Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/4c78114f-4347-44fe-aef1-32fc688c69b9.roa
File: 4c78114f-4347-44fe-aef1-32fc688c69b9.roa (raw, json)
Hash identifier: RHyIcEaUCv0Je2Qdc6KYxSFE4Nb5SOD0rIQEWNXNSW8=
Subject key identifier: 74:8E:6C:85:A6:F3:B5:C4:BC:0E:76:8C:F5:70:5F:12:E3:8B:9A:57
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 2A4C21DB11C4B89EDD40159B9933F670DB26A020
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/4c78114f-4347-44fe-aef1-32fc688c69b9.roa
Signing time: Sat 28 Feb 2026 06:00:36 +0000
ROA not before: Sat 28 Feb 2026 06:00:36 +0000
ROA not after: Fri 29 May 2026 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d000:8020::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 03 Mar 2026 00:00:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
2a:4c:21:db:11:c4:b8:9e:dd:40:15:9b:99:33:f6:70:db:26:a0:20
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Feb 28 06:00:36 2026 GMT
Not After : May 29 23:59:59 2026 GMT
Subject: serialNumber=0c65b500f91b27fcc622416b3f9de22c9818e9c27768aa9d26314e81b516b828, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9e:19:63:9d:3f:36:82:a3:94:e8:4d:49:7c:3e:
f9:f5:ae:fe:cc:6b:d2:f3:99:18:68:c6:22:a8:1c:
81:95:4a:4a:f7:c9:97:97:2f:8a:f9:1e:95:2c:6e:
83:b7:9f:8f:5f:4f:f4:af:d2:01:f7:e5:7c:db:4c:
36:5f:41:78:e1:c2:0d:e3:83:7b:82:c7:52:5d:0b:
6e:fd:0e:74:e2:48:1d:ac:b9:73:dc:63:15:f3:08:
c2:45:26:85:d0:17:5b:6f:ea:45:33:86:54:3e:10:
bc:24:ad:d1:aa:56:c1:e6:bd:b6:47:1d:54:c3:e5:
d0:f4:c7:f2:de:69:2f:65:6a:d3:7f:c0:f5:5f:f4:
73:78:37:9c:4c:a0:92:8b:69:be:ed:9b:27:23:9b:
d5:08:a8:b7:e4:ce:63:ae:3a:c8:5d:eb:15:98:f3:
b0:e7:d5:7d:2c:69:a9:a0:7d:9b:0d:09:54:a5:6d:
e5:04:48:81:bf:75:e0:21:05:9f:6b:8c:06:d1:af:
77:49:19:bc:05:15:a9:2d:1f:eb:0e:9a:d0:87:e9:
d2:a6:ce:ce:cd:14:08:48:d8:7d:cf:f7:aa:f8:5e:
ca:3b:6d:ac:98:3f:ba:ff:38:c0:0f:b8:bc:dc:2e:
62:72:86:36:e3:9e:c5:b6:a9:50:0c:50:c5:91:1b:
f7:07
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
74:8E:6C:85:A6:F3:B5:C4:BC:0E:76:8C:F5:70:5F:12:E3:8B:9A:57
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/4c78114f-4347-44fe-aef1-32fc688c69b9.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d000:8020::/48
Signature Algorithm: sha256WithRSAEncryption
49:f9:0f:7e:08:1d:a4:1b:23:58:05:ac:21:52:a1:a5:4b:e2:
9e:8e:2f:7c:4c:cd:49:9b:79:b6:31:de:7c:97:64:69:7e:2f:
17:b0:45:36:17:a5:71:60:de:19:e0:e5:c3:59:91:19:1b:98:
3c:eb:62:a7:45:59:a6:ca:f7:49:46:7e:83:5f:79:65:6e:71:
14:dd:62:55:88:cf:ed:64:cd:a7:c9:02:a0:98:ba:a7:f8:ea:
77:53:c7:da:2c:0c:be:df:bd:77:d6:e3:d4:05:1d:74:53:26:
4f:68:5f:85:41:1c:1a:59:88:6c:9d:86:ee:23:c4:0a:0a:d1:
85:6f:1a:b7:ba:47:10:79:1b:8d:8f:90:6d:f6:7a:06:2a:a9:
fb:5f:18:03:ba:62:d3:e7:fa:44:f3:69:9d:97:1a:97:14:78:
75:a3:79:2d:7b:c2:d7:74:85:c0:85:0a:9e:b4:db:a1:a0:57:
4a:55:9e:ba:ae:88:6c:48:24:a8:57:61:70:44:39:d4:ee:9b:
57:b1:df:07:6e:07:1d:50:76:a6:bc:ec:b3:6c:97:0a:67:59:
17:40:0f:19:9c:f7:ca:2b:90:6e:0a:11:77:5d:fd:0a:6e:4c:
64:8b:98:cf:36:e0:ca:6c:29:96:59:28:1e:f2:74:50:e1:d3:
ee:d2:4f:35
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUKkwh2xHEuJ7dQBWbmTP2cNsmoCAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNjAyMjgwNjAwMzZaFw0yNjA1MjkyMzU5NTlaMHoxSTBHBgNV
BAUTQDBjNjViNTAwZjkxYjI3ZmNjNjIyNDE2YjNmOWRlMjJjOTgxOGU5YzI3NzY4
YWE5ZDI2MzE0ZTgxYjUxNmI4MjgxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJ4ZY50/NoKjlOhNSXw++fWu/sxr0vOZGGjGIqgcgZVKSvfJl5cvivkelSxu
g7efj19P9K/SAfflfNtMNl9BeOHCDeODe4LHUl0Lbv0OdOJIHay5c9xjFfMIwkUm
hdAXW2/qRTOGVD4QvCSt0apWwea9tkcdVMPl0PTH8t5pL2Vq03/A9V/0c3g3nEyg
kotpvu2bJyOb1Qiot+TOY646yF3rFZjzsOfVfSxpqaB9mw0JVKVt5QRIgb914CEF
n2uMBtGvd0kZvAUVqS0f6w6a0Ifp0qbOzs0UCEjYfc/3qvheyjttrJg/uv84wA+4
vNwuYnKGNuOexbapUAxQxZEb9wcCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBR0jmyF
pvO1xLwOdoz1cF8S44uaVzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NGM3ODExNGYtNDM0Ny00NGZlLWFlZjEtMzJmYzY4OGM2OWI5LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0ACA
IDANBgkqhkiG9w0BAQsFAAOCAQEASfkPfggdpBsjWAWsIVKhpUvino4vfEzNSZt5
tjHefJdkaX4vF7BFNhelcWDeGeDlw1mRGRuYPOtip0VZpsr3SUZ+g195ZW5xFN1i
VYjP7WTNp8kCoJi6p/jqd1PH2iwMvt+9d9bj1AUddFMmT2hfhUEcGlmIbJ2G7iPE
CgrRhW8at7pHEHkbjY+QbfZ6Biqp+18YA7pi0+f6RPNpnZcalxR4daN5LXvC13SF
wIUKnrTboaBXSlWeuq6IbEgkqFdhcEQ51O6bV7HfB24HHVB2przss2yXCmdZF0AP
GZz3yiuQbgoRd139Cm5MZIuYzzbgymwpllkoHvJ0UOHT7tJPNQ==
-----END CERTIFICATE-----
Generated at Mon Mar 2 10:10:49 2026 by rpki-client