Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/3a15af39-6818-4eeb-bbaf-283b7bfffba9.roa
File: 3a15af39-6818-4eeb-bbaf-283b7bfffba9.roa (raw, json)
Hash identifier: xP7Fqyp2/9OofqPC5/HzIaEtwbIFb/FaqHk1hsMesdg=
Subject key identifier: B7:85:21:CC:39:23:E7:7A:03:2A:E9:B1:9A:91:CA:D5:73:5A:87:77
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 6B1A635A8AA01255DCF063CC819C442BB71A8900
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/3a15af39-6818-4eeb-bbaf-283b7bfffba9.roa
Signing time: Sat 28 Feb 2026 06:00:40 +0000
ROA not before: Sat 28 Feb 2026 06:00:40 +0000
ROA not after: Fri 29 May 2026 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d036::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 15:00:27 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
6b:1a:63:5a:8a:a0:12:55:dc:f0:63:cc:81:9c:44:2b:b7:1a:89:00
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Feb 28 06:00:40 2026 GMT
Not After : May 29 23:59:59 2026 GMT
Subject: serialNumber=2e0ab4a7f9971a58e0916844a89310f62fd4fa1fc9b452115045a4a84bfb439d, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f2:f1:98:21:47:d8:cc:2c:08:63:f5:62:7f:7b:
0f:9d:99:a9:5d:50:29:6a:0a:1e:9b:7a:ab:d9:3b:
3a:ae:ad:01:3b:5b:1c:5e:98:78:a9:5d:81:4b:f9:
28:da:b9:00:da:71:3e:3f:eb:db:f8:41:95:dd:2f:
02:0a:e7:5d:ca:34:20:c8:dd:d9:2e:d2:5d:ee:e5:
6f:1f:3e:ad:8d:fc:16:43:28:c1:42:f0:74:05:f1:
c6:38:a5:1c:c7:0f:3a:c7:72:b7:2c:8f:02:c1:17:
0d:07:29:7a:fe:27:18:7b:76:5d:5b:7c:df:23:d2:
4e:d6:68:ec:35:1f:94:c0:0d:ab:53:eb:56:86:52:
ea:03:d6:39:67:02:8c:bb:4b:d3:f2:2b:8c:d0:93:
92:cd:75:4e:d0:be:f7:5b:5f:fd:44:30:8a:f8:c2:
a4:d1:4e:64:e5:7e:2c:9a:1d:38:55:4a:ad:15:ba:
83:68:29:64:68:39:0d:76:a4:7a:fd:e2:ca:15:b5:
c0:fe:93:47:4f:a4:fe:29:22:45:89:83:6a:7d:a5:
e9:c1:2a:ce:03:b6:67:0e:b5:bf:62:e1:00:f1:a7:
ac:28:1b:f1:14:3f:30:03:65:b2:e6:f8:0f:94:56:
0f:d7:b8:09:29:12:b9:b5:37:c4:b0:14:82:45:ec:
fe:d7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B7:85:21:CC:39:23:E7:7A:03:2A:E9:B1:9A:91:CA:D5:73:5A:87:77
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/3a15af39-6818-4eeb-bbaf-283b7bfffba9.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d036::/32
Signature Algorithm: sha256WithRSAEncryption
c9:e5:25:dc:2f:a3:0e:78:04:69:19:e4:ef:36:3c:67:2f:52:
9b:07:b3:52:97:79:18:5b:05:54:63:47:85:66:95:43:80:86:
b7:5c:23:38:71:c3:a5:cd:fb:64:20:83:95:a1:e4:64:8d:2a:
9c:5e:39:47:1a:fd:10:17:67:ea:c2:89:e4:d5:5e:8b:60:c0:
cf:24:05:49:44:44:0d:6e:73:4b:c3:4c:b5:89:56:c7:69:cb:
9f:0c:51:b4:26:99:72:c6:b9:83:22:1b:1d:43:08:7f:0a:27:
31:86:8c:29:5f:6b:1d:ea:b1:a3:a5:52:65:25:e7:e9:e2:42:
93:8b:39:d9:ae:08:e7:fd:ad:99:38:1b:85:50:63:df:60:13:
ab:3a:5c:38:e1:0e:b7:e9:62:59:06:52:c5:79:73:c3:3f:ea:
11:09:01:cd:7e:0a:d4:4b:1e:7b:1b:f5:45:ec:24:23:ad:56:
fd:1a:12:8c:22:0d:80:31:b1:54:a9:dc:72:86:ee:03:b9:70:
51:fe:94:e5:18:be:de:5f:f4:46:5b:e3:af:8b:92:3e:38:bb:
b6:b8:83:10:34:f0:6d:21:2c:ab:fe:ea:fc:e9:9a:5a:95:cc:
17:d4:42:e8:db:56:e7:23:c1:ab:d4:a5:76:f9:5b:1e:cc:7f:
45:03:f7:39
-----BEGIN CERTIFICATE-----
MIIFXzCCBEegAwIBAgIUaxpjWoqgElXc8GPMgZxEK7caiQAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNjAyMjgwNjAwNDBaFw0yNjA1MjkyMzU5NTlaMHoxSTBHBgNV
BAUTQDJlMGFiNGE3Zjk5NzFhNThlMDkxNjg0NGE4OTMxMGY2MmZkNGZhMWZjOWI0
NTIxMTUwNDVhNGE4NGJmYjQzOWQxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAPLxmCFH2MwsCGP1Yn97D52ZqV1QKWoKHpt6q9k7Oq6tATtbHF6YeKldgUv5
KNq5ANpxPj/r2/hBld0vAgrnXco0IMjd2S7SXe7lbx8+rY38FkMowULwdAXxxjil
HMcPOsdytyyPAsEXDQcpev4nGHt2XVt83yPSTtZo7DUflMANq1PrVoZS6gPWOWcC
jLtL0/IrjNCTks11TtC+91tf/UQwivjCpNFOZOV+LJodOFVKrRW6g2gpZGg5DXak
ev3iyhW1wP6TR0+k/ikiRYmDan2l6cEqzgO2Zw61v2LhAPGnrCgb8RQ/MANlsub4
D5RWD9e4CSkSubU3xLAUgkXs/tcCAwEAAaOCAiIwggIeMB0GA1UdDgQWBBS3hSHM
OSPnegMq6bGakcrVc1qHdzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
M2ExNWFmMzktNjgxOC00ZWViLWJiYWYtMjgzYjdiZmZmYmE5LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACoF0DYw
DQYJKoZIhvcNAQELBQADggEBAMnlJdwvow54BGkZ5O82PGcvUpsHs1KXeRhbBVRj
R4VmlUOAhrdcIzhxw6XN+2Qgg5Wh5GSNKpxeOUca/RAXZ+rCieTVXotgwM8kBUlE
RA1uc0vDTLWJVsdpy58MUbQmmXLGuYMiGx1DCH8KJzGGjClfax3qsaOlUmUl5+ni
QpOLOdmuCOf9rZk4G4VQY99gE6s6XDjhDrfpYlkGUsV5c8M/6hEJAc1+CtRLHnsb
9UXsJCOtVv0aEowiDYAxsVSp3HKG7gO5cFH+lOUYvt5f9EZb46+Lkj44u7a4gxA0
8G0hLKv+6vzpmlqVzBfUQujbVucjwavUpXb5Wx7Mf0UD9zk=
-----END CERTIFICATE-----
Generated at Sun Mar 1 21:46:13 2026 by rpki-client