Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/df59e31f-1e32-4e7a-a595-74adb3f93176.roa
File: df59e31f-1e32-4e7a-a595-74adb3f93176.roa (raw, json)
Hash identifier: dQ34OjpHXnxb0O5MlIep4x3WxAulJ55I0G3+FT6K95c=
Subject key identifier: DD:18:39:CB:47:9C:31:B0:E1:81:40:F1:D8:11:46:84:82:C1:1A:CB
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 19DED1E53B9E99BD5209D645D543CA44BFA2CF
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/df59e31f-1e32-4e7a-a595-74adb3f93176.roa
Signing time: Sat 28 Feb 2026 05:51:33 +0000
ROA not before: Sat 28 Feb 2026 05:51:33 +0000
ROA not after: Fri 29 May 2026 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d031:e000::/40 maxlen: 40
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 15:00:27 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
19:de:d1:e5:3b:9e:99:bd:52:09:d6:45:d5:43:ca:44:bf:a2:cf
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Feb 28 05:51:33 2026 GMT
Not After : May 29 23:59:59 2026 GMT
Subject: serialNumber=20d3d511b3fc0e8342303aeedf07822783f3cf64759e2cc1ee7f896ee03d3c38, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f4:53:f3:81:02:4c:c9:d1:9b:a4:90:77:e8:ea:
3d:8b:4a:d8:43:c9:9b:22:fe:f9:e6:ff:5e:cd:2a:
57:8c:54:bd:c7:01:7a:61:9b:e7:98:f7:62:31:04:
ee:19:d5:c7:a3:28:da:8b:dc:b4:17:01:6c:ba:87:
59:4e:93:23:32:52:bb:d9:3a:39:7e:04:1e:50:fe:
f6:64:ea:e3:ae:07:4c:05:9e:18:a9:fc:9a:3e:d7:
e7:eb:17:e7:90:f0:22:8b:4d:01:ab:35:eb:7c:5c:
6c:57:0a:29:f3:8d:84:8e:5c:e1:fc:50:df:dc:2d:
48:2f:c2:7b:08:c6:ac:22:a2:ef:85:06:83:fa:35:
7b:4e:d0:5a:0f:6f:4b:e1:47:2c:43:fc:59:08:e1:
64:68:ee:17:d5:14:7f:a0:b5:31:86:dc:0e:42:fd:
1e:7f:d6:83:f3:64:6e:14:ab:8d:77:40:86:79:a8:
4b:fe:6c:a9:62:df:32:3b:20:22:41:21:3c:06:7e:
5a:36:50:a5:de:0b:ea:e6:7c:b2:16:6b:c7:c4:80:
98:a3:6e:b9:3f:17:b5:11:68:f7:d4:34:6f:46:af:
63:90:85:e7:95:9b:23:94:ab:3e:cf:5c:1b:52:5a:
72:0a:df:66:5c:33:e9:23:b8:e9:0a:fd:1d:51:6e:
5b:a5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DD:18:39:CB:47:9C:31:B0:E1:81:40:F1:D8:11:46:84:82:C1:1A:CB
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/df59e31f-1e32-4e7a-a595-74adb3f93176.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d031:e000::/40
Signature Algorithm: sha256WithRSAEncryption
c1:58:f0:26:97:d7:ea:d7:3e:91:e1:f9:12:1c:36:89:40:dd:
e6:af:b7:1a:ac:dd:2b:55:13:5b:0d:6b:5a:a6:f9:0c:ee:9c:
b6:50:6e:85:83:25:27:f1:14:65:72:eb:0d:14:53:1e:7c:59:
c9:a3:29:90:49:e9:5a:60:72:88:b9:37:5b:9a:8c:74:59:a9:
c9:86:22:09:7c:f7:9b:bf:cb:dd:44:2f:40:9a:31:78:fa:7b:
