Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/5f28c807-572d-4641-be39-53109963f4c3.roa
File: 5f28c807-572d-4641-be39-53109963f4c3.roa (raw, json)
Hash identifier: dPkRw69eVek7sXZQADRBbMwCvh7YtZyxALVH41qvInE=
Subject key identifier: 0A:43:21:D5:4C:C2:5C:06:CA:45:F0:29:0C:1A:8B:F8:CA:8D:15:78
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 0D2CFF610E2BA6F214A227DDF2689F3D5BAEEABA
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/5f28c807-572d-4641-be39-53109963f4c3.roa
Signing time: Sat 28 Feb 2026 05:10:34 +0000
ROA not before: Sat 28 Feb 2026 05:10:34 +0000
ROA not after: Fri 29 May 2026 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d036:a000::/40 maxlen: 40
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 15:00:27 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
0d:2c:ff:61:0e:2b:a6:f2:14:a2:27:dd:f2:68:9f:3d:5b:ae:ea:ba
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Feb 28 05:10:34 2026 GMT
Not After : May 29 23:59:59 2026 GMT
Subject: serialNumber=ce66536c6a52fee1fa9127064248362282aba1ef3ac9e49367911c4618e367ee, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d1:cc:37:9e:dd:07:3d:f8:70:ee:42:22:d3:45:
f5:09:cd:7b:01:b6:4e:aa:b6:bf:9b:08:ab:3b:aa:
c1:85:7a:37:95:01:26:81:41:af:c2:4c:0f:13:c0:
d2:bd:d5:f3:e4:8b:e2:f7:d6:53:5f:7d:6d:0f:89:
e7:27:ef:74:e4:5a:76:98:1b:36:77:55:79:79:c8:
60:44:4d:d2:55:48:35:a5:8d:4b:b9:51:1e:39:62:
f6:bb:68:f2:2a:9d:b4:4d:d9:fd:2b:6e:b8:94:e5:
b8:0f:2f:c6:13:e7:37:47:9d:98:b2:20:82:87:09:
09:72:04:ce:ac:28:e3:62:c9:6b:f5:00:6f:6f:a8:
e2:ee:7b:3b:f6:77:a2:27:55:34:1a:b3:d8:59:b4:
35:0e:0f:1f:a4:f4:8b:c1:47:08:6f:15:7e:ab:55:
9c:6c:44:89:23:ff:ee:a3:2a:b1:74:3e:9f:6b:e8:
b0:6a:48:c3:e9:62:38:27:f5:eb:a7:24:3d:47:80:
b5:5a:ff:b0:cd:d6:9a:63:16:55:30:b6:4f:eb:a8:
0e:6d:18:9f:a6:3d:d5:3a:a4:1b:82:89:16:e5:97:
dd:c3:f0:66:70:f3:75:6a:53:fc:2a:20:50:95:6a:
de:50:64:9b:05:25:0f:7f:bb:eb:74:d8:44:f2:5d:
e0:21
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0A:43:21:D5:4C:C2:5C:06:CA:45:F0:29:0C:1A:8B:F8:CA:8D:15:78
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/5f28c807-572d-4641-be39-53109963f4c3.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d036:a000::/40
Signature Algorithm: sha256WithRSAEncryption
06:ec:2a:f6:08:6a:f3:e7:4f:e3:73:17:68:e7:fd:23:b6:7d:
74:dc:b0:42:5b:e0:9e:c0:af:dd:64:ad:33:c8:ce:9b:a0:89:
d3:bb:6e:58:42:c3:47:71:0e:42:19:90:c8:30:0a:de:8d:76:
34:f7:29:bc:53:3a:6d:e2:bb:76:37:f4:7c:2d:94:51:b9:ce:
16:26:ec:bf:a4:6b:87:66:c3:2b:93:c5:ec:6f:3e:80:77:d8:
74:d3:20:33:d7:40:38:ec:41:2f:f0:22:5c:f9:dc:5e:cc:8d:
d1:ef:5a:d7:f5:73:7d:0f:ca:ea:ca:cb:ce:2d:07:0c:33:ee:
9b:e9:bd:ce:81:ac:33:7b:3e:c3:e3:da:3c:20:98:b8:77:fc:
f3:fa:36:d5:73:bf:3e:43:e7:77:62:91:49:32:5a:fc:c1:74:
18:14:7c:4c:76:65:86:94:43:5c:f8:d4:7f:ab:92:90:b0:13:
d8:9b:d9:ae:75:f3:2a:df:39:53:16:b7:c5:e3:a7:c6:af:70:
7e:b7:92:b0:d0:a5:96:3a:6a:f4:2c:6e:8a:bb:6a:c0:16:d7:
0c:99:78:34:63:00:73:77:73:23:e5:50:49:77:12:7d:12:36:
fa:d8:aa:f1:74:cf:63:ae:3e:6b:c2:28:cb:bc:3c:43:07:5f:
44:8b:f7:50
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUDSz/YQ4rpvIUoifd8mifPVuu6rowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNjAyMjgwNTEwMzRaFw0yNjA1MjkyMzU5NTlaMHoxSTBHBgNV
BAUTQGNlNjY1MzZjNmE1MmZlZTFmYTkxMjcwNjQyNDgzNjIyODJhYmExZWYzYWM5
ZTQ5MzY3OTExYzQ2MThlMzY3ZWUxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANHMN57dBz34cO5CItNF9QnNewG2Tqq2v5sIqzuqwYV6N5UBJoFBr8JMDxPA
0r3V8+SL4vfWU199bQ+J5yfvdORadpgbNndVeXnIYERN0lVINaWNS7lRHjli9rto
8iqdtE3Z/StuuJTluA8vxhPnN0edmLIggocJCXIEzqwo42LJa/UAb2+o4u57O/Z3
oidVNBqz2Fm0NQ4PH6T0i8FHCG8VfqtVnGxEiSP/7qMqsXQ+n2vosGpIw+liOCf1
66ckPUeAtVr/sM3WmmMWVTC2T+uoDm0Yn6Y91TqkG4KJFuWX3cPwZnDzdWpT/Cog
UJVq3lBkmwUlD3+763TYRPJd4CECAwEAAaOCAiMwggIfMB0GA1UdDgQWBBQKQyHV
TMJcBspF8CkMGov4yo0VeDAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NWYyOGM4MDctNTcyZC00NjQxLWJlMzktNTMxMDk5NjNmNGMzLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0Dag
MA0GCSqGSIb3DQEBCwUAA4IBAQAG7Cr2CGrz50/jcxdo5/0jtn103LBCW+CewK/d
ZK0zyM6boInTu25YQsNHcQ5CGZDIMArejXY09ym8Uzpt4rt2N/R8LZRRuc4WJuy/
pGuHZsMrk8Xsbz6Ad9h00yAz10A47EEv8CJc+dxezI3R71rX9XN9D8rqysvOLQcM
M+6b6b3Ogawzez7D49o8IJi4d/zz+jbVc78+Q+d3YpFJMlr8wXQYFHxMdmWGlENc
+NR/q5KQsBPYm9mudfMq3zlTFrfF46fGr3B+t5Kw0KWWOmr0LG6Ku2rAFtcMmXg0
YwBzd3Mj5VBJdxJ9Ejb62KrxdM9jrj5rwijLvDxDB19Ei/dQ
-----END CERTIFICATE-----
Generated at Sun Mar 1 21:56:48 2026 by rpki-client