Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/8e4adf38-a007-4c0e-8621-1e65a160ad12.roa
File: 8e4adf38-a007-4c0e-8621-1e65a160ad12.roa (raw, json)
Hash identifier: uRczoGIcB8QI+hzNBk3Zv9uQs+SldWaN8NdDS0DVGJ0=
Subject key identifier: 75:DF:70:F7:B3:5A:AB:0A:A2:BF:C7:0A:04:49:2E:27:B0:56:8D:AB
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 023294941D9BAADD0119041161F961F977DF9FEA
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/8e4adf38-a007-4c0e-8621-1e65a160ad12.roa
Signing time: Sat 28 Feb 2026 05:40:51 +0000
ROA not before: Sat 28 Feb 2026 05:40:51 +0000
ROA not after: Fri 29 May 2026 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d07f:2000::/40 maxlen: 40
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 15:00:27 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
02:32:94:94:1d:9b:aa:dd:01:19:04:11:61:f9:61:f9:77:df:9f:ea
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Feb 28 05:40:51 2026 GMT
Not After : May 29 23:59:59 2026 GMT
Subject: serialNumber=fe0b4cfcaf2e53c8b341c729b1285c96942f591443e5032f561045015f07fe1b, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c8:77:66:fb:36:ea:d0:1e:b1:d6:d8:9e:5c:6e:
d1:42:ba:af:f4:42:42:e2:85:e5:31:fa:b4:27:54:
9a:45:55:a9:3d:ad:db:f1:23:03:d9:e9:58:e4:37:
96:c3:f5:5b:3c:32:b1:2b:31:c4:fc:88:18:b9:28:
9f:55:77:56:c0:c3:ff:85:bc:5c:5e:36:07:8f:c9:
1e:8d:bf:9c:6a:c9:19:32:9f:83:61:fb:e3:f8:de:
e6:62:37:70:d4:88:c4:8d:35:dc:fb:06:f1:86:ee:
52:98:42:af:7c:35:2a:8f:a5:d5:21:ab:1e:9a:d4:
32:42:e9:93:0c:82:cc:b6:13:aa:83:5f:d6:f4:97:
3b:42:ea:b4:19:bb:af:18:62:8c:6f:42:ce:19:35:
ec:c9:d0:a9:e5:13:03:6a:e1:6a:0e:d5:c1:f2:ea:
bf:7d:04:4c:ab:f7:84:ce:80:b7:b6:fb:d0:3e:2d:
d1:f0:9c:d9:da:71:25:e9:b0:ba:da:6e:a0:27:92:
e9:4d:de:32:38:e5:67:9c:dc:81:62:ad:7e:ee:f1:
7f:2f:2e:cf:1e:c3:49:37:ec:3d:21:37:87:93:51:
43:e8:c5:5e:f1:40:50:6d:3e:87:ed:f1:ab:b3:a4:
ba:d6:01:6e:a0:ea:9a:ef:8c:4a:0c:eb:fd:5b:8b:
43:4b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
75:DF:70:F7:B3:5A:AB:0A:A2:BF:C7:0A:04:49:2E:27:B0:56:8D:AB
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/8e4adf38-a007-4c0e-8621-1e65a160ad12.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d07f:2000::/40
Signature Algorithm: sha256WithRSAEncryption
49:92:ba:14:6f:a9:f3:07:0a:8e:14:0d:8a:d7:b0:9b:1f:67:
66:54:5d:84:df:50:cf:ab:72:f8:54:ae:c2:11:3b:e3:47:74:
a7:6e:6e:97:59:ee:07:87:71:f6:aa:e0:2b:f9:af:74:66:e6:
b0:e7:9b:49:f3:a6:44:0c:21:0b:0a:a1:4d:4c:56:fd:ac:24:
94:a0:ba:88:ca:d9:75:03:e3:27:26:e3:73:ed:78:47:77:d4:
b7:01:c1:48:a9:30:80:77:25:64:9b:93:f6:1d:23:c7:97:cd:
bb:c6:ef:5c:79:eb:b9:07:ce:3e:b3:23:ec:f8:b6:6c:0c:50:
17:aa:93:7a:78:06:e3:87:b3:8d:e1:b4:4c:89:74:51:3f:19:
70:6f:b4:ef:eb:3e:bd:dd:62:0d:3a:00:83:f4:c2:ac:03:b0:
af:28:37:73:32:d8:ee:35:51:08:83:b4:6c:db:1d:cc:5a:45:
69:64:f5:9d:86:2b:70:8a:dd:19:4f:c9:cc:06:03:1c:df:6a:
af:6e:ca:b4:ac:8a:c4:ee:12:9f:29:38:3e:b6:1a:31:43:53:
84:0d:e1:40:58:be:1a:c9:69:47:0d:32:64:2e:2c:fe:eb:d1:
9b:36:08:05:f9:0b:d6:ac:91:e4:d3:75:92:1c:75:59:01:3a:
7f:0e:ea:6a
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUAjKUlB2bqt0BGQQRYflh+Xffn+owDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNjAyMjgwNTQwNTFaFw0yNjA1MjkyMzU5NTlaMHoxSTBHBgNV
BAUTQGZlMGI0Y2ZjYWYyZTUzYzhiMzQxYzcyOWIxMjg1Yzk2OTQyZjU5MTQ0M2U1
MDMyZjU2MTA0NTAxNWYwN2ZlMWIxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMh3Zvs26tAesdbYnlxu0UK6r/RCQuKF5TH6tCdUmkVVqT2t2/EjA9npWOQ3
lsP1WzwysSsxxPyIGLkon1V3VsDD/4W8XF42B4/JHo2/nGrJGTKfg2H74/je5mI3
cNSIxI013PsG8YbuUphCr3w1Ko+l1SGrHprUMkLpkwyCzLYTqoNf1vSXO0LqtBm7
rxhijG9Czhk17MnQqeUTA2rhag7VwfLqv30ETKv3hM6At7b70D4t0fCc2dpxJemw
utpuoCeS6U3eMjjlZ5zcgWKtfu7xfy8uzx7DSTfsPSE3h5NRQ+jFXvFAUG0+h+3x
q7OkutYBbqDqmu+MSgzr/VuLQ0sCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBR133D3
s1qrCqK/xwoESS4nsFaNqzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
OGU0YWRmMzgtYTAwNy00YzBlLTg2MjEtMWU2NWExNjBhZDEyLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0H8g
MA0GCSqGSIb3DQEBCwUAA4IBAQBJkroUb6nzBwqOFA2K17CbH2dmVF2E31DPq3L4
VK7CETvjR3Snbm6XWe4Hh3H2quAr+a90Zuaw55tJ86ZEDCELCqFNTFb9rCSUoLqI
ytl1A+MnJuNz7XhHd9S3AcFIqTCAdyVkm5P2HSPHl827xu9ceeu5B84+syPs+LZs
DFAXqpN6eAbjh7ON4bRMiXRRPxlwb7Tv6z693WINOgCD9MKsA7CvKDdzMtjuNVEI
g7Rs2x3MWkVpZPWdhitwit0ZT8nMBgMc32qvbsq0rIrE7hKfKTg+thoxQ1OEDeFA
WL4ayWlHDTJkLiz+69GbNggF+QvWrJHk03WSHHVZATp/Dupq
-----END CERTIFICATE-----
Generated at Sun Mar 1 21:53:59 2026 by rpki-client