Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/8cfa3133-8fd4-4816-ad14-c49146075f82.roa
File: 8cfa3133-8fd4-4816-ad14-c49146075f82.roa (raw, json)
Hash identifier: +n5dRKo5WpNlJgTgRey4C1Z4/dYfKG1NbCqTdny93w8=
Subject key identifier: 9B:61:36:17:64:ED:56:15:7E:B1:9F:70:AC:1E:93:BC:93:A7:C0:66
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 06754E257ED67152F2908B4B272581401CBB2D16
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/8cfa3133-8fd4-4816-ad14-c49146075f82.roa
Signing time: Sat 28 Feb 2026 05:20:56 +0000
ROA not before: Sat 28 Feb 2026 05:20:56 +0000
ROA not after: Fri 29 May 2026 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d072:6000::/40 maxlen: 40
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 15:00:27 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
06:75:4e:25:7e:d6:71:52:f2:90:8b:4b:27:25:81:40:1c:bb:2d:16
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Feb 28 05:20:56 2026 GMT
Not After : May 29 23:59:59 2026 GMT
Subject: serialNumber=40e6b1d89db7e0bee6a33657ab29dcaf9989805eba9bc75968bbbac007a18823, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c2:6a:75:f2:fe:d9:77:3f:a2:86:cf:63:e7:76:
75:48:53:e6:0b:40:b5:aa:96:c7:95:70:e3:59:31:
ff:37:2a:c4:ef:58:2c:0b:1d:6c:4c:84:de:28:1b:
8d:08:91:44:d3:b1:d3:20:c9:61:00:4c:99:78:85:
b8:77:e5:78:ce:b5:aa:2e:e2:27:26:53:a6:e5:92:
51:5e:e8:f7:d2:2b:d1:6b:dc:39:e8:65:4c:a7:8a:
7b:b6:61:dd:ef:ee:06:bb:06:51:f8:1b:4d:67:da:
83:fb:3d:aa:71:82:2f:8e:37:47:1c:39:16:7c:27:
4e:f5:7c:c3:e9:7f:6e:e7:fd:f4:53:e1:4c:83:c4:
3c:48:bd:46:d8:a4:9f:1a:27:5c:80:03:7f:83:42:
38:07:be:80:44:55:91:5f:fa:41:b9:fc:f6:d1:7d:
3c:02:b3:f4:33:f5:a5:b8:32:e2:c5:8a:87:92:46:
6b:ee:a0:5e:45:89:e0:25:68:ba:1f:e6:e5:2d:56:
d2:59:2f:06:2a:ba:cb:fb:bd:18:6b:de:58:ca:75:
9c:6f:9c:2d:64:55:b3:c6:1c:85:ee:a9:4a:aa:7f:
d4:e1:1b:0b:0f:53:ce:d6:f3:b8:8e:e1:10:51:3b:
ba:c1:9b:b4:b6:3a:d3:b8:52:8e:84:38:cd:7b:90:
20:69
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9B:61:36:17:64:ED:56:15:7E:B1:9F:70:AC:1E:93:BC:93:A7:C0:66
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/8cfa3133-8fd4-4816-ad14-c49146075f82.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d072:6000::/40
Signature Algorithm: sha256WithRSAEncryption
bb:ba:a8:bd:e6:28:26:b4:b2:d0:e6:ad:31:f7:b6:14:0b:4f:
1f:0e:31:4e:c1:a0:de:e3:81:bd:11:48:d4:84:ac:be:f4:d6:
fb:4b:ac:94:00:20:0f:f3:c1:64:05:eb:81:fe:14:2b:05:6a:
d2:0c:1d:24:e9:69:ce:5d:d3:7c:92:70:ed:15:b9:18:b9:22:
ed:75:ba:7f:ed:05:30:94:75:5f:1c:73:68:f5:8c:f4:10:d5:
f3:84:15:f3:62:8f:7f:1f:df:39:41:c2:48:42:6c:0f:55:13:
2c:c7:0d:1f:c5:dc:ec:4d:e2:c2:1f:b7:0d:c3:e0:f6:5c:fd:
ac:0c:d2:fb:a4:f2:63:cf:dc:f6:4a:32:b6:e8:c9:95:0c:7d:
55:85:d1:1c:0b:2a:bd:ab:1c:4d:39:ba:3a:03:b7:0f:25:05:
89:d1:96:22:24:fe:32:1f:de:cd:73:d0:1a:59:b3:5d:88:0f:
f9:65:2c:ec:ac:6b:29:8b:c9:3e:5e:66:d4:7a:74:e3:7c:ce:
4d:30:21:60:e4:54:f7:9d:30:c4:e7:b3:06:bd:e4:bd:16:f5:
7e:cd:5b:ab:3e:66:28:b5:23:9f:08:bd:6c:3a:af:e5:09:b2:
33:8a:6f:32:90:17:2b:5a:18:db:0f:51:4c:77:a8:5f:55:8a:
40:1f:1e:e0
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUBnVOJX7WcVLykItLJyWBQBy7LRYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNjAyMjgwNTIwNTZaFw0yNjA1MjkyMzU5NTlaMHoxSTBHBgNV
BAUTQDQwZTZiMWQ4OWRiN2UwYmVlNmEzMzY1N2FiMjlkY2FmOTk4OTgwNWViYTli
Yzc1OTY4YmJiYWMwMDdhMTg4MjMxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMJqdfL+2Xc/oobPY+d2dUhT5gtAtaqWx5Vw41kx/zcqxO9YLAsdbEyE3igb
jQiRRNOx0yDJYQBMmXiFuHfleM61qi7iJyZTpuWSUV7o99Ir0WvcOehlTKeKe7Zh
3e/uBrsGUfgbTWfag/s9qnGCL443Rxw5FnwnTvV8w+l/buf99FPhTIPEPEi9Rtik
nxonXIADf4NCOAe+gERVkV/6Qbn89tF9PAKz9DP1pbgy4sWKh5JGa+6gXkWJ4CVo
uh/m5S1W0lkvBiq6y/u9GGveWMp1nG+cLWRVs8Yche6pSqp/1OEbCw9TztbzuI7h
EFE7usGbtLY607hSjoQ4zXuQIGkCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBSbYTYX
ZO1WFX6xn3CsHpO8k6fAZjAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
OGNmYTMxMzMtOGZkNC00ODE2LWFkMTQtYzQ5MTQ2MDc1ZjgyLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0HJg
MA0GCSqGSIb3DQEBCwUAA4IBAQC7uqi95igmtLLQ5q0x97YUC08fDjFOwaDe44G9
EUjUhKy+9Nb7S6yUACAP88FkBeuB/hQrBWrSDB0k6WnOXdN8knDtFbkYuSLtdbp/
7QUwlHVfHHNo9Yz0ENXzhBXzYo9/H985QcJIQmwPVRMsxw0fxdzsTeLCH7cNw+D2
XP2sDNL7pPJjz9z2SjK26MmVDH1VhdEcCyq9qxxNObo6A7cPJQWJ0ZYiJP4yH97N
c9AaWbNdiA/5ZSzsrGspi8k+XmbUenTjfM5NMCFg5FT3nTDE57MGveS9FvV+zVur
PmYotSOfCL1sOq/lCbIzim8ykBcrWhjbD1FMd6hfVYpAHx7g
-----END CERTIFICATE-----
Generated at Mon Mar 2 01:44:34 2026 by rpki-client