Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/7d5bbe6e-da67-4af0-af12-c86f93a16721.roa
File: 7d5bbe6e-da67-4af0-af12-c86f93a16721.roa (raw, json)
Hash identifier: KBOBw7k9BqbwrHQvc+O5LN54BmWxBCgN2RU8g2TDU3c=
Subject key identifier: 2C:AF:A3:1F:D4:B9:7A:E4:68:6C:6E:2E:66:AB:40:E2:32:D4:55:DD
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 20601AB3B7E23A4D45E83731EF532089ECF66278
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/7d5bbe6e-da67-4af0-af12-c86f93a16721.roa
Signing time: Sat 28 Feb 2026 05:10:08 +0000
ROA not before: Sat 28 Feb 2026 05:10:08 +0000
ROA not after: Fri 29 May 2026 23:59:59 +0000
asID: 14618
IP address blocks: 2a05:d06f:6000::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 15:00:27 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
20:60:1a:b3:b7:e2:3a:4d:45:e8:37:31:ef:53:20:89:ec:f6:62:78
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Feb 28 05:10:08 2026 GMT
Not After : May 29 23:59:59 2026 GMT
Subject: serialNumber=f41df346b3b9ae889c879175b0f2c677a0b59615518966612712b3c5baa86795, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a5:b4:6e:85:15:d4:01:79:e8:4a:65:02:fb:75:
54:b3:1a:58:2d:a5:d4:e6:9e:dc:40:6e:52:93:4c:
2d:76:41:84:fe:22:8d:50:f0:71:88:dd:c7:39:99:
83:62:dd:b7:91:ad:6c:25:43:3f:a8:9d:71:8b:9b:
2b:97:12:37:7f:fb:c5:3d:09:44:98:95:17:dd:8f:
52:03:b1:9f:68:c7:8f:1f:a0:9e:97:b2:3c:c7:7f:
73:2e:25:71:f4:b4:3e:3d:46:79:23:63:2b:67:91:
dc:d3:32:55:63:eb:5c:f3:29:fd:74:13:e6:28:0e:
47:88:c9:e8:50:dc:ca:65:ab:a2:04:0d:c7:a5:df:
91:67:46:a7:0b:60:b4:3a:57:16:57:0a:01:59:8a:
ec:72:19:da:93:68:0c:c1:be:df:df:8b:0e:9e:33:
be:ea:b0:a9:3a:c7:ed:99:9c:ee:31:08:c4:37:8a:
e3:10:32:2d:a2:30:d8:3b:37:3d:e9:3d:bb:cf:12:
c0:6e:db:e6:0a:ed:95:12:5c:17:83:88:75:fd:10:
e6:37:69:c8:cc:15:83:94:4e:09:c2:e9:20:eb:15:
fe:3a:93:e9:4d:c9:b2:44:04:f0:b4:f7:c4:29:47:
45:14:12:4a:d5:79:f7:6d:55:d6:33:1d:d3:fa:46:
e7:eb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2C:AF:A3:1F:D4:B9:7A:E4:68:6C:6E:2E:66:AB:40:E2:32:D4:55:DD
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/7d5bbe6e-da67-4af0-af12-c86f93a16721.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d06f:6000::/40
Signature Algorithm: sha256WithRSAEncryption
1d:37:1f:cc:15:c3:51:cd:3a:15:df:76:69:82:23:fd:9f:1a:
50:82:17:0c:94:3a:4b:f7:96:7f:e9:24:0a:c0:34:2b:4d:c1:
4b:9a:ab:44:3c:7d:42:27:60:4a:01:75:5e:37:f0:9d:1c:22:
db:8b:04:7a:2a:12:2f:62:08:71:48:ca:78:c9:e8:77:17:04:
df:a1:6c:71:7b:8f:bd:bc:4c:1f:9f:0d:d2:5b:bb:84:70:2e:
53:b4:ff:e4:e3:5d:72:ec:ed:28:66:ad:72:5e:30:fa:87:14:
fb:b2:57:20:31:63:3c:4d:e0:d9:7e:79:5e:0c:15:b0:9c:02:
1b:fd:0e:6a:3f:fd:9a:61:25:de:0f:42:70:c3:0e:92:a6:13:
69:4e:9e:79:4c:06:dc:66:fe:66:7d:a4:cb:54:fc:20:9b:62:
5b:b6:b0:7a:a0:58:6f:0d:b9:f8:1d:44:5e:d9:45:3f:31:b8:
b0:93:9e:be:ef:80:d0:11:72:ec:ae:be:1d:51:1d:51:5b:87:
3b:d4:24:68:e5:95:ee:30:da:ba:ed:80:1e:fe:d2:d2:38:ea:
ae:19:2c:d6:75:8c:5e:50:f7:4e:fc:db:f2:20:fc:e5:75:67:
ac:bd:aa:19:36:38:05:60:df:0a:84:aa:5f:0d:8a:cd:6e:b7:
79:d6:b3:23
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUIGAas7fiOk1F6Dcx71Mgiez2YngwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNjAyMjgwNTEwMDhaFw0yNjA1MjkyMzU5NTlaMHoxSTBHBgNV
BAUTQGY0MWRmMzQ2YjNiOWFlODg5Yzg3OTE3NWIwZjJjNjc3YTBiNTk2MTU1MTg5
NjY2MTI3MTJiM2M1YmFhODY3OTUxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKW0boUV1AF56EplAvt1VLMaWC2l1Oae3EBuUpNMLXZBhP4ijVDwcYjdxzmZ
g2Ldt5GtbCVDP6idcYubK5cSN3/7xT0JRJiVF92PUgOxn2jHjx+gnpeyPMd/cy4l
cfS0Pj1GeSNjK2eR3NMyVWPrXPMp/XQT5igOR4jJ6FDcymWrogQNx6XfkWdGpwtg
tDpXFlcKAVmK7HIZ2pNoDMG+39+LDp4zvuqwqTrH7Zmc7jEIxDeK4xAyLaIw2Ds3
Pek9u88SwG7b5grtlRJcF4OIdf0Q5jdpyMwVg5ROCcLpIOsV/jqT6U3JskQE8LT3
xClHRRQSStV5921V1jMd0/pG5+sCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBQsr6Mf
1Ll65Ghsbi5mq0DiMtRV3TAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
N2Q1YmJlNmUtZGE2Ny00YWYwLWFmMTItYzg2ZjkzYTE2NzIxLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0G9g
MA0GCSqGSIb3DQEBCwUAA4IBAQAdNx/MFcNRzToV33ZpgiP9nxpQghcMlDpL95Z/
6SQKwDQrTcFLmqtEPH1CJ2BKAXVeN/CdHCLbiwR6KhIvYghxSMp4yeh3FwTfoWxx
e4+9vEwfnw3SW7uEcC5TtP/k411y7O0oZq1yXjD6hxT7slcgMWM8TeDZfnleDBWw
nAIb/Q5qP/2aYSXeD0Jwww6SphNpTp55TAbcZv5mfaTLVPwgm2JbtrB6oFhvDbn4
HURe2UU/Mbiwk56+74DQEXLsrr4dUR1RW4c71CRo5ZXuMNq67YAe/tLSOOquGSzW
dYxeUPdO/NvyIPzldWesvaoZNjgFYN8KhKpfDYrNbrd51rMj
-----END CERTIFICATE-----
Generated at Sun Mar 1 21:52:12 2026 by rpki-client