Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/4875c926-8b00-4b21-bffa-08659e5c223d.roa
File: 4875c926-8b00-4b21-bffa-08659e5c223d.roa (raw, json)
Hash identifier: HM1M2cEqa4cQsVfjL78AgH03FzV+xp4CDXlBhI9rNtE=
Subject key identifier: 71:39:52:7D:13:9A:10:70:87:10:5D:10:48:E7:DE:A2:88:1C:6D:6A
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 525872D0776779FC4333F8CB143FA332E972F212
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/4875c926-8b00-4b21-bffa-08659e5c223d.roa
Signing time: Tue 24 Feb 2026 03:00:08 +0000
ROA not before: Tue 24 Feb 2026 03:00:08 +0000
ROA not after: Mon 25 May 2026 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d076:1000::/40 maxlen: 40
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 15:00:27 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
52:58:72:d0:77:67:79:fc:43:33:f8:cb:14:3f:a3:32:e9:72:f2:12
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Feb 24 03:00:08 2026 GMT
Not After : May 25 23:59:59 2026 GMT
Subject: serialNumber=1484c790ba0569569f46c9546233e26984b357175391d4ec3647dcd9d909f832, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d6:86:63:0c:57:42:f6:94:4c:ae:50:40:82:1e:
3b:87:1b:41:f2:33:19:c6:f5:7f:04:99:cb:a2:8e:
60:17:64:40:aa:d3:df:25:13:49:5a:4b:eb:a3:4c:
37:53:66:d7:d7:e3:21:b6:a3:59:4d:35:f7:b8:f8:
50:b6:95:5e:2e:25:3f:76:8a:4e:17:de:fd:21:2d:
fa:1d:53:43:20:2a:af:d7:65:3b:a2:f8:7b:64:3d:
65:94:f0:cf:5d:96:3a:2c:79:3f:41:49:ed:56:b4:
b3:12:be:74:32:1f:92:9a:84:28:fd:a7:22:97:ec:
d2:37:2e:40:8a:b8:f8:15:2b:a2:c9:da:13:c1:8e:
c3:37:f8:9d:76:de:f2:92:9c:15:7e:eb:cb:8a:ca:
5e:41:6f:03:2a:87:79:7d:94:a8:01:48:7a:1c:20:
ca:67:c4:58:c8:eb:22:43:51:67:d5:e2:c6:22:95:
77:59:36:03:9d:64:30:4e:5b:f1:fc:55:1e:6e:fe:
4b:a0:ec:95:b7:d6:9d:80:c0:45:f2:7f:c6:f0:2c:
45:dd:ac:6f:18:1e:f9:28:8c:9f:e0:a5:d4:7f:27:
9c:a8:21:e2:0a:3b:63:c3:81:d0:a7:4e:18:ae:58:
fc:76:13:c5:5c:ea:f3:d6:e7:74:1e:13:89:8a:67:
03:47
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
71:39:52:7D:13:9A:10:70:87:10:5D:10:48:E7:DE:A2:88:1C:6D:6A
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/4875c926-8b00-4b21-bffa-08659e5c223d.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d076:1000::/40
Signature Algorithm: sha256WithRSAEncryption
94:97:36:f2:69:17:60:9f:42:e1:22:20:0e:c2:12:b1:84:7a:
87:07:6f:1a:31:61:ff:0d:74:30:88:26:32:db:ce:ac:f9:c7:
2b:31:7e:a0:e8:a1:57:f2:87:20:fa:dd:da:65:82:f7:a8:c2:
0c:54:8f:36:f4:16:f5:a6:be:b2:6f:7e:8b:6c:10:ae:65:70:
34:a6:8c:79:45:6e:d7:fa:ab:6f:69:be:c0:f8:c7:7f:cc:aa:
d1:89:71:f6:5f:95:b3:a0:5c:5c:2f:c4:db:fb:a9:e3:4a:b3:
89:62:4c:01:fd:1e:16:ae:8a:e4:2b:f0:b8:2c:54:5a:ad:3f:
13:32:0b:ca:46:c7:d8:89:4b:73:a2:2c:31:6d:91:56:ac:1b:
97:96:eb:d0:34:51:27:d2:0e:e5:b3:bc:21:b2:31:b4:ab:9e:
e7:47:ec:d6:5d:10:e8:2b:58:e6:6b:89:8a:89:5f:74:bb:f5:
95:36:7a:6c:e5:31:24:9d:d8:96:5d:3f:35:65:01:b4:db:1c:
49:93:f5:ce:6f:47:38:a4:99:b3:a2:6e:19:8e:f4:16:23:f5:
d5:34:8b:72:56:e4:a0:b1:1a:9f:6c:15:35:c8:e4:d7:90:73:
32:f4:62:5e:7a:4d:f1:1d:a1:5a:de:18:9d:c5:96:3f:76:d5:
eb:fd:ec:c8
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUUlhy0HdnefxDM/jLFD+jMuly8hIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNjAyMjQwMzAwMDhaFw0yNjA1MjUyMzU5NTlaMHoxSTBHBgNV
BAUTQDE0ODRjNzkwYmEwNTY5NTY5ZjQ2Yzk1NDYyMzNlMjY5ODRiMzU3MTc1Mzkx
ZDRlYzM2NDdkY2Q5ZDkwOWY4MzIxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANaGYwxXQvaUTK5QQIIeO4cbQfIzGcb1fwSZy6KOYBdkQKrT3yUTSVpL66NM
N1Nm19fjIbajWU0197j4ULaVXi4lP3aKThfe/SEt+h1TQyAqr9dlO6L4e2Q9ZZTw
z12WOix5P0FJ7Va0sxK+dDIfkpqEKP2nIpfs0jcuQIq4+BUrosnaE8GOwzf4nXbe
8pKcFX7ry4rKXkFvAyqHeX2UqAFIehwgymfEWMjrIkNRZ9XixiKVd1k2A51kME5b
8fxVHm7+S6DslbfWnYDARfJ/xvAsRd2sbxge+SiMn+Cl1H8nnKgh4go7Y8OB0KdO
GK5Y/HYTxVzq89bndB4TiYpnA0cCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBRxOVJ9
E5oQcIcQXRBI596iiBxtajAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NDg3NWM5MjYtOGIwMC00YjIxLWJmZmEtMDg2NTllNWMyMjNkLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0HYQ
MA0GCSqGSIb3DQEBCwUAA4IBAQCUlzbyaRdgn0LhIiAOwhKxhHqHB28aMWH/DXQw
iCYy286s+ccrMX6g6KFX8ocg+t3aZYL3qMIMVI829Bb1pr6yb36LbBCuZXA0pox5
RW7X+qtvab7A+Md/zKrRiXH2X5WzoFxcL8Tb+6njSrOJYkwB/R4WrorkK/C4LFRa
rT8TMgvKRsfYiUtzoiwxbZFWrBuXluvQNFEn0g7ls7whsjG0q57nR+zWXRDoK1jm
a4mKiV90u/WVNnps5TEkndiWXT81ZQG02xxJk/XOb0c4pJmzom4ZjvQWI/XVNIty
VuSgsRqfbBU1yOTXkHMy9GJeek3xHaFa3hidxZY/dtXr/ezI
-----END CERTIFICATE-----
Generated at Sun Mar 1 21:51:29 2026 by rpki-client