Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/cb75e53e-4e44-41b7-95dd-e3d54ff36386.roa
File: cb75e53e-4e44-41b7-95dd-e3d54ff36386.roa (raw, json)
Hash identifier: onIx3ANKtEmV70Aekwn5RNfDNsqgzFnI2K7L3osw2Ew=
Subject key identifier: BE:13:3F:03:D1:F6:25:EA:4B:57:7F:07:24:BD:4B:37:44:C5:0C:0F
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 5716719AE0954A922265EBD3877367167332DDB5
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/cb75e53e-4e44-41b7-95dd-e3d54ff36386.roa
Signing time: Tue 24 Feb 2026 03:00:12 +0000
ROA not before: Tue 24 Feb 2026 03:00:12 +0000
ROA not after: Mon 25 May 2026 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d000:f000::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 15:00:27 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
57:16:71:9a:e0:95:4a:92:22:65:eb:d3:87:73:67:16:73:32:dd:b5
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Feb 24 03:00:12 2026 GMT
Not After : May 25 23:59:59 2026 GMT
Subject: serialNumber=ab09c9397fe9f6cd9def7d7ca159e2f7c52dfcaca99552568b73b41bed1a67cf, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:99:5a:93:b1:c2:4c:85:ed:0c:1f:07:ed:3d:04:
95:f6:46:8e:d2:c4:0a:9c:db:12:7a:ef:40:f2:3c:
d2:02:78:08:19:0e:53:95:30:94:16:e0:86:da:22:
a9:d8:35:81:52:37:1d:84:f6:b6:93:92:8b:37:0d:
02:81:7b:ea:af:4f:c6:00:89:1b:f7:2f:7e:e3:89:
4d:04:ee:ef:4d:0c:59:7b:61:80:1e:5e:eb:c1:63:
d5:9a:f8:45:1a:66:49:5c:55:df:21:6c:22:d4:a2:
e4:60:7b:3d:36:d5:64:7a:e6:67:ed:d8:7a:0d:03:
44:a2:e9:e8:fb:4b:f7:59:4d:62:e6:d6:7f:51:89:
2c:cd:55:f5:1b:81:b1:31:4e:c4:31:25:01:76:c3:
e2:9a:45:f7:18:96:a6:f7:c2:47:8d:a1:16:fc:1d:
0a:e0:26:9c:be:33:5b:bb:e1:3d:ab:fe:6e:60:7d:
49:5d:36:1e:96:6c:89:63:b6:f0:69:54:42:61:6f:
e0:6d:71:1f:b3:da:ef:2b:74:93:fb:75:cd:51:44:
19:1e:2c:66:82:c4:24:c9:c1:e8:04:15:4d:d1:e1:
29:42:df:8a:62:49:c6:45:75:3b:c7:f6:33:50:4b:
2b:56:53:42:3a:6a:b0:71:d8:c0:bf:da:f7:d9:75:
a9:b7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BE:13:3F:03:D1:F6:25:EA:4B:57:7F:07:24:BD:4B:37:44:C5:0C:0F
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/cb75e53e-4e44-41b7-95dd-e3d54ff36386.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d000:f000::/40
Signature Algorithm: sha256WithRSAEncryption
86:64:0e:ad:a7:cc:1b:aa:12:b7:d4:59:dd:09:98:f1:e7:b0:
f3:29:c0:c8:b4:7f:05:22:fa:11:50:a2:f7:e7:26:99:14:82:
2b:c7:4e:ce:24:15:94:71:9c:b7:9f:82:3f:4a:8e:6e:c7:28:
6c:77:1c:56:10:07:10:c3:8e:26:68:24:b9:be:55:ff:e0:16:
25:96:b6:fb:9a:04:85:ab:1e:d1:78:05:12:20:78:1d:98:a9:
78:23:57:3a:b5:d0:39:ff:12:b0:81:19:c2:6a:2e:82:97:a1:
9c:ee:c7:0f:60:37:bb:ab:48:33:2a:94:ec:be:85:9e:8c:ed:
d8:de:94:37:6e:d3:c9:4c:6b:cb:a7:de:be:53:11:b9:72:43:
2b:cf:82:a2:9e:e3:28:97:d0:08:33:a2:4b:58:00:36:cd:99:
e8:80:4e:2c:5d:52:9f:ea:0c:f7:cd:75:05:cf:ff:1c:e3:d3:
2b:f2:2e:21:9a:07:77:78:9b:b2:36:1a:b7:38:f1:7f:1e:7e:
a0:6d:e2:ef:67:cc:b8:12:33:5c:99:ec:39:ea:e1:0a:83:71:
4b:fc:c1:6c:df:a1:85:d3:2b:82:cd:9d:65:ad:73:71:6f:d1:
cc:37:74:8a:37:4e:9b:58:bd:17:36:f6:12:96:cf:2f:a2:7e:
df:d7:b7:e3
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUVxZxmuCVSpIiZevTh3NnFnMy3bUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNjAyMjQwMzAwMTJaFw0yNjA1MjUyMzU5NTlaMHoxSTBHBgNV
BAUTQGFiMDljOTM5N2ZlOWY2Y2Q5ZGVmN2Q3Y2ExNTllMmY3YzUyZGZjYWNhOTk1
NTI1NjhiNzNiNDFiZWQxYTY3Y2YxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJlak7HCTIXtDB8H7T0ElfZGjtLECpzbEnrvQPI80gJ4CBkOU5UwlBbghtoi
qdg1gVI3HYT2tpOSizcNAoF76q9PxgCJG/cvfuOJTQTu700MWXthgB5e68Fj1Zr4
RRpmSVxV3yFsItSi5GB7PTbVZHrmZ+3Yeg0DRKLp6PtL91lNYubWf1GJLM1V9RuB
sTFOxDElAXbD4ppF9xiWpvfCR42hFvwdCuAmnL4zW7vhPav+bmB9SV02HpZsiWO2
8GlUQmFv4G1xH7Pa7yt0k/t1zVFEGR4sZoLEJMnB6AQVTdHhKULfimJJxkV1O8f2
M1BLK1ZTQjpqsHHYwL/a99l1qbcCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBS+Ez8D
0fYl6ktXfwckvUs3RMUMDzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
Y2I3NWU1M2UtNGU0NC00MWI3LTk1ZGQtZTNkNTRmZjM2Mzg2LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0ADw
MA0GCSqGSIb3DQEBCwUAA4IBAQCGZA6tp8wbqhK31FndCZjx57DzKcDItH8FIvoR
UKL35yaZFIIrx07OJBWUcZy3n4I/So5uxyhsdxxWEAcQw44maCS5vlX/4BYllrb7
mgSFqx7ReAUSIHgdmKl4I1c6tdA5/xKwgRnCai6Cl6Gc7scPYDe7q0gzKpTsvoWe
jO3Y3pQ3btPJTGvLp96+UxG5ckMrz4KinuMol9AIM6JLWAA2zZnogE4sXVKf6gz3
zXUFz/8c49Mr8i4hmgd3eJuyNhq3OPF/Hn6gbeLvZ8y4EjNcmew56uEKg3FL/MFs
36GF0yuCzZ1lrXNxb9HMN3SKN06bWL0XNvYSls8von7f17fj
-----END CERTIFICATE-----
Generated at Sun Mar 1 21:40:49 2026 by rpki-client