Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/3b126f7d-726e-4427-9067-27eff51c32bb.roa
File: 3b126f7d-726e-4427-9067-27eff51c32bb.roa (raw, json)
Hash identifier: +iSRwljrWBe8EBQWG9gK2QLDH1lfINIgl2KvKLH8pjc=
Subject key identifier: EE:E5:EC:38:64:C0:6F:D4:D7:44:DB:D1:AE:4C:7D:A5:EF:55:8A:A8
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 7AEB3C52A220B3B4F68E0D51F3985ECC7F87C23D
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/3b126f7d-726e-4427-9067-27eff51c32bb.roa
Signing time: Thu 12 Mar 2026 15:38:26 +0000
ROA not before: Thu 12 Mar 2026 15:38:26 +0000
ROA not after: Wed 10 Jun 2026 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d07d:1080::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 15 Mar 2026 03:00:29 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
7a:eb:3c:52:a2:20:b3:b4:f6:8e:0d:51:f3:98:5e:cc:7f:87:c2:3d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Mar 12 15:38:26 2026 GMT
Not After : Jun 10 23:59:59 2026 GMT
Subject: serialNumber=04a27abe22f62450d5d83145c49cc9a8cf534bd97ed4a2008ac7ea905371dbdb, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c9:a6:00:33:7c:d7:40:1b:84:9b:aa:45:98:9e:
52:c6:24:cb:8a:b6:e1:9f:e8:ef:22:d4:e0:3d:b5:
49:9d:88:bc:2b:b0:cc:85:c9:bb:2f:c5:5a:27:7f:
4c:22:6d:b5:79:bc:19:dd:16:89:a9:35:db:d5:47:
47:82:10:3c:ed:ea:3c:a3:e6:76:31:71:ee:e4:14:
7c:5a:10:fe:e6:80:b8:16:cd:e1:48:21:0d:f3:be:
a9:c7:5e:9e:10:33:87:9c:1f:a1:3b:92:56:2c:68:
74:4c:e8:6d:3e:f5:7d:95:b9:18:61:d6:f6:f9:99:
6a:05:5e:6d:47:7c:4d:20:e8:bb:df:36:24:a0:af:
67:87:bf:a1:26:94:78:8b:7d:11:3f:3c:1d:61:ed:
04:72:ae:30:76:14:bd:29:49:1f:2c:3c:b7:6a:1a:
e9:b8:8f:79:07:60:7e:35:68:ba:26:4e:82:d6:36:
cb:11:53:5b:6e:75:2b:14:ca:26:9e:ec:0e:3b:5c:
56:6b:56:18:c7:fc:ff:44:04:77:47:60:93:bc:6c:
0b:17:26:aa:9e:c5:47:4a:0f:07:19:e1:3a:8f:68:
c7:39:53:df:51:f6:1d:f5:d2:cd:6d:76:8c:70:af:
7b:08:a4:03:c8:78:16:3a:4a:65:f2:45:c9:92:a2:
7a:d9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
EE:E5:EC:38:64:C0:6F:D4:D7:44:DB:D1:AE:4C:7D:A5:EF:55:8A:A8
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/3b126f7d-726e-4427-9067-27eff51c32bb.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d07d:1080::/48
Signature Algorithm: sha256WithRSAEncryption
0d:98:38:53:a9:d2:e8:44:06:96:7b:9d:84:6b:83:bd:4e:77:
6d:75:75:f0:84:3c:21:05:1e:8b:95:c1:56:be:29:22:a4:8b:
ba:ec:67:d0:18:1e:ea:39:e9:b5:75:6e:51:8c:ff:00:fd:36:
e4:ae:68:5d:41:31:38:f0:fc:f0:02:49:b7:8c:ba:85:cf:01:
c3:4d:a1:21:9c:17:c0:1c:d2:8c:3d:8e:e4:cc:d6:f9:e9:b7:
4c:09:0f:ec:13:47:17:98:70:4e:8c:98:13:fc:56:51:b5:90:
12:c6:b8:6c:c6:8e:7f:9c:fa:88:4d:1e:41:a9:b1:ab:a0:d3:
d6:ea:be:c7:5d:99:e2:f3:09:f4:18:81:6b:83:2a:b5:80:ad:
0c:6c:41:00:9d:72:1d:96:83:35:45:1a:b3:90:a4:c8:17:10:
e2:ec:bf:de:27:22:bb:29:45:be:0e:10:5b:7e:e7:3d:eb:06:
4b:db:97:b9:d1:d0:af:e4:e4:66:38:ee:28:b0:0c:31:5b:e8:
36:64:32:52:9e:93:49:a9:68:5e:7c:45:3c:9e:6c:b9:06:80:
38:3a:39:3b:5e:80:11:96:f7:9e:ba:45:63:da:65:8c:a4:6b:
c8:b8:2f:11:24:bb:04:fb:ce:ff:ee:07:68:7d:ee:d0:2a:aa:
6a:63:a9:e6
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUeus8UqIgs7T2jg1R85hezH+Hwj0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNjAzMTIxNTM4MjZaFw0yNjA2MTAyMzU5NTlaMHoxSTBHBgNV
BAUTQDA0YTI3YWJlMjJmNjI0NTBkNWQ4MzE0NWM0OWNjOWE4Y2Y1MzRiZDk3ZWQ0
YTIwMDhhYzdlYTkwNTM3MWRiZGIxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMmmADN810AbhJuqRZieUsYky4q24Z/o7yLU4D21SZ2IvCuwzIXJuy/FWid/
TCJttXm8Gd0Wiak129VHR4IQPO3qPKPmdjFx7uQUfFoQ/uaAuBbN4UghDfO+qcde
nhAzh5wfoTuSVixodEzobT71fZW5GGHW9vmZagVebUd8TSDou982JKCvZ4e/oSaU
eIt9ET88HWHtBHKuMHYUvSlJHyw8t2oa6biPeQdgfjVouiZOgtY2yxFTW251KxTK
Jp7sDjtcVmtWGMf8/0QEd0dgk7xsCxcmqp7FR0oPBxnhOo9oxzlT31H2HfXSzW12
jHCvewikA8h4FjpKZfJFyZKietkCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBTu5ew4
ZMBv1NdE29GuTH2l71WKqDAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
M2IxMjZmN2QtNzI2ZS00NDI3LTkwNjctMjdlZmY1MWMzMmJiLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0H0Q
gDANBgkqhkiG9w0BAQsFAAOCAQEADZg4U6nS6EQGlnudhGuDvU53bXV18IQ8IQUe
i5XBVr4pIqSLuuxn0Bge6jnptXVuUYz/AP025K5oXUExOPD88AJJt4y6hc8Bw02h
IZwXwBzSjD2O5MzW+em3TAkP7BNHF5hwToyYE/xWUbWQEsa4bMaOf5z6iE0eQamx
q6DT1uq+x12Z4vMJ9BiBa4MqtYCtDGxBAJ1yHZaDNUUas5CkyBcQ4uy/3iciuylF
vg4QW37nPesGS9uXudHQr+TkZjjuKLAMMVvoNmQyUp6TSaloXnxFPJ5suQaAODo5
O16AEZb3nrpFY9pljKRryLgvESS7BPvO/+4HaH3u0CqqamOp5g==
-----END CERTIFICATE-----
Generated at Sat Mar 14 09:14:54 2026 by rpki-client