Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/68f2af14-43e2-4447-a8a7-f8fe713e249e.roa
File: 68f2af14-43e2-4447-a8a7-f8fe713e249e.roa (raw, json)
Hash identifier: knNVEJabmHCIyObMCqwEFQadN9jDm46Wa4Gmf/IO5ew=
Subject key identifier: E0:DE:D4:00:BE:33:4C:D0:C5:82:04:B0:0F:B0:C9:D6:AB:98:A1:83
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 38E3CE93D57AC11772A2E6404D79CA52F0148EC1
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/68f2af14-43e2-4447-a8a7-f8fe713e249e.roa
Signing time: Fri 06 Feb 2026 00:40:10 +0000
ROA not before: Fri 06 Feb 2026 00:40:10 +0000
ROA not after: Thu 07 May 2026 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d01f:800::/37 maxlen: 37
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 15:00:27 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
38:e3:ce:93:d5:7a:c1:17:72:a2:e6:40:4d:79:ca:52:f0:14:8e:c1
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Feb 6 00:40:10 2026 GMT
Not After : May 7 23:59:59 2026 GMT
Subject: serialNumber=fdbc75b62216b72dccf12d554a8a467b24536be208574bc9fab084aaef0e788c, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d7:2d:e2:86:6b:90:23:17:78:3e:1f:ef:01:18:
af:f9:47:10:82:aa:00:dd:3b:d1:26:1c:d4:a2:bf:
8f:64:cb:c4:ad:b4:5a:00:f3:60:97:c1:98:28:c1:
b1:58:e2:42:c0:8d:8d:bf:ca:6f:ae:d8:22:d6:9e:
30:5c:bf:df:85:e8:54:26:19:e8:b7:78:94:92:f0:
82:f3:16:d7:9b:54:45:1b:93:e2:f8:51:97:18:ff:
0e:6f:9b:6d:f5:ba:6b:d6:84:89:68:23:1a:f7:52:
54:bc:43:9f:5a:9a:41:7a:61:89:bd:ae:80:7e:b1:
9f:2f:12:e7:1f:51:26:eb:c2:3f:19:32:f0:4a:f1:
4c:77:2f:8a:d7:25:aa:99:c4:1a:21:fe:6f:4b:be:
af:20:ae:7a:11:be:e6:a2:9d:ed:27:b9:ea:8b:38:
1f:0e:a0:05:c3:38:ab:5d:df:5a:13:84:b2:80:1c:
70:1c:9e:35:29:a2:8f:65:92:b5:d1:99:e9:0a:28:
03:20:de:4c:59:9f:b5:5f:a6:b7:6c:36:c6:5a:2e:
c8:b3:85:21:e0:73:e0:77:69:f0:2d:a7:f6:5b:63:
60:5a:5a:92:40:e3:27:84:09:51:6c:8b:c2:81:1b:
b4:c0:39:8b:56:74:69:d8:e7:4c:f8:b3:2d:23:ea:
54:25
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E0:DE:D4:00:BE:33:4C:D0:C5:82:04:B0:0F:B0:C9:D6:AB:98:A1:83
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/68f2af14-43e2-4447-a8a7-f8fe713e249e.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d01f:800::/37
Signature Algorithm: sha256WithRSAEncryption
c8:e4:ad:fb:3f:4e:cb:53:85:ef:2b:42:0c:16:5e:6e:c9:3f:
83:81:7a:29:39:6f:4f:f1:a6:e4:fd:e7:5e:55:62:58:e1:7a:
6d:ad:06:12:93:96:4f:47:ca:2a:6a:c1:c9:e0:66:41:00:1b:
f1:60:4f:88:92:68:1f:6c:97:53:92:e5:99:47:16:99:26:c4:
ef:93:cc:be:19:2c:27:e0:2c:3a:23:e8:f5:8e:4b:53:05:2f:
c4:de:68:d3:eb:13:13:e7:0c:25:41:4f:6b:5b:8a:96:77:22:
5b:25:cb:40:0c:bd:ef:c6:d8:70:b8:b1:d4:31:08:67:c5:58:
5c:e6:fa:1c:81:be:99:74:99:9f:2d:33:a6:f6:06:88:93:5a:
53:7a:4b:f7:ef:fc:f5:4e:8d:45:a2:c2:53:6c:20:99:35:28:
1a:45:25:93:5e:10:05:f1:74:63:be:25:96:0d:1a:17:d2:cb:
24:c0:9e:77:af:54:59:26:ff:71:86:f3:76:e6:6a:9f:35:c8:
84:de:a9:71:8f:fc:3e:55:a2:ce:8c:40:a6:72:b4:f0:0c:84:
d9:0a:f7:33:da:fa:97:87:c3:ba:97:e4:53:69:2a:1c:58:75:
ac:96:54:65:6d:1c:33:9e:7c:67:f2:ac:1d:52:fe:c4:50:d7:
c6:c8:6d:dc
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUOOPOk9V6wRdyouZATXnKUvAUjsEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNjAyMDYwMDQwMTBaFw0yNjA1MDcyMzU5NTlaMHoxSTBHBgNV
BAUTQGZkYmM3NWI2MjIxNmI3MmRjY2YxMmQ1NTRhOGE0NjdiMjQ1MzZiZTIwODU3
NGJjOWZhYjA4NGFhZWYwZTc4OGMxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANct4oZrkCMXeD4f7wEYr/lHEIKqAN070SYc1KK/j2TLxK20WgDzYJfBmCjB
sVjiQsCNjb/Kb67YItaeMFy/34XoVCYZ6Ld4lJLwgvMW15tURRuT4vhRlxj/Dm+b
bfW6a9aEiWgjGvdSVLxDn1qaQXphib2ugH6xny8S5x9RJuvCPxky8ErxTHcvitcl
qpnEGiH+b0u+ryCuehG+5qKd7Se56os4Hw6gBcM4q13fWhOEsoAccByeNSmij2WS
tdGZ6QooAyDeTFmftV+mt2w2xlouyLOFIeBz4Hdp8C2n9ltjYFpakkDjJ4QJUWyL
woEbtMA5i1Z0adjnTPizLSPqVCUCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBTg3tQA
vjNM0MWCBLAPsMnWq5ihgzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NjhmMmFmMTQtNDNlMi00NDQ3LWE4YTctZjhmZTcxM2UyNDllLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGAyoF0B8I
MA0GCSqGSIb3DQEBCwUAA4IBAQDI5K37P07LU4XvK0IMFl5uyT+DgXopOW9P8abk
/edeVWJY4XptrQYSk5ZPR8oqasHJ4GZBABvxYE+IkmgfbJdTkuWZRxaZJsTvk8y+
GSwn4Cw6I+j1jktTBS/E3mjT6xMT5wwlQU9rW4qWdyJbJctADL3vxthwuLHUMQhn
xVhc5vocgb6ZdJmfLTOm9gaIk1pTekv37/z1To1FosJTbCCZNSgaRSWTXhAF8XRj
viWWDRoX0sskwJ53r1RZJv9xhvN25mqfNciE3qlxj/w+VaLOjECmcrTwDITZCvcz
2vqXh8O6l+RTaSocWHWsllRlbRwznnxn8qwdUv7EUNfGyG3c
-----END CERTIFICATE-----
Generated at Sun Mar 1 21:58:27 2026 by rpki-client