Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/99bc52f3-b4f5-44eb-9a53-c74da3e9713e.roa
File: 99bc52f3-b4f5-44eb-9a53-c74da3e9713e.roa (raw, json)
Hash identifier: GY4Lh0dswRnjLquorxFJSy3qP2ULqAB8JRo239mLSdg=
Subject key identifier: 3A:3B:5D:FA:EA:7D:CD:A6:7B:78:1B:A2:CA:6E:EA:CD:EE:18:4F:C9
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 7EBE5B917FB1E37846F6B4D3A1501ECF2EFBE1B7
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/99bc52f3-b4f5-44eb-9a53-c74da3e9713e.roa
Signing time: Sun 01 Mar 2026 00:00:35 +0000
ROA not before: Sun 01 Mar 2026 00:00:35 +0000
ROA not after: Sat 30 May 2026 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d014:1000::/38 maxlen: 38
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 15:00:27 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
7e:be:5b:91:7f:b1:e3:78:46:f6:b4:d3:a1:50:1e:cf:2e:fb:e1:b7
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Mar 1 00:00:35 2026 GMT
Not After : May 30 23:59:59 2026 GMT
Subject: serialNumber=db80d2e8a5eaddcba8e3301051c2f4d4350ead9a2c540127d83bfd55de62a2d7, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8f:c1:2d:c7:6a:dd:b2:8c:ff:0f:f2:bf:8f:1e:
58:43:16:a8:56:e9:c4:37:2c:78:cd:0b:d5:ea:66:
e8:4f:3f:c8:b0:f6:cc:99:c9:42:64:f6:57:2e:0e:
f7:96:20:9b:f5:fc:6f:f4:96:97:41:b7:62:d8:0f:
4f:17:3f:16:84:4b:79:95:4c:95:b5:b4:fe:9c:a8:
2f:3c:e5:d5:8d:a2:42:5f:3c:3a:ba:b2:c2:d3:e7:
25:2d:a8:90:33:50:a2:e9:8f:4c:e2:b2:24:68:13:
f4:12:94:a6:4b:fe:95:3f:b9:37:81:6f:88:4a:eb:
44:bc:9c:e2:99:3b:4b:6e:4a:de:3a:8f:06:87:19:
84:b9:4b:18:31:b3:50:1a:e9:08:eb:93:17:83:63:
39:c2:2e:29:73:ef:00:23:c0:90:14:8f:74:31:4b:
ed:4d:85:63:34:57:b2:db:87:ac:ea:1a:e2:0f:de:
29:4d:34:9e:5c:45:c8:de:fc:63:88:9b:ad:bf:fb:
a3:40:61:40:98:bf:cd:44:d2:45:21:1a:7e:31:71:
65:71:d0:58:da:2b:63:a2:93:6a:db:2b:21:b5:6d:
d1:dc:63:48:2b:7c:f7:33:58:51:3b:cd:c7:e1:e2:
f1:35:61:16:7f:27:e6:05:5c:dc:63:c9:26:7e:4d:
09:8f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3A:3B:5D:FA:EA:7D:CD:A6:7B:78:1B:A2:CA:6E:EA:CD:EE:18:4F:C9
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/99bc52f3-b4f5-44eb-9a53-c74da3e9713e.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d014:1000::/38
Signature Algorithm: sha256WithRSAEncryption
9c:87:57:9f:29:e3:6c:af:3e:95:c6:e0:73:d4:8a:6e:c0:c4:
19:72:94:58:25:05:57:7b:98:b9:8c:75:cd:6f:cc:50:4b:b3:
73:76:f7:9b:f3:eb:64:92:a6:7a:c9:4e:6e:5b:e7:97:cd:57:
c5:23:1f:78:71:3b:ca:92:73:55:fb:04:c0:99:bd:78:ee:06:
2e:82:69:74:a7:44:15:54:61:cb:e8:bc:4d:19:6f:0d:23:ca:
db:d8:ac:12:14:37:5f:bf:8b:32:65:23:21:1b:87:37:59:f4:
21:aa:a6:30:c1:a1:35:d5:b0:a6:1c:e3:0c:f5:f9:31:ca:05:
0f:7e:1f:c0:3f:ef:de:ea:16:c9:8e:e4:fe:9d:8e:56:41:fa:
92:72:05:07:66:85:e2:69:a7:a9:54:fc:2f:59:6e:a1:27:14:
3e:b0:a5:78:2b:4b:88:a4:2f:8d:d3:da:cf:0c:2d:d6:31:55:
92:a8:9d:42:16:b8:65:60:ed:ee:25:80:55:26:75:96:5b:47:
41:e5:35:23:84:cb:55:96:e3:68:39:0a:c4:0d:3f:6a:46:7c:
22:80:8f:9d:ec:75:13:cd:fc:6b:54:76:77:95:9a:b5:cb:d2:
a3:98:aa:6e:ff:3a:65:b0:15:95:bb:10:4c:fd:65:c3:c4:0b:
f2:b6:1a:cc
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUfr5bkX+x43hG9rTToVAezy774bcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNjAzMDEwMDAwMzVaFw0yNjA1MzAyMzU5NTlaMHoxSTBHBgNV
BAUTQGRiODBkMmU4YTVlYWRkY2JhOGUzMzAxMDUxYzJmNGQ0MzUwZWFkOWEyYzU0
MDEyN2Q4M2JmZDU1ZGU2MmEyZDcxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAI/BLcdq3bKM/w/yv48eWEMWqFbpxDcseM0L1epm6E8/yLD2zJnJQmT2Vy4O
95Ygm/X8b/SWl0G3YtgPTxc/FoRLeZVMlbW0/pyoLzzl1Y2iQl88OrqywtPnJS2o
kDNQoumPTOKyJGgT9BKUpkv+lT+5N4FviErrRLyc4pk7S25K3jqPBocZhLlLGDGz
UBrpCOuTF4NjOcIuKXPvACPAkBSPdDFL7U2FYzRXstuHrOoa4g/eKU00nlxFyN78
Y4ibrb/7o0BhQJi/zUTSRSEafjFxZXHQWNorY6KTatsrIbVt0dxjSCt89zNYUTvN
x+Hi8TVhFn8n5gVc3GPJJn5NCY8CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBQ6O136
6n3Npnt4G6LKburN7hhPyTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
OTliYzUyZjMtYjRmNS00NGViLTlhNTMtYzc0ZGEzZTk3MTNlLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGAioF0BQQ
MA0GCSqGSIb3DQEBCwUAA4IBAQCch1efKeNsrz6VxuBz1IpuwMQZcpRYJQVXe5i5
jHXNb8xQS7Nzdveb8+tkkqZ6yU5uW+eXzVfFIx94cTvKknNV+wTAmb147gYugml0
p0QVVGHL6LxNGW8NI8rb2KwSFDdfv4syZSMhG4c3WfQhqqYwwaE11bCmHOMM9fkx
ygUPfh/AP+/e6hbJjuT+nY5WQfqScgUHZoXiaaepVPwvWW6hJxQ+sKV4K0uIpC+N
09rPDC3WMVWSqJ1CFrhlYO3uJYBVJnWWW0dB5TUjhMtVluNoOQrEDT9qRnwigI+d
7HUTzfxrVHZ3lZq1y9KjmKpu/zplsBWVuxBM/WXDxAvythrM
-----END CERTIFICATE-----
Generated at Sun Mar 1 21:43:54 2026 by rpki-client