Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/af189eff-34de-4652-a029-d682c90d1fc5.roa
File: af189eff-34de-4652-a029-d682c90d1fc5.roa (raw, json)
Hash identifier: qw7p6tf5JwXIAm4yMS/jnE4HSp/mc9ZgrXC81YiTbOg=
Subject key identifier: B3:CD:D8:99:43:41:F3:B3:4E:37:A3:69:CE:84:96:77:A4:9F:87:52
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 78F60DB1F3FFA1D6020780CB6B5E28118162D10C
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/af189eff-34de-4652-a029-d682c90d1fc5.roa
Signing time: Sat 28 Feb 2026 06:30:12 +0000
ROA not before: Sat 28 Feb 2026 06:30:12 +0000
ROA not after: Fri 29 May 2026 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d07f:80c0::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 03 Mar 2026 00:00:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
78:f6:0d:b1:f3:ff:a1:d6:02:07:80:cb:6b:5e:28:11:81:62:d1:0c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Feb 28 06:30:12 2026 GMT
Not After : May 29 23:59:59 2026 GMT
Subject: serialNumber=da8ab916d66017dcfc7af56d5a91728165a8b66aa0906d5435b8cd7ab6bd3c9f, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a5:b6:e8:03:fd:e8:27:c2:f3:06:dc:94:34:c1:
d2:c8:12:24:5e:cd:bb:a6:d8:25:af:b5:4e:57:9e:
db:b4:b2:fe:73:d4:51:e6:5c:d8:6f:9c:70:93:0f:
99:c5:b9:ab:2f:da:b6:9b:9e:d2:75:b8:f8:64:e3:
b6:9d:86:a3:27:e8:80:20:27:f5:21:3a:29:7c:05:
1c:13:bb:b6:7b:4b:91:3b:6d:c7:6b:a2:52:cb:fc:
8b:1f:38:28:73:3e:e9:61:c5:23:2a:21:40:29:8f:
99:06:ad:79:12:9f:8e:bb:f5:f0:39:d4:5c:e9:eb:
22:21:4b:73:a2:15:30:de:d8:72:16:23:0c:0c:66:
e6:16:ba:94:f5:ac:3f:aa:57:4e:9a:b5:b4:ce:f7:
76:97:74:5d:9f:3b:46:3a:bb:4a:82:9e:73:74:cc:
20:26:04:3f:c4:59:f2:6c:95:8c:79:9f:ad:c7:e6:
da:36:15:7b:d9:34:0c:69:b3:b9:43:5c:86:35:d7:
89:1c:50:4d:d9:98:8d:d5:59:e1:e1:54:3a:a0:b5:
bf:4a:b5:cb:4a:f0:6d:08:38:a1:97:22:2a:4b:40:
61:3b:3e:d4:13:3d:8a:ff:9a:f1:eb:2e:58:09:b4:
ee:c7:25:68:65:70:aa:e5:82:18:eb:d0:70:e2:fb:
66:bd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B3:CD:D8:99:43:41:F3:B3:4E:37:A3:69:CE:84:96:77:A4:9F:87:52
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/af189eff-34de-4652-a029-d682c90d1fc5.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d07f:80c0::/48
Signature Algorithm: sha256WithRSAEncryption
7e:df:76:a3:9d:bd:16:2c:4c:50:e2:df:4e:c1:d8:2f:18:3d:
de:8e:d9:01:dd:af:e3:77:01:e6:20:f8:f8:77:cf:c1:81:7a:
3d:0d:60:60:ee:c6:ab:9d:03:fc:15:c0:53:cd:85:1c:a8:69:
2d:7a:7f:e0:4a:4e:c8:86:62:c8:c4:59:ff:0c:2d:e2:a6:8e:
a7:b4:5b:13:65:f0:fc:f1:a5:7f:ab:79:82:77:13:6b:38:60:
b2:90:71:38:31:61:d4:89:9d:bd:bf:3e:2b:e1:ca:62:77:8a:
63:7c:7a:6e:e6:7b:2a:f5:08:33:9e:78:52:07:b0:4f:60:7d:
09:9f:56:f0:fc:81:80:ad:ce:32:6e:5b:36:bd:b0:3d:5a:b2:
c5:ea:10:23:81:80:75:13:15:40:df:82:bc:1e:70:e9:7b:5e:
3f:19:c2:84:ad:d3:03:9d:55:1f:d4:e6:e6:91:de:81:bf:98:
82:a6:34:af:f2:17:45:61:e8:c5:42:05:9a:e5:f8:b9:d8:53:
16:a0:41:5b:53:02:66:a5:b0:9a:05:68:c3:3b:f7:01:f7:6c:
f3:55:30:17:dd:2b:7f:c3:71:d2:5f:7f:24:54:8e:4c:c6:03:
d1:ee:72:10:af:33:a6:9d:ef:ff:62:1b:96:73:38:63:7e:7a:
88:ac:3f:69
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUePYNsfP/odYCB4DLa14oEYFi0QwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNjAyMjgwNjMwMTJaFw0yNjA1MjkyMzU5NTlaMHoxSTBHBgNV
BAUTQGRhOGFiOTE2ZDY2MDE3ZGNmYzdhZjU2ZDVhOTE3MjgxNjVhOGI2NmFhMDkw
NmQ1NDM1YjhjZDdhYjZiZDNjOWYxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKW26AP96CfC8wbclDTB0sgSJF7Nu6bYJa+1Tlee27Sy/nPUUeZc2G+ccJMP
mcW5qy/atpue0nW4+GTjtp2GoyfogCAn9SE6KXwFHBO7tntLkTttx2uiUsv8ix84
KHM+6WHFIyohQCmPmQateRKfjrv18DnUXOnrIiFLc6IVMN7YchYjDAxm5ha6lPWs
P6pXTpq1tM73dpd0XZ87Rjq7SoKec3TMICYEP8RZ8myVjHmfrcfm2jYVe9k0DGmz
uUNchjXXiRxQTdmYjdVZ4eFUOqC1v0q1y0rwbQg4oZciKktAYTs+1BM9iv+a8esu
WAm07sclaGVwquWCGOvQcOL7Zr0CAwEAAaOCAiQwggIgMB0GA1UdDgQWBBSzzdiZ
Q0Hzs043o2nOhJZ3pJ+HUjAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
YWYxODllZmYtMzRkZS00NjUyLWEwMjktZDY4MmM5MGQxZmM1LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0H+A
wDANBgkqhkiG9w0BAQsFAAOCAQEAft92o529FixMUOLfTsHYLxg93o7ZAd2v43cB
5iD4+HfPwYF6PQ1gYO7Gq50D/BXAU82FHKhpLXp/4EpOyIZiyMRZ/wwt4qaOp7Rb
E2Xw/PGlf6t5gncTazhgspBxODFh1Imdvb8+K+HKYneKY3x6buZ7KvUIM554Ugew
T2B9CZ9W8PyBgK3OMm5bNr2wPVqyxeoQI4GAdRMVQN+CvB5w6XtePxnChK3TA51V
H9Tm5pHegb+YgqY0r/IXRWHoxUIFmuX4udhTFqBBW1MCZqWwmgVowzv3Afds81Uw
F90rf8Nx0l9/JFSOTMYD0e5yEK8zpp3v/2IblnM4Y356iKw/aQ==
-----END CERTIFICATE-----
Generated at Mon Mar 2 06:12:54 2026 by rpki-client