Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/d385ff4b-7f8e-45d2-8f8b-fcde1426a050.roa
File: d385ff4b-7f8e-45d2-8f8b-fcde1426a050.roa (raw, json)
Hash identifier: f6RVWTo6s/qsvhiwKGl4r46KJKfCfShxZg0Uq3+/V2k=
Subject key identifier: C7:F0:57:26:2C:E9:7A:45:A4:8C:97:8F:84:77:87:7F:97:78:4E:A7
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 2458023B3EECAECC9D00937C58F6A2DCE21D3FB0
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/d385ff4b-7f8e-45d2-8f8b-fcde1426a050.roa
Signing time: Sat 28 Feb 2026 06:10:28 +0000
ROA not before: Sat 28 Feb 2026 06:10:28 +0000
ROA not after: Fri 29 May 2026 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d032:1000::/40 maxlen: 40
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 15:00:27 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
24:58:02:3b:3e:ec:ae:cc:9d:00:93:7c:58:f6:a2:dc:e2:1d:3f:b0
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Feb 28 06:10:28 2026 GMT
Not After : May 29 23:59:59 2026 GMT
Subject: serialNumber=f628133fa8b8a2641ba17d790146196eb040802ed21f159635c8a99dc3f96c11, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:dd:cd:45:bc:73:04:6a:ab:ab:93:c9:44:39:da:
bc:84:35:8c:e4:ec:98:85:5b:4d:f8:a7:bd:03:41:
ab:da:01:f3:24:dd:11:7f:ad:3c:d4:c3:07:d1:97:
1f:82:a2:df:ae:38:1c:c5:2b:9b:8f:fe:54:88:42:
c6:cf:37:c6:1c:67:ea:f7:2c:7f:20:f2:9f:a2:a5:
6c:ac:c0:7a:2f:d3:bd:ec:39:b8:a6:01:7d:7c:9d:
0f:ea:cb:db:da:f2:1d:30:c2:a5:b1:3f:d7:04:78:
39:a7:1b:1d:4f:56:9e:ff:48:fb:92:0c:76:a0:2d:
62:7e:46:94:40:6e:da:cb:05:d4:23:82:5d:91:b8:
43:d5:00:c7:83:63:41:87:d6:82:b1:e6:b9:f5:0d:
af:ef:24:59:98:f9:14:d8:88:b7:b2:77:ba:aa:3a:
ef:8f:60:c2:4e:6b:72:5e:15:a1:a0:2d:0e:64:f0:
35:12:5b:e7:84:fb:18:17:a3:92:2c:96:27:c5:42:
ab:75:49:68:0e:29:ca:bd:1f:e1:ac:fd:f5:71:c6:
af:52:f4:26:b1:a4:45:86:c9:93:c5:46:d3:59:d9:
2a:fe:ab:ad:6c:26:a9:b8:77:de:5f:5e:94:b5:ee:
ca:56:0e:dc:0f:37:0f:79:04:3f:38:f0:83:2a:d9:
62:eb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C7:F0:57:26:2C:E9:7A:45:A4:8C:97:8F:84:77:87:7F:97:78:4E:A7
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/d385ff4b-7f8e-45d2-8f8b-fcde1426a050.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d032:1000::/40
Signature Algorithm: sha256WithRSAEncryption
b6:fe:d7:77:6b:79:2b:d9:27:e2:12:f5:f6:e7:20:b0:85:dd:
8d:23:43:3f:39:8f:dd:36:fd:d8:ae:8a:5d:e0:af:8b:be:14:
62:d3:4d:7e:3d:b9:c5:88:4c:cb:06:7e:9e:0f:9d:10:a8:92:
cc:96:d0:c3:dc:52:a6:a8:bc:6f:2e:f8:30:e4:08:ea:67:1f:
ee:c2:f1:07:b1:5a:2f:bb:4f:b9:fd:08:a6:e8:61:8d:12:68:
7d:ad:dc:b3:c0:23:85:37:4d:b6:d2:ed:36:27:3f:f6:05:e8:
a6:03:e0:42:7b:10:5d:08:f3:0d:fd:92:ea:04:d2:6d:b6:0a:
78:33:26:69:b9:fb:37:c3:d6:f5:ab:f2:cf:6c:bb:92:fa:49:
6f:cb:d6:c3:b7:57:85:38:9f:cc:91:e4:c0:25:5b:f5:39:72:
e1:d3:e5:3b:0c:9f:51:06:28:5b:f7:30:24:25:2f:9c:66:22:
67:41:ba:f9:11:19:a0:85:18:60:90:8e:0f:05:1e:a7:0f:71:
79:4e:a5:a2:44:c0:1c:95:50:48:d5:5c:fb:3c:12:2d:ee:77:
27:6b:04:e4:fc:7c:ef:3a:5e:c3:b1:23:1d:49:77:a1:d9:30:
f4:9a:5f:56:4a:de:0e:7e:96:43:e4:17:85:0c:a9:d5:a1:8a:
17:9f:27:b1
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUJFgCOz7srsydAJN8WPai3OIdP7AwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNjAyMjgwNjEwMjhaFw0yNjA1MjkyMzU5NTlaMHoxSTBHBgNV
BAUTQGY2MjgxMzNmYThiOGEyNjQxYmExN2Q3OTAxNDYxOTZlYjA0MDgwMmVkMjFm
MTU5NjM1YzhhOTlkYzNmOTZjMTExLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAN3NRbxzBGqrq5PJRDnavIQ1jOTsmIVbTfinvQNBq9oB8yTdEX+tPNTDB9GX
H4Ki3644HMUrm4/+VIhCxs83xhxn6vcsfyDyn6KlbKzAei/Tvew5uKYBfXydD+rL
29ryHTDCpbE/1wR4OacbHU9Wnv9I+5IMdqAtYn5GlEBu2ssF1COCXZG4Q9UAx4Nj
QYfWgrHmufUNr+8kWZj5FNiIt7J3uqo6749gwk5rcl4VoaAtDmTwNRJb54T7GBej
kiyWJ8VCq3VJaA4pyr0f4az99XHGr1L0JrGkRYbJk8VG01nZKv6rrWwmqbh33l9e
lLXuylYO3A83D3kEPzjwgyrZYusCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBTH8Fcm
LOl6RaSMl4+Ed4d/l3hOpzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
ZDM4NWZmNGItN2Y4ZS00NWQyLThmOGItZmNkZTE0MjZhMDUwLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0DIQ
MA0GCSqGSIb3DQEBCwUAA4IBAQC2/td3a3kr2SfiEvX25yCwhd2NI0M/OY/dNv3Y
ropd4K+LvhRi001+PbnFiEzLBn6eD50QqJLMltDD3FKmqLxvLvgw5AjqZx/uwvEH
sVovu0+5/Qim6GGNEmh9rdyzwCOFN0220u02Jz/2BeimA+BCexBdCPMN/ZLqBNJt
tgp4MyZpufs3w9b1q/LPbLuS+klvy9bDt1eFOJ/MkeTAJVv1OXLh0+U7DJ9RBihb
9zAkJS+cZiJnQbr5ERmghRhgkI4PBR6nD3F5TqWiRMAclVBI1Vz7PBIt7ncnawTk
/HzvOl7DsSMdSXeh2TD0ml9WSt4OfpZD5BeFDKnVoYoXnyex
-----END CERTIFICATE-----
Generated at Sun Mar 1 21:55:52 2026 by rpki-client