Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/8a06e909-5227-47d9-a58c-be623a2a4cad.roa
File: 8a06e909-5227-47d9-a58c-be623a2a4cad.roa (raw, json)
Hash identifier: sZn1/8Xmy5eKNJ16dy5QN5dXLoBSvovqbUef/C3/RKU=
Subject key identifier: B4:F6:89:57:6A:D7:69:99:04:4E:A2:62:6E:D5:D1:A1:8F:09:97:7A
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 24FB79889A8C28F6BE9E34645D14AC6B2B5E58D2
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/8a06e909-5227-47d9-a58c-be623a2a4cad.roa
Signing time: Sat 28 Feb 2026 06:10:58 +0000
ROA not before: Sat 28 Feb 2026 06:10:58 +0000
ROA not after: Fri 29 May 2026 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d058:4000::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 18:00:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
24:fb:79:88:9a:8c:28:f6:be:9e:34:64:5d:14:ac:6b:2b:5e:58:d2
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Feb 28 06:10:58 2026 GMT
Not After : May 29 23:59:59 2026 GMT
Subject: serialNumber=c5caf8e1f2a49508a4ac69d86de8c263a1ee545fa974b56de1a6128d95f5115c, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b6:11:c3:cf:a1:89:f9:32:69:9f:0b:1a:02:29:
d5:99:64:c7:c3:89:d7:d3:24:eb:94:43:9b:7a:20:
e1:e0:e9:09:ad:d6:26:c8:a8:18:db:4c:bd:2f:ad:
3b:37:f3:b5:b5:39:c4:bd:b2:46:1c:89:aa:39:6a:
61:50:99:d4:1d:43:16:f2:9d:1d:51:68:a0:aa:1b:
94:aa:b0:0c:a8:63:8e:c1:73:d7:6e:f4:a4:7e:92:
95:9d:c7:8a:92:80:6a:21:aa:c7:37:65:d6:4a:88:
b1:8c:e2:57:9c:fa:7e:3f:58:b3:7c:c0:e6:ec:1c:
a9:e2:3f:5d:36:0f:a5:29:9c:93:be:03:86:cb:ba:
fc:67:7d:16:06:78:9b:be:10:b1:8e:af:58:0a:f6:
e0:95:3e:11:30:69:57:b7:44:12:d8:bf:a8:39:28:
a0:86:c7:31:39:d6:61:10:48:c7:f2:35:64:32:64:
ee:40:3e:fb:86:24:69:07:36:54:5d:d6:f6:d8:68:
09:f0:d5:ad:1b:46:26:d7:bc:bd:0f:b5:a0:b8:58:
d3:aa:31:77:e9:9e:12:9f:50:e3:ea:03:59:34:ba:
e8:4b:5e:09:33:94:8f:fe:c1:17:80:ff:de:9e:00:
51:d8:a7:13:31:34:0d:29:0d:1e:ae:b0:31:2c:27:
cc:73
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B4:F6:89:57:6A:D7:69:99:04:4E:A2:62:6E:D5:D1:A1:8F:09:97:7A
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/8a06e909-5227-47d9-a58c-be623a2a4cad.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d058:4000::/40
Signature Algorithm: sha256WithRSAEncryption
7d:6f:97:1e:39:26:9e:95:4e:05:eb:76:a5:42:91:ff:ef:c7:
e4:e2:91:62:c1:70:a7:fe:cc:51:66:2d:85:21:7e:ad:22:38:
e8:bf:46:4b:9d:fe:1a:9e:3a:03:d4:38:97:7d:43:28:2c:cc:
71:6b:e8:42:9f:6a:72:72:58:49:f3:93:97:1e:4f:27:29:da:
83:ce:32:92:76:42:39:66:9b:29:39:6f:2d:0a:d2:24:3a:54:
a9:bf:15:c3:a1:10:7c:96:f0:7b:a7:07:1e:b3:f4:0a:01:56:
02:f4:26:3d:68:76:85:a9:96:f9:82:4e:ae:38:97:ef:79:a7:
92:51:fb:ff:a3:36:3a:db:94:3f:32:46:d4:93:b8:80:4f:63:
c4:74:79:fa:0e:3e:d7:54:12:4d:a6:8b:b7:48:ad:55:50:9d:
a3:72:16:7e:51:8b:fd:71:10:21:c6:48:36:2e:aa:9a:36:97:
ba:fb:41:8a:ad:a8:9b:84:b0:59:76:8b:c2:8f:25:9f:23:1e:
ae:98:51:c7:ff:8b:07:d7:85:6f:9b:c1:e1:d4:06:2e:70:01:
03:d2:2e:3e:02:6c:7e:aa:0b:b2:22:d0:51:f4:0d:0d:ef:1c:
e8:b2:98:74:38:2d:a5:1a:c9:df:f9:19:a2:c4:12:49:ab:92:
0c:4d:8c:e8
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUJPt5iJqMKPa+njRkXRSsayteWNIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNjAyMjgwNjEwNThaFw0yNjA1MjkyMzU5NTlaMHoxSTBHBgNV
BAUTQGM1Y2FmOGUxZjJhNDk1MDhhNGFjNjlkODZkZThjMjYzYTFlZTU0NWZhOTc0
YjU2ZGUxYTYxMjhkOTVmNTExNWMxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALYRw8+hifkyaZ8LGgIp1Zlkx8OJ19Mk65RDm3og4eDpCa3WJsioGNtMvS+t
OzfztbU5xL2yRhyJqjlqYVCZ1B1DFvKdHVFooKoblKqwDKhjjsFz1270pH6SlZ3H
ipKAaiGqxzdl1kqIsYziV5z6fj9Ys3zA5uwcqeI/XTYPpSmck74Dhsu6/Gd9FgZ4
m74QsY6vWAr24JU+ETBpV7dEEti/qDkooIbHMTnWYRBIx/I1ZDJk7kA++4YkaQc2
VF3W9thoCfDVrRtGJte8vQ+1oLhY06oxd+meEp9Q4+oDWTS66EteCTOUj/7BF4D/
3p4AUdinEzE0DSkNHq6wMSwnzHMCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBS09olX
atdpmQROomJu1dGhjwmXejAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
OGEwNmU5MDktNTIyNy00N2Q5LWE1OGMtYmU2MjNhMmE0Y2FkLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0FhA
MA0GCSqGSIb3DQEBCwUAA4IBAQB9b5ceOSaelU4F63alQpH/78fk4pFiwXCn/sxR
Zi2FIX6tIjjov0ZLnf4anjoD1DiXfUMoLMxxa+hCn2pyclhJ85OXHk8nKdqDzjKS
dkI5ZpspOW8tCtIkOlSpvxXDoRB8lvB7pwces/QKAVYC9CY9aHaFqZb5gk6uOJfv
eaeSUfv/ozY625Q/MkbUk7iAT2PEdHn6Dj7XVBJNpou3SK1VUJ2jchZ+UYv9cRAh
xkg2LqqaNpe6+0GKraibhLBZdovCjyWfIx6umFHH/4sH14Vvm8Hh1AYucAED0i4+
Amx+qguyItBR9A0N7xzosph0OC2lGsnf+RmixBJJq5IMTYzo
-----END CERTIFICATE-----
Generated at Mon Mar 2 04:27:31 2026 by rpki-client