Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/72c1c04d-5c77-431c-825c-1633fac1964d.roa
File: 72c1c04d-5c77-431c-825c-1633fac1964d.roa (raw, json)
Hash identifier: B3SrJHnPz7IC5be7dY5TFGIOj4twR1alXKKlmveGglQ=
Subject key identifier: BE:FB:C3:4F:83:31:E0:DE:B6:D4:FA:DD:F2:03:07:B2:33:38:D9:93
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 106C29AE481CE90BBB08D6BDD7F469B24168CC0D
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/72c1c04d-5c77-431c-825c-1633fac1964d.roa
Signing time: Sat 28 Feb 2026 06:30:09 +0000
ROA not before: Sat 28 Feb 2026 06:30:09 +0000
ROA not after: Fri 29 May 2026 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d07f:8030::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 03 Mar 2026 00:00:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
10:6c:29:ae:48:1c:e9:0b:bb:08:d6:bd:d7:f4:69:b2:41:68:cc:0d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Feb 28 06:30:09 2026 GMT
Not After : May 29 23:59:59 2026 GMT
Subject: serialNumber=23094085edec724a3c9433e79b038833433010366ba13bef47b92455cd0d4160, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cd:b0:6e:7b:31:b9:c3:f1:c9:de:72:5e:21:c6:
4a:77:b8:b6:d2:7b:61:46:30:e2:88:88:2a:b6:53:
d7:2f:54:a3:e9:7f:51:22:c1:dc:37:a8:a3:2e:d2:
a8:b2:d0:0a:83:7d:3a:36:be:ad:25:72:18:60:98:
72:36:6b:88:17:c6:54:a1:c7:a9:1b:6d:24:4c:66:
51:ca:76:13:e3:2c:d5:f8:87:06:e8:b7:b0:1c:ee:
37:70:9c:fc:ed:44:c2:de:46:27:29:f5:ee:2d:61:
26:a2:d1:ba:cb:78:12:b1:b0:86:05:33:6c:c9:4b:
08:26:fc:cc:cd:b2:2c:71:da:c6:32:be:e2:28:fd:
44:f0:3b:60:f0:6d:19:7d:22:7a:f0:0e:ad:53:59:
d6:1b:ff:85:74:95:b2:f0:a1:55:bf:6b:00:25:0e:
a0:d5:2f:ca:08:ec:78:48:d3:34:26:e9:ad:86:f8:
88:7a:ea:f7:3a:81:59:f0:b9:ba:f8:02:63:db:f1:
5d:fb:b3:aa:21:87:a8:66:a3:f8:ba:0a:a3:db:56:
62:35:65:53:d8:bc:1b:50:63:63:ea:f6:01:e3:1b:
50:72:3e:40:04:93:53:84:4c:c0:66:a1:f9:73:59:
3d:6a:8e:b0:66:ca:1d:49:c1:c9:b2:a5:b7:e9:f8:
86:0b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BE:FB:C3:4F:83:31:E0:DE:B6:D4:FA:DD:F2:03:07:B2:33:38:D9:93
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/72c1c04d-5c77-431c-825c-1633fac1964d.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d07f:8030::/48
Signature Algorithm: sha256WithRSAEncryption
b3:e1:22:75:92:db:f2:46:95:07:ab:1e:0b:12:85:c5:f1:7d:
3b:42:6d:c6:be:6d:97:f9:f2:d1:6f:b9:85:fd:05:42:4a:eb:
60:fb:e1:21:cb:9b:42:5d:fd:b2:b1:a9:e8:1f:93:44:98:57:
57:b5:dc:c8:a9:a4:91:02:0c:41:d6:f0:19:8e:e6:03:26:ef:
89:3f:ae:94:b1:78:14:be:8b:85:76:aa:af:70:f4:67:f4:1c:
a5:e1:93:18:58:f5:75:98:a0:67:82:a7:e4:3e:3e:d7:be:17:
7a:fb:31:56:61:99:89:8a:5f:90:bb:79:8c:37:d7:1c:f5:be:
17:35:bd:72:40:29:10:b5:90:f3:42:c2:d8:1b:56:03:86:34:
69:dd:f7:f6:96:7e:b3:39:2c:f8:5f:9d:58:0b:8b:da:ad:e1:
24:21:b6:52:7d:a7:9f:69:e1:ec:c3:ec:c7:9b:6c:af:e9:19:
f2:3f:9f:37:5f:06:9a:db:19:e8:87:51:1f:2b:be:29:4d:cb:
7b:ef:55:13:66:23:69:7a:9a:81:d5:9c:5d:46:ef:2f:2e:e5:
a3:a8:40:b3:fb:f2:21:94:49:90:72:0e:7e:24:ea:8d:e9:b7:
7b:14:ee:80:4b:89:ea:5c:69:d0:b0:aa:ca:97:ba:52:9a:4a:
19:40:a0:e0
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUEGwprkgc6Qu7CNa91/RpskFozA0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNjAyMjgwNjMwMDlaFw0yNjA1MjkyMzU5NTlaMHoxSTBHBgNV
BAUTQDIzMDk0MDg1ZWRlYzcyNGEzYzk0MzNlNzliMDM4ODMzNDMzMDEwMzY2YmEx
M2JlZjQ3YjkyNDU1Y2QwZDQxNjAxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAM2wbnsxucPxyd5yXiHGSne4ttJ7YUYw4oiIKrZT1y9Uo+l/USLB3Deooy7S
qLLQCoN9Oja+rSVyGGCYcjZriBfGVKHHqRttJExmUcp2E+Ms1fiHBui3sBzuN3Cc
/O1Ewt5GJyn17i1hJqLRust4ErGwhgUzbMlLCCb8zM2yLHHaxjK+4ij9RPA7YPBt
GX0ievAOrVNZ1hv/hXSVsvChVb9rACUOoNUvygjseEjTNCbprYb4iHrq9zqBWfC5
uvgCY9vxXfuzqiGHqGaj+LoKo9tWYjVlU9i8G1BjY+r2AeMbUHI+QASTU4RMwGah
+XNZPWqOsGbKHUnBybKlt+n4hgsCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBS++8NP
gzHg3rbU+t3yAweyMzjZkzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NzJjMWMwNGQtNWM3Ny00MzFjLTgyNWMtMTYzM2ZhYzE5NjRkLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0H+A
MDANBgkqhkiG9w0BAQsFAAOCAQEAs+EidZLb8kaVB6seCxKFxfF9O0Jtxr5tl/ny
0W+5hf0FQkrrYPvhIcubQl39srGp6B+TRJhXV7XcyKmkkQIMQdbwGY7mAybviT+u
lLF4FL6LhXaqr3D0Z/QcpeGTGFj1dZigZ4Kn5D4+174XevsxVmGZiYpfkLt5jDfX
HPW+FzW9ckApELWQ80LC2BtWA4Y0ad339pZ+szks+F+dWAuL2q3hJCG2Un2nn2nh
7MPsx5tsr+kZ8j+fN18GmtsZ6IdRHyu+KU3Le+9VE2YjaXqagdWcXUbvLy7lo6hA
s/vyIZRJkHIOfiTqjem3exTugEuJ6lxp0LCqype6UppKGUCg4A==
-----END CERTIFICATE-----
Generated at Mon Mar 2 11:15:49 2026 by rpki-client