Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/29938a4d-a0bf-41cf-bf10-ae420bde37fe.roa
File: 29938a4d-a0bf-41cf-bf10-ae420bde37fe.roa (raw, json)
Hash identifier: xDFHB569n/SrMJAcrc7/jCeDhiLuBGqRH4mzavrD8ig=
Subject key identifier: 46:17:94:D5:73:37:F3:B1:59:16:2F:98:A1:68:F4:23:03:41:5E:72
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 255B18AD74B3F7F6DC2E816CB08C1FC21AB328A2
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/29938a4d-a0bf-41cf-bf10-ae420bde37fe.roa
Signing time: Thu 12 Mar 2026 15:38:23 +0000
ROA not before: Thu 12 Mar 2026 15:38:23 +0000
ROA not after: Wed 10 Jun 2026 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d05a:c040::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 15 Mar 2026 03:00:29 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
25:5b:18:ad:74:b3:f7:f6:dc:2e:81:6c:b0:8c:1f:c2:1a:b3:28:a2
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Mar 12 15:38:23 2026 GMT
Not After : Jun 10 23:59:59 2026 GMT
Subject: serialNumber=85a7e872bedc7d6fa8e2f83c6a02c62b6ceb074f0c1be8e3dd6c371f504ecb4d, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:90:07:2c:da:aa:e1:fd:6f:84:2f:92:3d:13:b5:
f9:09:ac:e8:73:49:32:3e:c3:99:bf:84:b8:ac:d8:
ed:3b:9b:85:e1:54:cd:e1:32:f3:86:a2:ef:76:63:
43:38:23:38:55:d0:a1:b0:db:f6:b0:02:a2:4e:16:
b1:14:93:79:cd:d3:ef:b9:8d:7d:00:f1:26:8e:dc:
b1:21:bb:f6:9c:7e:04:72:de:c3:f2:60:0d:d6:0c:
9b:11:4f:60:df:73:48:cd:8b:5d:c5:d1:ec:2e:ac:
22:60:8e:bf:58:8e:25:40:65:ed:ca:0c:fd:08:f5:
05:40:3b:e7:5b:25:d9:8f:86:09:a7:36:3c:a0:74:
5f:00:5b:0e:ef:2c:17:1c:bd:bd:ff:a3:82:80:76:
a3:04:58:35:d5:64:bb:32:da:df:59:a2:9f:b4:42:
83:f3:86:55:c1:4e:0a:91:6f:cc:92:1b:78:95:be:
10:0a:fc:02:ef:2c:e2:5d:49:b6:8b:81:36:fe:29:
79:f2:bc:2d:fe:9b:3e:dd:a0:9f:fb:71:23:61:28:
93:50:29:31:3b:34:c5:4d:57:00:73:46:3d:a0:ac:
ed:40:cd:8d:13:4d:34:07:44:83:3f:38:a4:b5:5b:
01:e8:85:95:18:a7:c7:4b:e3:35:8a:b5:39:76:35:
eb:5b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
46:17:94:D5:73:37:F3:B1:59:16:2F:98:A1:68:F4:23:03:41:5E:72
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/29938a4d-a0bf-41cf-bf10-ae420bde37fe.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d05a:c040::/48
Signature Algorithm: sha256WithRSAEncryption
0e:4b:dd:e5:bc:96:ab:d1:b1:1e:d4:86:fa:b0:70:91:4f:76:
9c:fe:63:56:6d:70:fb:a3:b5:0f:b2:c9:95:2b:31:5c:44:26:
ca:4c:2b:65:27:8d:59:9f:b0:16:18:ac:b9:93:61:59:b9:13:
44:af:7f:b1:a5:5d:fe:06:f5:6c:32:5d:21:e6:b0:87:c6:65:
75:82:e2:a5:cd:5a:27:83:c4:66:7d:29:6f:0c:ed:48:99:c3:
9b:ca:fe:4b:77:33:c3:59:af:da:03:08:04:50:2b:c9:1b:6d:
1e:d1:75:28:51:70:6f:ea:a9:cf:37:06:1b:0e:10:12:c4:9e:
81:6a:98:f0:e8:57:26:17:aa:40:2a:78:f4:61:e8:b7:7e:0a:
ac:59:81:dc:1d:e5:c3:40:5f:f9:44:13:aa:2d:38:2e:b9:4a:
cc:17:5c:85:43:06:b5:15:2a:44:10:ee:7c:13:55:73:5e:a1:
6c:3c:78:c3:e0:28:54:26:33:8a:e3:71:b2:e5:3a:b2:7f:4a:
7d:b2:5c:5a:2a:2c:26:26:9e:a9:df:31:c3:21:d5:d9:dc:2b:
cb:73:40:4a:aa:5b:c8:da:76:a6:38:88:22:4d:41:54:92:60:
2d:1f:8b:6d:d6:ef:1b:a4:ba:3e:6c:f3:84:77:9c:29:d5:69:
70:89:05:6c
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUJVsYrXSz9/bcLoFssIwfwhqzKKIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNjAzMTIxNTM4MjNaFw0yNjA2MTAyMzU5NTlaMHoxSTBHBgNV
BAUTQDg1YTdlODcyYmVkYzdkNmZhOGUyZjgzYzZhMDJjNjJiNmNlYjA3NGYwYzFi
ZThlM2RkNmMzNzFmNTA0ZWNiNGQxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJAHLNqq4f1vhC+SPRO1+Qms6HNJMj7Dmb+EuKzY7TubheFUzeEy84ai73Zj
QzgjOFXQobDb9rACok4WsRSTec3T77mNfQDxJo7csSG79px+BHLew/JgDdYMmxFP
YN9zSM2LXcXR7C6sImCOv1iOJUBl7coM/Qj1BUA751sl2Y+GCac2PKB0XwBbDu8s
Fxy9vf+jgoB2owRYNdVkuzLa31min7RCg/OGVcFOCpFvzJIbeJW+EAr8Au8s4l1J
touBNv4pefK8Lf6bPt2gn/txI2Eok1ApMTs0xU1XAHNGPaCs7UDNjRNNNAdEgz84
pLVbAeiFlRinx0vjNYq1OXY161sCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBRGF5TV
czfzsVkWL5ihaPQjA0FecjAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
Mjk5MzhhNGQtYTBiZi00MWNmLWJmMTAtYWU0MjBiZGUzN2ZlLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0FrA
QDANBgkqhkiG9w0BAQsFAAOCAQEADkvd5byWq9GxHtSG+rBwkU92nP5jVm1w+6O1
D7LJlSsxXEQmykwrZSeNWZ+wFhisuZNhWbkTRK9/saVd/gb1bDJdIeawh8ZldYLi
pc1aJ4PEZn0pbwztSJnDm8r+S3czw1mv2gMIBFAryRttHtF1KFFwb+qpzzcGGw4Q
EsSegWqY8OhXJheqQCp49GHot34KrFmB3B3lw0Bf+UQTqi04LrlKzBdchUMGtRUq
RBDufBNVc16hbDx4w+AoVCYziuNxsuU6sn9KfbJcWiosJiaeqd8xwyHV2dwry3NA
SqpbyNp2pjiIIk1BVJJgLR+LbdbvG6S6PmzzhHecKdVpcIkFbA==
-----END CERTIFICATE-----
Generated at Sat Mar 14 09:14:59 2026 by rpki-client