Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/d3564159-9d8d-43eb-bf55-66a4445d2727.roa
File: d3564159-9d8d-43eb-bf55-66a4445d2727.roa (raw, json)
Hash identifier: sJDdr5eavwmCRKFfdscY+2LopqH708tNMJOIqebMwaE=
Subject key identifier: 08:70:44:18:8D:FA:B0:C9:B4:DE:3D:AB:BC:BC:A2:7A:B6:6F:74:F1
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 068659C140D25789542F8F5BA24882DF7DBD89F1
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/d3564159-9d8d-43eb-bf55-66a4445d2727.roa
Signing time: Sat 28 Feb 2026 06:21:06 +0000
ROA not before: Sat 28 Feb 2026 06:21:06 +0000
ROA not after: Fri 29 May 2026 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d076:b000::/40 maxlen: 40
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 15:00:27 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
06:86:59:c1:40:d2:57:89:54:2f:8f:5b:a2:48:82:df:7d:bd:89:f1
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Feb 28 06:21:06 2026 GMT
Not After : May 29 23:59:59 2026 GMT
Subject: serialNumber=dd5e93dc59f8fc60ed377f5bab565b970a9126d07297a21012e45fefa57a2afd, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b1:6c:05:1b:b0:d6:c5:07:1a:ca:ce:af:da:c9:
e0:84:9e:3a:12:5c:58:58:b9:e8:be:46:f8:03:01:
63:53:de:b6:44:2b:94:0e:8e:5e:92:0a:88:c9:39:
82:0e:6e:2d:c3:f6:4c:73:c7:cd:96:fa:cc:e7:c9:
8d:b6:05:9a:cc:82:a4:89:af:92:c0:ec:e6:8f:ba:
18:d9:57:18:7e:fa:76:24:f5:8f:5d:72:ab:30:2c:
6b:48:a7:30:d6:0a:94:35:ba:31:b1:3f:f5:8f:2c:
14:90:82:74:45:2c:a3:57:07:cc:d1:97:6a:e5:3a:
28:1f:0b:ee:d5:7c:fd:f3:24:d7:cb:bf:da:73:8a:
56:3b:c6:50:46:1a:da:51:87:43:89:ab:10:fd:ea:
6d:1a:2f:72:38:50:ef:e1:36:b1:65:41:d4:dd:6f:
46:d1:5d:a7:e4:03:3d:ed:16:b8:bb:16:31:fd:ff:
a3:90:52:87:ff:e9:89:8e:ad:17:3d:2e:77:1e:55:
39:44:b5:11:05:ca:51:d9:f1:07:8e:b5:3c:76:31:
34:e3:d8:54:b0:63:0d:ef:12:8b:94:1d:87:69:8d:
18:a5:65:c3:ae:32:d9:14:5e:8a:a3:b0:57:a6:54:
63:c9:48:66:17:79:99:21:78:2e:f7:74:95:f3:dd:
c9:85
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
08:70:44:18:8D:FA:B0:C9:B4:DE:3D:AB:BC:BC:A2:7A:B6:6F:74:F1
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/d3564159-9d8d-43eb-bf55-66a4445d2727.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d076:b000::/40
Signature Algorithm: sha256WithRSAEncryption
5f:d3:d0:6b:dc:6a:7b:5c:87:be:32:61:c8:5b:f5:cf:7a:18:
e0:eb:af:75:68:59:30:cf:50:20:18:35:81:65:20:b1:7e:52:
27:e5:9b:6f:fa:2b:e9:f8:34:90:2c:9d:09:ce:01:a9:06:9e:
56:88:8f:8c:76:91:c9:d1:50:55:52:28:07:84:c3:e1:e2:94:
a6:1f:79:79:3c:9c:c7:7b:10:bd:7c:9d:6e:1d:b0:ba:ae:3b:
e3:6c:d1:3e:b7:9b:ea:b3:7a:2f:cf:ab:e4:8a:20:aa:70:f9:
37:27:01:d1:3c:cd:08:00:e1:e8:58:7f:54:48:29:ba:18:12:
7c:87:10:69:1b:0a:be:92:e9:18:6d:99:42:99:9a:f9:eb:8a:
9f:04:c8:3c:0d:5f:84:bf:ef:fc:af:f6:b2:af:51:fa:8a:e9:
c5:70:72:4f:61:59:99:60:37:e1:7d:7e:da:eb:4d:e7:55:cd:
30:cc:6e:be:ac:44:25:e1:f5:13:0c:a6:b8:16:c1:36:a3:89:
9b:29:64:7b:d6:56:52:41:98:37:bc:f9:a1:35:f6:37:15:75:
75:07:48:d3:a6:93:d4:cc:9d:d5:e0:87:c9:2b:9f:47:9a:87:
fe:3a:66:3e:1f:d7:1f:d2:9f:d0:fa:75:dc:e1:fa:b7:a9:43:
a6:81:5e:c8
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUBoZZwUDSV4lUL49bokiC3329ifEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNjAyMjgwNjIxMDZaFw0yNjA1MjkyMzU5NTlaMHoxSTBHBgNV
BAUTQGRkNWU5M2RjNTlmOGZjNjBlZDM3N2Y1YmFiNTY1Yjk3MGE5MTI2ZDA3Mjk3
YTIxMDEyZTQ1ZmVmYTU3YTJhZmQxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALFsBRuw1sUHGsrOr9rJ4ISeOhJcWFi56L5G+AMBY1PetkQrlA6OXpIKiMk5
gg5uLcP2THPHzZb6zOfJjbYFmsyCpImvksDs5o+6GNlXGH76diT1j11yqzAsa0in
MNYKlDW6MbE/9Y8sFJCCdEUso1cHzNGXauU6KB8L7tV8/fMk18u/2nOKVjvGUEYa
2lGHQ4mrEP3qbRovcjhQ7+E2sWVB1N1vRtFdp+QDPe0WuLsWMf3/o5BSh//piY6t
Fz0udx5VOUS1EQXKUdnxB461PHYxNOPYVLBjDe8Si5Qdh2mNGKVlw64y2RReiqOw
V6ZUY8lIZhd5mSF4Lvd0lfPdyYUCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBQIcEQY
jfqwybTePau8vKJ6tm908TAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
ZDM1NjQxNTktOWQ4ZC00M2ViLWJmNTUtNjZhNDQ0NWQyNzI3LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0Haw
MA0GCSqGSIb3DQEBCwUAA4IBAQBf09Br3Gp7XIe+MmHIW/XPehjg6691aFkwz1Ag
GDWBZSCxflIn5Ztv+ivp+DSQLJ0JzgGpBp5WiI+MdpHJ0VBVUigHhMPh4pSmH3l5
PJzHexC9fJ1uHbC6rjvjbNE+t5vqs3ovz6vkiiCqcPk3JwHRPM0IAOHoWH9USCm6
GBJ8hxBpGwq+kukYbZlCmZr564qfBMg8DV+Ev+/8r/ayr1H6iunFcHJPYVmZYDfh
fX7a603nVc0wzG6+rEQl4fUTDKa4FsE2o4mbKWR71lZSQZg3vPmhNfY3FXV1B0jT
ppPUzJ3V4IfJK59Hmof+OmY+H9cf0p/Q+nXc4fq3qUOmgV7I
-----END CERTIFICATE-----
Generated at Sun Mar 1 21:43:33 2026 by rpki-client