Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/4cf83881-74f7-4033-977b-362e08e8d6d2.roa
File: 4cf83881-74f7-4033-977b-362e08e8d6d2.roa (raw, json)
Hash identifier: JVuLnAvE3qcuKi2bqZYL32HosrHkRw3M6rGJFqcaMBM=
Subject key identifier: EA:0D:33:D0:8C:0B:7F:F1:B3:74:2F:11:52:B0:10:35:B1:3C:C4:80
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 25AEA53AEF12C3515DB1A0FC1B6C39DF60ECC161
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/4cf83881-74f7-4033-977b-362e08e8d6d2.roa
Signing time: Thu 26 Feb 2026 02:10:11 +0000
ROA not before: Thu 26 Feb 2026 02:10:11 +0000
ROA not after: Wed 27 May 2026 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d072:840::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 18:00:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
25:ae:a5:3a:ef:12:c3:51:5d:b1:a0:fc:1b:6c:39:df:60:ec:c1:61
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Feb 26 02:10:11 2026 GMT
Not After : May 27 23:59:59 2026 GMT
Subject: serialNumber=51a6b527e82a9ac191bd9c1bd7928f18aff8a92fdcddd616674eadd3d5c1977d, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8b:8d:f7:b4:bb:19:f4:01:cc:07:75:6e:9a:45:
c4:13:57:fc:4e:d5:77:72:dc:44:32:08:a4:d6:da:
fd:0a:3c:d0:0c:06:2a:d0:48:ad:ac:e0:8f:b6:60:
db:92:51:b7:6e:1c:45:38:fc:97:ed:92:bb:30:87:
69:4e:d7:cb:f7:b2:ab:0c:47:95:77:2a:60:27:4f:
44:50:10:78:d8:3b:14:7c:b6:73:5d:6c:ac:2d:5f:
70:01:63:48:ef:6c:2d:82:dc:c3:37:25:02:ad:34:
b8:0d:0d:2c:3b:15:4a:f8:a5:22:08:1d:1f:af:61:
42:b8:a0:8c:4a:3d:65:45:0c:3c:7f:3d:a9:31:a8:
ff:b6:28:19:e6:b9:07:ce:d8:67:1f:ed:b9:5e:4f:
30:37:a5:8c:9a:84:1a:91:83:40:7f:9e:05:22:5c:
fe:69:df:20:b1:ac:47:bd:a5:5f:52:fc:bc:64:67:
91:5a:9b:12:03:f2:4e:bc:91:6d:68:5c:0b:5e:43:
9d:11:f9:f1:a8:b0:c0:8b:b8:02:b3:d8:6e:be:14:
cf:f3:2e:50:e2:de:97:cc:a8:a8:49:78:fb:e1:2f:
25:4c:86:4d:ef:9c:1b:e4:b3:9d:cd:d9:cb:cf:11:
05:e3:43:41:7f:fe:fc:9e:15:e1:d5:80:43:25:b2:
b4:fd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
EA:0D:33:D0:8C:0B:7F:F1:B3:74:2F:11:52:B0:10:35:B1:3C:C4:80
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/4cf83881-74f7-4033-977b-362e08e8d6d2.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d072:840::/48
Signature Algorithm: sha256WithRSAEncryption
2f:d8:ac:ee:50:d2:da:6e:ee:0b:d0:2c:6f:60:31:74:ad:00:
1e:79:cf:35:20:53:93:cb:ed:65:01:3a:f9:33:d3:84:9e:8f:
c5:9b:7d:cb:f9:1b:a5:f9:88:2a:e8:d0:ac:78:a3:94:1b:93:
f7:05:2f:f9:cf:19:81:a9:eb:a1:b8:e8:a0:c9:08:26:ed:e5:
c7:2b:32:f3:44:f2:93:8a:97:e7:5c:ca:60:36:67:bb:19:b1:
5a:2f:49:9c:f4:46:fe:95:e7:b9:fa:25:a9:a3:eb:25:50:0d:
52:cb:af:35:8a:c9:26:13:ae:54:20:c2:73:8f:4e:b1:e6:c1:
f5:16:17:16:1e:65:af:fc:49:b6:ab:e8:83:5c:fd:0e:05:cc:
d5:b5:26:44:e5:9d:67:b3:41:41:24:7f:4e:ee:31:1e:66:8a:
fd:1c:87:3d:e4:c0:af:df:44:6a:fe:c7:ab:a4:fb:a4:5a:aa:
88:a9:47:1a:fc:fe:e3:0b:b3:c3:7f:b3:d5:18:81:c2:17:18:
0c:ea:bb:18:70:b1:a5:e3:36:f5:38:07:6c:00:28:5f:a8:88:
49:8c:a4:7d:aa:4a:61:02:7f:52:67:1e:39:54:ae:62:d8:49:
02:69:9e:82:00:e5:ff:64:35:70:92:10:9c:94:b7:0f:e5:2d:
f0:8a:cc:30
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUJa6lOu8Sw1FdsaD8G2w532DswWEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNjAyMjYwMjEwMTFaFw0yNjA1MjcyMzU5NTlaMHoxSTBHBgNV
BAUTQDUxYTZiNTI3ZTgyYTlhYzE5MWJkOWMxYmQ3OTI4ZjE4YWZmOGE5MmZkY2Rk
ZDYxNjY3NGVhZGQzZDVjMTk3N2QxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAIuN97S7GfQBzAd1bppFxBNX/E7Vd3LcRDIIpNba/Qo80AwGKtBIrazgj7Zg
25JRt24cRTj8l+2SuzCHaU7Xy/eyqwxHlXcqYCdPRFAQeNg7FHy2c11srC1fcAFj
SO9sLYLcwzclAq00uA0NLDsVSvilIggdH69hQrigjEo9ZUUMPH89qTGo/7YoGea5
B87YZx/tuV5PMDeljJqEGpGDQH+eBSJc/mnfILGsR72lX1L8vGRnkVqbEgPyTryR
bWhcC15DnRH58aiwwIu4ArPYbr4Uz/MuUOLel8yoqEl4++EvJUyGTe+cG+Sznc3Z
y88RBeNDQX/+/J4V4dWAQyWytP0CAwEAAaOCAiQwggIgMB0GA1UdDgQWBBTqDTPQ
jAt/8bN0LxFSsBA1sTzEgDAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NGNmODM4ODEtNzRmNy00MDMzLTk3N2ItMzYyZTA4ZThkNmQyLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0HII
QDANBgkqhkiG9w0BAQsFAAOCAQEAL9is7lDS2m7uC9Asb2AxdK0AHnnPNSBTk8vt
ZQE6+TPThJ6PxZt9y/kbpfmIKujQrHijlBuT9wUv+c8ZganrobjooMkIJu3lxysy
80Tyk4qX51zKYDZnuxmxWi9JnPRG/pXnufolqaPrJVANUsuvNYrJJhOuVCDCc49O
sebB9RYXFh5lr/xJtqvog1z9DgXM1bUmROWdZ7NBQSR/Tu4xHmaK/RyHPeTAr99E
av7Hq6T7pFqqiKlHGvz+4wuzw3+z1RiBwhcYDOq7GHCxpeM29TgHbAAoX6iISYyk
fapKYQJ/UmceOVSuYthJAmmeggDl/2Q1cJIQnJS3D+Ut8IrMMA==
-----END CERTIFICATE-----
Generated at Mon Mar 2 04:28:16 2026 by rpki-client