Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/8f6cab6f-44be-4f80-9040-c2f9ab0e0575.roa
File: 8f6cab6f-44be-4f80-9040-c2f9ab0e0575.roa (raw, json)
Hash identifier: hYYplSGvaSFHgkNlTv9z8VihFFl3PwafdGFumGnshqc=
Subject key identifier: EC:0E:68:B1:06:4A:69:62:A2:9A:CE:6B:28:66:D8:EE:D9:BA:5E:D4
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 420097CAA850BEF906FDFAF90BDFE10457D3F2B0
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/8f6cab6f-44be-4f80-9040-c2f9ab0e0575.roa
Signing time: Fri 13 Feb 2026 15:20:52 +0000
ROA not before: Fri 13 Feb 2026 15:20:52 +0000
ROA not after: Thu 14 May 2026 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d073:8000::/40 maxlen: 40
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 15:00:27 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
42:00:97:ca:a8:50:be:f9:06:fd:fa:f9:0b:df:e1:04:57:d3:f2:b0
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Feb 13 15:20:52 2026 GMT
Not After : May 14 23:59:59 2026 GMT
Subject: serialNumber=852eb78f470333fe200482b8356881c41ec17083375dafc97a34ebc5ed3d452f, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b5:73:d9:7c:b8:15:2a:e7:09:19:58:0a:46:c2:
47:83:c1:8f:4f:69:b7:bb:39:18:ac:db:a4:b4:89:
1d:a0:cf:57:3c:d3:8d:16:bd:1b:a3:d9:18:1b:6a:
e6:d8:fa:1d:47:fe:40:56:18:59:04:55:b6:41:ac:
51:cf:b1:61:15:b3:94:ac:4f:97:0f:42:f5:36:1e:
dc:84:ea:19:af:75:65:7a:df:62:ad:ff:45:a4:d1:
a8:90:cb:9e:db:57:c4:42:4c:5e:46:ff:10:8b:7c:
c4:e7:8d:46:bd:c5:fc:bc:7b:0d:9e:9d:52:c2:5d:
7b:f8:9b:d1:0a:88:7f:62:41:62:30:58:f4:fe:9d:
de:74:c3:df:ed:01:ef:d9:4d:ca:3b:88:9e:db:61:
00:7c:92:af:40:28:41:d9:e4:22:11:a3:66:e3:7b:
03:07:3a:ff:c8:35:af:8c:f9:44:31:b0:02:df:94:
af:89:f1:a2:cf:f6:a4:fc:a0:44:c9:d8:f3:55:76:
6c:8f:bb:fe:e0:97:bc:61:c1:91:40:d3:a9:15:91:
34:74:5a:77:90:97:36:3d:b3:ba:60:b7:c1:87:7b:
b6:df:61:37:1c:ad:d9:0f:1a:69:1c:38:d0:5b:d3:
79:14:de:16:00:df:24:51:93:7e:6d:9f:50:67:cb:
70:2f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
EC:0E:68:B1:06:4A:69:62:A2:9A:CE:6B:28:66:D8:EE:D9:BA:5E:D4
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/8f6cab6f-44be-4f80-9040-c2f9ab0e0575.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d073:8000::/40
Signature Algorithm: sha256WithRSAEncryption
30:81:19:36:92:a4:da:6f:3f:98:1e:bc:20:96:fb:b1:34:b7:
91:9f:23:b9:78:8c:02:e5:12:e0:23:9a:5a:e8:6b:ce:b3:c3:
89:25:36:21:76:e5:f4:8f:4d:cc:f3:a5:0b:03:36:87:0e:1e:
af:49:00:fa:8b:2c:d2:3a:63:2f:a2:ca:65:c6:48:1d:e6:83:
d6:0e:4a:e2:ef:60:f6:b4:6f:5f:b3:fd:e6:8d:c4:77:fe:a8:
23:3e:99:b7:9a:7a:f7:16:cc:02:47:71:f7:7f:3c:46:cd:a8:
57:3c:d7:0b:90:22:6e:42:44:b8:be:6f:63:e8:2c:95:8c:0c:
07:09:0e:b7:30:dc:1d:5e:f2:ec:18:2f:71:9c:43:79:26:0e:
93:3c:d7:62:7b:4e:10:c1:d0:55:dd:1b:68:0a:80:48:d1:f7:
a1:37:fa:7e:ab:17:52:ec:b4:46:b0:d6:d5:c4:68:47:48:5e:
e4:70:70:19:9d:6e:3a:7b:51:49:ac:7b:2e:9b:8e:29:d0:1c:
b8:d9:60:f9:9b:fd:49:5f:ec:ad:7d:d6:f4:e4:ea:9d:37:70:
69:ed:95:b8:7e:50:bb:d8:ab:4c:5e:b1:9b:9c:c0:27:a2:fd:
50:d8:c4:ea:68:b2:ea:3a:a3:c9:fe:4b:eb:d3:03:a2:70:83:
a8:b3:95:83
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUQgCXyqhQvvkG/fr5C9/hBFfT8rAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNjAyMTMxNTIwNTJaFw0yNjA1MTQyMzU5NTlaMHoxSTBHBgNV
BAUTQDg1MmViNzhmNDcwMzMzZmUyMDA0ODJiODM1Njg4MWM0MWVjMTcwODMzNzVk
YWZjOTdhMzRlYmM1ZWQzZDQ1MmYxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALVz2Xy4FSrnCRlYCkbCR4PBj09pt7s5GKzbpLSJHaDPVzzTjRa9G6PZGBtq
5tj6HUf+QFYYWQRVtkGsUc+xYRWzlKxPlw9C9TYe3ITqGa91ZXrfYq3/RaTRqJDL
nttXxEJMXkb/EIt8xOeNRr3F/Lx7DZ6dUsJde/ib0QqIf2JBYjBY9P6d3nTD3+0B
79lNyjuIntthAHySr0AoQdnkIhGjZuN7Awc6/8g1r4z5RDGwAt+Ur4nxos/2pPyg
RMnY81V2bI+7/uCXvGHBkUDTqRWRNHRad5CXNj2zumC3wYd7tt9hNxyt2Q8aaRw4
0FvTeRTeFgDfJFGTfm2fUGfLcC8CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBTsDmix
BkppYqKazmsoZtju2bpe1DAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
OGY2Y2FiNmYtNDRiZS00ZjgwLTkwNDAtYzJmOWFiMGUwNTc1LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0HOA
MA0GCSqGSIb3DQEBCwUAA4IBAQAwgRk2kqTabz+YHrwglvuxNLeRnyO5eIwC5RLg
I5pa6GvOs8OJJTYhduX0j03M86ULAzaHDh6vSQD6iyzSOmMvosplxkgd5oPWDkri
72D2tG9fs/3mjcR3/qgjPpm3mnr3FswCR3H3fzxGzahXPNcLkCJuQkS4vm9j6CyV
jAwHCQ63MNwdXvLsGC9xnEN5Jg6TPNdie04QwdBV3RtoCoBI0fehN/p+qxdS7LRG
sNbVxGhHSF7kcHAZnW46e1FJrHsum44p0By42WD5m/1JX+ytfdb05OqdN3Bp7ZW4
flC72KtMXrGbnMAnov1Q2MTqaLLqOqPJ/kvr0wOicIOos5WD
-----END CERTIFICATE-----
Generated at Sun Mar 1 21:49:18 2026 by rpki-client