Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/4967c03f-f17b-42f4-bfca-8694bb963ab0.roa
File: 4967c03f-f17b-42f4-bfca-8694bb963ab0.roa (raw, json)
Hash identifier: gmMsYUc5uwsLlgsejxDhdWo6Qrpl9SfenpZveKHM2wY=
Subject key identifier: D7:3A:90:63:BC:6E:FF:5E:F5:E7:A6:11:D5:AE:DE:85:8A:4D:44:55
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 10CABD059DA9A6BC20437B17AB9171821E879212
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/4967c03f-f17b-42f4-bfca-8694bb963ab0.roa
Signing time: Sat 28 Feb 2026 05:31:27 +0000
ROA not before: Sat 28 Feb 2026 05:31:27 +0000
ROA not after: Fri 29 May 2026 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d000:9040::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 15:00:27 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
10:ca:bd:05:9d:a9:a6:bc:20:43:7b:17:ab:91:71:82:1e:87:92:12
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Feb 28 05:31:27 2026 GMT
Not After : May 29 23:59:59 2026 GMT
Subject: serialNumber=b4006f3590b1f6385b048a321117e37c0a422c5ab78445a25a22336052535924, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:db:23:de:24:2e:81:77:a3:f7:da:99:b8:da:83:
2b:6b:dc:d1:f2:e4:95:13:73:24:45:a6:60:74:f8:
e4:14:74:4d:24:98:97:0a:4c:55:6b:57:5f:20:11:
d2:6b:1b:a0:3a:8b:05:cd:43:f2:9b:31:53:ac:ad:
be:87:94:27:f6:1b:a7:38:2c:f9:b5:41:cb:62:c2:
9d:98:be:d3:ff:32:05:f4:9f:a4:1a:bb:f6:d2:11:
7a:11:3f:04:31:6d:e4:f1:2f:44:18:c1:6c:42:62:
e7:2e:ee:e9:0e:12:6d:dd:0b:d7:43:b2:65:45:a1:
62:a4:98:26:8f:7d:d0:fc:c9:c1:c2:9b:b8:51:f9:
5e:e9:32:fe:af:1d:50:5d:c4:ec:37:5b:14:36:c2:
1a:3b:6e:4e:4a:64:41:7e:36:2d:c5:38:6e:f2:af:
26:ca:52:67:3a:8c:61:93:50:bb:19:f7:8f:de:98:
e5:02:fc:59:c6:33:95:c2:76:48:5e:4f:0f:5c:e6:
bd:98:c9:04:f6:0b:22:d3:f7:ea:39:eb:0b:b8:48:
63:92:2f:9e:44:7f:9b:07:bc:0b:36:52:91:09:77:
53:30:b1:34:0c:e8:fc:28:d0:af:f1:1d:a4:06:4a:
88:15:61:31:99:9f:5a:a1:4a:1c:5a:b4:03:fe:3f:
1d:e9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D7:3A:90:63:BC:6E:FF:5E:F5:E7:A6:11:D5:AE:DE:85:8A:4D:44:55
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/4967c03f-f17b-42f4-bfca-8694bb963ab0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d000:9040::/48
Signature Algorithm: sha256WithRSAEncryption
b1:df:fa:30:e1:d9:62:28:9f:44:72:38:6c:b4:49:96:7b:95:
c7:9d:a9:65:e9:a3:53:7c:4d:86:51:3e:ac:ca:8b:13:7b:ea:
f6:9b:87:af:02:1f:cf:e1:31:50:a1:41:f4:55:f0:fa:78:88:
83:0f:dd:77:8f:5f:80:60:11:9a:7c:a6:bd:8e:f2:c7:7a:cb:
2b:ad:3d:07:c1:5e:ba:bc:54:86:29:46:1a:7f:3a:1d:b6:89:
a5:55:7c:2f:f4:01:e0:7d:33:2f:f9:8a:ff:92:d0:cb:b0:a9:
35:f6:a5:a6:b0:0e:11:d5:ed:b9:92:95:3f:53:98:bb:5a:2a:
1d:d8:fb:5c:ce:ec:88:78:d7:15:69:6d:ab:b3:c5:47:ab:2a:
a9:16:8b:6a:00:45:b9:a3:f6:df:63:ea:1d:37:b0:30:9e:12:
73:73:45:fb:16:48:23:93:29:ee:05:a8:86:79:0b:22:d3:15:
ca:2e:97:91:0e:67:e9:88:c6:2b:ea:ac:6d:e3:fb:d6:7b:bd:
60:de:c1:12:7e:02:9f:f3:57:2a:f3:7c:f4:63:b4:3f:f9:10:
ab:9a:99:02:5f:f7:b6:c3:3b:1f:d5:0e:fb:93:b2:6f:1d:01:
d0:e5:2f:b6:19:d7:e7:5e:a2:2f:54:b9:1e:8a:9f:20:ab:40:
ab:fa:e3:d5
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUEMq9BZ2pprwgQ3sXq5Fxgh6HkhIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNjAyMjgwNTMxMjdaFw0yNjA1MjkyMzU5NTlaMHoxSTBHBgNV
BAUTQGI0MDA2ZjM1OTBiMWY2Mzg1YjA0OGEzMjExMTdlMzdjMGE0MjJjNWFiNzg0
NDVhMjVhMjIzMzYwNTI1MzU5MjQxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANsj3iQugXej99qZuNqDK2vc0fLklRNzJEWmYHT45BR0TSSYlwpMVWtXXyAR
0msboDqLBc1D8psxU6ytvoeUJ/Ybpzgs+bVBy2LCnZi+0/8yBfSfpBq79tIRehE/
BDFt5PEvRBjBbEJi5y7u6Q4Sbd0L10OyZUWhYqSYJo990PzJwcKbuFH5Xuky/q8d
UF3E7DdbFDbCGjtuTkpkQX42LcU4bvKvJspSZzqMYZNQuxn3j96Y5QL8WcYzlcJ2
SF5PD1zmvZjJBPYLItP36jnrC7hIY5IvnkR/mwe8CzZSkQl3UzCxNAzo/CjQr/Ed
pAZKiBVhMZmfWqFKHFq0A/4/HekCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBTXOpBj
vG7/XvXnphHVrt6Fik1EVTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NDk2N2MwM2YtZjE3Yi00MmY0LWJmY2EtODY5NGJiOTYzYWIwLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0ACQ
QDANBgkqhkiG9w0BAQsFAAOCAQEAsd/6MOHZYiifRHI4bLRJlnuVx52pZemjU3xN
hlE+rMqLE3vq9puHrwIfz+ExUKFB9FXw+niIgw/dd49fgGARmnymvY7yx3rLK609
B8FeurxUhilGGn86HbaJpVV8L/QB4H0zL/mK/5LQy7CpNfalprAOEdXtuZKVP1OY
u1oqHdj7XM7siHjXFWltq7PFR6sqqRaLagBFuaP232PqHTewMJ4Sc3NF+xZII5Mp
7gWohnkLItMVyi6XkQ5n6YjGK+qsbeP71nu9YN7BEn4Cn/NXKvN89GO0P/kQq5qZ
Al/3tsM7H9UO+5Oybx0B0OUvthnX516iL1S5HoqfIKtAq/rj1Q==
-----END CERTIFICATE-----
Generated at Sun Mar 1 21:56:26 2026 by rpki-client