Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/be43dd39-558d-4a44-9ced-00461f1d4c42.roa
File: be43dd39-558d-4a44-9ced-00461f1d4c42.roa (raw, json)
Hash identifier: MpSh1S6WfzyApvTxSUWL4APr4smK7C6CcIeEdpSNsiQ=
Subject key identifier: 99:95:6D:34:45:75:60:47:BE:19:75:DA:D1:C2:97:ED:75:4B:20:43
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 275CDC077F7250A462B23C494906A34EC063B433
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/be43dd39-558d-4a44-9ced-00461f1d4c42.roa
Signing time: Wed 11 Feb 2026 01:30:16 +0000
ROA not before: Wed 11 Feb 2026 01:30:16 +0000
ROA not after: Tue 12 May 2026 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d06a:2000::/40 maxlen: 40
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 15:00:27 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
27:5c:dc:07:7f:72:50:a4:62:b2:3c:49:49:06:a3:4e:c0:63:b4:33
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Feb 11 01:30:16 2026 GMT
Not After : May 12 23:59:59 2026 GMT
Subject: serialNumber=0e36bd56e8e0baed6df012f65677d2c3b6bc45718408dfe6eb17fa697488c31e, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9d:fa:7d:c0:8e:da:9f:58:f8:d5:70:4c:63:ad:
ed:e4:5a:90:80:a6:94:32:b8:cf:13:1e:31:85:62:
8f:6e:f4:f1:5f:3f:32:1e:7f:50:25:44:0c:64:70:
29:2e:b7:50:03:2f:4e:7c:13:df:6b:a1:80:97:c9:
38:d8:93:09:cf:10:64:cb:e0:35:67:99:95:40:ba:
6e:ec:1d:f9:4a:f5:7d:3c:c9:cd:2c:40:bc:b7:a2:
a9:4a:09:64:13:b7:66:38:47:43:3d:e8:ec:0e:ef:
14:7c:8a:84:0b:52:7a:50:ae:50:02:98:4d:74:28:
79:00:80:50:80:67:8d:bd:6e:b9:57:b3:a1:b0:6a:
c1:cf:c6:14:e7:bf:97:2b:4c:cd:29:33:3d:64:26:
b5:d0:25:29:88:2b:95:11:36:c9:30:09:b9:3d:a5:
a8:02:54:6c:4a:ed:42:59:c2:6e:79:32:24:4d:8c:
ef:6a:fb:ef:43:69:b5:8b:9f:43:92:44:e8:58:56:
cb:ac:f8:cd:fc:9f:6b:9d:0d:44:ac:6b:3b:77:83:
82:70:d2:3b:f2:ca:92:63:fb:ac:ee:95:cd:06:3d:
7b:11:a1:b1:17:53:95:88:e0:31:83:11:01:f4:0e:
05:7a:ab:48:d3:53:7a:e4:f2:61:dc:67:92:aa:61:
8f:e3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
99:95:6D:34:45:75:60:47:BE:19:75:DA:D1:C2:97:ED:75:4B:20:43
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/be43dd39-558d-4a44-9ced-00461f1d4c42.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d06a:2000::/40
Signature Algorithm: sha256WithRSAEncryption
a3:43:d1:53:ec:ac:e8:86:2c:51:21:3b:f9:94:9b:05:e5:a3:
aa:f1:26:52:0d:40:8b:e2:7a:32:37:ae:29:d1:da:e9:48:b8:
5d:31:19:91:e8:7c:f8:b3:5b:5d:e8:4c:c2:17:e9:99:dd:e6:
25:5a:8f:e8:11:77:b0:8e:8a:f7:2e:14:73:26:a3:49:1e:8f:
49:91:a5:3f:be:3a:3b:16:08:1a:f5:e0:1a:93:0a:b3:c5:65:
57:f6:64:d5:de:ed:1e:2f:6c:72:22:d8:5e:b7:35:58:49:df:
c6:38:96:39:10:29:e3:ac:06:5d:90:b3:ce:97:0f:4e:8d:30:
03:50:68:43:71:fd:0d:6c:73:f4:17:bb:9e:2b:34:b1:19:20:
ca:88:e7:ff:66:47:59:10:56:8e:84:be:8d:be:89:94:46:04:
53:48:40:99:f4:09:97:0d:cd:d7:b2:d7:0a:59:84:9c:e2:83:
ec:6d:ab:28:e5:f7:33:42:96:e4:21:6e:c7:d1:c6:9a:dc:a4:
17:eb:e2:75:29:bd:25:92:13:9c:90:24:a2:1e:40:e8:a8:42:
07:8e:a2:5d:34:a3:66:0d:a7:c3:13:22:22:b9:37:66:a3:8e:
98:5a:e0:5a:e9:35:a8:50:2f:9f:ec:ee:a8:35:db:ce:6f:90:
79:f8:fc:c3
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUJ1zcB39yUKRisjxJSQajTsBjtDMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNjAyMTEwMTMwMTZaFw0yNjA1MTIyMzU5NTlaMHoxSTBHBgNV
BAUTQDBlMzZiZDU2ZThlMGJhZWQ2ZGYwMTJmNjU2NzdkMmMzYjZiYzQ1NzE4NDA4
ZGZlNmViMTdmYTY5NzQ4OGMzMWUxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJ36fcCO2p9Y+NVwTGOt7eRakICmlDK4zxMeMYVij2708V8/Mh5/UCVEDGRw
KS63UAMvTnwT32uhgJfJONiTCc8QZMvgNWeZlUC6buwd+Ur1fTzJzSxAvLeiqUoJ
ZBO3ZjhHQz3o7A7vFHyKhAtSelCuUAKYTXQoeQCAUIBnjb1uuVezobBqwc/GFOe/
lytMzSkzPWQmtdAlKYgrlRE2yTAJuT2lqAJUbErtQlnCbnkyJE2M72r770NptYuf
Q5JE6FhWy6z4zfyfa50NRKxrO3eDgnDSO/LKkmP7rO6VzQY9exGhsRdTlYjgMYMR
AfQOBXqrSNNTeuTyYdxnkqphj+MCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBSZlW00
RXVgR74ZddrRwpftdUsgQzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
YmU0M2RkMzktNTU4ZC00YTQ0LTljZWQtMDA0NjFmMWQ0YzQyLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0Gog
MA0GCSqGSIb3DQEBCwUAA4IBAQCjQ9FT7KzohixRITv5lJsF5aOq8SZSDUCL4noy
N64p0drpSLhdMRmR6Hz4s1td6EzCF+mZ3eYlWo/oEXewjor3LhRzJqNJHo9JkaU/
vjo7Fgga9eAakwqzxWVX9mTV3u0eL2xyIthetzVYSd/GOJY5ECnjrAZdkLPOlw9O
jTADUGhDcf0NbHP0F7ueKzSxGSDKiOf/ZkdZEFaOhL6NvomURgRTSECZ9AmXDc3X
stcKWYSc4oPsbaso5fczQpbkIW7H0caa3KQX6+J1Kb0lkhOckCSiHkDoqEIHjqJd
NKNmDafDEyIiuTdmo46YWuBa6TWoUC+f7O6oNdvOb5B5+PzD
-----END CERTIFICATE-----
Generated at Sun Mar 1 21:45:34 2026 by rpki-client