Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/42a2bbbc-4bfd-4172-8004-b90bf9d2de72.roa
File: 42a2bbbc-4bfd-4172-8004-b90bf9d2de72.roa (raw, json)
Hash identifier: Q+3tDBHFhGfVoGY+Zo+FQzPmWlol2/UFrnbSH+oqIcE=
Subject key identifier: 07:2F:08:D8:35:2D:34:E0:B0:98:77:3E:DE:8B:E4:B5:BA:BB:8A:2C
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 127A16FF6992FC68FB148C351BB5CD23E0EF8091
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/42a2bbbc-4bfd-4172-8004-b90bf9d2de72.roa
Signing time: Tue 24 Feb 2026 00:40:09 +0000
ROA not before: Tue 24 Feb 2026 00:40:09 +0000
ROA not after: Mon 25 May 2026 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d076:9000::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 15:00:27 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
12:7a:16:ff:69:92:fc:68:fb:14:8c:35:1b:b5:cd:23:e0:ef:80:91
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Feb 24 00:40:09 2026 GMT
Not After : May 25 23:59:59 2026 GMT
Subject: serialNumber=932a22608333378dec7058d284476714815f977999b2a1232a54cbf8b4e671d1, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ce:6b:28:8c:16:9a:64:87:91:56:19:5c:79:0f:
65:c2:51:ce:2c:83:34:16:ec:07:ee:91:3a:a1:35:
97:ce:67:ac:15:9b:60:c1:28:db:11:88:eb:4e:cd:
1d:dd:49:d2:db:40:60:3d:1b:73:3f:ba:62:38:21:
c4:25:e2:83:f9:75:25:09:61:28:78:78:ed:6b:ab:
c6:2a:8c:56:35:f9:0d:4d:51:06:4d:da:72:67:fb:
f3:fa:8d:a6:1c:41:96:14:17:59:ed:67:8a:7d:19:
f3:09:b0:1b:68:ce:69:20:f0:b1:af:fd:90:84:55:
0e:f8:6a:be:29:51:fd:ee:5a:94:67:6e:27:80:f4:
be:7d:7c:2b:ce:e5:a6:ba:b1:bc:0b:23:66:a2:81:
0f:3d:5f:26:27:dc:b1:7a:b4:3a:e9:46:ff:e1:6c:
9d:0b:b0:c5:cb:22:59:e3:48:a5:6f:3a:a4:00:ee:
19:85:e0:2d:1b:b5:a0:23:48:29:e1:7b:74:9b:3c:
f5:a3:64:b5:4d:f7:ad:cf:21:b2:cb:5e:13:94:d9:
12:10:da:39:61:ae:c5:bc:c5:11:23:3d:44:4d:b7:
8b:10:e5:a6:e9:fd:63:50:45:6c:86:22:73:29:90:
3e:5e:b7:6e:49:7a:56:87:ca:ce:94:76:63:79:ad:
d2:bb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
07:2F:08:D8:35:2D:34:E0:B0:98:77:3E:DE:8B:E4:B5:BA:BB:8A:2C
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/42a2bbbc-4bfd-4172-8004-b90bf9d2de72.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d076:9000::/48
Signature Algorithm: sha256WithRSAEncryption
5f:73:c4:c0:9c:f8:3c:cf:85:e4:25:1f:21:cd:a8:36:43:92:
93:af:7a:8f:55:f6:b7:81:d6:78:d4:bd:49:ef:94:5f:71:bc:
55:de:22:09:26:25:bc:db:df:b8:69:1e:17:ca:9d:c3:b2:ba:
cb:88:1a:82:dc:36:ee:1a:31:28:04:60:5d:70:b7:da:d5:a9:
ed:42:25:82:52:df:b9:63:8a:42:15:33:fc:6d:eb:1c:9b:4a:
3b:d8:40:73:3b:64:44:73:cc:66:25:53:b0:5e:9e:7b:2b:3c:
a0:3a:6a:2c:d0:0b:b2:bd:82:7c:e2:3d:59:3a:e2:62:a1:02:
d3:b9:1f:c9:59:56:5c:be:ff:a3:cd:ee:5e:4d:5e:04:22:24:
80:45:e2:ac:c1:52:3f:f7:d7:8e:43:11:44:e7:36:9b:02:33:
a2:e5:2c:7e:c5:83:78:8e:fb:14:f9:b6:c2:6f:a8:48:cd:1c:
a2:59:dd:0d:e1:53:90:60:01:11:fe:84:9f:11:b3:d5:6a:1a:
e9:36:75:3a:fa:bb:07:c9:7d:f4:6e:a0:db:c2:c5:8c:50:95:
51:e2:17:4c:23:1d:3f:59:27:6e:42:41:b7:e3:ae:6d:dd:ef:
18:68:2d:45:a5:e8:93:85:48:44:27:bb:98:4f:26:47:ec:84:
fe:a5:34:2f
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUEnoW/2mS/Gj7FIw1G7XNI+DvgJEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNjAyMjQwMDQwMDlaFw0yNjA1MjUyMzU5NTlaMHoxSTBHBgNV
BAUTQDkzMmEyMjYwODMzMzM3OGRlYzcwNThkMjg0NDc2NzE0ODE1Zjk3Nzk5OWIy
YTEyMzJhNTRjYmY4YjRlNjcxZDExLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAM5rKIwWmmSHkVYZXHkPZcJRziyDNBbsB+6ROqE1l85nrBWbYMEo2xGI607N
Hd1J0ttAYD0bcz+6YjghxCXig/l1JQlhKHh47WurxiqMVjX5DU1RBk3acmf78/qN
phxBlhQXWe1nin0Z8wmwG2jOaSDwsa/9kIRVDvhqvilR/e5alGduJ4D0vn18K87l
prqxvAsjZqKBDz1fJifcsXq0OulG/+FsnQuwxcsiWeNIpW86pADuGYXgLRu1oCNI
KeF7dJs89aNktU33rc8hssteE5TZEhDaOWGuxbzFESM9RE23ixDlpun9Y1BFbIYi
cymQPl63bkl6VofKzpR2Y3mt0rsCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBQHLwjY
NS004LCYdz7ei+S1uruKLDAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NDJhMmJiYmMtNGJmZC00MTcyLTgwMDQtYjkwYmY5ZDJkZTcyLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0HaQ
ADANBgkqhkiG9w0BAQsFAAOCAQEAX3PEwJz4PM+F5CUfIc2oNkOSk696j1X2t4HW
eNS9Se+UX3G8Vd4iCSYlvNvfuGkeF8qdw7K6y4gagtw27hoxKARgXXC32tWp7UIl
glLfuWOKQhUz/G3rHJtKO9hAcztkRHPMZiVTsF6eeys8oDpqLNALsr2CfOI9WTri
YqEC07kfyVlWXL7/o83uXk1eBCIkgEXirMFSP/fXjkMRROc2mwIzouUsfsWDeI77
FPm2wm+oSM0colndDeFTkGABEf6EnxGz1Woa6TZ1Ovq7B8l99G6g28LFjFCVUeIX
TCMdP1knbkJBt+Oubd3vGGgtRaXok4VIRCe7mE8mR+yE/qU0Lw==
-----END CERTIFICATE-----
Generated at Sun Mar 1 21:48:42 2026 by rpki-client