Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/8aeef071-ad76-436d-a059-ad727b09eb3b.roa
File: 8aeef071-ad76-436d-a059-ad727b09eb3b.roa (raw, json)
Hash identifier: u5ZLTO1cxGazVnUD2RXICo+LtCthig5YncOdpgRDpIE=
Subject key identifier: 70:BC:66:B0:75:85:54:2E:42:14:6A:6D:84:F3:0E:48:FB:33:DF:C7
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 7BC1081303CAC5C8982D88CE6C6A8376DB3C638E
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/8aeef071-ad76-436d-a059-ad727b09eb3b.roa
Signing time: Sat 28 Feb 2026 06:10:10 +0000
ROA not before: Sat 28 Feb 2026 06:10:10 +0000
ROA not after: Fri 29 May 2026 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d038:2000::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 15:00:27 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
7b:c1:08:13:03:ca:c5:c8:98:2d:88:ce:6c:6a:83:76:db:3c:63:8e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Feb 28 06:10:10 2026 GMT
Not After : May 29 23:59:59 2026 GMT
Subject: serialNumber=3ea9b3d5419e4c10f10833d454a7b1e1f641d02c0036573fde4a7f333e5a6095, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b2:a8:65:a6:2e:12:37:53:1a:aa:5d:36:c1:eb:
fd:86:60:e0:51:a4:6b:3c:cd:22:3c:48:de:d1:38:
b4:4e:ad:15:52:f9:1e:19:36:b0:e7:58:79:31:26:
65:8c:32:c6:31:b2:56:53:95:2f:f0:b7:6d:dc:94:
61:68:09:e0:9f:34:31:ec:34:bd:1d:63:d2:87:f9:
7c:d4:a4:56:99:14:e7:4b:dd:18:c7:ab:d4:e4:87:
25:54:c3:4e:48:b6:7a:c0:88:e3:d8:1c:53:b1:a8:
14:05:14:a1:7c:f2:d7:8f:63:87:d4:9a:ab:f0:e5:
d8:ed:92:30:da:91:1c:fa:bb:4e:ad:e3:7e:7b:3c:
82:b3:2d:66:dc:36:3b:2e:c8:49:a2:18:24:cf:df:
01:24:7d:77:12:5b:f8:d2:f9:24:aa:3c:f6:3d:3d:
db:cf:0b:85:3f:19:40:1a:97:69:9a:ca:83:e1:84:
b3:be:43:d1:03:46:dd:53:d1:a5:80:6e:82:2f:ad:
6e:a5:47:7b:a2:e3:92:83:02:11:1a:0f:98:e8:2f:
1e:8b:cf:4c:c4:f2:57:1f:43:10:f8:ea:87:45:d6:
7f:24:cb:6b:d0:76:a3:83:d3:14:71:55:37:af:02:
21:fc:74:7d:fd:4b:b6:3d:a8:bf:92:0b:13:20:ae:
87:f9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
70:BC:66:B0:75:85:54:2E:42:14:6A:6D:84:F3:0E:48:FB:33:DF:C7
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/8aeef071-ad76-436d-a059-ad727b09eb3b.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d038:2000::/40
Signature Algorithm: sha256WithRSAEncryption
19:c3:7c:26:7d:66:61:41:3f:95:b3:ca:1d:53:01:b4:00:db:
f5:8e:ec:95:ee:4f:d7:23:18:97:a3:41:db:70:75:5b:de:51:
71:c3:14:b7:d3:f0:2f:97:cf:20:17:32:6e:9c:54:ff:35:9d:
02:cf:9e:7a:61:59:99:67:37:bd:c3:56:6e:26:a4:16:ea:83:
77:33:1c:cd:56:a1:3d:09:40:bb:bc:48:5c:1e:5d:27:19:20:
bb:51:e1:ef:45:13:46:3d:cf:15:38:85:7c:b8:e3:cf:fd:db:
6c:49:f6:ce:9d:43:49:be:4d:06:d9:45:35:80:34:c6:89:d8:
fd:08:0e:80:9d:bc:f8:c7:f4:fd:f7:d7:5a:50:c5:7a:1b:f9:
df:f4:9a:7f:95:90:e9:d8:1b:80:e9:cb:36:0e:ed:75:9f:75:
87:3a:30:2b:35:ea:c3:8e:e8:2a:d2:a7:17:17:e5:56:d6:71:
84:9e:54:eb:67:02:1d:6d:a7:27:f4:9c:65:36:49:51:28:38:
29:41:e0:c9:65:52:01:5a:1a:a2:eb:07:a8:38:8f:94:4b:47:
07:e9:b7:92:f4:c3:eb:f9:9c:0c:8f:b5:06:45:67:4c:d6:15:
3f:15:8e:a7:e5:bd:98:90:ab:0c:14:49:ce:f1:cc:df:42:da:
7f:24:47:7f
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUe8EIEwPKxciYLYjObGqDdts8Y44wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNjAyMjgwNjEwMTBaFw0yNjA1MjkyMzU5NTlaMHoxSTBHBgNV
BAUTQDNlYTliM2Q1NDE5ZTRjMTBmMTA4MzNkNDU0YTdiMWUxZjY0MWQwMmMwMDM2
NTczZmRlNGE3ZjMzM2U1YTYwOTUxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALKoZaYuEjdTGqpdNsHr/YZg4FGkazzNIjxI3tE4tE6tFVL5Hhk2sOdYeTEm
ZYwyxjGyVlOVL/C3bdyUYWgJ4J80Mew0vR1j0of5fNSkVpkU50vdGMer1OSHJVTD
Tki2esCI49gcU7GoFAUUoXzy149jh9Saq/Dl2O2SMNqRHPq7Tq3jfns8grMtZtw2
Oy7ISaIYJM/fASR9dxJb+NL5JKo89j09288LhT8ZQBqXaZrKg+GEs75D0QNG3VPR
pYBugi+tbqVHe6LjkoMCERoPmOgvHovPTMTyVx9DEPjqh0XWfyTLa9B2o4PTFHFV
N68CIfx0ff1Ltj2ov5ILEyCuh/kCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBRwvGaw
dYVULkIUam2E8w5I+zPfxzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
OGFlZWYwNzEtYWQ3Ni00MzZkLWEwNTktYWQ3MjdiMDllYjNiLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0Dgg
MA0GCSqGSIb3DQEBCwUAA4IBAQAZw3wmfWZhQT+Vs8odUwG0ANv1juyV7k/XIxiX
o0HbcHVb3lFxwxS30/Avl88gFzJunFT/NZ0Cz556YVmZZze9w1ZuJqQW6oN3MxzN
VqE9CUC7vEhcHl0nGSC7UeHvRRNGPc8VOIV8uOPP/dtsSfbOnUNJvk0G2UU1gDTG
idj9CA6Anbz4x/T999daUMV6G/nf9Jp/lZDp2BuA6cs2Du11n3WHOjArNerDjugq
0qcXF+VW1nGEnlTrZwIdbacn9JxlNklRKDgpQeDJZVIBWhqi6weoOI+US0cH6beS
9MPr+ZwMj7UGRWdM1hU/FY6n5b2YkKsMFEnO8czfQtp/JEd/
-----END CERTIFICATE-----
Generated at Sun Mar 1 21:46:26 2026 by rpki-client