Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/a7031a07-12ba-45f8-a53b-6bd5b713c999.roa
File: a7031a07-12ba-45f8-a53b-6bd5b713c999.roa (raw, json)
Hash identifier: rGMcc7d8mr7fy7TjzsJfxEpcfa7v9ap3qE+Gad4inzs=
Subject key identifier: 2E:92:8F:34:25:D7:9B:F0:3F:F9:C8:63:D8:44:54:3E:1D:7C:6E:88
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 16E589018C86CE8542B70CF1CDFBC224686BC553
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/a7031a07-12ba-45f8-a53b-6bd5b713c999.roa
Signing time: Sat 28 Feb 2026 05:20:44 +0000
ROA not before: Sat 28 Feb 2026 05:20:44 +0000
ROA not after: Fri 29 May 2026 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d01a:400::/38 maxlen: 38
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 15:00:27 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
16:e5:89:01:8c:86:ce:85:42:b7:0c:f1:cd:fb:c2:24:68:6b:c5:53
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Feb 28 05:20:44 2026 GMT
Not After : May 29 23:59:59 2026 GMT
Subject: serialNumber=f2da88799724bc3da99e6d1b378f153c98f1356dfb2c69cf33c45e107befdfa9, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:94:aa:fd:e5:ae:8c:64:0e:59:05:7f:18:cb:40:
38:5d:28:de:9e:e4:14:ec:9b:db:f9:a8:ae:88:f6:
9a:88:20:9d:b9:c9:97:17:3b:3f:0a:5e:21:90:71:
7f:61:c2:31:0f:8e:c7:a6:1c:cc:64:a9:c1:11:cf:
68:bc:8c:29:92:e0:08:a3:e0:f3:df:dd:a7:ae:59:
19:6e:85:36:b3:ec:57:61:50:f9:a3:6d:84:1e:57:
33:c5:c2:3e:e8:bc:94:37:52:4f:19:2e:ce:ba:f1:
8c:f0:92:e9:e8:58:de:a8:7b:9b:14:33:98:a9:6c:
59:96:99:fe:34:ac:19:17:69:55:ce:b4:02:ec:ee:
64:03:6e:27:a1:29:ac:a3:bb:85:ce:26:2e:52:8c:
d6:36:cf:fb:4d:9c:97:51:40:c6:24:ba:96:f7:5f:
de:36:60:7e:59:92:a4:74:2d:4c:6c:2b:c7:88:5b:
a7:a0:a0:ba:bd:c5:b7:98:73:56:85:6c:b3:b2:07:
0e:b4:ef:9a:fa:b7:78:4a:45:94:82:9c:a4:63:77:
37:fd:5a:71:a9:06:2e:3c:9b:91:80:cb:ea:c8:ba:
fd:fa:b1:79:d9:03:dc:1c:de:b9:6c:21:10:4b:bc:
8a:c8:d4:60:6f:9f:19:e5:18:05:96:5c:b0:35:17:
3b:57
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2E:92:8F:34:25:D7:9B:F0:3F:F9:C8:63:D8:44:54:3E:1D:7C:6E:88
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/a7031a07-12ba-45f8-a53b-6bd5b713c999.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d01a:400::/38
Signature Algorithm: sha256WithRSAEncryption
5e:34:1e:8e:fe:e2:0a:7f:16:76:a9:1c:99:89:55:88:e4:92:
5a:3f:f1:36:8d:ed:c0:a8:6f:89:1f:56:9c:a4:57:a0:20:ea:
91:27:74:73:e9:a1:90:e9:3e:19:87:8a:56:51:8f:af:5f:16:
16:2a:22:6e:6a:f6:e2:b3:ae:62:5a:0f:d6:df:05:2b:86:75:
6a:5e:d7:79:b3:66:1c:d8:56:62:b5:78:21:6f:9e:5f:51:70:
cb:8a:63:7a:85:ad:7b:08:e3:9a:b5:e8:40:6f:35:56:9b:03:
55:30:f6:7a:42:c4:f5:fb:9e:fa:e6:00:44:9d:e9:45:f0:5e:
d6:bc:2a:16:58:3e:24:30:b0:72:3e:19:b8:74:70:b2:99:88:
cf:f5:19:52:ae:0c:9a:7f:87:5d:4a:a7:be:ba:65:a3:27:90:
2d:be:4f:63:67:f7:ba:5a:4f:42:b8:8e:ec:f4:03:53:55:18:
af:01:c6:b6:a6:41:ab:eb:dc:72:b3:95:df:8b:3c:5e:db:e5:
f7:b1:c9:6a:42:51:2c:7d:8a:89:2e:6a:85:8c:6d:d3:98:fa:
49:6b:e5:48:00:8d:fb:b8:02:94:fa:b9:ad:2a:1d:8a:df:9e:
d5:12:f1:6b:c7:bf:bf:11:4a:30:f9:0f:a9:6b:9c:6c:94:0d:
67:ab:6e:2c
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUFuWJAYyGzoVCtwzxzfvCJGhrxVMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNjAyMjgwNTIwNDRaFw0yNjA1MjkyMzU5NTlaMHoxSTBHBgNV
BAUTQGYyZGE4ODc5OTcyNGJjM2RhOTllNmQxYjM3OGYxNTNjOThmMTM1NmRmYjJj
NjljZjMzYzQ1ZTEwN2JlZmRmYTkxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJSq/eWujGQOWQV/GMtAOF0o3p7kFOyb2/moroj2moggnbnJlxc7PwpeIZBx
f2HCMQ+Ox6YczGSpwRHPaLyMKZLgCKPg89/dp65ZGW6FNrPsV2FQ+aNthB5XM8XC
Pui8lDdSTxkuzrrxjPCS6ehY3qh7mxQzmKlsWZaZ/jSsGRdpVc60AuzuZANuJ6Ep
rKO7hc4mLlKM1jbP+02cl1FAxiS6lvdf3jZgflmSpHQtTGwrx4hbp6Cgur3Ft5hz
VoVss7IHDrTvmvq3eEpFlIKcpGN3N/1acakGLjybkYDL6si6/fqxedkD3BzeuWwh
EEu8isjUYG+fGeUYBZZcsDUXO1cCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBQuko80
Jdeb8D/5yGPYRFQ+HXxuiDAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
YTcwMzFhMDctMTJiYS00NWY4LWE1M2ItNmJkNWI3MTNjOTk5LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGAioF0BoE
MA0GCSqGSIb3DQEBCwUAA4IBAQBeNB6O/uIKfxZ2qRyZiVWI5JJaP/E2je3AqG+J
H1acpFegIOqRJ3Rz6aGQ6T4Zh4pWUY+vXxYWKiJuavbis65iWg/W3wUrhnVqXtd5
s2Yc2FZitXghb55fUXDLimN6ha17COOatehAbzVWmwNVMPZ6QsT1+5765gBEnelF
8F7WvCoWWD4kMLByPhm4dHCymYjP9RlSrgyaf4ddSqe+umWjJ5Atvk9jZ/e6Wk9C
uI7s9ANTVRivAca2pkGr69xys5Xfizxe2+X3sclqQlEsfYqJLmqFjG3TmPpJa+VI
AI37uAKU+rmtKh2K357VEvFrx7+/EUow+Q+pa5xslA1nq24s
-----END CERTIFICATE-----
Generated at Sun Mar 1 23:50:57 2026 by rpki-client