25:f3:09:33:e1:2a:a9:b2:0a:db:4d:83:25:c5:80:88:8c:7f:
f8:94:22:0f:61:19:fe:e4:4f:6e:98:68:2e:b8:77:83:74:64:
15:03:e4:4c:2b:1c:6e:4d:3d:e7:19:5e:49:83:8a:6a:0e:c5:
c1:b7:81:1b:42:8f:cf:a1:a2:f2:93:06:04:07:57:48:50:60:
fa:e6:76:b1:83:00:8d:c5:df:5d:cd:fc:57:87:fd:19:0b:ce:
87:14:1e:31:1e:b8:89:4a:0a:1f:b8:41:d3:0f:1e:2b:06:49:
ff:1b:5c:2b:a2:8b:51:74:00:5c:6d:f6:b7:ab:44:1f:ea:ce:
11:21:0f:76:f2:e7:c2:c5:e0:ac:27:b5:f8:9d:15:d2:4d:b3:
0d:48:05:ef:9b:64:5b:7d:da:4d:f8:30:fe:b6:94:94:88:13:
3b:ba:a5:c8
-----BEGIN CERTIFICATE-----
MIIFXzCCBEegAwIBAgITGd7R5Tuemb1SCdZF1UPKRL+izzANBgkqhkiG9w0BAQsF
ADAzMTEwLwYDVQQDEyg4YjYyNjNkYmU5Nzk5ZGQ2NzkzZTBlODgyYWQyMWNiNDg0
OTk3MGJjMB4XDTI2MDIyODA1NTEzM1oXDTI2MDUyOTIzNTk1OVowejFJMEcGA1UE
BRNAMjBkM2Q1MTFiM2ZjMGU4MzQyMzAzYWVlZGYwNzgyMjc4M2YzY2Y2NDc1OWUy
Y2MxZWU3Zjg5NmVlMDNkM2MzODEtMCsGA1UEAxMkNjYxNWEzOGItM2FkNy00N2I3
LThmYjItNjg1YzM4ZDAwOTE0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA9FPzgQJMydGbpJB36Oo9i0rYQ8mbIv755v9ezSpXjFS9xwF6YZvnmPdiMQTu
GdXHoyjai9y0FwFsuodZTpMjMlK72To5fgQeUP72ZOrjrgdMBZ4YqfyaPtfn6xfn
kPAii00BqzXrfFxsVwop842Ejlzh/FDf3C1IL8J7CMasIqLvhQaD+jV7TtBaD29L
4UcsQ/xZCOFkaO4X1RR/oLUxhtwOQv0ef9aD82RuFKuNd0CGeahL/mypYt8yOyAi
QSE8Bn5aNlCl3gvq5nyyFmvHxICYo265Pxe1EWj31DRvRq9jkIXnlZsjlKs+z1wb
UlpyCt9mXDPpI7jpCv0dUW5bpQIDAQABo4ICIzCCAh8wHQYDVR0OBBYEFN0YOctH
nDGw4YFA8dgRRoSCwRrLMB8GA1UdIwQYMBaAFItiY9vpeZ3WeT4OiCrSHLSEmXC8
MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEFBQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvaTJKajItbDVu
ZFo1UGc2SUt0SWN0SVNaY0x3LmNlcjCBngYIKwYBBQUHAQsEgZEwgY4wgYsGCCsG
AQUFBzALhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFzdC0yLmFtYXpvbmF3cy5j
b20vdm9sdW1lL2RiYThmMDFjLTk2NjktNDRhMy1hYzZlLWRiMmVkYjA5OWI4NC9k
ZjU5ZTMxZi0xZTMyLTRlN2EtYTU5NS03NGFkYjNmOTMxNzYucm9hMIGIBgNVHR8E
gYAwfjB8oHqgeIZ2cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25h
d3MuY29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTli
ODQvdU9EYXRkdFljMUhyaHRVUVZReXJESzA4R2VJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKgXQMeAw
DQYJKoZIhvcNAQELBQADggEBAMFY8CaX1+rXPpHh+RIcNolA3eavtxqs3StVE1sN
a1qm+QzunLZQboWDJSfxFGVy6w0UUx58WcmjKZBJ6Vpgcoi5N1uajHRZqcmGIgl8
95u/y91EL0CaMXj6eyXzCTPhKqmyCttNgyXFgIiMf/iUIg9hGf7kT26YaC64d4N0
ZBUD5EwrHG5NPecZXkmDimoOxcG3gRtCj8+hovKTBgQHV0hQYPrmdrGDAI3F313N
/FeH/RkLzocUHjEeuIlKCh+4QdMPHisGSf8bXCuii1F0AFxt9rerRB/qzhEhD3by
58LF4KwntfidFdJNsw1IBe+bZFt92k34MP62lJSIEzu6pcg=
-----END CERTIFICATE-----
Generated at Sun Mar 1 21:45:31 2026 by rpki-client