Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/ce04c6c2-3994-4b71-a579-ee490d4b125b.roa
File: ce04c6c2-3994-4b71-a579-ee490d4b125b.roa (raw, json)
Hash identifier: uooeQ0mKBaBqRbPQXPlVzEQHiQZJK6q1NfEFdGkJxok=
Subject key identifier: 78:C9:C8:F5:82:3D:E7:6A:CE:E5:C7:DD:7C:B8:CB:9B:36:35:51:D7
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 16514140820A38FB5F235B6416D3A8CFE1522E19
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/ce04c6c2-3994-4b71-a579-ee490d4b125b.roa
Signing time: Tue 24 Feb 2026 00:40:12 +0000
ROA not before: Tue 24 Feb 2026 00:40:12 +0000
ROA not after: Mon 25 May 2026 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d078:f000::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 15:00:27 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
16:51:41:40:82:0a:38:fb:5f:23:5b:64:16:d3:a8:cf:e1:52:2e:19
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Feb 24 00:40:12 2026 GMT
Not After : May 25 23:59:59 2026 GMT
Subject: serialNumber=40ef92f294409b32d8ee3e5a3ef20f9cb258e80b9857ac65383c382a89f195b9, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9a:ae:27:f3:82:69:fa:92:3e:9f:15:ee:83:f8:
a4:9a:d3:d3:7c:fa:78:e5:28:34:2a:c8:d2:a9:f5:
20:45:e4:94:df:c1:1c:b4:f4:19:bb:93:35:9c:f8:
cd:c3:d9:bf:4f:44:20:9c:1b:28:a3:8e:e0:aa:e4:
c8:28:1d:72:b0:11:6f:26:5c:53:c8:c6:ab:d1:3a:
6c:2e:c6:ce:ce:29:00:10:cf:a2:ea:bc:08:cf:e3:
6f:6f:2d:fe:bc:14:77:ba:e1:6d:3f:53:42:95:12:
07:bb:b2:7f:4c:0c:4f:27:e0:38:a6:59:64:81:2d:
0c:7a:68:a0:fc:65:a4:ea:f0:2e:69:30:97:a3:82:
d6:ae:ef:6c:e7:72:3c:e4:88:1f:2e:fd:fa:f5:21:
c3:86:b7:29:ba:76:24:77:fc:bb:b3:d4:23:2e:93:
a8:1b:4b:e3:30:cd:ac:f2:e0:dd:7b:79:ed:1c:cc:
ba:a5:9a:83:dd:9c:41:0d:66:ad:88:20:4e:84:c7:
21:89:06:ad:2e:eb:04:a9:ea:0c:09:2f:24:60:fa:
3c:11:e1:4f:26:da:2f:3b:57:c4:d3:54:bf:57:95:
54:d8:8a:52:06:c4:81:7e:35:c3:22:a5:a3:cc:09:
c5:1b:3c:69:a6:68:68:09:ec:81:e8:e6:76:1a:4f:
fd:d5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
78:C9:C8:F5:82:3D:E7:6A:CE:E5:C7:DD:7C:B8:CB:9B:36:35:51:D7
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/ce04c6c2-3994-4b71-a579-ee490d4b125b.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d078:f000::/40
Signature Algorithm: sha256WithRSAEncryption
8b:63:e6:9c:7c:78:c6:1d:2f:4f:b0:f1:13:c4:c7:6f:17:26:
2c:8a:97:12:a2:d3:5e:60:d7:85:62:d0:c0:9d:f9:b1:d0:37:
55:8e:7c:6b:42:fe:73:eb:b2:c6:ba:33:bb:78:4c:be:72:d7:
ce:a7:2d:68:39:a0:cc:9b:e9:e3:c5:df:60:a6:a1:53:dc:1e:
ae:7d:de:42:02:49:b2:1d:15:ec:de:14:b8:f5:c2:52:4c:6d:
cc:1d:4d:d6:03:98:a7:c1:2b:b3:56:23:61:bc:34:a8:ef:ba:
d4:c8:96:d9:42:d6:b7:2e:94:67:e3:df:a1:00:72:56:d7:7d:
20:02:9e:1e:c4:52:55:be:93:89:c3:cb:b8:1a:7f:e3:a0:b6:
d8:38:dd:e9:b5:73:8a:3c:8a:13:5b:8a:d6:71:d0:4c:c8:f2:
d9:b3:c1:76:81:f4:34:d8:2d:01:23:1d:84:36:6a:8f:e3:e2:
0f:be:09:04:3b:17:59:05:d6:17:52:70:4f:b5:08:02:4d:18:
98:3d:2c:33:a6:39:2d:a6:6e:f4:8d:b3:e2:73:83:79:f0:b7:
65:7a:74:60:e5:2d:8b:33:eb:43:5f:10:f1:0f:a6:79:3e:16:
3a:d6:3a:0c:34:ea:f5:a9:9e:6a:f8:c6:84:31:47:42:98:af:
45:79:0e:da
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUFlFBQIIKOPtfI1tkFtOoz+FSLhkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNjAyMjQwMDQwMTJaFw0yNjA1MjUyMzU5NTlaMHoxSTBHBgNV
BAUTQDQwZWY5MmYyOTQ0MDliMzJkOGVlM2U1YTNlZjIwZjljYjI1OGU4MGI5ODU3
YWM2NTM4M2MzODJhODlmMTk1YjkxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJquJ/OCafqSPp8V7oP4pJrT03z6eOUoNCrI0qn1IEXklN/BHLT0GbuTNZz4
zcPZv09EIJwbKKOO4KrkyCgdcrARbyZcU8jGq9E6bC7Gzs4pABDPouq8CM/jb28t
/rwUd7rhbT9TQpUSB7uyf0wMTyfgOKZZZIEtDHpooPxlpOrwLmkwl6OC1q7vbOdy
POSIHy79+vUhw4a3Kbp2JHf8u7PUIy6TqBtL4zDNrPLg3Xt57RzMuqWag92cQQ1m
rYggToTHIYkGrS7rBKnqDAkvJGD6PBHhTybaLztXxNNUv1eVVNiKUgbEgX41wyKl
o8wJxRs8aaZoaAnsgejmdhpP/dUCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBR4ycj1
gj3nas7lx918uMubNjVR1zAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
Y2UwNGM2YzItMzk5NC00YjcxLWE1NzktZWU0OTBkNGIxMjViLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0Hjw
MA0GCSqGSIb3DQEBCwUAA4IBAQCLY+acfHjGHS9PsPETxMdvFyYsipcSotNeYNeF
YtDAnfmx0DdVjnxrQv5z67LGujO7eEy+ctfOpy1oOaDMm+njxd9gpqFT3B6ufd5C
AkmyHRXs3hS49cJSTG3MHU3WA5inwSuzViNhvDSo77rUyJbZQta3LpRn49+hAHJW
130gAp4exFJVvpOJw8u4Gn/joLbYON3ptXOKPIoTW4rWcdBMyPLZs8F2gfQ02C0B
Ix2ENmqP4+IPvgkEOxdZBdYXUnBPtQgCTRiYPSwzpjktpm70jbPic4N58LdlenRg
5S2LM+tDXxDxD6Z5PhY61joMNOr1qZ5q+MaEMUdCmK9FeQ7a
-----END CERTIFICATE-----
Generated at Sun Mar 1 21:51:35 2026 by rpki-client