Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/4e91376d-8b45-49e6-bf21-9f8e5d21208b.roa
File: 4e91376d-8b45-49e6-bf21-9f8e5d21208b.roa (raw, json)
Hash identifier: t60xnyLRYv6ZK5koMjb2s4yYtUimYl8nEtRfKzrNsZU=
Subject key identifier: 22:19:54:EA:38:12:5E:DD:F1:49:C4:AE:EB:B9:CE:2D:21:B5:C6:DC
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 3AAB1BFD45A0CA8EA75CCD05804B40EF01BFF39B
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/4e91376d-8b45-49e6-bf21-9f8e5d21208b.roa
Signing time: Fri 20 Feb 2026 01:50:31 +0000
ROA not before: Fri 20 Feb 2026 01:50:31 +0000
ROA not after: Thu 21 May 2026 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d030:5000::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 15:00:27 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
3a:ab:1b:fd:45:a0:ca:8e:a7:5c:cd:05:80:4b:40:ef:01:bf:f3:9b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Feb 20 01:50:31 2026 GMT
Not After : May 21 23:59:59 2026 GMT
Subject: serialNumber=ce1918a1851ba4a9db1bc1ce731f6b3a38a8aa7d31f37d4c8bb9d4a65f6671dd, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:aa:c6:44:43:ca:98:f9:eb:37:ef:5d:63:b2:97:
75:43:cf:f6:78:52:2e:c6:09:7f:bf:d0:45:9f:2b:
8e:0f:e2:3b:2e:8a:49:04:27:25:a9:93:6c:05:29:
7f:e7:1c:f6:8a:66:6c:f3:2c:84:04:c1:52:10:53:
d8:95:7a:c5:69:5f:e1:bc:53:b2:19:1e:6d:f4:fc:
f9:14:95:99:c0:e5:15:e3:a7:9c:aa:9b:03:1e:8e:
e5:57:a6:97:60:da:6f:2d:0e:1d:ed:e0:f6:01:1a:
9e:91:20:d4:f2:5c:78:a5:be:ab:e6:01:a3:39:45:
b2:37:95:44:7c:d9:bd:78:d2:57:2e:30:95:71:90:
8a:0d:8a:c6:46:84:7f:25:65:2b:fc:52:10:27:7e:
24:89:28:36:e6:b0:a5:61:5b:bb:88:d5:1e:03:79:
01:cd:8a:4f:6a:5b:8b:66:77:6d:30:48:9c:49:77:
9f:c5:3d:f0:f9:7a:9b:58:69:df:e2:7d:88:7d:b2:
de:e2:98:00:58:3f:72:04:38:b8:5f:29:04:5a:f3:
7d:2a:61:b6:fe:59:28:77:aa:e4:18:c5:5d:18:8d:
cc:89:69:0c:a5:0e:8f:65:bb:d3:e8:0e:da:f6:70:
09:02:6a:6d:7d:72:d6:ee:85:b1:53:2f:ad:ab:4e:
38:ff
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
22:19:54:EA:38:12:5E:DD:F1:49:C4:AE:EB:B9:CE:2D:21:B5:C6:DC
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/4e91376d-8b45-49e6-bf21-9f8e5d21208b.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d030:5000::/40
Signature Algorithm: sha256WithRSAEncryption
54:b8:ac:73:45:79:54:32:0c:ae:8e:76:61:53:ec:1a:4b:b1:
f7:73:e3:17:09:bf:a9:b2:99:f1:8b:f7:e0:9c:b2:51:5d:a8:
91:f7:8f:0e:50:eb:c9:e7:f8:81:ae:90:fa:f7:b7:fb:72:ef:
6a:87:a1:c1:28:6b:26:02:5d:20:28:aa:23:0c:d5:c1:69:6d:
8d:65:6e:b9:27:50:ba:b4:b2:8c:e6:1a:c4:af:c0:f2:75:c3:
0a:d1:8d:c8:95:31:8c:af:9e:d4:49:c4:84:f6:b0:8f:ed:db:
b2:69:4d:d1:a4:4f:52:ed:be:3c:fc:99:b7:c1:80:18:2f:26:
02:31:c2:64:3c:3d:2c:1a:e0:1a:ca:07:cb:bb:46:fd:12:43:
28:f7:b5:b2:af:57:15:5a:0c:b8:c8:a2:f6:67:9d:09:ab:0e:
2f:ce:75:7e:3a:b3:a0:ef:2e:12:e0:a1:62:d0:41:4b:7c:f8:
a8:c3:d5:48:2f:12:f9:e5:62:87:cd:1f:64:f2:d7:63:86:c8:
4f:c9:da:64:84:41:6e:77:a0:3f:d6:aa:c7:71:28:27:52:2e:
55:a0:39:59:20:10:10:35:e8:5e:5c:1e:c4:ec:9d:80:87:39:
6a:29:d1:a6:00:72:f8:40:5d:37:3e:b3:d1:af:ec:bf:11:b0:
99:83:93:58
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUOqsb/UWgyo6nXM0FgEtA7wG/85swDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNjAyMjAwMTUwMzFaFw0yNjA1MjEyMzU5NTlaMHoxSTBHBgNV
BAUTQGNlMTkxOGExODUxYmE0YTlkYjFiYzFjZTczMWY2YjNhMzhhOGFhN2QzMWYz
N2Q0YzhiYjlkNGE2NWY2NjcxZGQxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKrGREPKmPnrN+9dY7KXdUPP9nhSLsYJf7/QRZ8rjg/iOy6KSQQnJamTbAUp
f+cc9opmbPMshATBUhBT2JV6xWlf4bxTshkebfT8+RSVmcDlFeOnnKqbAx6O5Vem
l2Daby0OHe3g9gEanpEg1PJceKW+q+YBozlFsjeVRHzZvXjSVy4wlXGQig2KxkaE
fyVlK/xSECd+JIkoNuawpWFbu4jVHgN5Ac2KT2pbi2Z3bTBInEl3n8U98Pl6m1hp
3+J9iH2y3uKYAFg/cgQ4uF8pBFrzfSphtv5ZKHeq5BjFXRiNzIlpDKUOj2W70+gO
2vZwCQJqbX1y1u6FsVMvratOOP8CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBQiGVTq
OBJe3fFJxK7ruc4tIbXG3DAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NGU5MTM3NmQtOGI0NS00OWU2LWJmMjEtOWY4ZTVkMjEyMDhiLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0DBQ
MA0GCSqGSIb3DQEBCwUAA4IBAQBUuKxzRXlUMgyujnZhU+waS7H3c+MXCb+pspnx
i/fgnLJRXaiR948OUOvJ5/iBrpD697f7cu9qh6HBKGsmAl0gKKojDNXBaW2NZW65
J1C6tLKM5hrEr8DydcMK0Y3IlTGMr57UScSE9rCP7duyaU3RpE9S7b48/Jm3wYAY
LyYCMcJkPD0sGuAaygfLu0b9EkMo97Wyr1cVWgy4yKL2Z50Jqw4vznV+OrOg7y4S
4KFi0EFLfPiow9VILxL55WKHzR9k8tdjhshPydpkhEFud6A/1qrHcSgnUi5VoDlZ
IBAQNeheXB7E7J2AhzlqKdGmAHL4QF03PrPRr+y/EbCZg5NY
-----END CERTIFICATE-----
Generated at Mon Mar 2 01:24:20 2026 by rpki-client