Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/a626735f-cb4b-4dff-992e-95390a4e2eea.roa
File: a626735f-cb4b-4dff-992e-95390a4e2eea.roa (raw, json)
Hash identifier: zZDZEdPl6IYx02hqGXiMjBhZ+DmaDhfgJ8iqmXmn17E=
Subject key identifier: D3:A3:A9:2E:1D:53:1B:E1:C2:21:8D:AD:8A:5F:FE:73:4D:AD:4F:BC
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 6DB30DDF852DA99C89B40F0F687B14B28012EFA5
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/a626735f-cb4b-4dff-992e-95390a4e2eea.roa
Signing time: Sat 28 Feb 2026 05:10:12 +0000
ROA not before: Sat 28 Feb 2026 05:10:12 +0000
ROA not after: Fri 29 May 2026 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d059:2000::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 15:00:27 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
6d:b3:0d:df:85:2d:a9:9c:89:b4:0f:0f:68:7b:14:b2:80:12:ef:a5
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Feb 28 05:10:12 2026 GMT
Not After : May 29 23:59:59 2026 GMT
Subject: serialNumber=42ceca9aa2cfd0e443d2986e0387a69b16db959834099ad12281facfb0b84d5c, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a5:ab:d7:ae:f5:25:76:2b:45:8d:82:75:27:13:
57:92:07:47:81:41:10:79:1f:c6:56:4e:b8:db:3e:
6b:ec:f1:90:08:99:60:da:c7:42:77:fc:b6:d9:d1:
a1:4b:f1:ae:1d:38:bc:5f:7f:67:5c:65:3f:20:ef:
bd:05:68:87:a4:bc:86:fc:2f:22:f3:25:b6:92:b9:
9f:b4:0b:cc:4d:44:f5:47:4a:00:59:85:36:2b:a8:
8f:47:e4:eb:ee:6b:ec:84:d1:cc:7f:cc:67:93:2c:
b3:7b:a2:e5:66:04:ec:82:53:c9:61:d3:a4:16:2b:
bb:5f:e4:df:2a:14:91:db:01:df:5e:54:5d:ee:41:
9f:cb:f0:3e:df:c9:85:d4:d5:fa:f9:38:0a:79:64:
6b:b7:a4:fb:32:00:23:94:14:2d:d6:3b:72:15:0f:
72:d2:4e:58:0d:bf:aa:6f:28:19:28:95:b3:63:db:
cd:68:c4:e6:46:86:ea:28:89:e7:2d:7c:43:fc:86:
63:23:15:31:47:71:9f:10:b3:8b:6b:b4:0b:77:83:
14:aa:6a:47:22:f8:0c:b3:3d:25:03:6e:42:19:37:
92:16:97:a2:05:a6:f2:53:78:df:35:2c:76:86:33:
96:a8:3b:21:71:bb:90:f6:ab:99:d6:50:8c:8e:65:
c5:db
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D3:A3:A9:2E:1D:53:1B:E1:C2:21:8D:AD:8A:5F:FE:73:4D:AD:4F:BC
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/a626735f-cb4b-4dff-992e-95390a4e2eea.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d059:2000::/40
Signature Algorithm: sha256WithRSAEncryption
37:7d:f2:a0:ee:89:0c:fc:6a:57:6f:3c:68:a9:7e:f2:28:98:
06:7f:68:eb:44:76:83:4e:0d:11:41:22:eb:b7:cb:00:bb:7a:
ec:1c:8d:0a:84:ea:8e:d8:08:c6:8c:22:96:30:57:a8:8b:91:
5d:d6:6c:59:67:ba:b8:9e:6c:9b:62:69:94:65:3a:40:59:a8:
1b:99:15:20:2d:9a:ca:67:b1:30:c0:62:85:28:9c:7d:19:0d:
ea:ae:99:76:27:0c:59:d2:0d:72:be:6d:87:27:00:d0:2c:b8:
54:b3:d1:dd:b1:a1:0c:d6:b9:e7:a3:5d:a2:bd:6d:35:d8:3b:
85:99:4b:94:38:d1:a1:81:da:9a:e3:3a:a6:ce:88:18:e7:3f:
67:55:d7:c7:1e:52:b5:6d:26:e3:33:69:8f:81:51:9f:18:e9:
f6:2d:d1:db:9c:a5:42:5b:88:f5:f8:ab:f5:df:cd:fb:3e:b8:
21:2b:9b:76:70:dd:3c:70:b5:84:6a:20:a5:f0:90:51:fb:fe:
0b:83:b0:f3:ca:a9:55:6f:79:c0:dd:ce:5c:70:d4:a9:9d:d1:
9d:f0:29:9b:10:62:be:3b:ea:4d:ce:77:1f:ec:5f:43:8a:6e:
62:70:56:99:9b:d2:b9:fd:a9:ec:7f:cb:0a:67:9c:a0:f4:4c:
98:e0:fd:bf
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUbbMN34UtqZyJtA8PaHsUsoAS76UwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNjAyMjgwNTEwMTJaFw0yNjA1MjkyMzU5NTlaMHoxSTBHBgNV
BAUTQDQyY2VjYTlhYTJjZmQwZTQ0M2QyOTg2ZTAzODdhNjliMTZkYjk1OTgzNDA5
OWFkMTIyODFmYWNmYjBiODRkNWMxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKWr1671JXYrRY2CdScTV5IHR4FBEHkfxlZOuNs+a+zxkAiZYNrHQnf8ttnR
oUvxrh04vF9/Z1xlPyDvvQVoh6S8hvwvIvMltpK5n7QLzE1E9UdKAFmFNiuoj0fk
6+5r7ITRzH/MZ5Mss3ui5WYE7IJTyWHTpBYru1/k3yoUkdsB315UXe5Bn8vwPt/J
hdTV+vk4Cnlka7ek+zIAI5QULdY7chUPctJOWA2/qm8oGSiVs2PbzWjE5kaG6iiJ
5y18Q/yGYyMVMUdxnxCzi2u0C3eDFKpqRyL4DLM9JQNuQhk3khaXogWm8lN43zUs
doYzlqg7IXG7kParmdZQjI5lxdsCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBTTo6ku
HVMb4cIhja2KX/5zTa1PvDAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
YTYyNjczNWYtY2I0Yi00ZGZmLTk5MmUtOTUzOTBhNGUyZWVhLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0Fkg
MA0GCSqGSIb3DQEBCwUAA4IBAQA3ffKg7okM/GpXbzxoqX7yKJgGf2jrRHaDTg0R
QSLrt8sAu3rsHI0KhOqO2AjGjCKWMFeoi5Fd1mxZZ7q4nmybYmmUZTpAWagbmRUg
LZrKZ7EwwGKFKJx9GQ3qrpl2JwxZ0g1yvm2HJwDQLLhUs9HdsaEM1rnno12ivW01
2DuFmUuUONGhgdqa4zqmzogY5z9nVdfHHlK1bSbjM2mPgVGfGOn2LdHbnKVCW4j1
+Kv13837PrghK5t2cN08cLWEaiCl8JBR+/4Lg7DzyqlVb3nA3c5ccNSpndGd8Cmb
EGK+O+pNzncf7F9Dim5icFaZm9K5/ansf8sKZ5yg9EyY4P2/
-----END CERTIFICATE-----
Generated at Sun Mar 1 23:20:43 2026 by rpki-client