Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/dd7649a8-cae4-4d67-90f1-f01144285a2f.roa
File: dd7649a8-cae4-4d67-90f1-f01144285a2f.roa (raw, json)
Hash identifier: lQJS+cWZePQLhBj3P8jGE9OFDfWWS9jVBasFBYywxVk=
Subject key identifier: 0B:CF:48:84:EA:E2:02:A3:63:6A:C1:44:7A:11:D2:3A:11:29:AB:EA
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 3A49AE77AA435F7117675D80CB02283FF51EE5FA
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/dd7649a8-cae4-4d67-90f1-f01144285a2f.roa
Signing time: Sat 28 Feb 2026 05:30:59 +0000
ROA not before: Sat 28 Feb 2026 05:30:59 +0000
ROA not after: Fri 29 May 2026 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d07f:4040::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 15:00:27 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
3a:49:ae:77:aa:43:5f:71:17:67:5d:80:cb:02:28:3f:f5:1e:e5:fa
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Feb 28 05:30:59 2026 GMT
Not After : May 29 23:59:59 2026 GMT
Subject: serialNumber=b2df54a33d434a248631d234b1401bebc968212f4d28b60c9e05b2ed07b9bd48, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bd:fc:96:aa:23:ce:f1:87:51:3a:21:b0:80:1a:
8d:9c:63:2f:f0:eb:f1:23:85:b8:87:c4:a9:42:1a:
ee:4e:a8:74:f5:f7:8b:37:51:b2:62:3e:f5:38:a0:
4a:f2:1e:43:c0:80:84:47:81:4e:2b:d2:e9:df:1a:
4f:79:73:0e:9f:20:b1:7f:a7:57:e1:27:4e:bb:d3:
e5:95:70:12:ba:6c:26:59:80:46:14:11:70:28:cd:
38:f8:b5:51:cf:92:82:45:a9:1b:02:93:91:a4:b4:
07:b4:e4:6b:a5:ba:0c:e3:e9:3e:00:50:52:39:04:
98:4b:c3:6b:08:ea:06:3a:c3:e3:09:f2:be:e5:20:
0b:d3:c4:ce:d2:07:a0:29:51:32:13:ba:d1:c9:59:
6e:ce:84:d0:c9:6e:c8:33:64:36:3d:36:9a:02:5f:
9e:db:e1:44:32:d6:f0:84:ac:c8:aa:7a:46:e6:e0:
a7:c1:61:57:04:a5:b3:be:f2:3d:26:b0:c8:3e:37:
f6:2b:67:5b:87:3d:a0:55:d0:c3:bb:e4:8f:a9:e9:
ea:76:7e:a8:65:2f:c3:61:d6:dd:39:94:5c:5b:d0:
3b:98:44:60:c4:18:90:7b:78:77:42:bd:c8:76:8c:
9d:c9:d1:8d:74:f2:f1:5c:07:58:96:21:19:26:88:
ab:c5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0B:CF:48:84:EA:E2:02:A3:63:6A:C1:44:7A:11:D2:3A:11:29:AB:EA
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/dd7649a8-cae4-4d67-90f1-f01144285a2f.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d07f:4040::/48
Signature Algorithm: sha256WithRSAEncryption
be:0c:73:64:79:f8:54:4b:00:6f:cd:96:6c:a1:23:21:d1:e8:
24:04:48:4d:62:d4:27:1a:74:c6:b9:4c:9d:c4:92:b1:69:20:
19:03:c0:27:3a:64:28:68:d0:8e:2a:cb:a4:ec:f8:11:8e:81:
ed:1d:8e:51:1f:15:5b:6c:98:9f:12:e6:08:28:0a:9c:a4:a9:
ab:28:50:6d:08:f1:af:e8:0a:51:70:f9:35:7d:58:04:c8:ec:
c2:63:16:1b:42:49:a4:03:26:29:4f:15:d5:7a:7f:ab:f5:f1:
2c:0c:aa:24:8e:04:a4:11:11:b7:25:fa:99:a2:d0:a4:8e:93:
79:93:c0:ad:fb:c1:11:b1:8c:56:7b:96:0d:a0:21:a4:9b:47:
bd:7e:70:da:30:37:c0:df:ee:42:cc:b9:34:57:42:29:b9:24:
4b:40:c2:2a:7f:6e:21:8f:44:26:d3:65:fb:f5:2c:f7:56:6c:
a3:8a:bf:0a:79:c6:70:c4:33:64:68:ab:a2:1c:2b:d8:57:03:
cf:76:30:86:73:41:7d:5d:c6:74:0d:1c:de:d5:17:ed:4b:87:
e0:be:02:e8:b8:98:ea:73:05:8c:9b:42:fc:ca:60:1a:2f:cb:
42:a4:40:1d:6b:5f:2c:80:29:11:f2:c3:58:6f:85:d6:e9:69:
b9:76:d1:56
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUOkmud6pDX3EXZ12AywIoP/Ue5fowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNjAyMjgwNTMwNTlaFw0yNjA1MjkyMzU5NTlaMHoxSTBHBgNV
BAUTQGIyZGY1NGEzM2Q0MzRhMjQ4NjMxZDIzNGIxNDAxYmViYzk2ODIxMmY0ZDI4
YjYwYzllMDViMmVkMDdiOWJkNDgxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAL38lqojzvGHUTohsIAajZxjL/Dr8SOFuIfEqUIa7k6odPX3izdRsmI+9Tig
SvIeQ8CAhEeBTivS6d8aT3lzDp8gsX+nV+EnTrvT5ZVwErpsJlmARhQRcCjNOPi1
Uc+SgkWpGwKTkaS0B7Tka6W6DOPpPgBQUjkEmEvDawjqBjrD4wnyvuUgC9PEztIH
oClRMhO60clZbs6E0MluyDNkNj02mgJfntvhRDLW8ISsyKp6Rubgp8FhVwSls77y
PSawyD439itnW4c9oFXQw7vkj6np6nZ+qGUvw2HW3TmUXFvQO5hEYMQYkHt4d0K9
yHaMncnRjXTy8VwHWJYhGSaIq8UCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBQLz0iE
6uICo2NqwUR6EdI6ESmr6jAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
ZGQ3NjQ5YTgtY2FlNC00ZDY3LTkwZjEtZjAxMTQ0Mjg1YTJmLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0H9A
QDANBgkqhkiG9w0BAQsFAAOCAQEAvgxzZHn4VEsAb82WbKEjIdHoJARITWLUJxp0
xrlMncSSsWkgGQPAJzpkKGjQjirLpOz4EY6B7R2OUR8VW2yYnxLmCCgKnKSpqyhQ
bQjxr+gKUXD5NX1YBMjswmMWG0JJpAMmKU8V1Xp/q/XxLAyqJI4EpBERtyX6maLQ
pI6TeZPArfvBEbGMVnuWDaAhpJtHvX5w2jA3wN/uQsy5NFdCKbkkS0DCKn9uIY9E
JtNl+/Us91Zso4q/CnnGcMQzZGirohwr2FcDz3YwhnNBfV3GdA0c3tUX7UuH4L4C
6LiY6nMFjJtC/MpgGi/LQqRAHWtfLIApEfLDWG+F1ulpuXbRVg==
-----END CERTIFICATE-----
Generated at Sun Mar 1 22:04:05 2026 by rpki-client