Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/8c99b00e-290a-4618-8076-435475c3020f.roa
File: 8c99b00e-290a-4618-8076-435475c3020f.roa (raw, json)
Hash identifier: D492bVQ/H+pwN2zbAdXb3H/I9gpe9+xS2wvsLfmZrIk=
Subject key identifier: 48:29:0B:44:1F:F2:2C:A7:09:5D:26:43:7D:8A:E9:16:49:82:91:B2
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 4BA350778CCF27AAAE506126A464799480EB257E
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/8c99b00e-290a-4618-8076-435475c3020f.roa
Signing time: Sat 28 Feb 2026 06:21:20 +0000
ROA not before: Sat 28 Feb 2026 06:21:20 +0000
ROA not after: Fri 29 May 2026 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d000:c080::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 15:00:27 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
4b:a3:50:77:8c:cf:27:aa:ae:50:61:26:a4:64:79:94:80:eb:25:7e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Feb 28 06:21:20 2026 GMT
Not After : May 29 23:59:59 2026 GMT
Subject: serialNumber=fcff470c413644d04adf666d16c859126ddc47c1b9dccc2a34b26df4e5ab1adb, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d0:1a:44:8c:03:29:31:9d:de:11:08:91:14:ce:
87:b7:0b:56:5c:72:5a:fd:0a:27:95:f2:ed:bf:e1:
79:2c:d2:50:65:b2:e6:93:7a:08:89:d9:3f:28:5f:
f4:f1:18:f1:54:b9:29:99:8a:14:61:14:b9:e4:46:
e2:28:60:9d:8b:0b:6a:9b:20:01:48:d1:f9:91:aa:
f8:e0:c8:24:e9:e8:03:ac:ae:74:4c:09:01:01:17:
e1:42:72:30:3f:c7:03:e3:af:ea:46:dd:7f:f4:a5:
12:dc:db:8f:32:41:74:ae:85:2f:2b:d4:3f:b0:6f:
3e:af:22:27:e8:fe:85:6a:df:64:a2:8e:18:d3:c2:
78:1a:6e:d6:5e:75:26:a7:66:ba:cd:1b:1c:2a:26:
a6:a6:35:0f:57:e0:d9:ae:5c:0e:09:ac:50:0c:2c:
6a:22:4f:d3:40:43:01:4a:6c:9e:51:42:4d:68:8f:
fa:17:82:c5:8f:64:75:5b:30:0e:b2:e6:8b:91:19:
0f:ef:45:a5:14:9b:a4:33:a9:3e:2a:62:cb:24:7f:
c5:16:40:d9:6b:7f:12:72:34:cd:78:8d:3b:21:80:
6d:97:9b:e4:33:d8:4c:58:22:ed:cd:fe:c3:b8:0c:
c3:dd:6f:01:b2:1b:ab:f1:b1:41:b3:3b:fb:37:10:
d8:91
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
48:29:0B:44:1F:F2:2C:A7:09:5D:26:43:7D:8A:E9:16:49:82:91:B2
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/8c99b00e-290a-4618-8076-435475c3020f.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d000:c080::/48
Signature Algorithm: sha256WithRSAEncryption
86:6c:b6:4f:be:7b:3e:98:ba:6f:0e:38:d2:07:fc:ea:1b:31:
44:34:d5:f0:dd:75:42:e9:bb:2e:b1:59:9b:32:ad:85:49:d5:
d2:74:43:cd:1a:b6:49:55:e2:e3:ca:4f:c7:02:e7:17:1d:1e:
33:a6:ad:f8:34:3f:de:09:1a:2b:b3:5a:bb:22:80:f9:51:9b:
6b:7d:e2:5b:33:99:e1:44:22:3c:aa:72:38:f7:e9:5f:a0:d0:
7d:fc:1e:be:3f:c4:82:2e:b5:2f:9e:17:35:9d:2d:ac:fe:e5:
0a:45:a8:e1:23:56:04:c9:01:36:9f:e8:d7:93:51:d0:0a:35:
7d:6c:9a:fc:a9:58:55:f3:7e:96:6c:2d:fe:22:be:66:21:ad:
be:ee:6d:e0:75:3a:9c:91:03:d7:66:0e:0a:2d:12:26:0c:5f:
cb:ea:ab:0d:db:8a:96:bb:94:a6:09:ef:fd:c7:bd:05:79:e7:
7e:a8:17:bf:1f:e0:92:77:fc:37:f4:10:f0:20:f1:e4:a5:95:
1c:ee:53:94:94:69:7d:99:ea:7d:a3:c3:57:1e:74:fc:1d:d6:
85:46:56:35:3b:84:c2:db:25:93:fd:9f:a7:05:d8:5e:ac:4c:
9a:6e:af:65:02:c4:4b:25:5c:72:be:f7:c5:60:8a:d0:bd:7b:
5b:45:37:0c
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUS6NQd4zPJ6quUGEmpGR5lIDrJX4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNjAyMjgwNjIxMjBaFw0yNjA1MjkyMzU5NTlaMHoxSTBHBgNV
BAUTQGZjZmY0NzBjNDEzNjQ0ZDA0YWRmNjY2ZDE2Yzg1OTEyNmRkYzQ3YzFiOWRj
Y2MyYTM0YjI2ZGY0ZTVhYjFhZGIxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANAaRIwDKTGd3hEIkRTOh7cLVlxyWv0KJ5Xy7b/heSzSUGWy5pN6CInZPyhf
9PEY8VS5KZmKFGEUueRG4ihgnYsLapsgAUjR+ZGq+ODIJOnoA6yudEwJAQEX4UJy
MD/HA+Ov6kbdf/SlEtzbjzJBdK6FLyvUP7BvPq8iJ+j+hWrfZKKOGNPCeBpu1l51
Jqdmus0bHCompqY1D1fg2a5cDgmsUAwsaiJP00BDAUpsnlFCTWiP+heCxY9kdVsw
DrLmi5EZD+9FpRSbpDOpPipiyyR/xRZA2Wt/EnI0zXiNOyGAbZeb5DPYTFgi7c3+
w7gMw91vAbIbq/GxQbM7+zcQ2JECAwEAAaOCAiQwggIgMB0GA1UdDgQWBBRIKQtE
H/IspwldJkN9iukWSYKRsjAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
OGM5OWIwMGUtMjkwYS00NjE4LTgwNzYtNDM1NDc1YzMwMjBmLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0ADA
gDANBgkqhkiG9w0BAQsFAAOCAQEAhmy2T757Ppi6bw440gf86hsxRDTV8N11Qum7
LrFZmzKthUnV0nRDzRq2SVXi48pPxwLnFx0eM6at+DQ/3gkaK7NauyKA+VGba33i
WzOZ4UQiPKpyOPfpX6DQffwevj/Egi61L54XNZ0trP7lCkWo4SNWBMkBNp/o15NR
0Ao1fWya/KlYVfN+lmwt/iK+ZiGtvu5t4HU6nJED12YOCi0SJgxfy+qrDduKlruU
pgnv/ce9BXnnfqgXvx/gknf8N/QQ8CDx5KWVHO5TlJRpfZnqfaPDVx50/B3WhUZW
NTuEwtslk/2fpwXYXqxMmm6vZQLESyVccr73xWCK0L17W0U3DA==
-----END CERTIFICATE-----
Generated at Sun Mar 1 21:53:19 2026 by rpki-client