Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/cacad3d9-bfa1-49a8-a9b3-cbac7be9fdb2.roa
File: cacad3d9-bfa1-49a8-a9b3-cbac7be9fdb2.roa (raw, json)
Hash identifier: gepJBQ209QqZXQesfybExpi6av7VhiJbLwJ5penaEyE=
Subject key identifier: A9:68:E6:41:07:B3:81:0A:00:CF:24:7D:E8:62:C5:35:A7:70:DC:3D
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 64BEDAA8F97C445A336DFB6BDCE45063BADBF50F
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/cacad3d9-bfa1-49a8-a9b3-cbac7be9fdb2.roa
Signing time: Sat 28 Feb 2026 05:20:44 +0000
ROA not before: Sat 28 Feb 2026 05:20:44 +0000
ROA not after: Fri 29 May 2026 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d031:9000::/40 maxlen: 40
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 15:00:27 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
64:be:da:a8:f9:7c:44:5a:33:6d:fb:6b:dc:e4:50:63:ba:db:f5:0f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Feb 28 05:20:44 2026 GMT
Not After : May 29 23:59:59 2026 GMT
Subject: serialNumber=217286f3d9f379e9ebefbd885c30d3e7159971471b202803fb07e5872e9197cb, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a8:bb:14:5b:39:e0:e8:d1:da:1d:82:8c:a3:d9:
1b:89:69:58:f5:a1:37:41:11:fe:5e:67:91:b5:a3:
bb:b2:e5:91:a3:f5:4e:fa:94:11:a0:4e:13:32:25:
c7:21:95:0d:77:68:3b:ba:30:34:96:ae:3e:27:fc:
91:e6:dc:cb:83:24:ae:4b:ec:51:bb:43:c2:38:14:
0f:52:94:89:8f:72:ef:32:fb:94:9d:82:4e:09:62:
b1:58:7c:0e:a6:8f:03:c9:53:b5:50:ce:eb:a5:fa:
d7:83:14:a8:02:2f:f3:aa:43:89:18:85:86:3a:7e:
41:77:90:6e:01:1e:f6:df:c6:a8:d8:53:cd:60:61:
30:31:dd:38:41:45:ec:3a:d9:1d:1f:d9:e7:c8:95:
62:fd:34:b2:29:ee:bf:ee:f9:a8:5a:02:a8:ee:86:
dc:ef:81:72:79:26:5d:48:81:a9:b5:3f:2f:51:dc:
9c:00:5a:a6:82:7d:09:69:51:d1:aa:79:71:52:6c:
9a:d2:d0:94:28:c5:0b:31:19:e7:ea:a5:28:af:fa:
c9:42:26:4b:c5:ca:06:10:ba:7e:07:5e:5f:f9:dc:
37:8d:46:59:7c:0d:fa:2d:71:c1:56:53:bb:44:cf:
4b:a3:1d:07:71:4a:57:18:5a:20:70:79:a1:cf:b4:
c9:37
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A9:68:E6:41:07:B3:81:0A:00:CF:24:7D:E8:62:C5:35:A7:70:DC:3D
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/cacad3d9-bfa1-49a8-a9b3-cbac7be9fdb2.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d031:9000::/40
Signature Algorithm: sha256WithRSAEncryption
65:5e:75:e1:43:63:ff:6e:7b:7a:1f:8c:38:a5:1a:1d:9c:da:
fa:96:16:9a:1c:52:68:eb:23:84:ef:1e:e9:0e:df:59:11:6b:
ad:c0:50:6e:e8:a5:c7:58:4a:18:24:b1:98:d2:be:69:80:f6:
3a:81:fa:85:4a:d1:9c:b2:7e:e3:fa:f8:87:ab:a6:2c:21:c1:
62:95:31:f5:75:ab:8d:03:f0:a5:47:08:9e:bb:3d:df:b0:1f:
30:68:71:19:34:7c:76:2b:f0:bc:5e:a6:93:ae:92:c6:9e:d2:
61:a0:8b:a7:83:6d:47:99:54:03:71:b1:73:90:7d:f6:d2:cd:
2a:8d:b7:eb:0e:06:e6:01:b7:da:06:a6:ba:2a:5b:4e:6b:16:
b3:91:6e:88:40:34:a0:39:5b:a9:dd:ef:e1:1b:59:b9:e8:4c:
94:5f:e9:79:2c:8f:28:97:9a:48:08:37:bc:ad:ed:f5:ec:6c:
e5:fc:33:fa:e1:47:ea:77:64:d1:ed:74:fb:cd:64:4c:08:5c:
7c:e5:39:7c:df:e7:c1:75:5f:25:49:62:ea:ec:8d:65:bc:e7:
21:6c:03:41:7e:9a:5a:23:cc:99:88:c9:53:f7:50:21:1e:82:
13:e9:a6:0b:5e:26:e4:9f:62:eb:52:1f:65:a9:74:9e:fc:de:
25:c8:ec:3f
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUZL7aqPl8RFozbftr3ORQY7rb9Q8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNjAyMjgwNTIwNDRaFw0yNjA1MjkyMzU5NTlaMHoxSTBHBgNV
BAUTQDIxNzI4NmYzZDlmMzc5ZTllYmVmYmQ4ODVjMzBkM2U3MTU5OTcxNDcxYjIw
MjgwM2ZiMDdlNTg3MmU5MTk3Y2IxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKi7FFs54OjR2h2CjKPZG4lpWPWhN0ER/l5nkbWju7LlkaP1TvqUEaBOEzIl
xyGVDXdoO7owNJauPif8kebcy4MkrkvsUbtDwjgUD1KUiY9y7zL7lJ2CTglisVh8
DqaPA8lTtVDO66X614MUqAIv86pDiRiFhjp+QXeQbgEe9t/GqNhTzWBhMDHdOEFF
7DrZHR/Z58iVYv00sinuv+75qFoCqO6G3O+BcnkmXUiBqbU/L1HcnABapoJ9CWlR
0ap5cVJsmtLQlCjFCzEZ5+qlKK/6yUImS8XKBhC6fgdeX/ncN41GWXwN+i1xwVZT
u0TPS6MdB3FKVxhaIHB5oc+0yTcCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBSpaOZB
B7OBCgDPJH3oYsU1p3DcPTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
Y2FjYWQzZDktYmZhMS00OWE4LWE5YjMtY2JhYzdiZTlmZGIyLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0DGQ
MA0GCSqGSIb3DQEBCwUAA4IBAQBlXnXhQ2P/bnt6H4w4pRodnNr6lhaaHFJo6yOE
7x7pDt9ZEWutwFBu6KXHWEoYJLGY0r5pgPY6gfqFStGcsn7j+viHq6YsIcFilTH1
dauNA/ClRwieuz3fsB8waHEZNHx2K/C8XqaTrpLGntJhoIung21HmVQDcbFzkH32
0s0qjbfrDgbmAbfaBqa6KltOaxazkW6IQDSgOVup3e/hG1m56EyUX+l5LI8ol5pI
CDe8re317Gzl/DP64Ufqd2TR7XT7zWRMCFx85Tl83+fBdV8lSWLq7I1lvOchbANB
fppaI8yZiMlT91AhHoIT6aYLXibkn2LrUh9lqXSe/N4lyOw/
-----END CERTIFICATE-----
Generated at Sun Mar 1 21:44:10 2026 by rpki-client