Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/33f442e1-766e-461d-a3b9-2b0fd01b08cc.roa
File: 33f442e1-766e-461d-a3b9-2b0fd01b08cc.roa (raw, json)
Hash identifier: KuzU3iyBEBqp3+NF0HAmIet5fQfxO2WruPlH/NKCAG4=
Subject key identifier: BB:5F:5C:DE:DA:9F:0F:8C:EB:56:90:C5:80:E9:08:C9:27:3A:BB:FA
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 5E454A53BA5637365644A9062A139462170F21C9
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/33f442e1-766e-461d-a3b9-2b0fd01b08cc.roa
Signing time: Sat 28 Feb 2026 05:51:35 +0000
ROA not before: Sat 28 Feb 2026 05:51:35 +0000
ROA not after: Fri 29 May 2026 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d078:6000::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 18:00:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
5e:45:4a:53:ba:56:37:36:56:44:a9:06:2a:13:94:62:17:0f:21:c9
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Feb 28 05:51:35 2026 GMT
Not After : May 29 23:59:59 2026 GMT
Subject: serialNumber=5605a9914991cf888208f7e6da814b4168480b02e36db5ef294e28fdef0de169, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a6:3c:3d:ce:80:e8:fd:33:3c:49:69:b0:97:ee:
39:42:db:13:9d:51:6b:74:68:44:39:c8:f7:da:91:
c4:ae:ce:cc:05:24:1d:8b:3e:f2:96:e5:2a:a7:f6:
58:15:1e:09:0a:1c:70:75:34:0d:54:a8:19:2b:c8:
35:2f:b5:57:cd:24:69:25:90:6d:51:ff:f9:4b:79:
1d:c4:66:91:7c:a4:5b:e5:8d:7d:27:3d:e3:e2:bd:
4e:0d:f9:8f:92:5e:89:c1:85:d8:8b:8a:3c:db:6a:
9c:b9:20:48:99:fe:36:90:b5:e3:52:9e:36:8c:b2:
6d:5f:02:1a:47:5e:b1:db:42:ca:ad:3b:43:89:dd:
3e:d1:87:5c:ac:90:d1:74:0d:7e:5f:c0:78:17:10:
b5:ed:35:f2:0f:c9:ff:f5:a1:d6:a0:32:15:5c:1d:
af:a4:f3:d9:8e:93:8c:8c:e0:7a:a4:2b:1b:ac:2d:
02:a7:74:4d:2d:c4:13:71:dc:86:40:6a:38:41:45:
b4:39:b3:c1:9d:b6:18:bc:96:36:4f:0c:86:af:48:
6e:18:b1:1d:a7:44:e2:19:0b:7d:67:07:34:04:88:
c2:43:52:9d:98:1f:8b:86:d0:f8:8a:ac:21:90:40:
40:e5:a0:4e:5a:e6:a0:1a:da:69:f2:68:4b:32:41:
c2:13
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BB:5F:5C:DE:DA:9F:0F:8C:EB:56:90:C5:80:E9:08:C9:27:3A:BB:FA
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/33f442e1-766e-461d-a3b9-2b0fd01b08cc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d078:6000::/40
Signature Algorithm: sha256WithRSAEncryption
8a:48:cc:7d:18:0c:18:20:70:4d:18:e8:c6:b2:7c:df:98:5d:
b5:4a:09:3a:b1:87:d7:59:c6:7d:5a:e5:5c:67:a2:ba:d5:63:
8f:16:9d:e7:b2:aa:7b:5c:12:04:74:cb:ad:9e:08:25:e2:f5:
3a:4a:72:d8:bf:86:da:5e:10:34:bc:e0:75:f2:f9:a8:68:e8:
df:be:37:6e:e7:e4:94:ac:6d:9e:1e:63:9d:89:ce:8e:dc:71:
77:a5:3c:14:fb:7e:50:e6:8a:04:21:64:43:b3:c1:02:c9:71:
6b:31:bf:03:1d:8e:e9:ce:c3:d8:cf:f4:6e:b7:cf:ca:fa:5f:
db:9e:5f:83:2b:f6:19:9a:07:76:fc:fa:99:0a:f5:6a:6a:0d:
f9:e2:5a:3e:cb:e9:f6:3b:4f:c3:75:bc:29:91:f0:b1:ea:35:
29:51:5d:c2:8f:d1:eb:95:66:c8:29:b2:29:5e:d4:f0:9a:eb:
24:80:71:b8:0e:26:04:f2:33:87:be:32:68:cb:49:c7:e0:05:
b2:42:20:04:f4:f3:59:dc:36:dd:5a:29:46:88:90:73:90:7b:
f4:ec:21:f1:16:be:1a:c7:44:a4:83:c7:3e:27:7e:81:08:91:
10:ca:99:fe:7b:f2:d5:5c:ae:98:21:47:86:80:f4:df:81:f2:
e8:04:65:b5
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUXkVKU7pWNzZWRKkGKhOUYhcPIckwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNjAyMjgwNTUxMzVaFw0yNjA1MjkyMzU5NTlaMHoxSTBHBgNV
BAUTQDU2MDVhOTkxNDk5MWNmODg4MjA4ZjdlNmRhODE0YjQxNjg0ODBiMDJlMzZk
YjVlZjI5NGUyOGZkZWYwZGUxNjkxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKY8Pc6A6P0zPElpsJfuOULbE51Ra3RoRDnI99qRxK7OzAUkHYs+8pblKqf2
WBUeCQoccHU0DVSoGSvINS+1V80kaSWQbVH/+Ut5HcRmkXykW+WNfSc94+K9Tg35
j5JeicGF2IuKPNtqnLkgSJn+NpC141KeNoyybV8CGkdesdtCyq07Q4ndPtGHXKyQ
0XQNfl/AeBcQte018g/J//Wh1qAyFVwdr6Tz2Y6TjIzgeqQrG6wtAqd0TS3EE3Hc
hkBqOEFFtDmzwZ22GLyWNk8Mhq9IbhixHadE4hkLfWcHNASIwkNSnZgfi4bQ+Iqs
IZBAQOWgTlrmoBraafJoSzJBwhMCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBS7X1ze
2p8PjOtWkMWA6QjJJzq7+jAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MzNmNDQyZTEtNzY2ZS00NjFkLWEzYjktMmIwZmQwMWIwOGNjLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0Hhg
MA0GCSqGSIb3DQEBCwUAA4IBAQCKSMx9GAwYIHBNGOjGsnzfmF21Sgk6sYfXWcZ9
WuVcZ6K61WOPFp3nsqp7XBIEdMutnggl4vU6SnLYv4baXhA0vOB18vmoaOjfvjdu
5+SUrG2eHmOdic6O3HF3pTwU+35Q5ooEIWRDs8ECyXFrMb8DHY7pzsPYz/Rut8/K
+l/bnl+DK/YZmgd2/PqZCvVqag354lo+y+n2O0/DdbwpkfCx6jUpUV3Cj9HrlWbI
KbIpXtTwmuskgHG4DiYE8jOHvjJoy0nH4AWyQiAE9PNZ3DbdWilGiJBzkHv07CHx
Fr4ax0Skg8c+J36BCJEQypn+e/LVXK6YIUeGgPTfgfLoBGW1
-----END CERTIFICATE-----
Generated at Mon Mar 2 02:48:37 2026 by rpki-client