Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/595250c3-e9f2-4e23-9779-87c47497f520.roa
File: 595250c3-e9f2-4e23-9779-87c47497f520.roa (raw, json)
Hash identifier: 4C+xnvBRKxRfu0OdhMBCQz4GiYMg6g9/SK7Ss304KLo=
Subject key identifier: ED:7E:33:DC:70:0B:2F:5B:54:9B:18:C8:C9:C9:69:CA:E5:23:0D:C7
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 046B9744058B2998A40508EE4DC609F0C6B6B428
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/595250c3-e9f2-4e23-9779-87c47497f520.roa
Signing time: Sat 28 Feb 2026 05:40:46 +0000
ROA not before: Sat 28 Feb 2026 05:40:46 +0000
ROA not after: Fri 29 May 2026 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d078:5000::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 15:00:27 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
04:6b:97:44:05:8b:29:98:a4:05:08:ee:4d:c6:09:f0:c6:b6:b4:28
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Feb 28 05:40:46 2026 GMT
Not After : May 29 23:59:59 2026 GMT
Subject: serialNumber=06670c7137b7efe76a430da0df37d34acb85974c94acbb95a4e7a1ada6a0afb6, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b1:4e:da:11:ef:f2:2e:5f:17:b7:64:b5:ed:5d:
98:32:e9:37:4f:c5:72:f2:ff:c8:72:90:8a:1c:dd:
a1:2f:8e:27:c2:cc:e7:0a:5b:09:d5:85:42:bc:bf:
78:4c:a9:ce:71:0b:72:2f:af:80:51:1a:78:b5:59:
7b:7a:94:42:56:53:89:c6:f8:d8:59:ca:b3:d2:dc:
e4:b6:dd:fb:14:27:7b:56:04:04:ad:30:6e:8c:3b:
8d:2f:73:81:c8:42:82:49:6b:d0:b3:62:26:64:4e:
64:a0:27:28:28:e2:2a:c7:25:99:87:0f:a4:0e:c8:
28:e9:ab:c3:e1:31:6b:b4:25:98:20:7b:a0:55:7b:
59:a7:41:e9:30:7d:95:b6:0d:19:f8:7a:4a:62:39:
53:f9:08:11:29:43:0e:1a:ac:08:6f:c2:fd:8c:93:
e1:17:b8:2e:15:86:82:4a:eb:53:52:18:03:e4:32:
51:a9:90:51:3e:2c:71:8d:e6:b5:de:50:fa:17:1e:
8f:c6:7d:cd:0c:19:33:e5:34:f0:ce:8a:98:21:e7:
04:02:e6:a9:a8:21:4f:d8:a8:f0:ba:2b:45:18:f8:
a5:33:77:7b:49:05:ba:9b:a9:65:f5:47:5f:29:83:
69:6b:96:16:cf:73:a7:50:e1:df:04:97:a0:8c:5f:
a3:f9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
ED:7E:33:DC:70:0B:2F:5B:54:9B:18:C8:C9:C9:69:CA:E5:23:0D:C7
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/595250c3-e9f2-4e23-9779-87c47497f520.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d078:5000::/40
Signature Algorithm: sha256WithRSAEncryption
84:02:aa:cd:e8:04:18:3c:5d:4c:fd:5f:1a:36:a5:16:ea:6e:
32:1f:49:22:7d:f7:5c:d1:a3:56:50:dd:4c:bf:dc:d5:4b:4a:
e4:a8:7b:fe:1f:9d:db:56:47:19:46:49:88:8d:e0:fc:11:24:
aa:1b:44:ff:91:20:41:7f:b3:ff:17:65:6f:48:60:79:38:2b:
52:30:aa:f2:a0:28:d6:70:5c:48:a2:c2:2b:fc:ac:df:c5:da:
ba:30:f5:0e:b6:5b:d7:a8:92:fc:86:5c:3d:1a:e8:f2:69:5d:
4a:dd:26:e6:18:88:ce:c9:8d:b1:62:48:85:9a:bd:fc:f3:e3:
55:cc:a5:f9:d5:02:65:6b:7c:28:68:ec:9f:4d:8a:70:78:2f:
28:32:57:6b:20:c5:67:e6:a4:4e:79:22:fd:91:ff:63:3e:b8:
df:ac:4c:c5:c6:6f:e9:2e:b0:6c:f7:6a:6f:7c:33:00:94:70:
4a:f4:2d:10:0d:71:1f:ad:ba:40:15:c0:90:2f:20:99:47:ed:
21:77:ee:01:05:87:17:55:ed:99:5e:b7:9d:9d:07:bd:44:3c:
df:a1:5a:4b:9e:0e:d7:ac:ae:37:8c:df:b1:13:34:8d:e2:b1:
6e:c7:0b:48:61:6d:a0:68:5c:49:e6:7b:51:70:fe:b7:6c:be:
bb:14:1f:97
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUBGuXRAWLKZikBQjuTcYJ8Ma2tCgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNjAyMjgwNTQwNDZaFw0yNjA1MjkyMzU5NTlaMHoxSTBHBgNV
BAUTQDA2NjcwYzcxMzdiN2VmZTc2YTQzMGRhMGRmMzdkMzRhY2I4NTk3NGM5NGFj
YmI5NWE0ZTdhMWFkYTZhMGFmYjYxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALFO2hHv8i5fF7dkte1dmDLpN0/FcvL/yHKQihzdoS+OJ8LM5wpbCdWFQry/
eEypznELci+vgFEaeLVZe3qUQlZTicb42FnKs9Lc5Lbd+xQne1YEBK0wbow7jS9z
gchCgklr0LNiJmROZKAnKCjiKsclmYcPpA7IKOmrw+Exa7QlmCB7oFV7WadB6TB9
lbYNGfh6SmI5U/kIESlDDhqsCG/C/YyT4Re4LhWGgkrrU1IYA+QyUamQUT4scY3m
td5Q+hcej8Z9zQwZM+U08M6KmCHnBALmqaghT9io8LorRRj4pTN3e0kFupupZfVH
XymDaWuWFs9zp1Dh3wSXoIxfo/kCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBTtfjPc
cAsvW1SbGMjJyWnK5SMNxzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NTk1MjUwYzMtZTlmMi00ZTIzLTk3NzktODdjNDc0OTdmNTIwLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0HhQ
MA0GCSqGSIb3DQEBCwUAA4IBAQCEAqrN6AQYPF1M/V8aNqUW6m4yH0kiffdc0aNW
UN1Mv9zVS0rkqHv+H53bVkcZRkmIjeD8ESSqG0T/kSBBf7P/F2VvSGB5OCtSMKry
oCjWcFxIosIr/Kzfxdq6MPUOtlvXqJL8hlw9GujyaV1K3SbmGIjOyY2xYkiFmr38
8+NVzKX51QJla3woaOyfTYpweC8oMldrIMVn5qROeSL9kf9jPrjfrEzFxm/pLrBs
92pvfDMAlHBK9C0QDXEfrbpAFcCQLyCZR+0hd+4BBYcXVe2ZXrednQe9RDzfoVpL
ng7XrK43jN+xEzSN4rFuxwtIYW2gaFxJ5ntRcP63bL67FB+X
-----END CERTIFICATE-----
Generated at Sun Mar 1 21:42:57 2026 by rpki-client