Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/787a0cca-ea85-49b8-8c0b-bef4512620de.roa
File: 787a0cca-ea85-49b8-8c0b-bef4512620de.roa (raw, json)
Hash identifier: W19KCNWAb8UzWAlu0DGCKrC97kN2EUNnW63hh550qDI=
Subject key identifier: 4D:AD:EC:32:3E:2C:A2:DC:46:26:07:99:6C:BD:0A:7B:F8:4A:4B:C6
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 2A3287AC693AEBE59910317AAC22980434DACEC7
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/787a0cca-ea85-49b8-8c0b-bef4512620de.roa
Signing time: Tue 17 Feb 2026 03:00:09 +0000
ROA not before: Tue 17 Feb 2026 03:00:09 +0000
ROA not after: Mon 18 May 2026 23:59:59 +0000
asID: 14618
IP address blocks: 2a05:d074:9000::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 15:00:27 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
2a:32:87:ac:69:3a:eb:e5:99:10:31:7a:ac:22:98:04:34:da:ce:c7
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Feb 17 03:00:09 2026 GMT
Not After : May 18 23:59:59 2026 GMT
Subject: serialNumber=accc6758c3c0dd1f259a55d5ea47efbe2329bacaa484340a5f43a6ec299ea403, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c0:70:57:9d:8d:f7:d0:8f:79:9a:f5:0f:8e:eb:
e9:ad:85:4b:b4:a4:2b:98:3f:02:12:7d:2d:a6:c4:
9d:6a:fa:1b:24:fb:6d:7b:52:c4:d3:30:bb:88:86:
31:ba:c7:c8:63:e2:1f:88:44:b9:43:81:d0:d3:17:
6c:78:f8:26:45:44:43:a0:72:86:22:f3:fd:44:9e:
8b:0c:1e:c9:bf:d7:a3:e9:e3:29:d2:06:4a:f9:d1:
2f:bd:ba:59:86:af:fd:c7:0a:96:85:81:0f:a3:20:
0b:82:92:18:62:eb:63:dc:95:db:61:d0:c5:7f:20:
95:0b:0c:b4:44:92:91:74:e0:82:68:0b:2e:b0:07:
76:40:84:12:5f:27:d8:2e:aa:1c:1b:5f:15:ec:98:
18:8e:c7:40:11:fe:ca:90:91:45:d3:bf:97:c6:5a:
b6:2c:55:d7:cd:37:50:21:5e:c5:33:b9:85:39:bb:
93:cc:2c:fe:91:4f:c8:ae:0e:99:80:4c:ff:6c:ce:
c3:14:ef:b8:a8:32:10:3f:62:4f:89:2d:4c:72:b6:
a9:da:06:95:f5:e2:58:42:a8:5c:98:03:8d:22:81:
75:79:16:56:80:ff:9c:26:21:61:c4:23:2d:6d:87:
09:bc:53:76:6f:c8:cd:bd:d7:aa:2b:28:88:be:af:
55:c1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4D:AD:EC:32:3E:2C:A2:DC:46:26:07:99:6C:BD:0A:7B:F8:4A:4B:C6
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/787a0cca-ea85-49b8-8c0b-bef4512620de.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d074:9000::/40
Signature Algorithm: sha256WithRSAEncryption
b9:97:8b:8d:8b:30:9c:62:05:a5:1e:67:cf:9f:09:e0:a1:6c:
0c:4f:c3:49:78:e8:47:d6:15:4d:fe:e3:d4:16:92:7f:ec:dd:
ca:80:09:20:36:e5:c1:49:02:cb:6b:c2:dc:8e:85:a4:6b:8f:
2b:48:b6:75:40:70:25:2a:14:2b:be:f9:3f:59:e0:c3:90:94:
ee:38:34:c4:10:88:2b:41:f5:0c:11:4e:27:f0:54:2b:7e:78:
c5:8c:3f:74:51:16:59:50:c8:75:e6:ea:7d:7d:07:ea:99:2c:
6a:b1:6c:3d:99:07:4c:e1:a8:64:71:b0:0c:28:3a:b7:a7:10:
e0:d0:82:72:03:22:43:e9:4f:39:da:26:6d:87:68:0d:b9:37:
20:61:58:e0:50:26:50:d1:9e:4a:e3:76:ba:54:9f:bd:78:6c:
dd:a4:c2:09:d2:d8:ed:92:1f:39:13:65:f6:28:ce:f3:6f:c6:
61:d6:b0:f5:5a:f3:75:49:e5:2d:39:25:e8:c3:3e:3c:04:5f:
68:f6:77:25:41:56:b4:18:32:1e:9f:17:de:62:1f:78:8a:45:
60:48:48:17:06:c2:5c:bb:9d:c3:82:53:68:fa:d1:a8:16:ea:
b2:ee:62:c6:6e:38:74:db:6e:57:7c:4d:86:d2:df:ba:df:9a:
fc:c1:9b:d3
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUKjKHrGk66+WZEDF6rCKYBDTazscwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNjAyMTcwMzAwMDlaFw0yNjA1MTgyMzU5NTlaMHoxSTBHBgNV
BAUTQGFjY2M2NzU4YzNjMGRkMWYyNTlhNTVkNWVhNDdlZmJlMjMyOWJhY2FhNDg0
MzQwYTVmNDNhNmVjMjk5ZWE0MDMxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMBwV52N99CPeZr1D47r6a2FS7SkK5g/AhJ9LabEnWr6GyT7bXtSxNMwu4iG
MbrHyGPiH4hEuUOB0NMXbHj4JkVEQ6ByhiLz/USeiwweyb/Xo+njKdIGSvnRL726
WYav/ccKloWBD6MgC4KSGGLrY9yV22HQxX8glQsMtESSkXTggmgLLrAHdkCEEl8n
2C6qHBtfFeyYGI7HQBH+ypCRRdO/l8ZatixV1803UCFexTO5hTm7k8ws/pFPyK4O
mYBM/2zOwxTvuKgyED9iT4ktTHK2qdoGlfXiWEKoXJgDjSKBdXkWVoD/nCYhYcQj
LW2HCbxTdm/Izb3XqisoiL6vVcECAwEAAaOCAiMwggIfMB0GA1UdDgQWBBRNrewy
Piyi3EYmB5lsvQp7+EpLxjAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
Nzg3YTBjY2EtZWE4NS00OWI4LThjMGItYmVmNDUxMjYyMGRlLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0HSQ
MA0GCSqGSIb3DQEBCwUAA4IBAQC5l4uNizCcYgWlHmfPnwngoWwMT8NJeOhH1hVN
/uPUFpJ/7N3KgAkgNuXBSQLLa8LcjoWka48rSLZ1QHAlKhQrvvk/WeDDkJTuODTE
EIgrQfUMEU4n8FQrfnjFjD90URZZUMh15up9fQfqmSxqsWw9mQdM4ahkcbAMKDq3
pxDg0IJyAyJD6U852iZth2gNuTcgYVjgUCZQ0Z5K43a6VJ+9eGzdpMIJ0tjtkh85
E2X2KM7zb8Zh1rD1WvN1SeUtOSXowz48BF9o9nclQVa0GDIenxfeYh94ikVgSEgX
BsJcu53DglNo+tGoFuqy7mLGbjh0225XfE2G0t+635r8wZvT
-----END CERTIFICATE-----
Generated at Sun Mar 1 23:36:35 2026 by rpki-client