Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/4aa20760-fb28-4393-bec8-9ffb467f03e4.roa
File: 4aa20760-fb28-4393-bec8-9ffb467f03e4.roa (raw, json)
Hash identifier: pYlGvftBQ7VFylA9GqF49MKUIEuvJ5bvP89E+3uJZNA=
Subject key identifier: E4:54:B0:D7:61:09:4B:E2:91:62:BB:08:A8:6A:5B:6D:01:08:9E:61
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 3CDF13618BCEF8D56BD53905344284656A911BF7
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/4aa20760-fb28-4393-bec8-9ffb467f03e4.roa
Signing time: Sat 28 Feb 2026 05:40:47 +0000
ROA not before: Sat 28 Feb 2026 05:40:47 +0000
ROA not after: Fri 29 May 2026 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d07a:6000::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 15:00:27 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
3c:df:13:61:8b:ce:f8:d5:6b:d5:39:05:34:42:84:65:6a:91:1b:f7
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Feb 28 05:40:47 2026 GMT
Not After : May 29 23:59:59 2026 GMT
Subject: serialNumber=72adaf4e64fb61ad85d7dd6b28e115fcee9467219de1013c542bd3c42260fb3d, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a0:af:55:0a:d8:7b:3b:55:4c:ed:d8:a5:db:b2:
d0:6f:a2:eb:09:12:8a:7b:a2:76:a8:39:3b:b2:e2:
ce:c1:a3:16:f9:79:ae:09:e2:0e:08:93:29:74:d9:
a8:8d:a5:b2:7a:9c:cd:18:11:f4:d4:7e:57:49:7c:
82:7d:2e:09:c5:91:f5:81:7d:8a:f6:4a:1b:94:4d:
b4:e1:17:c3:46:96:f6:2d:3b:d9:ff:cc:cf:37:14:
27:1a:9d:fc:29:a5:c9:ff:15:12:6a:f4:c7:f6:f7:
14:d5:81:ad:ee:b8:96:fe:73:67:a8:bb:61:26:c0:
5c:f9:e1:23:43:2c:33:93:43:de:e8:e1:4d:19:68:
03:4b:17:a2:3b:58:53:90:b9:0e:f4:54:ed:fb:0b:
32:69:88:f7:6d:be:b3:68:56:8e:3d:2b:f3:15:7c:
bd:0d:26:f5:90:ee:39:fd:20:64:74:61:d2:44:df:
59:d8:a3:1f:5b:e9:c5:3e:48:bf:81:70:4b:33:1f:
81:13:9b:8e:de:17:bf:9c:4f:43:89:61:1e:7e:cd:
dc:1b:3d:3b:0e:8d:45:fd:e4:7d:9c:45:2b:97:d7:
fa:83:7a:65:cf:7b:7a:16:85:d0:d6:1e:2c:66:ff:
54:27:25:fe:bd:69:2d:66:97:00:d9:24:81:48:52:
5b:bb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E4:54:B0:D7:61:09:4B:E2:91:62:BB:08:A8:6A:5B:6D:01:08:9E:61
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/4aa20760-fb28-4393-bec8-9ffb467f03e4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d07a:6000::/40
Signature Algorithm: sha256WithRSAEncryption
42:74:7f:b6:e8:2c:57:5a:ce:7e:91:6b:f6:9d:28:dd:31:57:
98:81:24:6b:5d:c0:97:07:0d:63:07:68:83:e2:1a:22:96:4b:
d5:d9:1b:11:c4:3c:11:14:93:46:d9:02:cb:73:c2:f9:7a:af:
6a:e2:39:6a:fb:2d:fd:31:82:ae:82:c3:f6:7e:da:c5:be:55:
6b:45:ff:c8:86:01:d2:b2:12:40:89:27:0f:c6:26:d2:bd:6f:
83:f8:d9:78:3b:d1:4b:f5:a8:af:e5:7f:2d:b6:a6:f6:67:d1:
bb:e7:c2:d4:49:0b:8e:3e:c4:c5:26:35:fc:91:fa:3b:14:16:
9e:a8:1c:a6:ca:7e:df:11:72:15:b4:06:8a:56:d9:75:28:de:
57:66:22:0f:31:21:57:28:8c:ab:cc:53:29:25:02:af:6b:69:
04:4a:f3:1d:c3:a2:44:9b:4c:07:6f:28:b8:1b:67:ff:e2:d4:
ad:6d:71:31:8f:0c:58:96:b0:24:44:38:94:9a:fd:3e:9b:b9:
4a:81:97:60:d9:3b:62:35:8f:0b:eb:20:a9:07:b2:5f:94:9a:
83:be:9d:58:fc:9d:45:a5:2f:ee:af:7b:a6:c5:48:18:5d:6a:
52:d7:52:68:83:87:36:d3:84:86:dd:b3:17:6d:d0:60:4b:f5:
8d:14:1c:db
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUPN8TYYvO+NVr1TkFNEKEZWqRG/cwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNjAyMjgwNTQwNDdaFw0yNjA1MjkyMzU5NTlaMHoxSTBHBgNV
BAUTQDcyYWRhZjRlNjRmYjYxYWQ4NWQ3ZGQ2YjI4ZTExNWZjZWU5NDY3MjE5ZGUx
MDEzYzU0MmJkM2M0MjI2MGZiM2QxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKCvVQrYeztVTO3Ypduy0G+i6wkSinuidqg5O7LizsGjFvl5rgniDgiTKXTZ
qI2lsnqczRgR9NR+V0l8gn0uCcWR9YF9ivZKG5RNtOEXw0aW9i072f/MzzcUJxqd
/Cmlyf8VEmr0x/b3FNWBre64lv5zZ6i7YSbAXPnhI0MsM5ND3ujhTRloA0sXojtY
U5C5DvRU7fsLMmmI922+s2hWjj0r8xV8vQ0m9ZDuOf0gZHRh0kTfWdijH1vpxT5I
v4FwSzMfgRObjt4Xv5xPQ4lhHn7N3Bs9Ow6NRf3kfZxFK5fX+oN6Zc97ehaF0NYe
LGb/VCcl/r1pLWaXANkkgUhSW7sCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBTkVLDX
YQlL4pFiuwioalttAQieYTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NGFhMjA3NjAtZmIyOC00MzkzLWJlYzgtOWZmYjQ2N2YwM2U0LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0Hpg
MA0GCSqGSIb3DQEBCwUAA4IBAQBCdH+26CxXWs5+kWv2nSjdMVeYgSRrXcCXBw1j
B2iD4hoilkvV2RsRxDwRFJNG2QLLc8L5eq9q4jlq+y39MYKugsP2ftrFvlVrRf/I
hgHSshJAiScPxibSvW+D+Nl4O9FL9aiv5X8ttqb2Z9G758LUSQuOPsTFJjX8kfo7
FBaeqBymyn7fEXIVtAaKVtl1KN5XZiIPMSFXKIyrzFMpJQKva2kESvMdw6JEm0wH
byi4G2f/4tStbXExjwxYlrAkRDiUmv0+m7lKgZdg2TtiNY8L6yCpB7JflJqDvp1Y
/J1FpS/ur3umxUgYXWpS11Jog4c204SG3bMXbdBgS/WNFBzb
-----END CERTIFICATE-----
Generated at Sun Mar 1 21:45:34 2026 by rpki-client