Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/c6b4bacc-5824-4f9c-a10d-49f145db8549.roa
File: c6b4bacc-5824-4f9c-a10d-49f145db8549.roa (raw, json)
Hash identifier: Emc3riM9b7Ejf2d6HGTjyaMglqgJGKFbS1XlTs9xYDI=
Subject key identifier: E4:EB:91:BF:F0:E4:2A:74:A4:70:98:81:21:A4:F7:13:CC:85:9F:21
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 6487F0DB105CBA10578C20F9959950333F9EDF60
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/c6b4bacc-5824-4f9c-a10d-49f145db8549.roa
Signing time: Fri 06 Feb 2026 00:40:04 +0000
ROA not before: Fri 06 Feb 2026 00:40:04 +0000
ROA not after: Thu 07 May 2026 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d02f::/36 maxlen: 36
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 15:00:27 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
64:87:f0:db:10:5c:ba:10:57:8c:20:f9:95:99:50:33:3f:9e:df:60
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Feb 6 00:40:04 2026 GMT
Not After : May 7 23:59:59 2026 GMT
Subject: serialNumber=56965203808d7984cb5959aaa8eae785350bb7d2daed7df7e7fea061522dd4cd, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f5:46:a5:95:5e:de:d4:f0:03:ee:ea:47:42:c8:
4a:13:f3:45:9d:42:e6:ba:4c:2d:8e:e9:c1:b4:3c:
93:f1:4e:6b:6d:92:40:23:2c:52:97:fe:cb:c3:68:
ec:09:6c:59:ba:37:31:bf:b9:0a:f9:07:f4:08:9d:
bf:45:4f:6e:bb:71:eb:cd:12:70:b5:3c:ae:81:cf:
4a:ea:ae:0b:93:9b:73:fb:6c:71:23:cf:0a:af:d1:
18:5a:cc:17:59:e4:af:87:11:b4:ae:c2:e1:85:d5:
11:ae:63:d2:75:3e:56:1a:55:49:43:3d:06:dd:38:
8d:b2:c2:0d:d9:b8:cf:ca:e1:04:04:11:9a:18:94:
4e:38:34:0a:8f:16:b0:48:57:42:28:8f:2a:3b:59:
a7:45:bd:49:c2:10:72:c9:27:33:75:1c:a8:a1:59:
ec:22:1b:fa:5d:a4:0e:77:6a:f4:cf:ad:44:44:78:
5e:5a:01:b9:70:7f:7c:82:de:70:e6:20:50:44:e0:
98:c6:f1:09:84:df:76:44:36:b0:fd:82:83:ab:9f:
5d:74:3a:d5:90:8b:83:22:47:a0:83:7d:9f:74:cd:
5f:d1:72:8d:cb:84:e0:62:97:05:a2:26:d5:e9:ac:
3e:b0:55:4c:59:7c:c3:e6:b1:e4:24:a0:c3:bc:cb:
5e:9d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E4:EB:91:BF:F0:E4:2A:74:A4:70:98:81:21:A4:F7:13:CC:85:9F:21
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/c6b4bacc-5824-4f9c-a10d-49f145db8549.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d02f::/36
Signature Algorithm: sha256WithRSAEncryption
b6:f1:77:8e:23:85:01:a8:1a:ac:9b:44:c6:f4:57:fc:6c:ab:
53:94:0e:cc:67:2e:b0:53:30:cb:73:6e:e4:f9:9d:08:d5:1d:
2d:aa:b0:e7:02:37:06:64:f6:63:45:3d:9b:3c:6d:7a:c5:15:
a8:66:5a:56:b3:38:e3:1e:7a:35:10:f1:12:73:f5:5a:8b:9c:
85:87:9c:7a:e3:b2:2f:51:be:6d:f5:68:86:fc:d0:c1:aa:e3:
65:7f:8a:c0:90:9a:94:36:65:9a:a6:cc:86:0d:96:01:63:f8:
55:9b:45:85:b3:be:fa:0d:90:3b:06:43:17:83:52:52:c7:3c:
7f:8c:41:8f:9e:b6:ed:2a:0b:6c:42:ef:63:39:73:e2:00:b1:
2e:56:c3:d8:52:aa:26:5f:e9:0c:ef:b5:3c:b6:44:c0:73:74:
15:82:0d:45:7f:f9:5a:16:db:ac:f6:0d:16:c1:2d:12:e1:37:
9c:53:f1:a2:34:b4:e3:e0:c1:99:a9:18:10:de:0c:97:9d:c3:
8f:87:62:66:85:b6:4c:3f:31:5c:a8:7d:2b:dd:05:1e:cd:76:
c0:a6:74:e5:6c:e1:5f:88:48:f3:1b:79:9e:07:c9:79:02:14:
1a:d0:74:53:2a:37:ea:7c:d0:a7:19:fb:01:4d:7a:51:18:36:
ed:4b:3d:53
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUZIfw2xBcuhBXjCD5lZlQMz+e32AwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNjAyMDYwMDQwMDRaFw0yNjA1MDcyMzU5NTlaMHoxSTBHBgNV
BAUTQDU2OTY1MjAzODA4ZDc5ODRjYjU5NTlhYWE4ZWFlNzg1MzUwYmI3ZDJkYWVk
N2RmN2U3ZmVhMDYxNTIyZGQ0Y2QxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAPVGpZVe3tTwA+7qR0LIShPzRZ1C5rpMLY7pwbQ8k/FOa22SQCMsUpf+y8No
7AlsWbo3Mb+5CvkH9Aidv0VPbrtx680ScLU8roHPSuquC5Obc/tscSPPCq/RGFrM
F1nkr4cRtK7C4YXVEa5j0nU+VhpVSUM9Bt04jbLCDdm4z8rhBAQRmhiUTjg0Co8W
sEhXQiiPKjtZp0W9ScIQcsknM3UcqKFZ7CIb+l2kDndq9M+tRER4XloBuXB/fILe
cOYgUETgmMbxCYTfdkQ2sP2Cg6ufXXQ61ZCLgyJHoIN9n3TNX9FyjcuE4GKXBaIm
1emsPrBVTFl8w+ax5CSgw7zLXp0CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBTk65G/
8OQqdKRwmIEhpPcTzIWfITAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
YzZiNGJhY2MtNTgyNC00ZjljLWExMGQtNDlmMTQ1ZGI4NTQ5LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGBCoF0C8A
MA0GCSqGSIb3DQEBCwUAA4IBAQC28XeOI4UBqBqsm0TG9Ff8bKtTlA7MZy6wUzDL
c27k+Z0I1R0tqrDnAjcGZPZjRT2bPG16xRWoZlpWszjjHno1EPESc/Vai5yFh5x6
47IvUb5t9WiG/NDBquNlf4rAkJqUNmWapsyGDZYBY/hVm0WFs776DZA7BkMXg1JS
xzx/jEGPnrbtKgtsQu9jOXPiALEuVsPYUqomX+kM77U8tkTAc3QVgg1Ff/laFtus
9g0WwS0S4TecU/GiNLTj4MGZqRgQ3gyXncOPh2JmhbZMPzFcqH0r3QUezXbApnTl
bOFfiEjzG3meB8l5AhQa0HRTKjfqfNCnGfsBTXpRGDbtSz1T
-----END CERTIFICATE-----
Generated at Sun Mar 1 21:48:40 2026 by rpki-client