Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/57c971db-5779-4af6-9c2f-2c7cd904e742.roa
File: 57c971db-5779-4af6-9c2f-2c7cd904e742.roa (raw, json)
Hash identifier: sfhu8/TtqvA8J7cE9d2IoT7E2sgyEw0+wgc4g0QM9dI=
Subject key identifier: 43:F6:74:8F:78:F4:3F:F4:F7:82:3A:58:C7:13:12:84:E2:DD:C6:E5
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 31BF9466BE6A5DC68962EF09DC5DDC420083D184
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/57c971db-5779-4af6-9c2f-2c7cd904e742.roa
Signing time: Sat 28 Feb 2026 06:00:07 +0000
ROA not before: Sat 28 Feb 2026 06:00:07 +0000
ROA not after: Fri 29 May 2026 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d076:c000::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 18:00:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
31:bf:94:66:be:6a:5d:c6:89:62:ef:09:dc:5d:dc:42:00:83:d1:84
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Feb 28 06:00:07 2026 GMT
Not After : May 29 23:59:59 2026 GMT
Subject: serialNumber=4cae7a35692f8c3aa43103bf6415a98e8437a96b3c80b46a8ecc267ffa20ecc7, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:95:95:23:94:3d:75:88:2a:64:8c:18:90:26:89:
8b:b5:56:86:a0:5f:db:da:71:6f:f6:5f:db:4f:48:
3d:50:eb:cf:ec:09:ed:db:41:6e:e5:09:e6:6b:aa:
84:18:03:0f:8a:45:f3:41:60:b6:f5:2f:e3:f7:bf:
ec:05:6a:ef:05:85:76:63:63:f4:cf:63:0b:84:fb:
5a:9b:7f:e1:4e:da:7d:9c:27:a2:63:66:58:cd:32:
2f:97:72:6f:41:cb:4d:28:55:c3:ff:11:e2:12:eb:
cb:f8:00:57:13:ca:c9:8c:e2:4b:1d:45:0b:2d:b2:
a0:6c:7d:c3:0c:e8:57:c7:28:1a:0e:cc:4c:d2:33:
33:33:f7:12:04:60:b0:91:fc:5d:f6:6a:e8:be:cd:
3f:b0:71:d8:10:94:aa:47:ea:94:7d:d7:42:3c:9b:
02:5e:33:cf:b7:33:46:4e:a8:c9:98:a3:39:25:24:
71:69:13:c1:ee:0f:bf:d3:c6:36:db:96:80:9c:be:
a9:59:bf:47:3e:f7:1b:9e:ae:f1:03:96:55:52:a9:
c6:ab:7c:b3:32:75:e5:49:05:ce:20:a7:94:5c:e6:
6e:88:66:3e:48:a0:0e:f4:b5:95:f7:6f:6c:60:1c:
36:ab:38:df:ed:73:6e:65:8d:df:ad:66:3f:f3:a6:
0e:ff
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
43:F6:74:8F:78:F4:3F:F4:F7:82:3A:58:C7:13:12:84:E2:DD:C6:E5
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/57c971db-5779-4af6-9c2f-2c7cd904e742.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d076:c000::/48
Signature Algorithm: sha256WithRSAEncryption
b8:70:a1:e5:55:99:f3:85:9c:aa:02:62:68:43:1d:e6:36:01:
1a:84:46:0f:87:4f:1c:66:2d:80:c5:c3:94:d3:a1:65:24:85:
1c:d9:25:df:cc:b6:9a:57:f3:8f:ef:87:bf:76:ed:c8:f9:fc:
cf:51:1d:42:27:12:6a:58:12:89:2b:bc:a1:58:57:ae:d8:b1:
6e:1b:b3:d3:81:3e:3d:75:df:37:2f:ff:c0:22:40:58:3f:a2:
13:93:65:36:e8:d5:7a:2e:90:33:9f:85:b9:da:4b:bb:aa:fc:
f4:66:1a:6b:42:46:fc:79:a7:33:a0:fb:9f:eb:da:c5:0e:3c:
93:51:29:d3:94:5e:53:48:31:a6:7a:23:41:4a:36:99:52:55:
16:80:d3:85:3d:25:28:b1:3b:b1:49:80:63:f6:a7:93:78:1c:
c8:9a:6d:b4:fd:05:19:b6:53:fb:d4:a2:7d:e1:6e:ba:2b:c1:
bb:b2:58:35:f7:31:e1:46:d6:0a:f4:d3:0c:ca:8f:e5:fd:4a:
cd:47:f5:17:d4:c8:f4:b5:62:cc:fb:b0:43:ec:35:cb:a1:89:
ff:e4:9d:12:df:1f:28:5a:e6:74:8f:88:04:04:c7:31:7c:89:
4b:0b:6d:e9:36:b8:0d:85:7b:9d:0e:e1:19:99:9c:50:7d:bf:
1b:ec:1e:dc
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUMb+UZr5qXcaJYu8J3F3cQgCD0YQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNjAyMjgwNjAwMDdaFw0yNjA1MjkyMzU5NTlaMHoxSTBHBgNV
BAUTQDRjYWU3YTM1NjkyZjhjM2FhNDMxMDNiZjY0MTVhOThlODQzN2E5NmIzYzgw
YjQ2YThlY2MyNjdmZmEyMGVjYzcxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJWVI5Q9dYgqZIwYkCaJi7VWhqBf29pxb/Zf209IPVDrz+wJ7dtBbuUJ5muq
hBgDD4pF80FgtvUv4/e/7AVq7wWFdmNj9M9jC4T7Wpt/4U7afZwnomNmWM0yL5dy
b0HLTShVw/8R4hLry/gAVxPKyYziSx1FCy2yoGx9wwzoV8coGg7MTNIzMzP3EgRg
sJH8XfZq6L7NP7Bx2BCUqkfqlH3XQjybAl4zz7czRk6oyZijOSUkcWkTwe4Pv9PG
NtuWgJy+qVm/Rz73G56u8QOWVVKpxqt8szJ15UkFziCnlFzmbohmPkigDvS1lfdv
bGAcNqs43+1zbmWN361mP/OmDv8CAwEAAaOCAiQwggIgMB0GA1UdDgQWBBRD9nSP
ePQ/9PeCOljHExKE4t3G5TAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NTdjOTcxZGItNTc3OS00YWY2LTljMmYtMmM3Y2Q5MDRlNzQyLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0HbA
ADANBgkqhkiG9w0BAQsFAAOCAQEAuHCh5VWZ84WcqgJiaEMd5jYBGoRGD4dPHGYt
gMXDlNOhZSSFHNkl38y2mlfzj++Hv3btyPn8z1EdQicSalgSiSu8oVhXrtixbhuz
04E+PXXfNy//wCJAWD+iE5NlNujVei6QM5+FudpLu6r89GYaa0JG/HmnM6D7n+va
xQ48k1Ep05ReU0gxpnojQUo2mVJVFoDThT0lKLE7sUmAY/ank3gcyJpttP0FGbZT
+9SifeFuuivBu7JYNfcx4UbWCvTTDMqP5f1KzUf1F9TI9LVizPuwQ+w1y6GJ/+Sd
Et8fKFrmdI+IBATHMXyJSwtt6Ta4DYV7nQ7hGZmcUH2/G+we3A==
-----END CERTIFICATE-----
Generated at Mon Mar 2 04:28:20 2026 by rpki-client