Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/a72cbea9-100c-4974-8211-87debb0f6fbd.roa
File: a72cbea9-100c-4974-8211-87debb0f6fbd.roa (raw, json)
Hash identifier: RWfWmxKN/VPp5llfsrU2uXIsaG1zIXqv3vZXDScmsAw=
Subject key identifier: EF:DF:D1:E0:6A:AC:B0:50:07:98:AC:86:E0:64:17:89:D2:67:D9:EB
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 645E06D6CCAC14623631F5733E79C5BE07E3A71B
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/a72cbea9-100c-4974-8211-87debb0f6fbd.roa
Signing time: Sat 28 Feb 2026 05:10:14 +0000
ROA not before: Sat 28 Feb 2026 05:10:14 +0000
ROA not after: Fri 29 May 2026 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d059:8000::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 15:00:27 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
64:5e:06:d6:cc:ac:14:62:36:31:f5:73:3e:79:c5:be:07:e3:a7:1b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Feb 28 05:10:14 2026 GMT
Not After : May 29 23:59:59 2026 GMT
Subject: serialNumber=1f3fb93ed8fc33fceee785dd1b3357fc5277c282d0bceaaada31edc729592378, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8a:f3:0c:0c:c3:29:a7:28:e0:ed:e5:50:0f:8c:
ea:66:d1:60:0d:81:5d:f4:5b:4c:c6:72:9f:9f:e4:
d9:c7:b4:16:80:fa:38:65:89:d6:f6:f6:07:a2:d7:
48:6c:4c:28:d9:ed:8e:10:bd:a0:cf:d9:85:84:b7:
7e:9b:b2:38:b0:1d:33:1d:0d:76:fa:23:f6:f8:1e:
22:c1:53:2c:84:a4:9a:05:37:c7:07:3f:41:eb:52:
4f:94:30:29:5f:2e:8b:f7:8c:04:a9:e4:ff:8b:51:
6e:41:5f:df:ba:ca:0b:b1:09:47:c6:db:2f:1c:dd:
d6:cc:2c:dd:51:c3:4c:bc:23:29:be:0a:29:52:b1:
84:b1:76:25:81:4d:53:78:e7:39:3a:fc:03:34:a3:
bf:8f:2c:77:5b:34:6f:f1:6c:21:7c:b0:3f:82:b6:
68:34:f3:db:d7:0e:da:ca:83:68:53:b1:db:de:fc:
0e:26:1e:25:51:42:c7:39:9f:5a:ff:6e:8b:8c:97:
3b:02:a6:f9:78:b7:bf:54:3d:cd:a3:5e:7f:2b:8c:
24:84:4d:4c:10:b8:05:c0:fc:d7:d7:c2:98:28:0a:
b9:18:d4:2b:bf:c9:e0:a4:3a:7e:9e:95:ea:3a:20:
88:81:3f:16:a1:24:3e:f2:17:a3:53:86:e5:7c:b7:
9c:c9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
EF:DF:D1:E0:6A:AC:B0:50:07:98:AC:86:E0:64:17:89:D2:67:D9:EB
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/a72cbea9-100c-4974-8211-87debb0f6fbd.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d059:8000::/40
Signature Algorithm: sha256WithRSAEncryption
c2:81:ad:13:40:a2:ac:fb:60:4f:69:0f:30:2d:69:ff:16:a7:
3e:90:90:ef:a7:90:8a:be:67:5f:f2:01:15:8c:9c:07:1e:1f:
e5:42:7b:78:9d:06:31:12:03:0c:25:6a:90:6e:85:a4:b8:54:
4f:d8:1c:22:7b:53:fd:e3:ff:d3:7c:30:58:42:44:55:0f:29:
01:e9:64:68:2d:c9:e0:e2:b1:fc:c9:cb:09:4a:00:ec:e5:c0:
90:dd:d3:b3:5e:d7:fc:5b:c3:94:b4:2c:b9:91:a8:ba:fd:50:
8a:83:ed:18:61:16:62:e5:2d:66:1e:d4:bd:b6:e0:2e:61:95:
27:53:15:ee:98:90:9c:d6:de:d8:77:98:ae:5e:30:39:16:0e:
0c:22:6f:bf:9f:4a:b1:58:8d:af:3c:73:49:3a:de:ba:e6:31:
36:f2:db:46:c1:4f:e4:46:19:28:8c:51:98:64:4b:a5:b5:e4:
0b:4a:dd:a8:d1:78:b8:93:d0:72:42:c6:cd:4b:1e:f2:65:1f:
cb:0c:3e:08:b7:66:a3:06:26:4c:64:d2:d0:08:d2:52:94:79:
58:46:84:82:56:27:d1:8d:6d:e5:dd:48:0d:c1:fd:6b:9a:49:
ec:bb:a2:84:8e:11:7e:13:8b:6e:95:0a:6f:b4:a9:66:e5:bc:
a9:84:3f:03
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUZF4G1sysFGI2MfVzPnnFvgfjpxswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNjAyMjgwNTEwMTRaFw0yNjA1MjkyMzU5NTlaMHoxSTBHBgNV
BAUTQDFmM2ZiOTNlZDhmYzMzZmNlZWU3ODVkZDFiMzM1N2ZjNTI3N2MyODJkMGJj
ZWFhYWRhMzFlZGM3Mjk1OTIzNzgxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAIrzDAzDKaco4O3lUA+M6mbRYA2BXfRbTMZyn5/k2ce0FoD6OGWJ1vb2B6LX
SGxMKNntjhC9oM/ZhYS3fpuyOLAdMx0Ndvoj9vgeIsFTLISkmgU3xwc/QetST5Qw
KV8ui/eMBKnk/4tRbkFf37rKC7EJR8bbLxzd1sws3VHDTLwjKb4KKVKxhLF2JYFN
U3jnOTr8AzSjv48sd1s0b/FsIXywP4K2aDTz29cO2sqDaFOx2978DiYeJVFCxzmf
Wv9ui4yXOwKm+Xi3v1Q9zaNefyuMJIRNTBC4BcD819fCmCgKuRjUK7/J4KQ6fp6V
6jogiIE/FqEkPvIXo1OG5Xy3nMkCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBTv39Hg
aqywUAeYrIbgZBeJ0mfZ6zAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
YTcyY2JlYTktMTAwYy00OTc0LTgyMTEtODdkZWJiMGY2ZmJkLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0FmA
MA0GCSqGSIb3DQEBCwUAA4IBAQDCga0TQKKs+2BPaQ8wLWn/Fqc+kJDvp5CKvmdf
8gEVjJwHHh/lQnt4nQYxEgMMJWqQboWkuFRP2Bwie1P94//TfDBYQkRVDykB6WRo
Lcng4rH8ycsJSgDs5cCQ3dOzXtf8W8OUtCy5kai6/VCKg+0YYRZi5S1mHtS9tuAu
YZUnUxXumJCc1t7Yd5iuXjA5Fg4MIm+/n0qxWI2vPHNJOt665jE28ttGwU/kRhko
jFGYZEulteQLSt2o0Xi4k9ByQsbNSx7yZR/LDD4It2ajBiZMZNLQCNJSlHlYRoSC
VifRjW3l3UgNwf1rmknsu6KEjhF+E4tulQpvtKlm5byphD8D
-----END CERTIFICATE-----
Generated at Sun Mar 1 21:49:33 2026 by rpki-client