Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/acaa599d-041d-4181-81eb-d1fa213089e1.roa
File: acaa599d-041d-4181-81eb-d1fa213089e1.roa (raw, json)
Hash identifier: vnChofgn2uxUdmEnGlYf+VyYtgdoWyGKcGYbpXxJX1A=
Subject key identifier: 29:88:95:A2:70:6B:9D:FF:9C:EA:C2:D6:68:41:64:B4:96:B7:45:69
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 6516FEB53DE6C1F178D9FA1114B212890E635BC6
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/acaa599d-041d-4181-81eb-d1fa213089e1.roa
Signing time: Fri 13 Feb 2026 15:20:09 +0000
ROA not before: Fri 13 Feb 2026 15:20:09 +0000
ROA not after: Thu 14 May 2026 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d073:2080::/46 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 15:00:27 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
65:16:fe:b5:3d:e6:c1:f1:78:d9:fa:11:14:b2:12:89:0e:63:5b:c6
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Feb 13 15:20:09 2026 GMT
Not After : May 14 23:59:59 2026 GMT
Subject: serialNumber=aefffeb6ecbb2e6b5327144290bbc5bdb66aec7196615dace7f208d8de5b8c6c, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:be:61:22:6a:19:07:ee:c4:a3:da:3f:d0:c2:e2:
83:69:64:d8:e5:df:01:4b:9b:de:90:27:be:a8:5e:
53:a1:c0:b2:a8:4d:08:71:56:17:37:30:6b:d6:77:
61:84:86:1a:32:4f:71:94:8f:56:3c:89:c2:a9:51:
55:a8:49:42:f1:dd:0e:9d:9d:dd:0a:43:b5:8b:72:
47:39:14:68:45:0b:57:30:1f:e5:bd:5e:be:80:49:
84:5e:6c:b9:8a:91:e5:e2:a9:20:91:d6:f8:68:96:
37:1b:8e:86:2a:b0:ed:0c:59:3a:c0:25:24:79:7a:
bf:bd:a2:f2:bb:56:86:42:c4:97:e0:76:f6:14:e0:
38:eb:f3:95:b6:06:db:12:e4:df:c1:10:48:fc:62:
74:17:05:92:dd:d3:68:a8:dd:ea:a7:3d:d6:ed:96:
e4:c2:42:61:6b:74:9d:27:93:41:49:99:a0:7a:ff:
25:f4:13:fa:5d:15:be:bc:76:54:b8:3c:d2:5d:4d:
49:1e:da:9f:69:d4:d0:94:cb:27:73:0d:12:9d:21:
9d:5e:44:75:c5:57:bd:5b:ea:62:97:58:29:2b:b0:
66:91:c5:9c:4f:8a:7c:43:53:d4:1d:13:40:3e:cf:
ae:6c:ef:d2:f8:23:5f:11:ff:10:be:33:97:b6:a2:
31:67
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
29:88:95:A2:70:6B:9D:FF:9C:EA:C2:D6:68:41:64:B4:96:B7:45:69
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/acaa599d-041d-4181-81eb-d1fa213089e1.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d073:2080::/46
Signature Algorithm: sha256WithRSAEncryption
ba:53:97:a3:4f:39:ae:23:32:0a:58:57:45:94:cf:e4:36:ed:
ae:c8:49:b1:75:ed:89:24:f7:f4:a6:e8:8f:cd:87:d8:22:a6:
f3:4c:a3:65:d3:3e:28:a1:fa:36:1b:5b:62:bb:50:4e:1b:63:
87:1a:a0:3b:8c:05:50:94:75:d9:85:7e:77:00:59:8d:81:c7:
31:6f:34:51:58:f1:13:94:76:5b:43:66:26:32:99:58:0b:f0:
32:40:1b:9d:2b:6b:26:19:77:89:9e:3a:d2:a8:46:a3:aa:df:
20:43:74:59:74:26:5b:29:e8:b2:0c:c2:a5:bb:8e:a1:b4:41:
e6:7f:9a:ec:2b:fa:e7:68:f0:2f:96:9e:b2:7b:af:2d:71:4f:
44:e1:2a:9e:5f:58:a8:5b:60:31:b0:62:d5:19:0d:00:59:69:
6f:5e:7b:0c:c4:3c:9e:a1:7e:5e:01:ab:e9:0c:00:63:85:7d:
74:07:f8:58:14:01:94:fa:4b:8d:e6:f5:6e:97:e7:16:22:57:
17:35:ac:da:7b:99:d7:99:fe:c0:28:4d:fa:5c:5b:14:ea:c3:
d4:ae:5d:51:bd:97:1e:9c:41:07:6a:3d:e4:5f:08:49:ba:b7:
15:00:7b:67:83:33:4a:dc:47:e6:32:fd:6c:b7:7e:27:82:25:
87:fb:f9:f2
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUZRb+tT3mwfF42foRFLISiQ5jW8YwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNjAyMTMxNTIwMDlaFw0yNjA1MTQyMzU5NTlaMHoxSTBHBgNV
BAUTQGFlZmZmZWI2ZWNiYjJlNmI1MzI3MTQ0MjkwYmJjNWJkYjY2YWVjNzE5NjYx
NWRhY2U3ZjIwOGQ4ZGU1YjhjNmMxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAL5hImoZB+7Eo9o/0MLig2lk2OXfAUub3pAnvqheU6HAsqhNCHFWFzcwa9Z3
YYSGGjJPcZSPVjyJwqlRVahJQvHdDp2d3QpDtYtyRzkUaEULVzAf5b1evoBJhF5s
uYqR5eKpIJHW+GiWNxuOhiqw7QxZOsAlJHl6v72i8rtWhkLEl+B29hTgOOvzlbYG
2xLk38EQSPxidBcFkt3TaKjd6qc91u2W5MJCYWt0nSeTQUmZoHr/JfQT+l0Vvrx2
VLg80l1NSR7an2nU0JTLJ3MNEp0hnV5EdcVXvVvqYpdYKSuwZpHFnE+KfENT1B0T
QD7Prmzv0vgjXxH/EL4zl7aiMWcCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBQpiJWi
cGud/5zqwtZoQWS0lrdFaTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
YWNhYTU5OWQtMDQxZC00MTgxLTgxZWItZDFmYTIxMzA4OWUxLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHAioF0HMg
gDANBgkqhkiG9w0BAQsFAAOCAQEAulOXo085riMyClhXRZTP5DbtrshJsXXtiST3
9Kboj82H2CKm80yjZdM+KKH6NhtbYrtQThtjhxqgO4wFUJR12YV+dwBZjYHHMW80
UVjxE5R2W0NmJjKZWAvwMkAbnStrJhl3iZ460qhGo6rfIEN0WXQmWynosgzCpbuO
obRB5n+a7Cv652jwL5aesnuvLXFPROEqnl9YqFtgMbBi1RkNAFlpb157DMQ8nqF+
XgGr6QwAY4V9dAf4WBQBlPpLjeb1bpfnFiJXFzWs2nuZ15n+wChN+lxbFOrD1K5d
Ub2XHpxBB2o95F8ISbq3FQB7Z4MzStxH5jL9bLd+J4Ilh/v58g==
-----END CERTIFICATE-----
Generated at Sun Mar 1 21:44:55 2026 by rpki-client