Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/f067aa52-ee52-4fb2-867c-8dc79786d43d.roa
File: f067aa52-ee52-4fb2-867c-8dc79786d43d.roa (raw, json)
Hash identifier: b6rX2ZioaCfW8y1KlP98v4p3uGbGNuveVentpQVPI5E=
Subject key identifier: 31:34:83:F8:F9:E9:89:1F:66:0E:42:4D:64:14:D9:E0:9D:7A:2A:E6
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 5B11961880F34D1E9526950D21BC8B9F9D1AE296
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/f067aa52-ee52-4fb2-867c-8dc79786d43d.roa
Signing time: Sat 28 Feb 2026 05:31:08 +0000
ROA not before: Sat 28 Feb 2026 05:31:08 +0000
ROA not after: Fri 29 May 2026 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d072:2080::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 03 Mar 2026 00:00:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
5b:11:96:18:80:f3:4d:1e:95:26:95:0d:21:bc:8b:9f:9d:1a:e2:96
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Feb 28 05:31:08 2026 GMT
Not After : May 29 23:59:59 2026 GMT
Subject: serialNumber=e7deec059269dc170e50fd82b8697ff779be81587fd939e4e953ae811bed058f, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b2:1c:bf:b9:7f:2f:4b:fd:b5:5d:89:32:5d:c9:
7c:33:ea:0d:8a:30:09:a5:f5:79:7b:97:94:16:05:
83:03:48:4f:7e:49:ee:e0:db:87:a9:e0:73:17:90:
96:c0:7a:7c:f3:b1:d0:24:f4:4c:72:32:36:19:9a:
c4:f7:df:52:1c:80:58:f8:46:5a:ea:73:57:3a:08:
55:d2:9f:17:8e:3c:5b:4e:95:9f:22:1f:94:72:21:
25:f1:29:f6:ab:84:3f:f5:71:8f:1e:b5:ec:b3:73:
ed:79:4c:46:a0:e4:31:a9:07:37:20:4b:52:9c:4b:
4e:dd:93:3c:43:b8:a6:63:29:91:6c:a0:1f:87:ea:
88:6a:ca:b2:f0:a2:0b:7d:97:f9:92:67:d0:26:0d:
5b:20:02:64:84:ef:fc:32:f5:f3:05:fb:3a:ad:02:
b0:83:c4:b5:96:4e:8f:2c:9f:18:31:d4:ef:cf:e0:
e7:40:0e:d9:6a:6f:32:7e:7c:40:a3:ef:42:b3:4c:
3c:16:aa:fa:33:93:8f:c1:b2:d3:53:6f:e0:76:fe:
8e:e5:e6:aa:03:02:76:a5:c9:e8:a4:ca:d2:25:70:
c0:e7:f9:ea:d8:94:3c:4d:16:91:80:0d:38:72:b6:
33:8a:ee:da:41:90:2c:c0:9d:f1:ea:7c:c9:ca:2e:
dc:f3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
31:34:83:F8:F9:E9:89:1F:66:0E:42:4D:64:14:D9:E0:9D:7A:2A:E6
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/f067aa52-ee52-4fb2-867c-8dc79786d43d.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d072:2080::/48
Signature Algorithm: sha256WithRSAEncryption
25:de:fd:7f:f0:4a:3c:8d:9d:a6:80:98:0e:c0:51:09:9c:8e:
77:c1:99:44:bf:46:fa:0c:90:38:70:cd:33:98:7b:54:a3:9b:
7a:f2:7f:07:c3:7d:c6:39:e7:29:a1:8f:7c:b5:21:af:59:7f:
68:e9:0c:c6:28:35:de:23:ab:a3:0c:28:ec:3d:de:6a:ab:23:
dd:28:ae:6a:95:fd:a1:26:3f:2b:1c:59:44:68:2e:ff:50:5c:
87:7d:2f:14:e8:1d:28:af:3d:35:94:d8:1a:7c:2b:6d:75:ea:
5b:a8:7c:e7:de:09:8f:df:97:24:04:44:b9:b1:d2:50:95:83:
95:d6:17:cd:f1:d4:0e:45:78:e6:9a:db:f8:78:e1:e7:03:82:
a2:1e:8f:a7:c0:06:fe:7d:61:d0:5b:45:4a:88:d7:df:01:10:
c7:39:f1:49:94:48:cb:bb:09:1a:b7:6d:4e:b1:20:7a:f4:3a:
db:1c:7b:31:75:31:85:60:c9:08:20:bd:9d:87:b6:18:8b:e3:
13:1b:67:03:25:34:fa:d6:e6:11:06:f4:78:2b:89:51:3c:8d:
7e:c3:47:8b:75:58:30:16:64:20:3b:db:6f:28:1d:b1:56:aa:
0c:0c:8b:37:48:3b:d9:0e:37:16:70:f0:a7:5b:3a:5e:64:b6:
6c:2a:39:24
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUWxGWGIDzTR6VJpUNIbyLn50a4pYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNjAyMjgwNTMxMDhaFw0yNjA1MjkyMzU5NTlaMHoxSTBHBgNV
BAUTQGU3ZGVlYzA1OTI2OWRjMTcwZTUwZmQ4MmI4Njk3ZmY3NzliZTgxNTg3ZmQ5
MzllNGU5NTNhZTgxMWJlZDA1OGYxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALIcv7l/L0v9tV2JMl3JfDPqDYowCaX1eXuXlBYFgwNIT35J7uDbh6ngcxeQ
lsB6fPOx0CT0THIyNhmaxPffUhyAWPhGWupzVzoIVdKfF448W06VnyIflHIhJfEp
9quEP/Vxjx617LNz7XlMRqDkMakHNyBLUpxLTt2TPEO4pmMpkWygH4fqiGrKsvCi
C32X+ZJn0CYNWyACZITv/DL18wX7Oq0CsIPEtZZOjyyfGDHU78/g50AO2WpvMn58
QKPvQrNMPBaq+jOTj8Gy01Nv4Hb+juXmqgMCdqXJ6KTK0iVwwOf56tiUPE0WkYAN
OHK2M4ru2kGQLMCd8ep8ycou3PMCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBQxNIP4
+emJH2YOQk1kFNngnXoq5jAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
ZjA2N2FhNTItZWU1Mi00ZmIyLTg2N2MtOGRjNzk3ODZkNDNkLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0HIg
gDANBgkqhkiG9w0BAQsFAAOCAQEAJd79f/BKPI2dpoCYDsBRCZyOd8GZRL9G+gyQ
OHDNM5h7VKObevJ/B8N9xjnnKaGPfLUhr1l/aOkMxig13iOrowwo7D3eaqsj3Siu
apX9oSY/KxxZRGgu/1Bch30vFOgdKK89NZTYGnwrbXXqW6h8594Jj9+XJAREubHS
UJWDldYXzfHUDkV45prb+Hjh5wOCoh6Pp8AG/n1h0FtFSojX3wEQxznxSZRIy7sJ
GrdtTrEgevQ62xx7MXUxhWDJCCC9nYe2GIvjExtnAyU0+tbmEQb0eCuJUTyNfsNH
i3VYMBZkIDvbbygdsVaqDAyLN0g72Q43FnDwp1s6XmS2bCo5JA==
-----END CERTIFICATE-----
Generated at Mon Mar 2 06:30:15 2026 by rpki-client