Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/58557a89-b431-49c3-bc0e-d49e2d4c79d7.roa
File: 58557a89-b431-49c3-bc0e-d49e2d4c79d7.roa (raw, json)
Hash identifier: Gk285/ADMhr9qtu0QrZzasU+83BS1Wl+zRz8Pikz3gw=
Subject key identifier: 19:B4:32:57:A4:94:A1:B0:A1:CF:84:BC:6F:03:5E:72:30:BC:E8:CA
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 49E94BDFAEAFDAC36ED291453549129423E30538
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/58557a89-b431-49c3-bc0e-d49e2d4c79d7.roa
Signing time: Sat 28 Feb 2026 06:20:51 +0000
ROA not before: Sat 28 Feb 2026 06:20:51 +0000
ROA not after: Fri 29 May 2026 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d072:2040::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 15:00:27 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
49:e9:4b:df:ae:af:da:c3:6e:d2:91:45:35:49:12:94:23:e3:05:38
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Feb 28 06:20:51 2026 GMT
Not After : May 29 23:59:59 2026 GMT
Subject: serialNumber=f1fb83ba1d3a1921c956805009b728d06cfefdbb19bdd05e90a907b49ead8571, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c1:3e:40:44:0b:8b:ac:d1:e7:f5:e0:98:7c:18:
c9:aa:06:5e:01:c0:e5:a6:7b:ad:fc:c6:07:99:88:
f7:39:34:62:08:d3:2e:a0:1b:78:ef:e3:65:ec:54:
70:75:f9:b4:3b:f1:36:40:c5:de:04:5c:be:f9:a5:
df:77:c0:8c:5e:04:0e:ff:a5:96:76:3c:8f:6f:e0:
95:71:61:7a:8d:d3:2a:d6:37:94:ee:db:1c:75:5a:
3b:34:b2:d7:a3:34:60:b8:d3:2c:80:69:b4:b7:9d:
eb:13:51:42:be:60:24:88:a4:d7:64:fc:82:bd:be:
e0:62:7b:24:0e:de:3e:55:dc:95:71:50:06:1b:13:
87:d8:7d:1b:86:aa:dd:07:64:4e:4f:23:bb:d3:7a:
3a:94:ae:04:7c:02:0f:8c:2d:bd:21:ca:a0:3d:d1:
d2:1d:6b:ad:34:c7:21:98:70:59:24:82:f3:97:7d:
9d:ad:1a:e0:56:46:31:c7:14:5b:f3:49:d1:10:a9:
93:c6:12:ba:44:45:a3:0e:1d:26:b3:ac:76:e7:8b:
cd:dd:36:c8:0f:bb:28:e0:2b:23:f1:db:0e:55:27:
23:9f:1b:b0:48:52:e1:d9:37:23:3d:a3:ab:b9:8a:
54:17:a4:20:db:84:ba:f5:25:49:bd:3c:78:59:66:
c0:b5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
19:B4:32:57:A4:94:A1:B0:A1:CF:84:BC:6F:03:5E:72:30:BC:E8:CA
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/58557a89-b431-49c3-bc0e-d49e2d4c79d7.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d072:2040::/48
Signature Algorithm: sha256WithRSAEncryption
46:d9:a0:87:f1:da:62:8b:e2:a0:eb:78:b3:88:b4:39:5a:4c:
df:2c:24:26:ac:19:5b:bf:a3:9b:a1:6c:47:d1:63:4a:a7:7f:
59:c5:72:05:e7:0b:5d:64:8d:02:e6:c9:6c:f8:b5:01:ea:31:
66:b5:33:60:44:e5:42:f2:64:be:9d:93:b7:a0:c0:35:5c:97:
51:4f:d8:e1:d2:15:6f:9c:12:03:77:ff:6d:cc:13:60:fa:d3:
66:0c:49:ea:23:66:6e:c4:6c:c9:a8:e9:31:47:56:36:d4:36:
b1:7e:3d:c4:30:96:9f:4c:ac:f8:b6:d9:3c:1b:4b:18:63:f0:
e1:b6:2d:76:84:88:3f:eb:a5:b5:68:4c:46:ed:ab:9d:c8:93:
c6:7d:ae:66:3c:39:2e:c9:12:a1:ec:3e:9f:e9:9a:02:5e:87:
5f:20:2e:c8:a9:59:53:32:30:03:21:67:53:c0:ec:4e:09:08:
b2:ea:83:26:64:89:43:5c:13:df:02:08:f7:86:e2:d2:75:21:
b7:9b:f6:2c:e5:fd:dc:e0:51:97:3f:53:13:5b:69:05:fd:b8:
2f:7a:0f:0f:25:ad:5f:04:29:36:86:40:47:a5:ea:19:c6:2b:
5d:a8:52:a7:b0:8d:a0:0b:4b:20:e8:05:f9:2f:ba:d2:e5:37:
87:64:1f:31
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUSelL366v2sNu0pFFNUkSlCPjBTgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNjAyMjgwNjIwNTFaFw0yNjA1MjkyMzU5NTlaMHoxSTBHBgNV
BAUTQGYxZmI4M2JhMWQzYTE5MjFjOTU2ODA1MDA5YjcyOGQwNmNmZWZkYmIxOWJk
ZDA1ZTkwYTkwN2I0OWVhZDg1NzExLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAME+QEQLi6zR5/XgmHwYyaoGXgHA5aZ7rfzGB5mI9zk0YgjTLqAbeO/jZexU
cHX5tDvxNkDF3gRcvvml33fAjF4EDv+llnY8j2/glXFheo3TKtY3lO7bHHVaOzSy
16M0YLjTLIBptLed6xNRQr5gJIik12T8gr2+4GJ7JA7ePlXclXFQBhsTh9h9G4aq
3QdkTk8ju9N6OpSuBHwCD4wtvSHKoD3R0h1rrTTHIZhwWSSC85d9na0a4FZGMccU
W/NJ0RCpk8YSukRFow4dJrOsdueLzd02yA+7KOArI/HbDlUnI58bsEhS4dk3Iz2j
q7mKVBekINuEuvUlSb08eFlmwLUCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBQZtDJX
pJShsKHPhLxvA15yMLzoyjAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NTg1NTdhODktYjQzMS00OWMzLWJjMGUtZDQ5ZTJkNGM3OWQ3LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0HIg
QDANBgkqhkiG9w0BAQsFAAOCAQEARtmgh/HaYovioOt4s4i0OVpM3ywkJqwZW7+j
m6FsR9FjSqd/WcVyBecLXWSNAubJbPi1AeoxZrUzYETlQvJkvp2Tt6DANVyXUU/Y
4dIVb5wSA3f/bcwTYPrTZgxJ6iNmbsRsyajpMUdWNtQ2sX49xDCWn0ys+LbZPBtL
GGPw4bYtdoSIP+ultWhMRu2rnciTxn2uZjw5LskSoew+n+maAl6HXyAuyKlZUzIw
AyFnU8DsTgkIsuqDJmSJQ1wT3wII94bi0nUht5v2LOX93OBRlz9TE1tpBf24L3oP
DyWtXwQpNoZAR6XqGcYrXahSp7CNoAtLIOgF+S+60uU3h2QfMQ==
-----END CERTIFICATE-----
Generated at Sun Mar 1 23:35:19 2026 by rpki-client