Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/bad2460c-8206-4534-9b9b-355c2d524858.roa
File: bad2460c-8206-4534-9b9b-355c2d524858.roa (raw, json)
Hash identifier: 98uaKdknwJ4+QESxfBvn+3163nSKNZltiqsd4q/FEnU=
Subject key identifier: D5:1E:E4:66:F0:60:D0:BF:A2:38:60:3A:2D:2F:E6:80:44:91:93:B8
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 3B1CF87FC4A02D7264F91DD0F70F4D1B01D1793D
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/bad2460c-8206-4534-9b9b-355c2d524858.roa
Signing time: Sat 28 Feb 2026 05:50:09 +0000
ROA not before: Sat 28 Feb 2026 05:50:09 +0000
ROA not after: Fri 29 May 2026 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d07e:6000::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 15:00:27 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
3b:1c:f8:7f:c4:a0:2d:72:64:f9:1d:d0:f7:0f:4d:1b:01:d1:79:3d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Feb 28 05:50:09 2026 GMT
Not After : May 29 23:59:59 2026 GMT
Subject: serialNumber=dad6240b4e2c00b18f9f30e45ae34d2000f93d0b278b05966f98d923b1568711, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b5:5f:35:af:9a:2e:36:7b:47:2b:b3:ab:31:cb:
f4:49:7a:2f:80:21:a1:77:2e:d8:7f:f1:fa:ff:ea:
b7:ae:36:d5:64:d5:45:9e:be:7e:bc:5a:b5:67:8c:
ad:5d:06:2a:44:12:cf:27:35:6d:bd:3e:44:eb:ed:
14:9e:48:dc:af:40:1f:0d:c3:18:e5:bd:52:cc:01:
df:e7:46:7f:d4:d4:2a:f7:c8:59:ab:c4:d5:ea:54:
fc:14:03:97:a6:4f:17:8d:7a:3d:bb:b5:df:28:18:
22:6f:fc:00:48:18:be:ef:83:e9:97:b7:08:5e:78:
10:2d:d8:10:11:e2:16:99:ea:2a:7f:44:2a:ef:de:
f7:4c:8d:50:bc:33:03:98:5e:de:ea:71:0a:7e:99:
29:91:1b:78:ab:a1:87:d8:78:67:80:77:9d:51:00:
a8:a1:a1:dd:f4:ed:fb:34:c8:f5:10:52:81:5b:e5:
3c:3f:ce:28:1a:01:39:d9:f9:19:35:66:01:fa:d1:
24:5b:a4:0e:e4:96:e8:58:46:22:48:54:76:10:30:
12:3b:cb:4e:2e:29:5a:e1:df:08:31:bc:db:de:f6:
76:d0:a3:01:1c:fd:34:ee:b6:77:41:df:5a:ed:38:
fa:f9:e0:cd:54:56:0d:ea:ca:00:48:a9:a5:61:94:
e6:c7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D5:1E:E4:66:F0:60:D0:BF:A2:38:60:3A:2D:2F:E6:80:44:91:93:B8
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/bad2460c-8206-4534-9b9b-355c2d524858.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d07e:6000::/40
Signature Algorithm: sha256WithRSAEncryption
00:30:78:d5:b3:46:92:c4:62:79:5a:66:98:e1:96:e4:3f:90:
6a:1d:3c:04:8b:25:b7:fe:b7:e5:ba:b2:01:7e:28:cc:95:56:
07:37:4f:5d:b3:f7:41:ab:f6:78:46:37:84:f2:07:2e:57:a5:
92:b4:16:bb:cd:9b:d1:21:08:cd:db:a9:49:fa:6c:b1:cc:65:
ae:aa:10:0b:7b:f2:bf:6e:ac:6e:50:fd:98:be:7d:32:b3:45:
9d:1a:ad:d3:18:8f:a5:ed:34:4e:8f:04:d1:c6:ae:92:04:e7:
f3:3b:ac:57:0f:ac:d8:70:f5:9c:04:44:06:ff:4b:04:8c:df:
0c:df:5d:6e:30:4a:3a:4d:0d:90:7b:58:bf:7f:e0:97:a2:70:
08:6b:5f:b8:8d:1d:a4:63:2a:c8:3a:83:5d:9a:9f:de:16:a1:
9a:85:ae:f5:d9:de:98:5f:06:e8:2a:e6:e1:48:48:3a:dc:30:
d8:63:00:9c:fa:6a:8a:81:f0:22:a8:b8:f6:ea:43:fa:91:23:
ad:06:66:c5:52:17:6e:c4:a4:e9:6f:cd:4d:ee:45:5e:9f:aa:
04:bd:c7:03:77:a7:f7:18:54:f7:67:57:c1:eb:83:0a:2e:04:
91:b8:eb:63:e0:f0:78:a3:c7:72:3d:35:54:2e:65:59:46:7e:
93:95:41:26
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUOxz4f8SgLXJk+R3Q9w9NGwHReT0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNjAyMjgwNTUwMDlaFw0yNjA1MjkyMzU5NTlaMHoxSTBHBgNV
BAUTQGRhZDYyNDBiNGUyYzAwYjE4ZjlmMzBlNDVhZTM0ZDIwMDBmOTNkMGIyNzhi
MDU5NjZmOThkOTIzYjE1Njg3MTExLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALVfNa+aLjZ7RyuzqzHL9El6L4AhoXcu2H/x+v/qt6421WTVRZ6+frxatWeM
rV0GKkQSzyc1bb0+ROvtFJ5I3K9AHw3DGOW9UswB3+dGf9TUKvfIWavE1epU/BQD
l6ZPF416Pbu13ygYIm/8AEgYvu+D6Ze3CF54EC3YEBHiFpnqKn9EKu/e90yNULwz
A5he3upxCn6ZKZEbeKuhh9h4Z4B3nVEAqKGh3fTt+zTI9RBSgVvlPD/OKBoBOdn5
GTVmAfrRJFukDuSW6FhGIkhUdhAwEjvLTi4pWuHfCDG82972dtCjARz9NO62d0Hf
Wu04+vngzVRWDerKAEippWGU5scCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBTVHuRm
8GDQv6I4YDotL+aARJGTuDAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
YmFkMjQ2MGMtODIwNi00NTM0LTliOWItMzU1YzJkNTI0ODU4LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0H5g
MA0GCSqGSIb3DQEBCwUAA4IBAQAAMHjVs0aSxGJ5WmaY4ZbkP5BqHTwEiyW3/rfl
urIBfijMlVYHN09ds/dBq/Z4RjeE8gcuV6WStBa7zZvRIQjN26lJ+myxzGWuqhAL
e/K/bqxuUP2Yvn0ys0WdGq3TGI+l7TROjwTRxq6SBOfzO6xXD6zYcPWcBEQG/0sE
jN8M311uMEo6TQ2Qe1i/f+CXonAIa1+4jR2kYyrIOoNdmp/eFqGaha712d6YXwbo
KubhSEg63DDYYwCc+mqKgfAiqLj26kP6kSOtBmbFUhduxKTpb81N7kVen6oEvccD
d6f3GFT3Z1fB64MKLgSRuOtj4PB4o8dyPTVULmVZRn6TlUEm
-----END CERTIFICATE-----
Generated at Sun Mar 1 21:56:34 2026 by rpki-client