Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/dc148af9-68cc-4a7f-b7fd-6ac691016888.roa
File: dc148af9-68cc-4a7f-b7fd-6ac691016888.roa (raw, json)
Hash identifier: +kmQMha9v51kD6ydwYkvEzfjihygL4RymnLLh21clOg=
Subject key identifier: 02:A8:84:86:59:26:6E:88:2E:38:B0:6C:7C:B7:70:EA:C2:C6:54:74
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 1B1BB61A2D1E4ED597295242957F4664D14C99D5
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/dc148af9-68cc-4a7f-b7fd-6ac691016888.roa
Signing time: Sat 28 Feb 2026 05:20:26 +0000
ROA not before: Sat 28 Feb 2026 05:20:26 +0000
ROA not after: Fri 29 May 2026 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d025::/36 maxlen: 36
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 15:00:27 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
1b:1b:b6:1a:2d:1e:4e:d5:97:29:52:42:95:7f:46:64:d1:4c:99:d5
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Feb 28 05:20:26 2026 GMT
Not After : May 29 23:59:59 2026 GMT
Subject: serialNumber=4cd1909db0a5c05a0ebe2fc0a8f30c2d7c8d136a44bf1c57d5246016a7df72d7, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:aa:21:a8:a8:42:b4:0a:3b:22:91:35:15:5a:17:
5d:79:e8:d8:0b:46:d9:40:a4:ca:15:b7:bc:6c:6a:
1b:65:44:2b:b7:e5:d9:4e:48:af:fd:9b:5d:dc:54:
2c:8c:30:bd:2e:a5:cd:84:c9:30:0b:0d:b6:ab:ba:
15:c8:ba:f0:7f:97:bb:0b:77:65:25:0a:25:ae:b1:
24:c3:9c:de:e0:3f:eb:b1:7d:cf:19:08:8c:f7:06:
e6:40:60:6b:be:43:93:e0:d5:97:9e:ae:f8:d9:2f:
9c:f2:73:d5:fe:95:c3:3a:b3:df:bb:fe:69:f1:15:
32:b4:10:c4:28:f2:c8:17:ee:9c:3f:85:f4:3b:d9:
4f:df:dd:46:b1:4f:4e:bc:e1:20:b7:b0:19:31:d4:
36:76:c5:d6:b4:aa:31:41:24:07:96:17:14:51:8d:
a0:bd:e4:f4:3e:de:27:18:25:4a:41:54:ab:58:7e:
c1:fe:0a:aa:f4:ec:80:d3:d5:7c:48:d1:57:0f:e2:
32:3a:9f:59:92:1c:3d:67:fc:f4:77:5f:db:1a:56:
29:2f:ab:66:47:bb:98:ce:fe:36:5c:eb:6a:7d:07:
34:e5:2c:71:9b:f5:2f:65:7d:4a:29:64:dd:dd:e7:
3c:07:68:c6:10:15:89:82:f1:2d:b5:7f:10:f7:66:
b4:67
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
02:A8:84:86:59:26:6E:88:2E:38:B0:6C:7C:B7:70:EA:C2:C6:54:74
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/dc148af9-68cc-4a7f-b7fd-6ac691016888.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d025::/36
Signature Algorithm: sha256WithRSAEncryption
8a:05:41:dd:dc:20:1a:ec:cb:8a:c3:9f:47:90:cd:22:20:13:
6a:2e:93:b0:50:8f:16:97:14:06:52:3d:a4:94:34:d7:48:e5:
e6:f8:49:2c:e8:6a:49:50:10:9a:8b:53:55:4d:b7:98:3f:5c:
2a:54:f0:6f:4a:8e:82:93:4f:fb:09:89:db:f1:b0:2c:ab:c7:
90:9a:01:5c:3c:4b:74:f1:76:78:e9:59:b5:99:72:04:e9:d9:
5c:8d:94:8a:be:60:d3:00:c4:7e:a2:75:f3:12:3c:da:54:90:
84:ef:5c:7f:b5:03:54:71:bb:cf:a1:6d:d1:15:16:6b:c8:bf:
e7:60:aa:ea:26:4e:b1:ab:8c:66:6b:86:69:18:26:7b:fb:12:
6a:b8:0f:08:e7:5c:08:c9:67:dc:b2:ea:44:6b:e9:81:85:72:
4b:77:b4:c8:55:bd:b8:72:dd:96:07:f4:06:b4:ab:36:c1:ab:
1c:be:45:e0:8a:a6:cd:33:c8:c7:25:d9:9a:37:0d:ec:5d:a7:
89:f1:3e:6b:74:7b:43:12:ec:87:8e:a9:e7:be:4f:20:c4:4f:
45:8b:f4:0d:22:8c:0d:18:da:1a:fb:75:6e:55:e4:e7:64:c9:
aa:74:2b:0f:6c:e6:34:3e:01:83:6c:7f:36:fd:65:15:bf:4c:
94:28:34:73
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUGxu2Gi0eTtWXKVJClX9GZNFMmdUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNjAyMjgwNTIwMjZaFw0yNjA1MjkyMzU5NTlaMHoxSTBHBgNV
BAUTQDRjZDE5MDlkYjBhNWMwNWEwZWJlMmZjMGE4ZjMwYzJkN2M4ZDEzNmE0NGJm
MWM1N2Q1MjQ2MDE2YTdkZjcyZDcxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKohqKhCtAo7IpE1FVoXXXno2AtG2UCkyhW3vGxqG2VEK7fl2U5Ir/2bXdxU
LIwwvS6lzYTJMAsNtqu6Fci68H+Xuwt3ZSUKJa6xJMOc3uA/67F9zxkIjPcG5kBg
a75Dk+DVl56u+NkvnPJz1f6Vwzqz37v+afEVMrQQxCjyyBfunD+F9DvZT9/dRrFP
TrzhILewGTHUNnbF1rSqMUEkB5YXFFGNoL3k9D7eJxglSkFUq1h+wf4KqvTsgNPV
fEjRVw/iMjqfWZIcPWf89Hdf2xpWKS+rZke7mM7+Nlzran0HNOUscZv1L2V9Silk
3d3nPAdoxhAViYLxLbV/EPdmtGcCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBQCqISG
WSZuiC44sGx8t3DqwsZUdDAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
ZGMxNDhhZjktNjhjYy00YTdmLWI3ZmQtNmFjNjkxMDE2ODg4LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGBCoF0CUA
MA0GCSqGSIb3DQEBCwUAA4IBAQCKBUHd3CAa7MuKw59HkM0iIBNqLpOwUI8WlxQG
Uj2klDTXSOXm+Eks6GpJUBCai1NVTbeYP1wqVPBvSo6Ck0/7CYnb8bAsq8eQmgFc
PEt08XZ46Vm1mXIE6dlcjZSKvmDTAMR+onXzEjzaVJCE71x/tQNUcbvPoW3RFRZr
yL/nYKrqJk6xq4xma4ZpGCZ7+xJquA8I51wIyWfcsupEa+mBhXJLd7TIVb24ct2W
B/QGtKs2wascvkXgiqbNM8jHJdmaNw3sXaeJ8T5rdHtDEuyHjqnnvk8gxE9Fi/QN
IowNGNoa+3VuVeTnZMmqdCsPbOY0PgGDbH82/WUVv0yUKDRz
-----END CERTIFICATE-----
Generated at Sun Mar 1 21:53:50 2026 by rpki-client