Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/431d8e22-a384-419e-9218-32a80c0ce0e3.roa
File: 431d8e22-a384-419e-9218-32a80c0ce0e3.roa (raw, json)
Hash identifier: 3K3na8NZRTL9LitG3TtZwzBMFNA3Jy6bnx2d1lbLxX0=
Subject key identifier: 94:8B:9E:D8:49:DE:16:06:51:79:71:65:2D:D5:F4:89:78:DC:73:77
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 3DDF5062FDCE6166EC8740DF6677825DC893D227
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/431d8e22-a384-419e-9218-32a80c0ce0e3.roa
Signing time: Wed 25 Feb 2026 03:00:10 +0000
ROA not before: Wed 25 Feb 2026 03:00:10 +0000
ROA not after: Tue 26 May 2026 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d076:e000::/40 maxlen: 40
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 15:00:27 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
3d:df:50:62:fd:ce:61:66:ec:87:40:df:66:77:82:5d:c8:93:d2:27
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Feb 25 03:00:10 2026 GMT
Not After : May 26 23:59:59 2026 GMT
Subject: serialNumber=ed85d642cdb54b8b8dae30177a56c1a9196051d5b341de113eff877b5386500b, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cb:49:4c:b7:9c:fb:b7:d2:1d:8d:47:ad:dd:e9:
fe:d9:d6:d2:fc:be:fd:48:fa:4c:07:4b:52:0b:d0:
78:a1:a0:3e:02:0d:84:f0:a8:9f:0b:8d:af:22:86:
34:6b:9d:87:12:25:4a:4c:cd:46:b3:75:8a:6f:6a:
23:8b:63:4c:83:3a:c2:61:ad:b5:cc:0e:c1:78:1e:
d7:b7:e1:fb:d6:4b:4b:37:8e:9f:17:c9:81:d3:b3:
d4:d6:b8:e1:a6:47:d0:e8:06:03:ca:a8:78:af:4c:
98:76:e0:76:db:ac:29:40:65:49:76:b6:9a:83:53:
c6:52:90:b6:83:84:5b:e1:b5:40:21:23:c4:09:cf:
2e:43:39:2c:06:59:5a:d6:70:53:76:08:d3:ae:9a:
aa:9f:c9:cf:0f:e3:4e:b0:fa:da:23:81:9d:12:06:
28:4e:3f:49:ed:cc:5c:ac:35:b7:59:7b:e2:c1:45:
96:f1:de:c5:33:5d:d1:c5:f4:10:57:c7:96:59:94:
74:0e:36:aa:db:14:8e:4f:92:c0:43:93:5c:e5:db:
27:2c:ba:01:ef:d1:f3:50:88:4b:3f:a6:ee:04:fe:
91:8a:8c:46:52:b7:cb:1e:15:ef:5d:7f:41:6f:f9:
f6:f4:d8:8b:36:46:6a:09:03:d2:f1:db:75:01:9c:
7b:4d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
94:8B:9E:D8:49:DE:16:06:51:79:71:65:2D:D5:F4:89:78:DC:73:77
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/431d8e22-a384-419e-9218-32a80c0ce0e3.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d076:e000::/40
Signature Algorithm: sha256WithRSAEncryption
b8:30:6c:bd:e6:c9:63:75:4b:50:bd:94:7b:ee:a2:56:56:86:
fc:ab:e7:6f:31:da:b7:06:c9:62:0b:c8:4e:19:9d:41:08:2f:
2d:d7:52:dd:f4:c9:fb:67:27:47:fa:4f:81:2b:97:c1:33:1d:
c3:02:7a:bf:45:a4:ee:79:c1:18:d9:d2:26:6d:46:2c:5c:2c:
4e:6a:7b:33:18:7d:c8:7a:af:ea:f9:06:30:10:f3:44:7d:38:
ed:22:18:30:30:d4:35:b9:4e:56:ed:e7:5b:99:f3:14:02:f2:
1f:1d:2e:9a:2c:7e:24:70:55:0b:10:74:c8:f9:4c:f3:c9:c2:
cf:41:4a:79:e0:57:61:fb:74:22:e0:fc:7a:19:a2:45:ed:76:
fd:9d:f6:1a:d7:a0:1b:13:8c:30:c6:7a:64:08:b7:1f:6b:c7:
fb:cc:48:44:3c:da:58:f9:cf:e6:62:38:1e:3a:df:6c:f4:11:
a8:2a:fe:50:54:56:fd:10:df:cc:29:f0:53:37:4d:d5:e7:f5:
a6:92:72:80:9a:41:fa:a8:d8:64:d3:49:3b:d8:30:18:df:b3:
db:cd:d2:5a:77:36:2d:47:1f:a2:51:8b:7d:a0:04:bb:95:53:
2d:f4:cd:48:3c:3e:7a:0d:ec:68:60:dd:96:d7:c7:5b:30:96:
71:d1:fe:38
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUPd9QYv3OYWbsh0DfZneCXciT0icwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNjAyMjUwMzAwMTBaFw0yNjA1MjYyMzU5NTlaMHoxSTBHBgNV
BAUTQGVkODVkNjQyY2RiNTRiOGI4ZGFlMzAxNzdhNTZjMWE5MTk2MDUxZDViMzQx
ZGUxMTNlZmY4NzdiNTM4NjUwMGIxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMtJTLec+7fSHY1Hrd3p/tnW0vy+/Uj6TAdLUgvQeKGgPgINhPConwuNryKG
NGudhxIlSkzNRrN1im9qI4tjTIM6wmGttcwOwXge17fh+9ZLSzeOnxfJgdOz1Na4
4aZH0OgGA8qoeK9MmHbgdtusKUBlSXa2moNTxlKQtoOEW+G1QCEjxAnPLkM5LAZZ
WtZwU3YI066aqp/Jzw/jTrD62iOBnRIGKE4/Se3MXKw1t1l74sFFlvHexTNd0cX0
EFfHllmUdA42qtsUjk+SwEOTXOXbJyy6Ae/R81CISz+m7gT+kYqMRlK3yx4V711/
QW/59vTYizZGagkD0vHbdQGce00CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBSUi57Y
Sd4WBlF5cWUt1fSJeNxzdzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NDMxZDhlMjItYTM4NC00MTllLTkyMTgtMzJhODBjMGNlMGUzLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0Hbg
MA0GCSqGSIb3DQEBCwUAA4IBAQC4MGy95sljdUtQvZR77qJWVob8q+dvMdq3Bsli
C8hOGZ1BCC8t11Ld9Mn7ZydH+k+BK5fBMx3DAnq/RaTuecEY2dImbUYsXCxOansz
GH3Ieq/q+QYwEPNEfTjtIhgwMNQ1uU5W7edbmfMUAvIfHS6aLH4kcFULEHTI+Uzz
ycLPQUp54Fdh+3Qi4Px6GaJF7Xb9nfYa16AbE4wwxnpkCLcfa8f7zEhEPNpY+c/m
YjgeOt9s9BGoKv5QVFb9EN/MKfBTN03V5/WmknKAmkH6qNhk00k72DAY37PbzdJa
dzYtRx+iUYt9oAS7lVMt9M1IPD56DexoYN2W18dbMJZx0f44
-----END CERTIFICATE-----
Generated at Sun Mar 1 21:51:05 2026 by rpki-client