Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/4a077699-48cb-42a1-9f1b-1e7c9a3ae808.roa
File: 4a077699-48cb-42a1-9f1b-1e7c9a3ae808.roa (raw, json)
Hash identifier: 9dVRXjiJu0Eak+NSTqS4bTWRDQ98lszbDixC27LFhNs=
Subject key identifier: 98:44:06:30:BE:5A:D7:AB:8E:74:D9:1B:26:52:FC:6D:7A:67:A6:52
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 75D4902FFB205C3F1A0BE55334A67459874757D4
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/4a077699-48cb-42a1-9f1b-1e7c9a3ae808.roa
Signing time: Sat 28 Feb 2026 06:21:09 +0000
ROA not before: Sat 28 Feb 2026 06:21:09 +0000
ROA not after: Fri 29 May 2026 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d014:400::/38 maxlen: 38
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 15:00:27 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
75:d4:90:2f:fb:20:5c:3f:1a:0b:e5:53:34:a6:74:59:87:47:57:d4
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Feb 28 06:21:09 2026 GMT
Not After : May 29 23:59:59 2026 GMT
Subject: serialNumber=7fcb0e3887047f5a8b17057c69e1d78c4cf8743b5cae069d0658d3c1b426c9fd, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:dd:2b:f6:c5:13:5a:55:50:d4:88:f3:56:f6:3a:
09:23:97:17:23:79:4a:ca:6b:f5:70:ad:39:06:df:
d2:16:22:6d:43:8b:68:bf:65:72:0c:09:1a:73:e3:
4d:17:91:ac:af:b3:cc:1e:bf:3f:aa:20:40:77:a4:
4b:98:88:d4:cd:f1:45:77:cc:72:5c:0d:5d:e6:24:
6d:83:97:17:5b:34:bc:79:c5:b6:92:0e:56:72:ea:
9e:ed:cb:f0:7b:ba:d0:77:d6:6a:86:04:75:61:ac:
0a:08:d6:cc:8d:0f:e6:71:35:d1:35:ba:07:51:ad:
c3:77:0d:f2:51:89:18:67:39:36:61:21:55:a6:7f:
f2:b1:78:f7:c2:36:6f:c6:15:65:15:71:f9:65:5a:
f3:32:df:87:c5:d1:ee:15:77:da:9d:ee:d9:df:a2:
bb:d5:bb:4b:d7:da:78:72:4d:4e:a8:b5:0a:d4:94:
db:2c:1f:02:31:b2:4a:84:49:91:84:09:f5:0d:66:
77:22:a6:71:35:07:d9:4c:cd:23:66:01:ad:a1:79:
de:72:30:fe:8e:3e:b4:57:5a:36:5d:d7:e6:84:99:
32:1c:32:70:61:fc:79:81:83:af:5c:fd:72:63:54:
0f:b7:44:9e:2e:28:e7:bf:48:3e:80:0a:24:bd:18:
27:b9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
98:44:06:30:BE:5A:D7:AB:8E:74:D9:1B:26:52:FC:6D:7A:67:A6:52
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/4a077699-48cb-42a1-9f1b-1e7c9a3ae808.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d014:400::/38
Signature Algorithm: sha256WithRSAEncryption
88:2f:fc:4f:64:d8:94:03:cf:76:fe:ac:81:bd:e3:ea:cd:9f:
fc:e2:46:13:81:e6:9a:10:c8:c5:1f:db:61:36:9c:41:11:cf:
d7:f4:a3:6c:96:c1:2b:b3:43:00:ae:32:18:8a:9a:2d:3d:13:
36:de:40:ee:6d:2a:30:9c:99:1a:35:17:18:00:05:d8:02:fc:
ac:35:be:63:3d:fb:ac:95:3f:53:ba:10:e8:f9:45:44:eb:f3:
80:07:02:3e:9d:8a:a3:87:fe:5e:1f:e8:bd:b8:65:02:08:9b:
0f:6d:22:ba:7e:23:66:c1:d5:61:81:52:48:7c:fc:8a:6a:3e:
2a:26:1c:be:4b:3a:1d:13:91:68:27:3d:a1:2d:6e:09:d5:5c:
63:f3:f9:4e:03:3b:83:d9:ed:b2:db:8d:06:19:9d:98:48:0a:
84:69:9d:63:db:a8:49:1a:bb:16:e7:b5:95:4e:d9:25:f4:89:
d2:9f:b7:0e:bb:40:93:db:a8:2b:bd:ea:c6:80:0a:68:70:a7:
f6:2c:33:f9:8b:97:df:c9:d2:95:18:a1:40:3f:54:dd:ee:66:
bd:05:a1:f7:6e:c4:6b:c7:fd:d4:fb:cc:ef:88:61:18:36:bf:
9d:23:45:1f:04:af:35:d9:24:7d:9b:db:43:6d:05:a3:30:fc:
ff:10:3c:16
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUddSQL/sgXD8aC+VTNKZ0WYdHV9QwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNjAyMjgwNjIxMDlaFw0yNjA1MjkyMzU5NTlaMHoxSTBHBgNV
BAUTQDdmY2IwZTM4ODcwNDdmNWE4YjE3MDU3YzY5ZTFkNzhjNGNmODc0M2I1Y2Fl
MDY5ZDA2NThkM2MxYjQyNmM5ZmQxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAN0r9sUTWlVQ1IjzVvY6CSOXFyN5Sspr9XCtOQbf0hYibUOLaL9lcgwJGnPj
TReRrK+zzB6/P6ogQHekS5iI1M3xRXfMclwNXeYkbYOXF1s0vHnFtpIOVnLqnu3L
8Hu60HfWaoYEdWGsCgjWzI0P5nE10TW6B1Gtw3cN8lGJGGc5NmEhVaZ/8rF498I2
b8YVZRVx+WVa8zLfh8XR7hV32p3u2d+iu9W7S9faeHJNTqi1CtSU2ywfAjGySoRJ
kYQJ9Q1mdyKmcTUH2UzNI2YBraF53nIw/o4+tFdaNl3X5oSZMhwycGH8eYGDr1z9
cmNUD7dEni4o579IPoAKJL0YJ7kCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBSYRAYw
vlrXq4502RsmUvxtememUjAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NGEwNzc2OTktNDhjYi00MmExLTlmMWItMWU3YzlhM2FlODA4LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGAioF0BQE
MA0GCSqGSIb3DQEBCwUAA4IBAQCIL/xPZNiUA892/qyBvePqzZ/84kYTgeaaEMjF
H9thNpxBEc/X9KNslsErs0MArjIYipotPRM23kDubSownJkaNRcYAAXYAvysNb5j
PfuslT9TuhDo+UVE6/OABwI+nYqjh/5eH+i9uGUCCJsPbSK6fiNmwdVhgVJIfPyK
aj4qJhy+SzodE5FoJz2hLW4J1Vxj8/lOAzuD2e2y240GGZ2YSAqEaZ1j26hJGrsW
57WVTtkl9InSn7cOu0CT26grverGgApocKf2LDP5i5ffydKVGKFAP1Td7ma9BaH3
bsRrx/3U+8zviGEYNr+dI0UfBK812SR9m9tDbQWjMPz/EDwW
-----END CERTIFICATE-----
Generated at Sun Mar 1 21:55:15 2026 by rpki-client