Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/ad363c67-ff83-46aa-9474-de02e382946b.roa
File: ad363c67-ff83-46aa-9474-de02e382946b.roa (raw, json)
Hash identifier: 5kmaNutc5hCdftUjLFSWSyzvEFp/JxoN7AuVvB3vK6s=
Subject key identifier: B2:2C:38:61:EB:B7:18:BA:AB:E5:6B:BD:92:60:B9:26:2C:8C:04:D6
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 0B0A3C4D7DA36022C62C6196F60E0574356456D4
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/ad363c67-ff83-46aa-9474-de02e382946b.roa
Signing time: Sat 28 Feb 2026 05:40:49 +0000
ROA not before: Sat 28 Feb 2026 05:40:49 +0000
ROA not after: Fri 29 May 2026 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d071:b000::/40 maxlen: 40
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 18:00:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
0b:0a:3c:4d:7d:a3:60:22:c6:2c:61:96:f6:0e:05:74:35:64:56:d4
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Feb 28 05:40:49 2026 GMT
Not After : May 29 23:59:59 2026 GMT
Subject: serialNumber=094d4b4a4045236cde3291ccf32b84200ba0bf633361d45e522e89f8dbe64355, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:88:2b:37:f4:08:07:55:cc:45:57:18:87:2b:d2:
3e:32:3c:94:26:b9:47:b5:2f:a6:8b:6d:df:e7:37:
29:27:ae:3a:7b:de:c0:6d:9f:3d:c5:bf:72:a0:f4:
eb:e6:31:e6:92:98:8a:88:c6:34:62:f7:bf:4e:75:
39:9b:68:af:bb:70:f9:63:10:f6:77:ce:67:58:4f:
11:96:10:11:51:bc:b8:e9:87:36:72:bc:b8:8e:64:
81:9b:ff:d3:1b:9e:af:0a:4e:e3:cc:b6:1a:db:46:
d3:75:fd:03:50:73:bf:5e:8a:4f:22:cc:cb:fa:01:
e0:f0:34:7b:0b:cb:d2:63:c1:80:2c:33:99:9b:00:
85:26:6a:ca:64:e9:f8:92:58:26:83:ce:0a:dd:6e:
3a:69:74:6a:98:1b:d9:d1:6c:77:2d:79:61:9e:9f:
25:ae:1e:c6:cb:39:96:95:ff:86:bb:a7:43:40:76:
f6:d3:12:02:fe:8b:6b:6d:d2:3e:fb:12:31:c4:f4:
04:ae:86:c0:b9:55:e3:66:15:2b:92:74:b9:24:0a:
7c:36:7b:5e:c2:20:9b:e6:58:1a:d7:42:f2:80:f4:
19:20:a6:b6:ee:f2:7f:c6:51:13:49:59:db:bf:5a:
7c:e1:c1:87:79:4f:a9:1d:25:7d:64:fa:2d:52:7b:
12:11
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B2:2C:38:61:EB:B7:18:BA:AB:E5:6B:BD:92:60:B9:26:2C:8C:04:D6
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/ad363c67-ff83-46aa-9474-de02e382946b.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d071:b000::/40
Signature Algorithm: sha256WithRSAEncryption
08:c1:4a:74:69:37:44:31:1d:76:8b:3f:65:69:e9:39:2e:46:
52:aa:62:56:65:58:1e:c3:b0:2c:f1:7f:f6:63:91:9a:f7:c9:
b0:5f:9e:0c:85:35:03:7c:54:1a:8f:d4:d0:d1:b7:f1:a6:7b:
38:f7:61:54:5c:93:01:7b:56:32:5a:35:ee:c1:4d:5f:11:98:
68:df:c8:d0:28:e3:38:0c:46:fb:df:43:15:7b:77:88:ee:a4:
cd:f1:71:60:e7:4a:1b:a4:cb:fe:e0:78:46:6d:e3:6a:53:80:
3c:49:ca:1a:c7:db:02:ee:00:40:aa:cb:5b:a6:0d:28:36:da:
4a:9d:55:e1:78:35:ce:2d:42:02:ce:77:38:be:3d:7b:dd:6f:
72:99:1f:27:58:72:59:4f:32:b2:4b:a8:11:f1:5d:34:64:2e:
e8:04:39:23:b1:67:65:6b:e8:41:79:9d:46:50:49:c7:68:a5:
99:7c:b6:90:03:67:c4:32:61:67:6a:e9:89:93:b3:52:77:fc:
cf:14:f4:9f:17:cb:a3:a0:b4:4e:66:bf:b7:40:08:c3:ae:02:
a3:34:7c:36:a7:32:36:26:31:be:ee:93:b0:4e:50:4a:78:6b:
41:c6:c8:b0:06:32:3b:3e:db:a2:0b:78:97:3c:1e:63:80:72:
fd:fe:dc:8f
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUCwo8TX2jYCLGLGGW9g4FdDVkVtQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNjAyMjgwNTQwNDlaFw0yNjA1MjkyMzU5NTlaMHoxSTBHBgNV
BAUTQDA5NGQ0YjRhNDA0NTIzNmNkZTMyOTFjY2YzMmI4NDIwMGJhMGJmNjMzMzYx
ZDQ1ZTUyMmU4OWY4ZGJlNjQzNTUxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAIgrN/QIB1XMRVcYhyvSPjI8lCa5R7Uvpott3+c3KSeuOnvewG2fPcW/cqD0
6+Yx5pKYiojGNGL3v051OZtor7tw+WMQ9nfOZ1hPEZYQEVG8uOmHNnK8uI5kgZv/
0xuerwpO48y2GttG03X9A1Bzv16KTyLMy/oB4PA0ewvL0mPBgCwzmZsAhSZqymTp
+JJYJoPOCt1uOml0apgb2dFsdy15YZ6fJa4exss5lpX/hrunQ0B29tMSAv6La23S
PvsSMcT0BK6GwLlV42YVK5J0uSQKfDZ7XsIgm+ZYGtdC8oD0GSCmtu7yf8ZRE0lZ
279afOHBh3lPqR0lfWT6LVJ7EhECAwEAAaOCAiMwggIfMB0GA1UdDgQWBBSyLDhh
67cYuqvla72SYLkmLIwE1jAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
YWQzNjNjNjctZmY4My00NmFhLTk0NzQtZGUwMmUzODI5NDZiLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0HGw
MA0GCSqGSIb3DQEBCwUAA4IBAQAIwUp0aTdEMR12iz9laek5LkZSqmJWZVgew7As
8X/2Y5Ga98mwX54MhTUDfFQaj9TQ0bfxpns492FUXJMBe1YyWjXuwU1fEZho38jQ
KOM4DEb730MVe3eI7qTN8XFg50obpMv+4HhGbeNqU4A8Scoax9sC7gBAqstbpg0o
NtpKnVXheDXOLUICznc4vj173W9ymR8nWHJZTzKyS6gR8V00ZC7oBDkjsWdla+hB
eZ1GUEnHaKWZfLaQA2fEMmFnaumJk7NSd/zPFPSfF8ujoLROZr+3QAjDrgKjNHw2
pzI2JjG+7pOwTlBKeGtBxsiwBjI7PtuiC3iXPB5jgHL9/tyP
-----END CERTIFICATE-----
Generated at Mon Mar 2 04:27:36 2026 by rpki-client