Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/44d8b686-7db5-4309-8f09-3af611be3753.roa
File: 44d8b686-7db5-4309-8f09-3af611be3753.roa (raw, json)
Hash identifier: 013mwrHMY/jWPizKYkcbu6Pr5hfdbmb8+ZtPy7zHfNA=
Subject key identifier: 7D:F4:F6:B6:2E:5F:79:9A:F0:B4:D9:AD:BB:D2:D5:8F:0E:14:97:13
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 2BF9943FB85BD6D0D39EC31278571604C064E9F5
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/44d8b686-7db5-4309-8f09-3af611be3753.roa
Signing time: Sat 28 Feb 2026 05:10:14 +0000
ROA not before: Sat 28 Feb 2026 05:10:14 +0000
ROA not after: Fri 29 May 2026 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d07a:c000::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 15:00:27 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
2b:f9:94:3f:b8:5b:d6:d0:d3:9e:c3:12:78:57:16:04:c0:64:e9:f5
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Feb 28 05:10:14 2026 GMT
Not After : May 29 23:59:59 2026 GMT
Subject: serialNumber=73aee1250dcd3ebc1035017e37a2ecca7cfe8bc546b2006d3ecea9a431557e63, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:92:b9:fe:56:28:67:69:63:25:59:0c:5e:92:b3:
e0:a0:9b:f9:cc:d9:00:c0:8c:61:e9:04:bb:d5:19:
84:9c:0d:e5:cd:b6:be:80:fe:b9:07:ca:70:6b:c5:
52:c9:05:be:d5:6f:36:06:ee:7f:6f:85:ca:39:19:
65:08:e2:b5:d3:6f:22:dc:86:03:2b:4b:f6:68:80:
4e:35:61:0b:75:fb:1a:1a:27:7b:15:da:f5:e0:db:
f7:47:3d:91:22:36:41:b7:9d:a5:1d:d8:bd:02:9c:
9a:00:c6:f0:de:ad:a8:0f:be:35:04:ab:b6:64:4d:
e2:de:f7:07:73:87:e7:5d:07:7c:63:11:44:87:e5:
e1:0b:78:ca:4d:b6:ea:43:8b:e2:7e:82:4a:e8:bf:
98:12:4a:3b:1d:dd:4a:03:17:b5:3b:8e:41:2b:9c:
9f:b7:2a:68:1e:9f:e4:c5:bf:3e:ff:ca:a3:c7:5e:
92:3c:a7:df:95:f9:de:80:2a:bf:6e:33:3a:5e:da:
d8:4b:f0:39:f4:7b:4d:76:ad:5d:86:98:0f:d9:75:
5d:8d:a5:86:e9:d6:c0:0f:ab:96:57:9f:e9:48:24:
af:ea:3c:20:37:36:57:27:a2:83:2f:2b:1d:13:45:
21:86:de:25:c9:ce:51:8c:52:fe:a4:20:4f:8b:c8:
29:f5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7D:F4:F6:B6:2E:5F:79:9A:F0:B4:D9:AD:BB:D2:D5:8F:0E:14:97:13
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/44d8b686-7db5-4309-8f09-3af611be3753.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d07a:c000::/40
Signature Algorithm: sha256WithRSAEncryption
aa:d2:75:c9:3c:f1:5a:14:e8:e0:93:dd:40:33:a8:b9:51:42:
43:ab:fe:9c:75:32:6c:de:dc:d2:56:93:b5:f5:dd:b8:d5:47:
f2:6a:9e:ee:29:56:25:a6:1a:55:1d:b3:a9:52:e0:0b:92:88:
a9:74:9e:f0:f5:67:4f:fb:29:93:e5:ed:c5:77:e5:af:bd:1b:
2c:cf:44:f9:4f:c9:ac:79:ea:db:10:5a:03:55:54:57:df:ae:
77:06:36:52:70:55:28:7b:c6:ec:a1:c5:c5:23:31:ff:e8:1c:
eb:1f:ea:17:9d:89:70:a8:81:a0:07:40:30:b2:f3:52:1e:3b:
66:17:00:b3:de:2f:5c:fa:9b:91:39:65:ad:ca:90:a8:aa:01:
36:cc:eb:8c:25:d2:27:3e:fd:ba:a4:01:1e:7b:fd:a1:74:d2:
c9:b0:42:14:b8:6f:77:97:0f:09:ab:53:9b:05:52:54:37:60:
2d:90:e7:08:b2:4e:1d:51:90:91:da:a9:fe:63:45:3d:fa:d1:
13:57:96:a4:c4:e7:3e:cd:3d:d5:4b:67:90:cf:c1:82:6e:9f:
7d:ec:21:13:40:52:6f:3a:9d:97:3f:76:f0:09:19:94:0b:78:
f9:cd:78:34:ef:87:db:9e:ca:0c:46:03:bd:b3:f5:7c:d8:ce:
08:00:f0:a4
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUK/mUP7hb1tDTnsMSeFcWBMBk6fUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNjAyMjgwNTEwMTRaFw0yNjA1MjkyMzU5NTlaMHoxSTBHBgNV
BAUTQDczYWVlMTI1MGRjZDNlYmMxMDM1MDE3ZTM3YTJlY2NhN2NmZThiYzU0NmIy
MDA2ZDNlY2VhOWE0MzE1NTdlNjMxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJK5/lYoZ2ljJVkMXpKz4KCb+czZAMCMYekEu9UZhJwN5c22voD+uQfKcGvF
UskFvtVvNgbuf2+FyjkZZQjitdNvItyGAytL9miATjVhC3X7GhonexXa9eDb90c9
kSI2QbedpR3YvQKcmgDG8N6tqA++NQSrtmRN4t73B3OH510HfGMRRIfl4Qt4yk22
6kOL4n6CSui/mBJKOx3dSgMXtTuOQSucn7cqaB6f5MW/Pv/Ko8dekjyn35X53oAq
v24zOl7a2EvwOfR7TXatXYaYD9l1XY2lhunWwA+rllef6Ugkr+o8IDc2Vyeigy8r
HRNFIYbeJcnOUYxS/qQgT4vIKfUCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBR99Pa2
Ll95mvC02a270tWPDhSXEzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NDRkOGI2ODYtN2RiNS00MzA5LThmMDktM2FmNjExYmUzNzUzLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0HrA
MA0GCSqGSIb3DQEBCwUAA4IBAQCq0nXJPPFaFOjgk91AM6i5UUJDq/6cdTJs3tzS
VpO19d241Ufyap7uKVYlphpVHbOpUuALkoipdJ7w9WdP+ymT5e3Fd+WvvRssz0T5
T8mseerbEFoDVVRX3653BjZScFUoe8bsocXFIzH/6BzrH+oXnYlwqIGgB0AwsvNS
HjtmFwCz3i9c+puROWWtypCoqgE2zOuMJdInPv26pAEee/2hdNLJsEIUuG93lw8J
q1ObBVJUN2AtkOcIsk4dUZCR2qn+Y0U9+tETV5akxOc+zT3VS2eQz8GCbp997CET
QFJvOp2XP3bwCRmUC3j5zXg074fbnsoMRgO9s/V82M4IAPCk
-----END CERTIFICATE-----
Generated at Sun Mar 1 21:48:20 2026 by rpki-client