Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/9843a73f-18f2-433e-b871-f493b0645337.roa
File: 9843a73f-18f2-433e-b871-f493b0645337.roa (raw, json)
Hash identifier: k/vCe0J0vm7enGyih2+2aEDlm9v0HMOAblzkR1DH+OQ=
Subject key identifier: CD:AC:45:73:09:A4:D5:9B:4A:2C:8F:02:64:89:56:71:91:91:B5:36
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 426B2AF99DB7CCAC9B8B771CF064B1FEDAE0DCAF
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/9843a73f-18f2-433e-b871-f493b0645337.roa
Signing time: Thu 26 Feb 2026 02:10:10 +0000
ROA not before: Thu 26 Feb 2026 02:10:10 +0000
ROA not after: Wed 27 May 2026 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d03a:800::/40 maxlen: 40
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 15:00:27 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
42:6b:2a:f9:9d:b7:cc:ac:9b:8b:77:1c:f0:64:b1:fe:da:e0:dc:af
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Feb 26 02:10:10 2026 GMT
Not After : May 27 23:59:59 2026 GMT
Subject: serialNumber=b8380dc57d7a9a12f3c9860f7d080a33be63e0f6afd60d8c95d46d1dcb42a703, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9b:88:3e:b9:76:16:f1:aa:2d:6d:a2:76:24:d5:
5d:f8:0a:2e:c5:9e:ea:ab:c3:82:7a:da:9a:e3:96:
67:b0:d0:54:5a:d2:d4:29:04:d7:00:b7:a2:4f:0b:
7c:1f:dc:eb:b9:5d:f2:f6:3b:96:7b:a2:d9:45:b9:
70:3f:03:bb:be:5d:d1:21:63:d6:67:09:14:f5:78:
71:53:33:2a:9d:f2:2e:55:f3:02:c3:5d:53:fe:23:
3b:01:22:fe:e1:a0:03:94:a0:0a:fb:f2:1c:e8:4e:
97:33:08:12:b1:58:f4:37:83:73:86:41:7d:35:c2:
f6:f7:f5:22:76:3a:c0:8e:b0:d2:da:d7:24:4c:a8:
99:41:fc:a2:d6:be:47:10:1c:d2:64:4a:30:e8:73:
5b:5b:d2:38:95:d1:67:46:a0:5a:fa:4d:d3:cb:0d:
2a:40:3a:bf:d5:f1:7b:86:e1:bd:f9:84:21:f3:18:
f8:17:a7:a5:06:47:c2:d9:de:61:9f:3a:23:04:02:
7a:25:72:5a:2b:df:89:49:82:f6:85:c3:d0:07:c5:
79:dc:1a:63:2d:5f:44:95:81:c0:cb:54:7d:b3:9c:
80:2d:23:10:6e:14:81:34:8b:b5:6c:f8:09:63:e7:
2c:e6:5d:bb:b3:f6:71:ca:23:1d:3b:77:d9:08:4b:
a2:6d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CD:AC:45:73:09:A4:D5:9B:4A:2C:8F:02:64:89:56:71:91:91:B5:36
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/9843a73f-18f2-433e-b871-f493b0645337.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d03a:800::/40
Signature Algorithm: sha256WithRSAEncryption
a8:79:6c:35:7b:a5:d4:f2:cf:90:24:63:ed:f2:9d:1a:bf:5a:
5c:d7:74:1e:1f:52:50:8c:8f:95:45:45:3a:c9:a7:0b:4d:14:
08:e7:80:4b:94:32:5e:d9:41:19:c4:af:03:ea:b4:b2:f8:2c:
37:40:d7:df:7e:79:bb:f5:30:54:af:01:5d:b1:7f:72:99:6f:
aa:17:e3:74:11:0e:fb:2a:f6:b6:1c:f6:3f:6e:63:2e:e1:63:
f9:cb:18:93:ce:6e:09:5d:5e:71:81:68:43:97:4f:40:d7:35:
4d:ef:f4:d1:02:29:01:98:1c:91:b8:b9:9f:94:15:3d:80:69:
7d:94:16:d9:b2:01:b5:f1:0c:aa:a4:13:a7:01:8c:df:a0:48:
fc:e2:3a:c5:a3:8f:b7:4d:18:d1:2b:04:1b:44:c3:e6:45:a6:
fd:bc:03:80:8f:37:ad:b5:1c:90:ca:1b:f6:c7:de:b3:1a:75:
9e:45:55:ed:a5:66:c8:bd:c6:6b:e4:85:30:61:48:f2:df:71:
ab:46:9b:e3:a6:98:cb:ed:a7:5f:b6:56:6a:46:0e:a7:e8:c7:
aa:a0:e2:fb:03:90:ac:14:f9:4c:73:9b:e7:d6:40:49:02:ca:
74:b6:98:b3:66:a7:bc:3f:90:7f:d9:45:4f:f2:1e:f8:84:3f:
2f:25:eb:c1
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUQmsq+Z23zKybi3cc8GSx/trg3K8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNjAyMjYwMjEwMTBaFw0yNjA1MjcyMzU5NTlaMHoxSTBHBgNV
BAUTQGI4MzgwZGM1N2Q3YTlhMTJmM2M5ODYwZjdkMDgwYTMzYmU2M2UwZjZhZmQ2
MGQ4Yzk1ZDQ2ZDFkY2I0MmE3MDMxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJuIPrl2FvGqLW2idiTVXfgKLsWe6qvDgnramuOWZ7DQVFrS1CkE1wC3ok8L
fB/c67ld8vY7lnui2UW5cD8Du75d0SFj1mcJFPV4cVMzKp3yLlXzAsNdU/4jOwEi
/uGgA5SgCvvyHOhOlzMIErFY9DeDc4ZBfTXC9vf1InY6wI6w0trXJEyomUH8ota+
RxAc0mRKMOhzW1vSOJXRZ0agWvpN08sNKkA6v9Xxe4bhvfmEIfMY+BenpQZHwtne
YZ86IwQCeiVyWivfiUmC9oXD0AfFedwaYy1fRJWBwMtUfbOcgC0jEG4UgTSLtWz4
CWPnLOZdu7P2ccojHTt32QhLom0CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBTNrEVz
CaTVm0osjwJkiVZxkZG1NjAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
OTg0M2E3M2YtMThmMi00MzNlLWI4NzEtZjQ5M2IwNjQ1MzM3LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0DoI
MA0GCSqGSIb3DQEBCwUAA4IBAQCoeWw1e6XU8s+QJGPt8p0av1pc13QeH1JQjI+V
RUU6yacLTRQI54BLlDJe2UEZxK8D6rSy+Cw3QNfffnm79TBUrwFdsX9ymW+qF+N0
EQ77Kva2HPY/bmMu4WP5yxiTzm4JXV5xgWhDl09A1zVN7/TRAikBmByRuLmflBU9
gGl9lBbZsgG18QyqpBOnAYzfoEj84jrFo4+3TRjRKwQbRMPmRab9vAOAjzettRyQ
yhv2x96zGnWeRVXtpWbIvcZr5IUwYUjy33GrRpvjppjL7adftlZqRg6n6MeqoOL7
A5CsFPlMc5vn1kBJAsp0tpizZqe8P5B/2UVP8h74hD8vJevB
-----END CERTIFICATE-----
Generated at Sun Mar 1 22:04:04 2026 by rpki-client