Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/5fe931ae-e353-437d-9738-79004c5e9188.roa
File: 5fe931ae-e353-437d-9738-79004c5e9188.roa (raw, json)
Hash identifier: cocf9PuzORVzjU1VG2y7xiH61nGFYYoXIOsypUBI8w4=
Subject key identifier: 0D:A3:94:D5:0F:5D:BC:A8:B0:51:6D:22:29:2D:DA:51:E5:E2:09:F0
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 02CE2F932203C8464A52287CC95BFC78662B4479
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/5fe931ae-e353-437d-9738-79004c5e9188.roa
Signing time: Sat 28 Feb 2026 06:20:05 +0000
ROA not before: Sat 28 Feb 2026 06:20:05 +0000
ROA not after: Fri 29 May 2026 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d034:c000::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 15:00:27 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
02:ce:2f:93:22:03:c8:46:4a:52:28:7c:c9:5b:fc:78:66:2b:44:79
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Feb 28 06:20:05 2026 GMT
Not After : May 29 23:59:59 2026 GMT
Subject: serialNumber=1c0b50a4ec7cbe0e4bf40e64d66608542a1d3b33e3297152dc95523b6a87b81a, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d9:8b:0a:3a:ec:50:f2:3d:2f:c0:e2:6f:ab:7f:
99:ac:6d:be:6a:29:1a:47:d5:27:08:79:6a:46:86:
3a:25:2a:5e:cf:4f:c1:b3:1b:54:8d:d6:59:1c:c0:
2d:83:d1:c7:61:2c:41:53:b5:ff:5f:d6:37:8b:b0:
34:91:ff:e1:96:b6:5b:d4:fd:44:54:d1:e8:29:df:
46:15:35:e4:92:61:c9:15:83:0e:41:4e:89:ae:57:
95:55:97:e0:c1:a4:a7:c7:ab:24:af:6d:02:df:49:
ff:40:e9:d6:53:79:b3:9a:ef:52:eb:de:2a:80:8c:
be:b5:23:dc:3f:01:80:2e:b4:48:be:6c:bd:ab:1a:
13:cb:6c:90:44:78:0f:7f:a6:d2:c1:ad:ed:e2:fb:
1b:b9:20:3e:46:2d:a3:0f:5d:3d:49:f1:d5:4e:39:
1d:23:0c:88:0a:3c:b6:c3:ec:e6:87:34:7d:79:b0:
df:86:03:e0:0c:8c:e5:2b:f9:fb:5f:7a:01:e6:1d:
19:4e:b5:54:09:07:d4:e3:4e:26:4d:8a:a6:52:7b:
ae:4f:2f:a1:0d:0d:3e:2b:58:47:d5:3a:32:ca:ad:
57:bf:6e:32:b9:42:ec:16:88:40:b1:dd:74:83:fc:
0d:06:a4:e2:77:79:c2:5d:0a:88:22:1c:74:c1:76:
54:79
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0D:A3:94:D5:0F:5D:BC:A8:B0:51:6D:22:29:2D:DA:51:E5:E2:09:F0
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/5fe931ae-e353-437d-9738-79004c5e9188.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d034:c000::/40
Signature Algorithm: sha256WithRSAEncryption
77:a6:9b:96:e7:55:a3:78:63:72:3e:b1:a0:92:8c:5e:28:2f:
da:6a:d9:18:aa:78:74:65:d1:46:ec:7f:68:3a:2f:ea:d3:70:
37:f9:30:1a:67:29:9d:b0:8d:75:85:68:b2:e2:0b:d4:f9:70:
89:e8:e8:b9:98:60:e0:9f:a5:dc:01:1b:1e:43:9d:af:5b:a8:
e3:c7:13:b5:19:4c:15:fe:b6:b8:78:04:af:87:05:ce:f1:d1:
c8:f2:9a:7f:5f:42:dc:be:aa:d5:24:49:e8:e1:cc:c2:41:c7:
70:fb:f7:03:30:0e:49:6c:fb:05:a1:c2:02:13:50:7c:6c:a6:
28:3d:86:05:fb:fa:15:a1:29:0d:e1:43:a0:9d:fb:10:47:d7:
6f:fa:8f:26:22:9a:c1:73:29:bb:17:7e:8a:5d:d2:5b:d4:c2:
bf:be:15:e4:ae:39:43:e8:84:06:5a:83:8e:c2:e9:93:7c:03:
02:ef:4d:ea:58:b0:a7:c5:64:05:b7:45:bf:de:a0:e5:cd:97:
fb:1a:fa:ac:f9:72:27:e2:d1:de:6f:b9:58:16:32:5d:f1:82:
50:e7:f1:8b:30:8d:de:85:7e:c7:97:42:6b:2a:bf:6e:cd:48:
f0:7e:2d:f7:c2:3a:ac:20:fb:f5:2e:02:17:59:8b:ed:5d:1e:
35:24:07:2b
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUAs4vkyIDyEZKUih8yVv8eGYrRHkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNjAyMjgwNjIwMDVaFw0yNjA1MjkyMzU5NTlaMHoxSTBHBgNV
BAUTQDFjMGI1MGE0ZWM3Y2JlMGU0YmY0MGU2NGQ2NjYwODU0MmExZDNiMzNlMzI5
NzE1MmRjOTU1MjNiNmE4N2I4MWExLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANmLCjrsUPI9L8Dib6t/maxtvmopGkfVJwh5akaGOiUqXs9PwbMbVI3WWRzA
LYPRx2EsQVO1/1/WN4uwNJH/4Za2W9T9RFTR6CnfRhU15JJhyRWDDkFOia5XlVWX
4MGkp8erJK9tAt9J/0Dp1lN5s5rvUuveKoCMvrUj3D8BgC60SL5svasaE8tskER4
D3+m0sGt7eL7G7kgPkYtow9dPUnx1U45HSMMiAo8tsPs5oc0fXmw34YD4AyM5Sv5
+196AeYdGU61VAkH1ONOJk2KplJ7rk8voQ0NPitYR9U6MsqtV79uMrlC7BaIQLHd
dIP8DQak4nd5wl0KiCIcdMF2VHkCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBQNo5TV
D128qLBRbSIpLdpR5eIJ8DAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NWZlOTMxYWUtZTM1My00MzdkLTk3MzgtNzkwMDRjNWU5MTg4LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0DTA
MA0GCSqGSIb3DQEBCwUAA4IBAQB3ppuW51WjeGNyPrGgkoxeKC/aatkYqnh0ZdFG
7H9oOi/q03A3+TAaZymdsI11hWiy4gvU+XCJ6Oi5mGDgn6XcARseQ52vW6jjxxO1
GUwV/ra4eASvhwXO8dHI8pp/X0LcvqrVJEno4czCQcdw+/cDMA5JbPsFocICE1B8
bKYoPYYF+/oVoSkN4UOgnfsQR9dv+o8mIprBcym7F36KXdJb1MK/vhXkrjlD6IQG
WoOOwumTfAMC703qWLCnxWQFt0W/3qDlzZf7Gvqs+XIn4tHeb7lYFjJd8YJQ5/GL
MI3ehX7Hl0JrKr9uzUjwfi33wjqsIPv1LgIXWYvtXR41JAcr
-----END CERTIFICATE-----
Generated at Sun Mar 1 21:50:41 2026 by rpki-client