Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/914a6acc-cb88-4da2-8443-fbaf927c9652.roa
File: 914a6acc-cb88-4da2-8443-fbaf927c9652.roa (raw, json)
Hash identifier: C113AXzrW6nrG1QjrfA5fm5Ehmk9RwEeOsRzdUj3cMA=
Subject key identifier: DA:A6:33:6D:7C:DE:46:3D:2A:A3:57:8C:A0:DD:4C:EE:9F:B4:E5:9C
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 07289881A5B92416E81F9147D02CEA2D9459B2D8
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/914a6acc-cb88-4da2-8443-fbaf927c9652.roa
Signing time: Fri 13 Feb 2026 15:30:10 +0000
ROA not before: Fri 13 Feb 2026 15:30:10 +0000
ROA not after: Thu 14 May 2026 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d073:9000::/40 maxlen: 40
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 03 Mar 2026 00:00:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
07:28:98:81:a5:b9:24:16:e8:1f:91:47:d0:2c:ea:2d:94:59:b2:d8
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Feb 13 15:30:10 2026 GMT
Not After : May 14 23:59:59 2026 GMT
Subject: serialNumber=cb1a7f07852398b0d65a40a4a6a1642d2a26750f125e25868750e3fa7ad57692, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:92:fa:f2:fc:54:96:a0:6f:f4:d4:b6:70:66:4a:
6b:db:31:03:e1:18:f8:5c:97:75:a2:40:a9:d3:01:
31:3a:ef:e4:6e:84:b2:a9:ac:91:b1:d4:cb:84:0c:
b8:15:a7:65:a5:03:68:97:c1:55:e1:d8:41:66:fa:
60:b3:95:42:09:ce:9c:1a:1d:f3:80:27:f3:ec:6b:
f4:61:8d:c1:00:0e:f4:e0:02:e0:6c:fc:bc:cc:3f:
c1:3e:b1:01:92:b1:a6:4a:60:39:7e:cf:e9:45:ff:
35:45:09:dc:21:c3:42:4e:91:aa:da:9b:09:9c:c4:
7d:8e:f9:fc:3f:33:52:43:81:16:c4:a8:3b:06:fd:
24:c0:b1:b4:e0:1a:85:b0:57:93:8c:b3:fd:d0:b2:
f2:0a:d5:d7:dc:cf:c6:b8:06:e3:31:11:3b:13:46:
79:9e:97:aa:cd:47:68:d1:24:36:42:1b:ea:f9:6e:
f3:99:79:de:3c:bd:d3:6e:63:4c:da:69:55:0a:48:
bf:65:ff:4b:ed:51:85:69:b6:47:88:fa:25:3f:98:
dc:ad:7b:4b:cd:d4:4b:54:ee:e3:ee:cc:90:d3:75:
0d:9c:43:67:cf:39:1c:4d:e3:c5:5c:6f:0d:b8:da:
23:7c:79:88:91:b3:2d:51:51:f8:60:d5:be:71:70:
ee:11
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DA:A6:33:6D:7C:DE:46:3D:2A:A3:57:8C:A0:DD:4C:EE:9F:B4:E5:9C
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/914a6acc-cb88-4da2-8443-fbaf927c9652.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d073:9000::/40
Signature Algorithm: sha256WithRSAEncryption
8e:76:44:67:40:7b:26:92:1b:3a:9d:c7:9c:41:ec:43:7d:53:
08:4f:d8:6b:41:7f:fc:ad:7a:dc:63:4d:4a:cc:82:df:c6:10:
cc:b5:67:ce:5b:06:27:84:5f:9b:45:6a:7e:0a:7e:2b:59:1d:
d5:4f:0c:77:a8:c4:2a:f9:75:e1:c7:26:4a:ab:25:98:c6:5d:
35:71:7d:c0:1b:44:2c:17:f8:26:54:df:eb:3c:b4:33:98:d1:
48:b8:07:e8:f2:0b:29:7d:b6:f2:ff:fb:0d:fc:d8:ed:bb:fd:
2b:77:79:cb:f6:50:65:23:f8:37:15:f2:9c:87:5f:d5:46:d8:
59:cd:7e:8b:e4:e4:2c:5f:b1:68:17:0d:98:a4:a1:8f:cf:b9:
6d:af:18:eb:87:13:05:09:ce:c1:50:02:b8:e5:4c:c4:d0:1e:
fc:7e:0d:f2:a1:39:31:48:ae:af:03:5e:83:a2:81:70:91:ed:
46:61:55:b5:81:aa:b1:1e:e3:76:3b:5a:e5:b5:63:01:79:cc:
f7:e4:c4:26:52:a0:af:13:f8:f3:72:e7:16:0b:40:37:f2:cf:
5b:30:28:58:61:85:ec:bc:ea:31:9c:04:26:27:2b:06:11:0b:
dc:d6:ad:06:5f:b1:77:92:8f:40:8f:e3:1d:d0:70:3f:4c:ad:
d9:b3:6e:d0
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUByiYgaW5JBboH5FH0CzqLZRZstgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNjAyMTMxNTMwMTBaFw0yNjA1MTQyMzU5NTlaMHoxSTBHBgNV
BAUTQGNiMWE3ZjA3ODUyMzk4YjBkNjVhNDBhNGE2YTE2NDJkMmEyNjc1MGYxMjVl
MjU4Njg3NTBlM2ZhN2FkNTc2OTIxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJL68vxUlqBv9NS2cGZKa9sxA+EY+FyXdaJAqdMBMTrv5G6EsqmskbHUy4QM
uBWnZaUDaJfBVeHYQWb6YLOVQgnOnBod84An8+xr9GGNwQAO9OAC4Gz8vMw/wT6x
AZKxpkpgOX7P6UX/NUUJ3CHDQk6RqtqbCZzEfY75/D8zUkOBFsSoOwb9JMCxtOAa
hbBXk4yz/dCy8grV19zPxrgG4zEROxNGeZ6Xqs1HaNEkNkIb6vlu85l53jy9025j
TNppVQpIv2X/S+1RhWm2R4j6JT+Y3K17S83US1Tu4+7MkNN1DZxDZ885HE3jxVxv
DbjaI3x5iJGzLVFR+GDVvnFw7hECAwEAAaOCAiMwggIfMB0GA1UdDgQWBBTapjNt
fN5GPSqjV4yg3Uzun7TlnDAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
OTE0YTZhY2MtY2I4OC00ZGEyLTg0NDMtZmJhZjkyN2M5NjUyLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0HOQ
MA0GCSqGSIb3DQEBCwUAA4IBAQCOdkRnQHsmkhs6ncecQexDfVMIT9hrQX/8rXrc
Y01KzILfxhDMtWfOWwYnhF+bRWp+Cn4rWR3VTwx3qMQq+XXhxyZKqyWYxl01cX3A
G0QsF/gmVN/rPLQzmNFIuAfo8gspfbby//sN/Njtu/0rd3nL9lBlI/g3FfKch1/V
RthZzX6L5OQsX7FoFw2YpKGPz7ltrxjrhxMFCc7BUAK45UzE0B78fg3yoTkxSK6v
A16DooFwke1GYVW1gaqxHuN2O1rltWMBecz35MQmUqCvE/jzcucWC0A38s9bMChY
YYXsvOoxnAQmJysGEQvc1q0GX7F3ko9Aj+Md0HA/TK3Zs27Q
-----END CERTIFICATE-----
Generated at Mon Mar 2 06:12:59 2026 by rpki-client