Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/e13f54c5-7648-40e1-af1b-03435f49f445.roa
File: e13f54c5-7648-40e1-af1b-03435f49f445.roa (raw, json)
Hash identifier: iew70bhw1kb0pJeQUW8RVoiKBQ1W4QVzJgt3x6x5iVk=
Subject key identifier: 69:57:F0:9A:DF:3F:BA:6D:E8:3F:D4:3F:3A:13:A9:14:4B:A1:CB:EA
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 1EE4490EC6F1F5E977B903E09B170389B5B79E10
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/e13f54c5-7648-40e1-af1b-03435f49f445.roa
Signing time: Wed 11 Feb 2026 01:30:38 +0000
ROA not before: Wed 11 Feb 2026 01:30:38 +0000
ROA not after: Tue 12 May 2026 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d06a:1000::/40 maxlen: 40
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 15:00:27 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
1e:e4:49:0e:c6:f1:f5:e9:77:b9:03:e0:9b:17:03:89:b5:b7:9e:10
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Feb 11 01:30:38 2026 GMT
Not After : May 12 23:59:59 2026 GMT
Subject: serialNumber=142c0c2a88e251c49110eb41a8cfac8e06996cd9158dcac96c9a4d181a267f2d, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d3:04:41:b6:74:1e:d2:a7:a6:e5:f9:66:20:d2:
21:f1:c8:c8:2e:a7:9b:06:dc:df:4e:b5:bc:c0:44:
e4:63:41:13:fc:5f:00:94:b2:28:47:3f:33:11:f0:
cd:93:76:90:cc:d1:17:3d:65:19:eb:25:5e:51:b3:
8b:db:65:82:ad:fa:d2:ba:03:8c:be:c9:2a:b7:1d:
a1:12:fe:a8:dd:46:54:00:c9:44:a8:67:2c:4c:f5:
97:23:b5:e0:97:4e:98:22:76:7f:30:f4:50:70:8b:
e6:db:87:b3:1d:33:64:5e:bb:84:68:5f:86:74:d8:
fa:19:bc:85:8a:e4:85:8a:78:bd:76:b0:e6:65:dd:
4d:26:65:85:68:a3:d7:50:4e:df:c9:88:ca:ec:72:
c2:c5:32:81:58:49:44:7d:ed:b1:47:92:26:26:2d:
a2:69:78:16:c8:12:45:86:72:0b:8a:46:dc:27:1c:
60:88:19:34:7d:90:be:bc:f0:d3:49:b2:0b:2d:4d:
9c:66:e3:04:71:7c:a1:21:19:6f:73:4c:43:25:bc:
b0:91:9c:e7:f0:de:90:72:fd:24:d7:9f:ed:87:21:
06:19:52:f0:e0:7b:56:a1:7e:02:7e:e3:76:96:2d:
d3:8f:23:1c:95:98:20:dd:77:58:57:b7:c5:ad:51:
fc:01
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
69:57:F0:9A:DF:3F:BA:6D:E8:3F:D4:3F:3A:13:A9:14:4B:A1:CB:EA
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/e13f54c5-7648-40e1-af1b-03435f49f445.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d06a:1000::/40
Signature Algorithm: sha256WithRSAEncryption
b4:aa:0a:eb:6b:59:f1:10:78:31:3e:9a:d0:2b:04:e5:76:f7:
2b:78:c7:55:27:ce:82:8b:af:1e:aa:29:20:65:f5:dc:a6:62:
93:9a:aa:47:af:9d:db:af:1e:4b:89:f1:ba:ec:d0:c8:0d:c5:
c5:0d:4b:0d:17:04:c4:f0:5e:38:6d:ae:5a:15:b9:69:21:7d:
c2:cb:ca:31:6d:53:9a:99:a7:ec:22:61:88:f6:23:70:10:fe:
e3:b5:17:a2:e9:44:09:6a:88:28:20:04:0b:de:56:4d:d6:db:
c6:2c:60:18:4c:bc:1b:a0:22:30:28:8f:66:b9:c3:d2:ef:de:
c5:f0:19:7b:a1:fb:12:91:5b:e4:4e:4d:b9:76:e1:4d:9d:cf:
94:fb:01:d1:08:62:06:18:79:a2:59:df:fb:30:19:ac:e6:68:
7c:ed:24:b4:d0:7b:fb:0d:4c:f4:7c:87:3a:0d:61:cd:33:5b:
4e:fe:f8:52:34:b1:cc:ea:d5:57:fd:ab:f2:36:ed:fe:f6:1e:
45:c5:d7:31:d9:be:24:b5:7a:2c:19:17:87:a7:b9:64:78:5b:
df:b1:d7:b9:d5:b5:ee:a9:e6:02:73:53:f3:51:46:41:49:e3:
66:11:f5:1b:e0:87:df:8d:2c:9b:0b:c2:9e:fb:2e:f1:63:d0:
d7:36:77:b8
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUHuRJDsbx9el3uQPgmxcDibW3nhAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNjAyMTEwMTMwMzhaFw0yNjA1MTIyMzU5NTlaMHoxSTBHBgNV
BAUTQDE0MmMwYzJhODhlMjUxYzQ5MTEwZWI0MWE4Y2ZhYzhlMDY5OTZjZDkxNThk
Y2FjOTZjOWE0ZDE4MWEyNjdmMmQxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANMEQbZ0HtKnpuX5ZiDSIfHIyC6nmwbc3061vMBE5GNBE/xfAJSyKEc/MxHw
zZN2kMzRFz1lGeslXlGzi9tlgq360roDjL7JKrcdoRL+qN1GVADJRKhnLEz1lyO1
4JdOmCJ2fzD0UHCL5tuHsx0zZF67hGhfhnTY+hm8hYrkhYp4vXaw5mXdTSZlhWij
11BO38mIyuxywsUygVhJRH3tsUeSJiYtoml4FsgSRYZyC4pG3CccYIgZNH2Qvrzw
00myCy1NnGbjBHF8oSEZb3NMQyW8sJGc5/DekHL9JNef7YchBhlS8OB7VqF+An7j
dpYt048jHJWYIN13WFe3xa1R/AECAwEAAaOCAiMwggIfMB0GA1UdDgQWBBRpV/Ca
3z+6beg/1D86E6kUS6HL6jAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
ZTEzZjU0YzUtNzY0OC00MGUxLWFmMWItMDM0MzVmNDlmNDQ1LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0GoQ
MA0GCSqGSIb3DQEBCwUAA4IBAQC0qgrra1nxEHgxPprQKwTldvcreMdVJ86Ci68e
qikgZfXcpmKTmqpHr53brx5LifG67NDIDcXFDUsNFwTE8F44ba5aFblpIX3Cy8ox
bVOamafsImGI9iNwEP7jtRei6UQJaogoIAQL3lZN1tvGLGAYTLwboCIwKI9mucPS
797F8Bl7ofsSkVvkTk25duFNnc+U+wHRCGIGGHmiWd/7MBms5mh87SS00Hv7DUz0
fIc6DWHNM1tO/vhSNLHM6tVX/avyNu3+9h5Fxdcx2b4ktXosGReHp7lkeFvfsde5
1bXuqeYCc1PzUUZBSeNmEfUb4IffjSybC8Ke+y7xY9DXNne4
-----END CERTIFICATE-----
Generated at Sun Mar 1 21:54:16 2026 by rpki-client