Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/cda4310a-ca55-4999-9a56-f3175f246324.roa
File: cda4310a-ca55-4999-9a56-f3175f246324.roa (raw, json)
Hash identifier: hx1ke4V4oBOMYVG54iRG3xC3G1sNvRfA/AwoMqsPwJY=
Subject key identifier: 09:91:C8:72:2A:5E:A6:85:C5:F8:3D:31:36:DE:2A:E3:BC:8F:9A:B2
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 435071851F43E362FFDD6D3A37AF539408F31298
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/cda4310a-ca55-4999-9a56-f3175f246324.roa
Signing time: Tue 17 Feb 2026 03:00:46 +0000
ROA not before: Tue 17 Feb 2026 03:00:46 +0000
ROA not after: Mon 18 May 2026 23:59:59 +0000
asID: 16509
IP address blocks: 46.137.152.0/22 maxlen: 22
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 15:00:27 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
43:50:71:85:1f:43:e3:62:ff:dd:6d:3a:37:af:53:94:08:f3:12:98
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Feb 17 03:00:46 2026 GMT
Not After : May 18 23:59:59 2026 GMT
Subject: serialNumber=b307ab0c5f89cf42ae8922c0c225daa24081d4c6ccf875dbfcff050404c3e325, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:df:b1:31:ba:a0:48:d3:e2:0c:60:46:8f:58:bc:
8a:f6:b5:e7:3d:f4:8e:19:1a:5b:02:24:a5:6b:f7:
be:60:0b:12:e4:8f:fa:f6:fc:49:df:4b:46:fe:f9:
7b:99:06:46:72:74:53:f6:9b:04:18:5c:03:f5:86:
95:67:ec:61:da:05:7e:94:90:56:42:bc:be:91:0f:
c1:6c:8a:fc:db:6f:5f:d8:c8:76:bc:69:bc:f8:1c:
c5:2c:8b:50:6e:a9:0a:c7:33:46:f8:38:0d:fd:04:
ac:b6:04:e6:8c:81:ea:ef:5a:87:06:e2:61:98:8a:
1f:24:d5:05:58:89:41:8b:b6:aa:44:8e:0c:36:77:
2c:1a:e7:24:aa:eb:ec:03:93:7b:48:3c:ff:3c:7d:
c6:5b:72:02:e6:de:03:b2:01:32:d6:9f:93:99:1a:
1c:a5:d3:d8:c6:74:aa:91:c7:55:a5:d1:36:0f:f6:
86:10:d5:77:c9:59:0d:6d:9f:18:96:dc:22:f9:55:
b2:e8:08:f0:91:f3:fd:24:cf:a5:46:47:91:44:74:
e4:95:ee:99:e2:a5:e7:f5:0e:ce:1c:33:6b:72:06:
f8:3b:1e:32:da:7e:d0:0d:6c:c7:4b:1a:af:87:ab:
f6:31:f6:a6:b4:b8:86:32:d8:e1:12:12:be:ce:81:
4f:df
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
09:91:C8:72:2A:5E:A6:85:C5:F8:3D:31:36:DE:2A:E3:BC:8F:9A:B2
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/cda4310a-ca55-4999-9a56-f3175f246324.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.137.152.0/22
Signature Algorithm: sha256WithRSAEncryption
66:fd:6e:77:87:f9:d0:af:04:ad:18:bd:9a:ba:4e:32:1e:4d:
ab:ad:bf:bd:4e:c8:6e:b4:13:22:ff:a3:3e:1c:87:86:1f:d7:
3f:9b:5a:f6:ca:49:1f:45:e2:bd:ad:8f:60:00:7b:50:c7:c5:
f2:9e:0e:3b:59:df:16:ff:19:9f:33:60:c7:91:82:e4:db:be:
26:22:e5:6c:b7:1b:ea:04:7a:9d:d7:66:82:57:8c:d8:70:8c:
74:ac:ef:92:eb:e2:04:a0:e1:a9:77:5a:3c:f3:c2:f4:e9:c6:
d5:56:2e:3f:69:42:52:7c:06:dd:4f:a1:19:0e:f7:ee:b9:3d:
9a:5e:ea:99:6c:3b:57:a6:c9:68:b2:28:5a:e2:22:0f:31:fc:
63:88:19:b5:3e:1a:d5:3e:fe:f4:30:a7:09:3d:b5:2f:58:a2:
52:e7:14:ff:e6:fb:c2:b3:ea:ee:58:8e:e1:f8:54:5c:32:1a:
99:44:67:36:7d:70:54:cd:4d:da:28:4b:22:40:ba:3c:85:ea:
6e:99:a5:61:88:08:2c:40:cc:72:d8:b8:45:d2:38:0e:1d:37:
f8:08:ad:f7:3c:65:ae:16:21:b0:75:fb:0d:19:ef:2c:c2:d4:
f2:4b:d8:46:69:8f:b4:1f:1d:6e:fb:09:8b:96:85:08:9e:93:
27:d2:37:72
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUQ1BxhR9D42L/3W06N69TlAjzEpgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNjAyMTcwMzAwNDZaFw0yNjA1MTgyMzU5NTlaMHoxSTBHBgNV
BAUTQGIzMDdhYjBjNWY4OWNmNDJhZTg5MjJjMGMyMjVkYWEyNDA4MWQ0YzZjY2Y4
NzVkYmZjZmYwNTA0MDRjM2UzMjUxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAN+xMbqgSNPiDGBGj1i8iva15z30jhkaWwIkpWv3vmALEuSP+vb8Sd9LRv75
e5kGRnJ0U/abBBhcA/WGlWfsYdoFfpSQVkK8vpEPwWyK/NtvX9jIdrxpvPgcxSyL
UG6pCsczRvg4Df0ErLYE5oyB6u9ahwbiYZiKHyTVBViJQYu2qkSODDZ3LBrnJKrr
7AOTe0g8/zx9xltyAubeA7IBMtafk5kaHKXT2MZ0qpHHVaXRNg/2hhDVd8lZDW2f
GJbcIvlVsugI8JHz/STPpUZHkUR05JXumeKl5/UOzhwza3IG+DseMtp+0A1sx0sa
r4er9jH2prS4hjLY4RISvs6BT98CAwEAAaOCAiEwggIdMB0GA1UdDgQWBBQJkchy
Kl6mhcX4PTE23irjvI+asjAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
Y2RhNDMxMGEtY2E1NS00OTk5LTlhNTYtZjMxNzVmMjQ2MzI0LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAi6JmDAN
BgkqhkiG9w0BAQsFAAOCAQEAZv1ud4f50K8ErRi9mrpOMh5Nq62/vU7IbrQTIv+j
PhyHhh/XP5ta9spJH0Xiva2PYAB7UMfF8p4OO1nfFv8ZnzNgx5GC5Nu+JiLlbLcb
6gR6nddmgleM2HCMdKzvkuviBKDhqXdaPPPC9OnG1VYuP2lCUnwG3U+hGQ737rk9
ml7qmWw7V6bJaLIoWuIiDzH8Y4gZtT4a1T7+9DCnCT21L1iiUucU/+b7wrPq7liO
4fhUXDIamURnNn1wVM1N2ihLIkC6PIXqbpmlYYgILEDMcti4RdI4Dh03+Ait9zxl
rhYhsHX7DRnvLMLU8kvYRmmPtB8dbvsJi5aFCJ6TJ9I3cg==
-----END CERTIFICATE-----
Generated at Sun Mar 1 23:53:04 2026 by rpki-client