Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/60c499a8-e470-4a76-9095-20d8554a426a.roa
File: 60c499a8-e470-4a76-9095-20d8554a426a.roa (raw, json)
Hash identifier: Xk4fX8YAwXpSaPeYi9LC0PE7vfj21BwHzvTRG1cBNn8=
Subject key identifier: B9:B2:81:3A:E3:0D:7F:A2:C8:99:9F:40:22:04:74:6D:C2:4F:E0:B9
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 4DABE516742A58D6F47689B92D5406881F301FB6
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/60c499a8-e470-4a76-9095-20d8554a426a.roa
Signing time: Sat 28 Feb 2026 06:10:57 +0000
ROA not before: Sat 28 Feb 2026 06:10:57 +0000
ROA not after: Fri 29 May 2026 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d018:c00::/38 maxlen: 38
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 15:00:27 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
4d:ab:e5:16:74:2a:58:d6:f4:76:89:b9:2d:54:06:88:1f:30:1f:b6
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Feb 28 06:10:57 2026 GMT
Not After : May 29 23:59:59 2026 GMT
Subject: serialNumber=bc4a98c20ce2f37b4d02e1c32a718a1418480351f3adc107d805ee4d45654584, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ec:fb:e1:ca:55:ab:16:08:6e:c4:88:2e:ad:89:
21:99:be:d1:a5:18:24:bb:b7:3c:b5:98:64:c0:3a:
ff:2c:63:19:4b:57:bb:0a:43:8b:83:7e:f4:d8:48:
0b:ca:e1:4a:55:09:53:e7:9f:d7:65:10:87:4d:26:
be:f2:cf:eb:0d:23:54:f9:df:cb:86:a6:51:97:31:
8c:af:fc:11:7c:1b:3c:7c:38:e1:b3:fa:17:b1:f4:
77:89:97:3e:36:f0:97:17:61:6d:72:83:eb:57:d6:
b9:35:8c:2f:84:5e:6f:34:2e:dc:b9:fa:5a:e1:16:
dd:9e:10:8e:5d:bc:7a:07:05:24:40:5e:9c:8e:5b:
0c:b7:da:e5:b3:8f:6c:de:54:ee:de:61:76:1d:ef:
a6:fb:b0:73:4a:a9:5c:a6:67:34:98:ec:b3:a6:21:
51:3d:4b:e0:29:25:64:8d:a4:3e:9e:2d:b0:e7:04:
2f:6c:2b:6f:a0:fb:48:df:56:ac:ec:a8:93:3d:65:
b6:d1:bc:d5:e6:6f:be:46:7b:cd:74:bb:9f:81:7e:
7f:83:75:4f:aa:ad:fc:ba:f3:73:28:f0:49:66:d3:
f9:ca:1d:b7:e3:0a:3f:8d:4e:6b:05:fb:49:7a:6b:
ae:78:0a:61:d8:0b:39:7e:3e:ff:c4:3f:0e:a2:b1:
01:6d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B9:B2:81:3A:E3:0D:7F:A2:C8:99:9F:40:22:04:74:6D:C2:4F:E0:B9
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/60c499a8-e470-4a76-9095-20d8554a426a.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d018:c00::/38
Signature Algorithm: sha256WithRSAEncryption
3f:27:8d:63:be:07:0b:a8:f9:e5:0f:d7:3c:4b:dd:b2:0f:d4:
6c:82:4d:5e:6c:74:d8:38:3c:ef:13:47:a1:41:ba:c6:fa:c1:
d0:ad:bc:c1:dd:b7:05:31:31:2f:28:90:87:11:ef:6e:8f:c5:
a7:0b:8e:be:70:9e:65:3d:ea:26:32:eb:df:d7:bb:b7:83:87:
18:f7:31:64:cd:51:75:65:ea:63:47:81:0d:c1:2f:2b:20:ee:
11:f2:aa:e0:6b:c4:0c:a1:1f:a2:71:e9:fa:de:aa:13:3c:19:
5d:77:9f:fa:4e:c7:88:8c:13:94:35:61:10:b2:96:d8:d1:a9:
34:48:2b:7d:3e:fa:06:8a:b5:fc:7c:26:71:3b:50:b4:f0:a4:
95:7e:f9:15:bd:27:25:89:69:b6:5e:4a:2f:91:3b:d1:d1:4f:
bb:08:29:75:99:a0:f6:8d:5a:5f:9e:56:b9:36:51:c6:73:90:
9d:bb:7a:b2:f9:01:5e:8b:3f:76:f9:dd:36:fd:1f:aa:25:8e:
06:df:89:60:a6:0c:3b:56:3c:e8:d8:9e:0c:c0:e6:cc:e6:6d:
59:20:c1:ac:b7:95:c9:53:2b:7c:7d:fd:fa:ab:16:4d:3f:99:
85:a0:2e:dd:de:15:4b:40:bf:b4:c7:48:6a:c0:48:5c:88:f6:
32:d7:23:7f
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUTavlFnQqWNb0dom5LVQGiB8wH7YwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNjAyMjgwNjEwNTdaFw0yNjA1MjkyMzU5NTlaMHoxSTBHBgNV
BAUTQGJjNGE5OGMyMGNlMmYzN2I0ZDAyZTFjMzJhNzE4YTE0MTg0ODAzNTFmM2Fk
YzEwN2Q4MDVlZTRkNDU2NTQ1ODQxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAOz74cpVqxYIbsSILq2JIZm+0aUYJLu3PLWYZMA6/yxjGUtXuwpDi4N+9NhI
C8rhSlUJU+ef12UQh00mvvLP6w0jVPnfy4amUZcxjK/8EXwbPHw44bP6F7H0d4mX
PjbwlxdhbXKD61fWuTWML4RebzQu3Ln6WuEW3Z4Qjl28egcFJEBenI5bDLfa5bOP
bN5U7t5hdh3vpvuwc0qpXKZnNJjss6YhUT1L4CklZI2kPp4tsOcEL2wrb6D7SN9W
rOyokz1lttG81eZvvkZ7zXS7n4F+f4N1T6qt/LrzcyjwSWbT+codt+MKP41OawX7
SXprrngKYdgLOX4+/8Q/DqKxAW0CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBS5soE6
4w1/osiZn0AiBHRtwk/guTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NjBjNDk5YTgtZTQ3MC00YTc2LTkwOTUtMjBkODU1NGE0MjZhLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGAioF0BgM
MA0GCSqGSIb3DQEBCwUAA4IBAQA/J41jvgcLqPnlD9c8S92yD9Rsgk1ebHTYODzv
E0ehQbrG+sHQrbzB3bcFMTEvKJCHEe9uj8WnC46+cJ5lPeomMuvf17u3g4cY9zFk
zVF1ZepjR4ENwS8rIO4R8qrga8QMoR+icen63qoTPBldd5/6TseIjBOUNWEQspbY
0ak0SCt9PvoGirX8fCZxO1C08KSVfvkVvScliWm2XkovkTvR0U+7CCl1maD2jVpf
nla5NlHGc5Cdu3qy+QFeiz92+d02/R+qJY4G34lgpgw7Vjzo2J4MwObM5m1ZIMGs
t5XJUyt8ff36qxZNP5mFoC7d3hVLQL+0x0hqwEhciPYy1yN/
-----END CERTIFICATE-----
Generated at Sun Mar 1 21:49:08 2026 by rpki-client