Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/3c89eb14-e34b-4729-9b6f-b536e1e06692.roa
File: 3c89eb14-e34b-4729-9b6f-b536e1e06692.roa (raw, json)
Hash identifier: /0aTpZbBUFUKUQve+rda/FcLAsA8rJthmjoR6PjreAM=
Subject key identifier: EC:09:19:91:4D:4A:CD:8E:C6:1F:A2:3A:03:A3:9F:6B:17:BB:CF:87
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 0D72006174F7ED260DE8E114E4CEAA52C4B8F9FC
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/3c89eb14-e34b-4729-9b6f-b536e1e06692.roa
Signing time: Fri 20 Feb 2026 01:50:54 +0000
ROA not before: Fri 20 Feb 2026 01:50:54 +0000
ROA not after: Thu 21 May 2026 23:59:59 +0000
asID: 16509
IP address blocks: 176.34.32.0/21 maxlen: 21
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 15:00:27 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
0d:72:00:61:74:f7:ed:26:0d:e8:e1:14:e4:ce:aa:52:c4:b8:f9:fc
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Feb 20 01:50:54 2026 GMT
Not After : May 21 23:59:59 2026 GMT
Subject: serialNumber=ef2391be2e870aeea63cbe5995d55c9d0fec2efb8087ea9d125ec1a56ff99d3d, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cf:91:bc:80:35:cf:97:95:91:fe:5a:3e:c3:2c:
7f:fd:e1:d9:20:3f:dc:c2:cb:f7:f7:c8:23:50:07:
8a:0f:05:04:fa:b1:35:13:34:7c:4c:56:19:1f:d5:
bd:12:1a:83:20:a8:20:c6:0e:4d:68:6a:7e:4d:ae:
1e:2e:0b:47:18:4f:d1:34:22:d7:1e:fa:49:34:27:
9b:b6:07:e3:78:26:b5:25:f4:e5:af:7b:7b:7d:54:
e3:91:49:2a:6b:9e:bf:5c:f6:e9:90:ab:8f:75:cc:
f6:5e:40:a2:0a:52:bd:d0:33:03:c6:34:76:cf:27:
24:6e:03:54:ed:00:4d:15:38:45:82:5f:ff:f9:d3:
4f:21:f6:73:05:3a:42:a4:c2:d8:6c:67:fe:35:10:
24:06:fe:5f:54:fb:02:cf:b5:c3:4e:23:b4:a9:84:
b3:42:d2:5d:e2:30:c9:aa:40:d1:ab:a8:63:1f:5a:
ac:04:8b:40:b4:35:e5:cb:c9:7b:9d:b1:ca:c7:6f:
ed:1b:8b:5c:99:17:17:a7:7f:42:31:8c:2d:f6:f5:
e5:e9:a3:85:4f:de:14:9b:eb:29:43:56:17:54:e7:
9e:88:8b:72:83:f2:c7:a8:9b:40:5e:df:2f:d9:d8:
8a:8d:cb:9a:17:39:d4:d5:d9:27:a1:a9:c0:68:19:
fb:41
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
EC:09:19:91:4D:4A:CD:8E:C6:1F:A2:3A:03:A3:9F:6B:17:BB:CF:87
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/3c89eb14-e34b-4729-9b6f-b536e1e06692.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
176.34.32.0/21
Signature Algorithm: sha256WithRSAEncryption
07:49:83:08:34:83:e6:20:80:bf:23:40:4a:b9:ca:b0:33:ac:
15:c1:41:82:fc:01:72:fb:bf:00:0b:ff:2c:91:57:ec:8c:ab:
6b:b2:6d:f8:48:60:61:79:48:58:06:df:0a:1e:dd:00:4a:fe:
a3:cf:f4:98:3f:f4:da:85:72:e9:4e:c7:80:c9:79:10:f3:6d:
c6:d1:f9:b1:9f:43:86:fe:02:f9:96:26:a7:3c:fb:99:1b:0e:
9c:57:4f:d5:af:a9:45:a1:70:ac:b1:cd:bf:ba:0b:66:3b:98:
0b:69:66:80:f6:9c:1d:5f:54:34:4a:94:a1:48:e8:e8:bc:48:
63:e6:79:91:5b:36:77:1d:73:6b:16:c8:f6:72:ea:da:9a:ee:
f4:95:e8:e0:27:e0:47:b8:f0:b2:7c:bc:78:6c:0c:59:96:02:
bc:90:62:41:20:22:61:c5:8f:48:dc:21:17:8c:2f:65:3f:80:
52:f1:59:f0:80:9a:8c:ef:60:e0:22:92:cf:91:9c:b1:7b:12:
7e:20:87:30:79:24:53:ef:43:12:0b:cc:06:84:a8:c7:89:dc:
66:5c:16:86:2e:02:e1:51:36:d8:fd:a2:a7:c5:27:0c:f4:b6:
c2:87:da:3b:59:53:f7:f6:68:ab:1d:0c:02:0c:10:e2:ef:f3:
ac:72:5e:60
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUDXIAYXT37SYN6OEU5M6qUsS4+fwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNjAyMjAwMTUwNTRaFw0yNjA1MjEyMzU5NTlaMHoxSTBHBgNV
BAUTQGVmMjM5MWJlMmU4NzBhZWVhNjNjYmU1OTk1ZDU1YzlkMGZlYzJlZmI4MDg3
ZWE5ZDEyNWVjMWE1NmZmOTlkM2QxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAM+RvIA1z5eVkf5aPsMsf/3h2SA/3MLL9/fII1AHig8FBPqxNRM0fExWGR/V
vRIagyCoIMYOTWhqfk2uHi4LRxhP0TQi1x76STQnm7YH43gmtSX05a97e31U45FJ
Kmuev1z26ZCrj3XM9l5AogpSvdAzA8Y0ds8nJG4DVO0ATRU4RYJf//nTTyH2cwU6
QqTC2Gxn/jUQJAb+X1T7As+1w04jtKmEs0LSXeIwyapA0auoYx9arASLQLQ15cvJ
e52xysdv7RuLXJkXF6d/QjGMLfb15emjhU/eFJvrKUNWF1TnnoiLcoPyx6ibQF7f
L9nYio3Lmhc51NXZJ6GpwGgZ+0ECAwEAAaOCAiEwggIdMB0GA1UdDgQWBBTsCRmR
TUrNjsYfojoDo59rF7vPhzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
M2M4OWViMTQtZTM0Yi00NzI5LTliNmYtYjUzNmUxZTA2NjkyLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEA7AiIDAN
BgkqhkiG9w0BAQsFAAOCAQEAB0mDCDSD5iCAvyNASrnKsDOsFcFBgvwBcvu/AAv/
LJFX7Iyra7Jt+EhgYXlIWAbfCh7dAEr+o8/0mD/02oVy6U7HgMl5EPNtxtH5sZ9D
hv4C+ZYmpzz7mRsOnFdP1a+pRaFwrLHNv7oLZjuYC2lmgPacHV9UNEqUoUjo6LxI
Y+Z5kVs2dx1zaxbI9nLq2pru9JXo4CfgR7jwsny8eGwMWZYCvJBiQSAiYcWPSNwh
F4wvZT+AUvFZ8ICajO9g4CKSz5GcsXsSfiCHMHkkU+9DEgvMBoSox4ncZlwWhi4C
4VE22P2ip8UnDPS2wofaO1lT9/Zoqx0MAgwQ4u/zrHJeYA==
-----END CERTIFICATE-----
Generated at Sun Mar 1 23:37:10 2026 by rpki-client