Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/a37b3e49-cec5-4def-b3ef-5356277d82ab.roa
File: a37b3e49-cec5-4def-b3ef-5356277d82ab.roa (raw, json)
Hash identifier: +ir+YciAbUsHHMBF125cp5n3D9wBdUl/PfXtY4hAP4Y=
Subject key identifier: 28:88:17:9B:27:CB:FB:7E:56:24:1B:88:0E:A3:F8:D5:55:98:F2:93
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 7149EBD84FF841F534F76F0BE7D2124B9F872BFA
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/a37b3e49-cec5-4def-b3ef-5356277d82ab.roa
Signing time: Sat 28 Feb 2026 06:21:27 +0000
ROA not before: Sat 28 Feb 2026 06:21:27 +0000
ROA not after: Fri 29 May 2026 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d038:1000::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 15:00:27 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
71:49:eb:d8:4f:f8:41:f5:34:f7:6f:0b:e7:d2:12:4b:9f:87:2b:fa
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Feb 28 06:21:27 2026 GMT
Not After : May 29 23:59:59 2026 GMT
Subject: serialNumber=9dd7d2a7114728d07e6a1e8b3d88b183ee62d833e1de776f12cd5d5bc385c2d5, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d5:33:21:55:9c:f2:96:6b:8a:63:ea:7b:32:49:
71:ac:07:d0:97:4e:5c:f9:23:80:cd:bd:e5:14:73:
4f:4f:90:f4:51:39:92:b0:16:4c:aa:f8:81:d3:b3:
cc:42:10:20:95:57:12:6d:85:e9:45:bc:5a:7f:b7:
6a:ea:b7:11:9e:ac:38:44:b7:13:81:dc:8b:64:1b:
5d:c7:a5:c5:6d:71:ed:f3:3e:4f:30:61:d8:85:00:
ec:4a:68:5f:3e:10:6f:59:ee:48:49:a2:8e:bf:43:
56:ad:21:90:8e:cd:de:7c:12:72:72:9d:9b:6a:b6:
9a:71:2b:40:5c:99:29:01:d7:84:ad:2f:e2:da:80:
1b:6e:b4:9f:2f:21:6b:19:92:3a:68:5e:e4:bb:ee:
2a:99:9c:1d:cb:31:a4:14:d5:b3:82:c3:40:73:e1:
34:74:2c:94:59:a9:fa:b5:e4:39:cf:eb:4c:a0:be:
34:1d:d2:62:6d:90:5a:59:c0:51:c9:1a:6f:eb:0d:
3a:f7:4f:f3:e3:82:0c:2a:28:d7:e5:ed:d4:79:01:
84:3f:a0:b6:26:e5:21:aa:3b:3d:30:9e:65:0d:c7:
dc:1f:a8:0d:ec:45:78:06:37:93:21:91:a7:98:03:
55:4a:aa:72:8e:de:11:56:81:1c:cf:45:79:76:d5:
27:8f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
28:88:17:9B:27:CB:FB:7E:56:24:1B:88:0E:A3:F8:D5:55:98:F2:93
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/a37b3e49-cec5-4def-b3ef-5356277d82ab.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d038:1000::/40
Signature Algorithm: sha256WithRSAEncryption
bb:b0:a1:fe:c7:b5:a7:d7:76:8b:9c:6b:51:7b:f5:25:46:c1:
7b:5a:e2:6e:a5:e9:26:1c:b0:83:1d:09:bd:2d:06:8e:ad:3d:
a1:36:42:f9:c7:d8:98:4c:e5:a1:8f:3f:b3:7c:e1:35:93:2e:
15:25:16:66:ec:c2:29:60:b0:39:1b:29:6c:ff:7d:4d:18:d8:
65:25:ee:3a:ff:c4:9c:fe:ce:a0:be:fb:fe:92:4d:c3:42:1c:
9f:14:1a:4b:98:d8:67:aa:e0:1c:80:fd:97:ab:15:90:18:5c:
3e:ee:4b:ae:d6:f9:96:e6:bb:55:49:e8:bd:3f:70:d2:d4:fc:
27:66:ab:e1:b7:f6:69:fb:64:aa:69:9f:91:36:09:ca:c2:86:
ff:c1:79:1a:cc:fb:62:9b:9c:19:fc:c6:36:4e:b3:1e:20:1c:
10:c6:1f:e6:8c:69:94:51:67:c9:f3:9e:4a:8d:c8:9d:91:fd:
7e:bf:2e:cb:18:84:e4:b1:37:a2:6f:b6:30:64:15:b1:db:dd:
97:ca:e5:d4:18:95:e6:78:42:9b:34:5e:0e:28:b8:95:39:7c:
7f:3c:44:7f:aa:10:75:6a:a1:1a:d5:8a:05:b4:f4:d3:11:de:
e4:a5:0f:b6:b9:36:51:fe:1d:52:d7:7f:f9:67:3e:7a:10:18:
25:a4:30:f4
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUcUnr2E/4QfU0928L59ISS5+HK/owDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNjAyMjgwNjIxMjdaFw0yNjA1MjkyMzU5NTlaMHoxSTBHBgNV
BAUTQDlkZDdkMmE3MTE0NzI4ZDA3ZTZhMWU4YjNkODhiMTgzZWU2MmQ4MzNlMWRl
Nzc2ZjEyY2Q1ZDViYzM4NWMyZDUxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANUzIVWc8pZrimPqezJJcawH0JdOXPkjgM295RRzT0+Q9FE5krAWTKr4gdOz
zEIQIJVXEm2F6UW8Wn+3auq3EZ6sOES3E4Hci2QbXcelxW1x7fM+TzBh2IUA7Epo
Xz4Qb1nuSEmijr9DVq0hkI7N3nwScnKdm2q2mnErQFyZKQHXhK0v4tqAG260ny8h
axmSOmhe5LvuKpmcHcsxpBTVs4LDQHPhNHQslFmp+rXkOc/rTKC+NB3SYm2QWlnA
Uckab+sNOvdP8+OCDCoo1+Xt1HkBhD+gtiblIao7PTCeZQ3H3B+oDexFeAY3kyGR
p5gDVUqqco7eEVaBHM9FeXbVJ48CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBQoiBeb
J8v7flYkG4gOo/jVVZjykzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
YTM3YjNlNDktY2VjNS00ZGVmLWIzZWYtNTM1NjI3N2Q4MmFiLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0DgQ
MA0GCSqGSIb3DQEBCwUAA4IBAQC7sKH+x7Wn13aLnGtRe/UlRsF7WuJupekmHLCD
HQm9LQaOrT2hNkL5x9iYTOWhjz+zfOE1ky4VJRZm7MIpYLA5Gyls/31NGNhlJe46
/8Sc/s6gvvv+kk3DQhyfFBpLmNhnquAcgP2XqxWQGFw+7kuu1vmW5rtVSei9P3DS
1PwnZqvht/Zp+2SqaZ+RNgnKwob/wXkazPtim5wZ/MY2TrMeIBwQxh/mjGmUUWfJ
855Kjcidkf1+vy7LGITksTeib7YwZBWx292XyuXUGJXmeEKbNF4OKLiVOXx/PER/
qhB1aqEa1YoFtPTTEd7kpQ+2uTZR/h1S13/5Zz56EBglpDD0
-----END CERTIFICATE-----
Generated at Sun Mar 1 21:46:45 2026 by rpki-client