Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/3ef5e7b8-24ad-41af-8334-2eff292a769d.roa
File: 3ef5e7b8-24ad-41af-8334-2eff292a769d.roa (raw, json)
Hash identifier: Jsi54MPXyOv9MuuhDwOr/RHTJJuC0MaDdwdsMwaUEqc=
Subject key identifier: B3:6E:2D:B4:E8:8F:CA:6A:83:2B:C4:43:D8:E3:14:1A:2E:21:A1:77
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 196801BAD920F9BD7D225DD7D5939AC6237E4BD5
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/3ef5e7b8-24ad-41af-8334-2eff292a769d.roa
Signing time: Sat 28 Feb 2026 06:00:51 +0000
ROA not before: Sat 28 Feb 2026 06:00:51 +0000
ROA not after: Fri 29 May 2026 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d07f:60c0::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 15:00:27 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
19:68:01:ba:d9:20:f9:bd:7d:22:5d:d7:d5:93:9a:c6:23:7e:4b:d5
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Feb 28 06:00:51 2026 GMT
Not After : May 29 23:59:59 2026 GMT
Subject: serialNumber=58b1b1304f41dea1fc1c51edad8e318ef2b871aa41ce27d592e7d9ce6dc5f25c, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:92:1d:a5:4b:3f:4a:bd:fb:77:fb:6d:0d:cd:c1:
49:7a:21:74:8f:52:d4:8b:1d:16:e6:04:b9:de:f5:
6a:5d:47:a1:e7:d3:68:2e:69:2b:de:dc:1b:ad:76:
32:b9:1e:54:ab:74:82:c2:58:71:d9:e2:d5:b1:45:
b0:43:f6:6c:c3:aa:9c:32:41:42:ae:af:dd:41:d5:
1f:ff:09:ec:ad:01:4e:b1:16:a0:68:15:f1:17:2c:
10:f1:d0:a9:b1:ff:82:30:6a:bc:96:51:9a:84:b7:
4a:d8:a7:7f:67:30:4d:67:35:e5:ae:37:f5:d9:f1:
e6:06:9c:62:64:d7:2d:6b:3b:72:41:fe:e7:9e:93:
aa:07:29:02:24:eb:60:7c:e0:03:33:bb:67:dc:ae:
23:d7:31:be:df:b7:28:1e:5b:5b:34:3f:bb:39:b6:
2b:0a:e1:c2:a7:be:7c:17:8b:5e:3f:85:43:a0:6d:
98:f2:62:77:0a:a0:35:3a:fe:c6:b9:4f:fb:ef:ba:
8b:ad:5e:06:1d:70:db:e6:a5:30:d6:2d:84:89:74:
86:e2:69:04:da:ce:bf:06:f6:5c:6b:52:52:e1:a1:
83:fc:9d:2b:a5:a5:41:6f:45:fa:2a:c1:fc:e7:55:
9b:8c:d0:41:b1:47:c0:22:3c:26:2c:ec:33:e0:aa:
ec:3f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B3:6E:2D:B4:E8:8F:CA:6A:83:2B:C4:43:D8:E3:14:1A:2E:21:A1:77
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/3ef5e7b8-24ad-41af-8334-2eff292a769d.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d07f:60c0::/48
Signature Algorithm: sha256WithRSAEncryption
b7:b8:99:0b:ce:c1:f8:88:3c:78:f5:82:be:dd:33:b3:6d:32:
62:4f:b0:7c:d6:d5:6b:23:85:67:cf:5b:b0:54:1d:22:94:90:
3e:2c:52:15:a1:34:85:1f:cc:2c:8f:a5:7d:44:9b:8a:d8:77:
08:32:2a:75:2c:4c:6b:cf:18:08:5b:4f:f9:90:8e:b9:db:68:
c3:50:14:8a:0b:da:9d:d3:b7:7c:6c:3a:ca:ee:74:fc:07:92:
0b:bd:45:26:b7:00:3e:64:55:ec:ca:1f:92:68:f2:77:26:84:
ed:2b:86:ff:a2:96:49:56:99:61:f0:62:66:95:04:8a:86:2c:
9d:cf:ae:8e:34:9c:e6:fb:da:ec:eb:b7:00:99:d4:81:ae:0d:
c1:ac:a8:fa:5f:d5:cf:7e:89:cc:e3:b9:86:8d:9d:b5:98:b6:
47:8b:a7:09:a8:e5:d4:b8:c4:f5:5e:1c:68:51:3a:e9:cd:7e:
57:57:62:be:cc:0f:41:5c:25:68:35:06:05:0e:d9:56:7f:0e:
59:97:61:3b:39:2b:3e:b1:a2:04:b7:ea:99:8e:d3:c6:2a:6a:
76:45:42:c0:fc:d1:cc:b5:1c:d4:98:2b:2b:5c:42:f6:c8:69:
72:c3:e2:9d:71:fd:7d:0a:82:da:4c:ac:39:06:6f:02:cd:44:
c3:af:2a:55
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUGWgButkg+b19Il3X1ZOaxiN+S9UwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNjAyMjgwNjAwNTFaFw0yNjA1MjkyMzU5NTlaMHoxSTBHBgNV
BAUTQDU4YjFiMTMwNGY0MWRlYTFmYzFjNTFlZGFkOGUzMThlZjJiODcxYWE0MWNl
MjdkNTkyZTdkOWNlNmRjNWYyNWMxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJIdpUs/Sr37d/ttDc3BSXohdI9S1IsdFuYEud71al1HoefTaC5pK97cG612
MrkeVKt0gsJYcdni1bFFsEP2bMOqnDJBQq6v3UHVH/8J7K0BTrEWoGgV8RcsEPHQ
qbH/gjBqvJZRmoS3Stinf2cwTWc15a439dnx5gacYmTXLWs7ckH+556TqgcpAiTr
YHzgAzO7Z9yuI9cxvt+3KB5bWzQ/uzm2Kwrhwqe+fBeLXj+FQ6BtmPJidwqgNTr+
xrlP+++6i61eBh1w2+alMNYthIl0huJpBNrOvwb2XGtSUuGhg/ydK6WlQW9F+irB
/OdVm4zQQbFHwCI8JizsM+Cq7D8CAwEAAaOCAiQwggIgMB0GA1UdDgQWBBSzbi20
6I/KaoMrxEPY4xQaLiGhdzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
M2VmNWU3YjgtMjRhZC00MWFmLTgzMzQtMmVmZjI5MmE3NjlkLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0H9g
wDANBgkqhkiG9w0BAQsFAAOCAQEAt7iZC87B+Ig8ePWCvt0zs20yYk+wfNbVayOF
Z89bsFQdIpSQPixSFaE0hR/MLI+lfUSbith3CDIqdSxMa88YCFtP+ZCOudtow1AU
igvandO3fGw6yu50/AeSC71FJrcAPmRV7MofkmjydyaE7SuG/6KWSVaZYfBiZpUE
ioYsnc+ujjSc5vva7Ou3AJnUga4Nwayo+l/Vz36JzOO5ho2dtZi2R4unCajl1LjE
9V4caFE66c1+V1divswPQVwlaDUGBQ7ZVn8OWZdhOzkrPrGiBLfqmY7TxipqdkVC
wPzRzLUc1JgrK1xC9shpcsPinXH9fQqC2kysOQZvAs1Ew68qVQ==
-----END CERTIFICATE-----
Generated at Sun Mar 1 21:50:06 2026 by rpki-client