Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/8b37c46d-5f10-445b-9772-1120143beab3.roa
File: 8b37c46d-5f10-445b-9772-1120143beab3.roa (raw, json)
Hash identifier: qBmlmrjdJFfute9r2Y+rlISsTSTy2G+pZ9bQGxUC+2Y=
Subject key identifier: C2:3A:6E:6E:1C:AC:21:6C:7D:F0:E9:4A:B1:3B:A6:10:7E:AC:6F:F4
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 7F52545E7B712782B9854C27EFCDD4394B27B5BB
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/8b37c46d-5f10-445b-9772-1120143beab3.roa
Signing time: Wed 11 Feb 2026 01:30:13 +0000
ROA not before: Wed 11 Feb 2026 01:30:13 +0000
ROA not after: Tue 12 May 2026 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d06a:9080::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 15:00:27 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
7f:52:54:5e:7b:71:27:82:b9:85:4c:27:ef:cd:d4:39:4b:27:b5:bb
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Feb 11 01:30:13 2026 GMT
Not After : May 12 23:59:59 2026 GMT
Subject: serialNumber=f09a6c7b993209cc71c2d7a025040e33bec92c4e0943d78d5faeb2a3ea73bf9a, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:87:c4:03:5d:be:a1:70:ea:85:c7:93:1b:42:94:
02:9a:9a:95:d1:f0:c6:88:79:fd:42:92:7a:10:41:
24:40:cf:81:84:95:6a:9e:8d:78:5e:d5:85:b8:b4:
9a:ea:d6:22:51:a5:51:5d:3f:33:47:11:2f:fb:1a:
09:76:c1:2b:7f:c8:75:64:43:6c:70:57:d5:37:94:
86:fb:08:13:4f:03:80:10:02:75:11:0f:fc:df:c7:
8f:2a:4a:15:c2:01:99:73:f2:19:4e:85:42:48:43:
14:77:0f:ea:ff:09:72:e6:39:13:0c:95:8f:41:43:
cb:50:be:9b:a7:94:ca:d0:4f:bb:fd:ec:19:e7:e4:
1a:97:9e:fb:ec:a6:55:41:7f:44:5c:ec:f7:91:a8:
96:e9:93:c8:ea:dc:f9:61:23:60:44:2c:f6:26:b0:
76:af:0e:31:f6:69:e6:75:a3:38:98:7c:0a:d6:8c:
d4:b4:6b:28:de:7c:14:b4:3c:55:7a:cc:28:eb:92:
36:bb:8c:7f:58:4c:97:47:07:44:6b:7f:f8:97:97:
c9:fe:53:72:bd:70:65:42:a5:bc:ab:d7:01:6f:3c:
dd:df:63:51:03:01:0d:df:71:e6:1d:ad:20:33:0c:
f1:5f:c2:54:77:11:c2:72:d1:46:3e:fe:47:ee:c3:
fe:fb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C2:3A:6E:6E:1C:AC:21:6C:7D:F0:E9:4A:B1:3B:A6:10:7E:AC:6F:F4
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/8b37c46d-5f10-445b-9772-1120143beab3.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d06a:9080::/48
Signature Algorithm: sha256WithRSAEncryption
b3:bb:05:74:ba:47:0b:bf:0a:08:d9:85:80:3c:38:6f:f0:56:
af:40:3a:26:12:f8:bd:e5:94:4a:b8:49:f5:eb:1c:f3:8b:8f:
34:26:78:ba:3b:af:b0:65:7c:5e:2a:ed:00:f3:4a:2b:7e:94:
08:32:d4:b9:c2:ff:16:36:de:94:55:a5:85:82:31:02:39:80:
5d:f4:7a:75:b0:b2:39:35:30:77:60:e9:1c:89:db:5a:b8:ee:
41:d9:63:64:94:21:0c:4e:e2:86:58:3f:bb:ab:1e:5d:c3:c6:
0b:54:47:6a:89:20:ca:e4:04:11:14:2d:b4:73:0c:23:d2:5c:
79:7b:6e:0a:ed:28:e6:ae:6c:db:bc:15:77:3e:1c:e1:f7:e6:
19:66:8b:15:e8:c8:75:83:65:6f:15:11:bd:65:fa:30:46:98:
a3:88:0f:c8:c1:4a:b9:c4:0a:c4:c4:e7:a1:28:41:7c:ef:28:
53:2f:5d:5c:99:dc:9f:b9:36:7a:14:c4:4b:76:ca:5c:74:be:
b2:3d:d0:82:21:a9:3c:75:08:fd:b9:d7:a9:7b:d9:f9:16:35:
62:ae:16:70:0f:4a:a9:d5:c0:7d:a2:1b:17:9f:e7:bf:87:6b:
28:39:36:e0:ec:08:e6:d6:4f:e6:89:32:40:4e:bc:05:13:00:
e5:3c:b7:28
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUf1JUXntxJ4K5hUwn783UOUsntbswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNjAyMTEwMTMwMTNaFw0yNjA1MTIyMzU5NTlaMHoxSTBHBgNV
BAUTQGYwOWE2YzdiOTkzMjA5Y2M3MWMyZDdhMDI1MDQwZTMzYmVjOTJjNGUwOTQz
ZDc4ZDVmYWViMmEzZWE3M2JmOWExLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAIfEA12+oXDqhceTG0KUApqaldHwxoh5/UKSehBBJEDPgYSVap6NeF7Vhbi0
murWIlGlUV0/M0cRL/saCXbBK3/IdWRDbHBX1TeUhvsIE08DgBACdREP/N/HjypK
FcIBmXPyGU6FQkhDFHcP6v8JcuY5EwyVj0FDy1C+m6eUytBPu/3sGefkGpee++ym
VUF/RFzs95GolumTyOrc+WEjYEQs9iawdq8OMfZp5nWjOJh8CtaM1LRrKN58FLQ8
VXrMKOuSNruMf1hMl0cHRGt/+JeXyf5Tcr1wZUKlvKvXAW883d9jUQMBDd9x5h2t
IDMM8V/CVHcRwnLRRj7+R+7D/vsCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBTCOm5u
HKwhbH3w6UqxO6YQfqxv9DAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
OGIzN2M0NmQtNWYxMC00NDViLTk3NzItMTEyMDE0M2JlYWIzLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0GqQ
gDANBgkqhkiG9w0BAQsFAAOCAQEAs7sFdLpHC78KCNmFgDw4b/BWr0A6JhL4veWU
SrhJ9esc84uPNCZ4ujuvsGV8XirtAPNKK36UCDLUucL/FjbelFWlhYIxAjmAXfR6
dbCyOTUwd2DpHInbWrjuQdljZJQhDE7ihlg/u6seXcPGC1RHaokgyuQEERQttHMM
I9JceXtuCu0o5q5s27wVdz4c4ffmGWaLFejIdYNlbxURvWX6MEaYo4gPyMFKucQK
xMTnoShBfO8oUy9dXJncn7k2ehTES3bKXHS+sj3QgiGpPHUI/bnXqXvZ+RY1Yq4W
cA9KqdXAfaIbF5/nv4drKDk24OwI5tZP5okyQE68BRMA5Ty3KA==
-----END CERTIFICATE-----
Generated at Sun Mar 1 21:52:35 2026 by rpki-client