Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/afd23c37-4c24-49ac-baf6-1c3a9a2d0512.roa
File: afd23c37-4c24-49ac-baf6-1c3a9a2d0512.roa (raw, json)
Hash identifier: FG9rTzlP9oRN+//MEN/t/GbouDvYcf6BmoPafuWRByI=
Subject key identifier: C3:58:DA:D0:92:44:0A:D0:19:61:B9:C5:8E:8C:89:FA:2E:A1:1E:BD
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 151C1C25788A97FDF4DA3E7AF974024315EFF948
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/afd23c37-4c24-49ac-baf6-1c3a9a2d0512.roa
Signing time: Wed 25 Feb 2026 03:00:09 +0000
ROA not before: Wed 25 Feb 2026 03:00:09 +0000
ROA not after: Tue 26 May 2026 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d035:9000::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 15:00:27 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
15:1c:1c:25:78:8a:97:fd:f4:da:3e:7a:f9:74:02:43:15:ef:f9:48
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Feb 25 03:00:09 2026 GMT
Not After : May 26 23:59:59 2026 GMT
Subject: serialNumber=3a8e929c2ae8a81256500f89bd019ac2141c47d25c97755f605f233a29f5d8bb, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a1:8e:1a:0e:91:b2:4c:0c:d1:eb:a8:84:1f:d2:
0b:b8:9f:4f:2e:c7:78:f9:b9:2c:18:7c:97:72:64:
76:f6:e4:c0:26:32:39:b4:bb:a7:1e:8d:2f:0a:4f:
7f:d4:99:73:18:8c:ac:79:66:1f:c9:cb:f8:1a:b7:
11:24:a0:0f:15:5e:e2:a2:90:ac:19:58:0a:ee:a1:
8b:43:ac:54:b8:07:d9:b4:30:ca:44:9d:9b:78:21:
85:cb:9c:37:e7:d1:78:6b:12:52:d2:1c:01:22:69:
fe:6f:b3:37:86:93:85:60:02:e1:bb:3d:9e:6f:72:
2c:bd:1e:54:15:7f:b1:cd:22:77:32:86:fb:59:2f:
d0:60:05:82:b9:3a:bd:b9:4d:c4:80:fe:c1:28:54:
42:18:93:6f:c1:92:31:d8:d2:57:5c:95:0d:70:74:
be:1e:ac:11:e6:45:20:83:69:b2:c5:57:90:41:1f:
9f:8a:6e:f6:8a:84:08:ba:73:8d:24:39:7c:8f:99:
ac:51:aa:65:c5:22:88:9f:cb:64:dd:3b:61:74:12:
2e:e0:d6:36:e4:83:58:5c:fd:8f:9e:4f:f5:7e:95:
af:2c:3a:1b:9e:3e:d8:67:80:d1:6c:99:f1:8f:c1:
46:66:4a:a1:f9:5a:06:db:30:11:e9:42:0a:1f:28:
3f:f9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C3:58:DA:D0:92:44:0A:D0:19:61:B9:C5:8E:8C:89:FA:2E:A1:1E:BD
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/afd23c37-4c24-49ac-baf6-1c3a9a2d0512.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d035:9000::/40
Signature Algorithm: sha256WithRSAEncryption
0c:42:9a:89:9a:b3:fc:8c:ef:8c:08:65:a2:89:72:61:5e:c0:
f6:a4:b7:46:44:e9:ae:e9:bf:d3:3c:77:38:0e:2a:d0:6d:e8:
2c:63:c0:19:7b:bf:1e:e4:5d:5e:69:b7:45:01:d8:d0:8d:9d:
9e:84:e5:8c:9d:04:cf:2d:05:d6:17:b6:38:c6:39:fa:d5:6b:
c4:1d:4b:59:85:89:da:99:12:cb:3f:22:ad:aa:88:9f:05:0b:
d6:f4:27:83:3f:81:71:cb:b5:a1:12:41:e5:4d:43:f0:8c:7d:
8a:b1:65:fa:c7:b2:3d:b8:fa:70:9b:21:21:08:e0:90:9a:5b:
63:da:e5:d7:ee:02:15:54:e4:57:f0:c3:40:84:c1:da:5d:23:
fa:75:5b:a7:47:18:65:06:dc:e3:54:bb:17:3d:f0:d3:22:0a:
0e:d4:5b:cd:e2:c3:25:16:48:c0:87:3a:cf:cf:bb:55:96:5a:
30:2f:a9:1b:b3:9d:a2:1b:8b:43:25:68:06:cb:e3:3d:b7:0a:
9f:9a:27:b6:4e:c5:ee:e3:81:25:68:0a:b2:5f:cb:fa:4f:67:
63:ef:15:c4:f9:b3:24:67:e1:36:4e:dd:91:64:d2:bf:7a:8c:
bc:f4:0f:75:7e:2f:fa:dd:56:0b:93:15:64:0e:5d:5e:b0:47:
b2:8f:fe:ba
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUFRwcJXiKl/302j56+XQCQxXv+UgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNjAyMjUwMzAwMDlaFw0yNjA1MjYyMzU5NTlaMHoxSTBHBgNV
BAUTQDNhOGU5MjljMmFlOGE4MTI1NjUwMGY4OWJkMDE5YWMyMTQxYzQ3ZDI1Yzk3
NzU1ZjYwNWYyMzNhMjlmNWQ4YmIxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKGOGg6RskwM0euohB/SC7ifTy7HePm5LBh8l3JkdvbkwCYyObS7px6NLwpP
f9SZcxiMrHlmH8nL+Bq3ESSgDxVe4qKQrBlYCu6hi0OsVLgH2bQwykSdm3ghhcuc
N+fReGsSUtIcASJp/m+zN4aThWAC4bs9nm9yLL0eVBV/sc0idzKG+1kv0GAFgrk6
vblNxID+wShUQhiTb8GSMdjSV1yVDXB0vh6sEeZFIINpssVXkEEfn4pu9oqECLpz
jSQ5fI+ZrFGqZcUiiJ/LZN07YXQSLuDWNuSDWFz9j55P9X6Vryw6G54+2GeA0WyZ
8Y/BRmZKoflaBtswEelCCh8oP/kCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBTDWNrQ
kkQK0BlhucWOjIn6LqEevTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
YWZkMjNjMzctNGMyNC00OWFjLWJhZjYtMWMzYTlhMmQwNTEyLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0DWQ
MA0GCSqGSIb3DQEBCwUAA4IBAQAMQpqJmrP8jO+MCGWiiXJhXsD2pLdGROmu6b/T
PHc4DirQbegsY8AZe78e5F1eabdFAdjQjZ2ehOWMnQTPLQXWF7Y4xjn61WvEHUtZ
hYnamRLLPyKtqoifBQvW9CeDP4Fxy7WhEkHlTUPwjH2KsWX6x7I9uPpwmyEhCOCQ
mltj2uXX7gIVVORX8MNAhMHaXSP6dVunRxhlBtzjVLsXPfDTIgoO1FvN4sMlFkjA
hzrPz7tVllowL6kbs52iG4tDJWgGy+M9twqfmie2TsXu44ElaAqyX8v6T2dj7xXE
+bMkZ+E2Tt2RZNK/eoy89A91fi/63VYLkxVkDl1esEeyj/66
-----END CERTIFICATE-----
Generated at Sun Mar 1 23:37:50 2026 by rpki-client