Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/4604fc5d-5125-4a3b-890a-3f8830a08b1f.roa
File: 4604fc5d-5125-4a3b-890a-3f8830a08b1f.roa (raw, json)
Hash identifier: M5mcdBFE9IQqFHiIPosF748Dv0bXjycbS+LWuJWlKpY=
Subject key identifier: 90:DA:F3:68:89:F4:14:39:CB:CC:D7:F3:C0:84:50:46:38:03:7A:DC
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 3688535FD7D3A9E3DE9FD5C0A12F6A51ED786359
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/4604fc5d-5125-4a3b-890a-3f8830a08b1f.roa
Signing time: Wed 11 Feb 2026 01:30:51 +0000
ROA not before: Wed 11 Feb 2026 01:30:51 +0000
ROA not after: Tue 12 May 2026 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d06a:a0c0::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 15:00:27 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
36:88:53:5f:d7:d3:a9:e3:de:9f:d5:c0:a1:2f:6a:51:ed:78:63:59
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Feb 11 01:30:51 2026 GMT
Not After : May 12 23:59:59 2026 GMT
Subject: serialNumber=1371423dda1a30b9d448fd562a562aec920f6c745cdb95f4955cde1df8d98cb2, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:95:67:bc:96:45:cb:0d:ce:f0:91:97:3c:e1:2f:
ca:82:c0:99:62:45:6e:7c:bb:96:81:ca:fc:04:d1:
27:ba:90:46:c2:06:49:06:7b:f1:68:4c:a3:85:85:
7f:67:8b:5d:0a:51:70:41:be:d1:19:7b:2e:ac:2d:
67:0a:c6:b6:2f:f2:da:fa:6d:6c:7b:d7:e5:be:4a:
5c:03:15:fe:d2:8b:5d:2e:77:7c:b6:8d:ce:91:61:
1b:c3:96:97:71:36:c7:a1:9e:fa:05:6e:7f:77:be:
4c:cb:3e:de:2b:a8:28:bb:e0:38:f9:bc:51:05:7a:
8e:bb:85:fd:1b:3d:8b:73:63:02:ff:29:08:d9:f9:
79:bb:6b:21:e0:1d:1e:b9:0c:31:ee:58:8c:ee:ab:
d5:20:76:95:a0:a0:82:c0:65:2f:d2:49:11:f7:2d:
15:80:98:68:bb:a5:c7:c1:a7:25:43:42:1d:65:6f:
91:7a:7d:0f:8e:30:36:a4:e3:80:86:cd:04:c1:f0:
8b:de:2b:92:6d:2d:92:9f:36:fa:88:ac:47:24:25:
46:70:e5:b9:23:b5:b0:17:0a:0e:08:24:79:11:8c:
85:95:2a:d5:e4:e5:1f:df:aa:fe:9f:37:06:d7:37:
f3:3a:a0:89:2b:97:fa:3f:d4:13:bc:fa:ef:da:02:
ac:fb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
90:DA:F3:68:89:F4:14:39:CB:CC:D7:F3:C0:84:50:46:38:03:7A:DC
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/4604fc5d-5125-4a3b-890a-3f8830a08b1f.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d06a:a0c0::/48
Signature Algorithm: sha256WithRSAEncryption
7c:f2:94:cf:02:6e:70:69:8e:e0:39:b8:5a:cc:ac:8a:cc:4d:
bc:8a:df:a5:c0:0c:e5:72:18:81:85:d5:df:88:1b:fa:2a:b1:
e7:bb:f3:aa:59:24:f4:60:68:bf:63:13:a0:0a:c6:49:02:7d:
49:b2:a4:89:40:99:d5:da:0b:bc:d5:b8:ef:74:3c:6a:b7:9c:
8f:be:89:d2:ff:a2:55:e6:73:83:95:f7:5e:6c:0b:ee:f1:03:
ec:26:12:17:14:47:12:f6:56:8f:0c:bf:da:12:0b:fc:63:50:
48:d8:b0:d7:c8:6b:80:ca:e0:c5:b0:00:5a:a4:6b:8b:a3:a5:
6a:e6:5f:6d:b1:08:14:1f:69:63:1f:ea:05:21:ca:59:fd:5f:
8b:84:ff:cd:f6:f7:17:44:f1:7f:8f:6f:c1:98:3e:41:bc:08:
b6:ef:86:12:7d:ea:45:a2:fa:07:ca:a9:51:05:6e:ba:39:77:
f3:f6:9f:51:c7:ba:9f:83:41:0b:f3:6a:1c:3a:bd:2b:9d:6f:
eb:8e:99:03:92:95:10:48:f7:6e:3c:02:d8:1e:b5:89:8d:54:
74:ab:41:de:44:67:ad:f3:8c:dc:69:52:eb:ad:39:fb:63:48:
8c:58:9f:dd:af:70:e2:5d:1c:d7:c7:6b:fb:81:8a:23:9d:78:
7a:c6:18:c3
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUNohTX9fTqePen9XAoS9qUe14Y1kwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNjAyMTEwMTMwNTFaFw0yNjA1MTIyMzU5NTlaMHoxSTBHBgNV
BAUTQDEzNzE0MjNkZGExYTMwYjlkNDQ4ZmQ1NjJhNTYyYWVjOTIwZjZjNzQ1Y2Ri
OTVmNDk1NWNkZTFkZjhkOThjYjIxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJVnvJZFyw3O8JGXPOEvyoLAmWJFbny7loHK/ATRJ7qQRsIGSQZ78WhMo4WF
f2eLXQpRcEG+0Rl7LqwtZwrGti/y2vptbHvX5b5KXAMV/tKLXS53fLaNzpFhG8OW
l3E2x6Ge+gVuf3e+TMs+3iuoKLvgOPm8UQV6jruF/Rs9i3NjAv8pCNn5ebtrIeAd
HrkMMe5YjO6r1SB2laCggsBlL9JJEfctFYCYaLulx8GnJUNCHWVvkXp9D44wNqTj
gIbNBMHwi94rkm0tkp82+oisRyQlRnDluSO1sBcKDggkeRGMhZUq1eTlH9+q/p83
Btc38zqgiSuX+j/UE7z679oCrPsCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBSQ2vNo
ifQUOcvM1/PAhFBGOAN63DAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NDYwNGZjNWQtNTEyNS00YTNiLTg5MGEtM2Y4ODMwYTA4YjFmLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0Gqg
wDANBgkqhkiG9w0BAQsFAAOCAQEAfPKUzwJucGmO4Dm4WsysisxNvIrfpcAM5XIY
gYXV34gb+iqx57vzqlkk9GBov2MToArGSQJ9SbKkiUCZ1doLvNW473Q8arecj76J
0v+iVeZzg5X3XmwL7vED7CYSFxRHEvZWjwy/2hIL/GNQSNiw18hrgMrgxbAAWqRr
i6OlauZfbbEIFB9pYx/qBSHKWf1fi4T/zfb3F0Txf49vwZg+QbwItu+GEn3qRaL6
B8qpUQVuujl38/afUce6n4NBC/NqHDq9K51v646ZA5KVEEj3bjwC2B61iY1UdKtB
3kRnrfOM3GlS6605+2NIjFif3a9w4l0c18dr+4GKI514esYYww==
-----END CERTIFICATE-----
Generated at Sun Mar 1 21:51:00 2026 by rpki-client