f:2d:c4:74:99:d5:46:31:f4:72:5c:05:4e:b0:e5:f3:8d:1a:
08:00:3b:09:09:99:7e:35:b9:a7:c5:eb:1a:7a:4a:cd:4b:3f:
6d:dd:e6:18:eb:21:53:cf:87:22:7c:37:bc:95:48:d4:38:39:
2d:47:e3:02:a3:f1:6b:7c:f1:af:1c:47:51:e5:fe:34:c5:43:
2c:2e:9d:13:8d:40:d1:85:00:07:4a:ad:23:3f:c9:ff:17:30:
57:08:77:da:66:ce:10:28:93:ca:8a:36:5e:32:44:76:8b:f9:
85:0e:1a:a2:c9:93:9a:d3:33:fa:67:ba:fd:99:38:63:29:bc:
4e:eb:02:83:37:2b:5c:cf:66:2b:24:a1:ff:af:89:37:57:1c:
55:8b:91:06:48:b2:d2:8e:8a:55:b9:20:36:0d:a1:e7:b6:8a:
6a:0c:0c:eb:86:7d:ad:90:40:36:75:9f:10:02:2c:0a:27:90:
7d:74:15:84:96:57:9b:93:5b:55:1a:46:3c:9a:4a:8c:02:2c:
c9:a7:73:07:a4:47:60:d2:0d:b6:be:f7:17:65:c5:ac:26:04:
01:c9:be:f7
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUWkFbxiBzMNqs9aT4P1ajRqENhtkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNjAyMjgwNTQxMDlaFw0yNjA1MjkyMzU5NTlaMHoxSTBHBgNV
BAUTQDZiZDA1MjkxZDEyOWJhNjI0M2ZhZDA2NzRkNWZkNjM3OGI4OWMxOTQ1MWM4
NjZjNjdiZjhhZDhkZDk0ZDRlMzMxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANPLBYYGLDFdD8yu253RgcduMDzJ6fhB7u1lYDhyetOvQ6zY+cabJUmrYwTa
VjVK7x0l75l2nKiTqGlB44o1p4Pq3lawEm4krRpMLkWj+L8Sc7hfrz+MzoTIdP2d
HvL17PjQgqnIwnD+X9wdGRvY7vIIn2GpES+yYpPNMxOlx2TSTmsu8vUDYgnS/GKp
TWOvIA/HmczawaUX8bLQi5z17WbNGTDo1Gl7UbkHyzu4034yRUFZ+61a+aXhsjsL
KGYL2jcjRKc5lewlR7ag6VLrVO0OUCR68NFx6jhc5SFMYdjVDb3glZ2K5NNrhHL7
UJNFNqKsfTF7P9hEuUI1BSWlC5UCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBSXtwCX
O6Z0fJ73mTLoliJo4hx4VTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MzAxZDFkMTUtZGQwMC00MWU3LTlmNDQtNDkxNTllNDZhNTFhLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0ACA
QDANBgkqhkiG9w0BAQsFAAOCAQEAmvg39k8vi7xnhD+KJvjfsvBdZjrfousBpg6p
pZEZmekqjqgsny3EdJnVRjH0clwFTrDl840aCAA7CQmZfjW5p8XrGnpKzUs/bd3m
GOshU8+HInw3vJVI1Dg5LUfjAqPxa3zxrxxHUeX+NMVDLC6dE41A0YUAB0qtIz/J
/xcwVwh32mbOECiTyoo2XjJEdov5hQ4aosmTmtMz+me6/Zk4Yym8TusCgzcrXM9m
KySh/6+JN1ccVYuRBkiy0o6KVbkgNg2h57aKagwM64Z9rZBANnWfEAIsCieQfXQV
hJZXm5NbVRpGPJpKjAIsyadzB6RHYNINtr73F2XFrCYEAcm+9w==
-----END CERTIFICATE-----
Generated at Mon Mar 2 06:12:57 2026 by rpki-client