Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/c003c5ac-b21f-4a15-a460-19115830800b.roa
File: c003c5ac-b21f-4a15-a460-19115830800b.roa (raw, json)
Hash identifier: 7GfuOV7bdO6YDRe8Se07GXiDIzlAnTy5qppPgP3CfY0=
Subject key identifier: 73:46:F7:15:5E:75:9B:7E:14:CD:6C:2C:77:57:04:F4:39:5D:5B:D5
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 7BE325064B65E93B1661ECF308F3CF88FA56060A
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/c003c5ac-b21f-4a15-a460-19115830800b.roa
Signing time: Wed 11 Feb 2026 01:30:32 +0000
ROA not before: Wed 11 Feb 2026 01:30:32 +0000
ROA not after: Tue 12 May 2026 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d06a:b000::/40 maxlen: 40
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 15:00:27 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
7b:e3:25:06:4b:65:e9:3b:16:61:ec:f3:08:f3:cf:88:fa:56:06:0a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Feb 11 01:30:32 2026 GMT
Not After : May 12 23:59:59 2026 GMT
Subject: serialNumber=e2fe952735703bccb98ff32e6559a0145cf3295b70b5b6ed22210708306b90fd, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:90:e2:63:03:55:fc:81:6e:01:b8:22:7d:87:3e:
cf:9f:1d:a6:26:d4:48:d1:98:a3:5e:af:8d:91:bf:
0a:47:2c:ed:7d:3c:ce:a2:38:84:bc:81:48:18:0d:
77:64:24:9a:57:37:90:4b:dd:19:31:77:8d:07:1a:
be:f0:88:e2:b9:6b:0a:d1:13:cf:e9:7f:f4:5b:cf:
ed:7a:9d:61:44:2f:92:8e:a5:f8:1e:5b:90:8d:a5:
9a:39:8c:cc:54:e7:c3:83:75:be:25:25:1c:eb:cf:
a2:ab:4d:58:96:da:db:4e:07:88:6e:39:59:00:92:
22:9b:29:2d:1d:45:30:cb:24:95:36:b8:42:55:1f:
83:de:31:e9:e2:9d:23:64:96:fa:27:b5:85:85:31:
6f:aa:22:af:50:e5:13:09:f3:5f:86:93:94:c6:fb:
b2:f2:04:16:cc:66:24:0a:2f:69:24:65:e0:43:50:
41:be:dd:72:7d:7e:0f:7e:94:26:84:8d:df:cb:1f:
d2:0b:92:1b:08:3f:f6:28:54:9a:3c:ef:7a:3a:2e:
9d:5d:67:6d:6a:03:87:53:fe:61:fd:ba:07:98:03:
c3:ed:35:67:8e:6f:9f:9b:98:2b:2e:c9:bb:05:68:
12:30:41:f2:85:c7:3e:c9:38:51:93:fd:b9:5e:80:
53:b9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
73:46:F7:15:5E:75:9B:7E:14:CD:6C:2C:77:57:04:F4:39:5D:5B:D5
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/c003c5ac-b21f-4a15-a460-19115830800b.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d06a:b000::/40
Signature Algorithm: sha256WithRSAEncryption
5f:79:d9:64:38:31:b5:9f:3d:5d:a8:72:d4:35:53:9b:a1:04:
90:40:ab:29:9f:f4:60:4f:0d:4c:93:28:47:33:1a:3c:38:b1:
ce:9c:e2:1e:bf:70:a8:19:5a:d1:21:18:4d:07:86:f8:7b:76:
bf:20:1f:86:36:1c:28:84:0f:4a:5b:7a:dd:60:f6:7d:1b:d3:
45:be:3a:ec:85:88:04:e9:b2:3a:e6:43:22:60:92:87:90:6b:
3d:ef:d7:b2:ab:4a:3e:0e:e3:e5:ee:a0:7c:09:00:60:98:55:
60:8f:fb:e4:7e:cc:ba:9e:e9:2d:0b:bc:e7:be:eb:5b:ad:49:
ee:7f:32:21:f1:d0:52:9f:03:be:0d:b5:69:86:94:c7:20:b4:
52:7e:54:8d:8b:94:cc:b0:b9:55:24:a6:76:4a:94:94:6b:93:
0f:06:4f:ee:5d:c1:ee:0f:7c:ed:b9:32:f2:23:2b:dd:99:fb:
cf:69:ba:72:0d:c7:d2:6a:d5:8d:68:51:c1:b9:29:1e:be:83:
23:c1:ee:52:0f:50:8e:f5:b7:72:9e:86:66:5b:92:16:51:f8:
0f:ce:04:30:c1:13:6b:00:9c:2f:e9:7c:45:07:72:ef:fe:e1:
f4:89:0d:04:28:63:48:ff:8c:07:18:5d:08:1c:89:d5:ba:a6:
c7:df:5d:6d
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUe+MlBktl6TsWYezzCPPPiPpWBgowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNjAyMTEwMTMwMzJaFw0yNjA1MTIyMzU5NTlaMHoxSTBHBgNV
BAUTQGUyZmU5NTI3MzU3MDNiY2NiOThmZjMyZTY1NTlhMDE0NWNmMzI5NWI3MGI1
YjZlZDIyMjEwNzA4MzA2YjkwZmQxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJDiYwNV/IFuAbgifYc+z58dpibUSNGYo16vjZG/Ckcs7X08zqI4hLyBSBgN
d2Qkmlc3kEvdGTF3jQcavvCI4rlrCtETz+l/9FvP7XqdYUQvko6l+B5bkI2lmjmM
zFTnw4N1viUlHOvPoqtNWJba204HiG45WQCSIpspLR1FMMsklTa4QlUfg94x6eKd
I2SW+ie1hYUxb6oir1DlEwnzX4aTlMb7svIEFsxmJAovaSRl4ENQQb7dcn1+D36U
JoSN38sf0guSGwg/9ihUmjzvejounV1nbWoDh1P+Yf26B5gDw+01Z45vn5uYKy7J
uwVoEjBB8oXHPsk4UZP9uV6AU7kCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBRzRvcV
XnWbfhTNbCx3VwT0OV1b1TAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
YzAwM2M1YWMtYjIxZi00YTE1LWE0NjAtMTkxMTU4MzA4MDBiLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0Gqw
MA0GCSqGSIb3DQEBCwUAA4IBAQBfedlkODG1nz1dqHLUNVOboQSQQKspn/RgTw1M
kyhHMxo8OLHOnOIev3CoGVrRIRhNB4b4e3a/IB+GNhwohA9KW3rdYPZ9G9NFvjrs
hYgE6bI65kMiYJKHkGs979eyq0o+DuPl7qB8CQBgmFVgj/vkfsy6nuktC7znvutb
rUnufzIh8dBSnwO+DbVphpTHILRSflSNi5TMsLlVJKZ2SpSUa5MPBk/uXcHuD3zt
uTLyIyvdmfvPabpyDcfSatWNaFHBuSkevoMjwe5SD1CO9bdynoZmW5IWUfgPzgQw
wRNrAJwv6XxFB3Lv/uH0iQ0EKGNI/4wHGF0IHInVuqbH311t
-----END CERTIFICATE-----
Generated at Sun Mar 1 22:03:28 2026 by rpki-client