Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/3dc20ceb-e981-4a40-96b4-69aa25914776.roa
File: 3dc20ceb-e981-4a40-96b4-69aa25914776.roa (raw, json)
Hash identifier: I3AdY5KyeF6tRkFVmX77akdxjbpA2siVhZolsdN40Ns=
Subject key identifier: 32:B2:0C:9C:64:FD:92:C5:14:5B:9E:E7:E5:EF:9D:ED:78:78:06:88
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 691C3A6CC531E45282266A5B8D34BC665965A317
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/3dc20ceb-e981-4a40-96b4-69aa25914776.roa
Signing time: Thu 12 Mar 2026 15:38:31 +0000
ROA not before: Thu 12 Mar 2026 15:38:31 +0000
ROA not after: Wed 10 Jun 2026 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d07d:50c0::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 15 Mar 2026 03:00:29 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
69:1c:3a:6c:c5:31:e4:52:82:26:6a:5b:8d:34:bc:66:59:65:a3:17
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Mar 12 15:38:31 2026 GMT
Not After : Jun 10 23:59:59 2026 GMT
Subject: serialNumber=ef803d7cd71dc0264cd1b6c69815f54aebd45b3278fadc28f41befc8420815d0, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c8:af:8c:64:60:2b:fa:3a:5c:3a:f7:dd:19:24:
5b:3e:8c:32:56:25:07:6a:01:2e:32:15:7a:4f:30:
ee:50:f3:20:a2:09:92:37:70:27:44:94:1b:c4:7b:
81:a9:41:e8:f7:b0:ca:be:52:41:03:1b:dd:7b:f1:
e8:0e:d5:63:55:82:5e:61:da:7a:5a:39:a2:58:e6:
36:0a:0b:1f:2c:58:c8:2c:58:e4:17:67:95:83:14:
65:a4:8b:8c:88:d4:3a:96:1c:8a:bb:74:89:dc:f7:
e7:ec:16:9f:63:bc:0c:b5:5c:62:02:c2:12:29:d6:
a8:37:e5:12:3b:de:19:bc:c7:9d:bd:17:09:e2:15:
ab:07:f0:80:a7:f9:db:ce:b4:7d:35:92:46:85:a8:
f8:17:aa:0a:6d:38:4e:fa:0a:e6:d1:e1:35:39:41:
96:f9:aa:a2:2f:c0:f3:c7:9f:28:8b:19:52:4b:80:
45:cc:4e:75:7b:5e:93:b8:b1:76:b1:c3:ad:cc:3e:
fa:b8:3a:17:c5:61:74:0d:e7:c0:1a:48:34:6d:ac:
b9:7a:b6:73:84:c6:09:cd:0d:e9:b8:13:36:a9:44:
bd:48:63:32:22:74:d2:e8:a5:75:c3:65:95:8e:f8:
9f:b0:57:4a:06:93:50:88:ad:fc:fc:d3:f1:c2:68:
a7:53
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
32:B2:0C:9C:64:FD:92:C5:14:5B:9E:E7:E5:EF:9D:ED:78:78:06:88
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/3dc20ceb-e981-4a40-96b4-69aa25914776.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d07d:50c0::/48
Signature Algorithm: sha256WithRSAEncryption
3d:ab:1f:29:d1:ae:43:4b:6f:85:64:8f:6a:fe:14:3b:de:1e:
c8:ee:d2:e0:fd:d5:3c:78:98:53:51:4e:23:e5:9e:36:32:81:
41:28:cd:c9:00:94:10:f2:e1:fb:57:6e:e6:e1:72:f7:ab:f6:
74:38:0a:35:e2:3e:0c:14:e2:55:d3:f1:38:61:53:27:85:0d:
4b:a2:f7:dd:9c:aa:15:26:72:75:a7:52:72:de:48:f5:ba:22:
72:47:7f:85:c3:db:b9:c1:2f:96:dd:9b:41:e4:57:25:ab:f9:
6b:ec:71:a9:e6:7d:9c:de:e2:29:4c:34:9d:73:b9:5f:15:05:
93:b3:99:b8:e5:9d:d6:ec:54:7c:58:82:62:9d:00:70:05:47:
5f:5b:d3:2d:20:da:ec:0a:e9:7a:25:b8:98:45:41:b7:94:e7:
89:13:13:f1:3a:5c:cf:47:e7:a7:c4:81:40:a3:5f:6c:8f:e1:
6c:89:ad:c3:b3:79:19:9d:4b:0a:f2:6e:ee:03:bd:31:c5:ce:
38:f0:eb:d3:6c:59:43:20:10:02:a4:2d:ba:ab:89:5c:6e:93:
00:94:ab:59:4c:cc:bb:08:0d:20:a6:16:83:13:58:26:ec:94:
e6:44:9e:e6:d1:5e:3e:4e:e0:5d:78:01:24:cf:92:8b:bf:0f:
71:82:31:be
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUaRw6bMUx5FKCJmpbjTS8ZllloxcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNjAzMTIxNTM4MzFaFw0yNjA2MTAyMzU5NTlaMHoxSTBHBgNV
BAUTQGVmODAzZDdjZDcxZGMwMjY0Y2QxYjZjNjk4MTVmNTRhZWJkNDViMzI3OGZh
ZGMyOGY0MWJlZmM4NDIwODE1ZDAxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMivjGRgK/o6XDr33RkkWz6MMlYlB2oBLjIVek8w7lDzIKIJkjdwJ0SUG8R7
galB6Pewyr5SQQMb3Xvx6A7VY1WCXmHaelo5oljmNgoLHyxYyCxY5BdnlYMUZaSL
jIjUOpYcirt0idz35+wWn2O8DLVcYgLCEinWqDflEjveGbzHnb0XCeIVqwfwgKf5
2860fTWSRoWo+BeqCm04TvoK5tHhNTlBlvmqoi/A88efKIsZUkuARcxOdXtek7ix
drHDrcw++rg6F8VhdA3nwBpING2suXq2c4TGCc0N6bgTNqlEvUhjMiJ00uildcNl
lY74n7BXSgaTUIit/PzT8cJop1MCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBQysgyc
ZP2SxRRbnufl753teHgGiDAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
M2RjMjBjZWItZTk4MS00YTQwLTk2YjQtNjlhYTI1OTE0Nzc2LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0H1Q
wDANBgkqhkiG9w0BAQsFAAOCAQEAPasfKdGuQ0tvhWSPav4UO94eyO7S4P3VPHiY
U1FOI+WeNjKBQSjNyQCUEPLh+1du5uFy96v2dDgKNeI+DBTiVdPxOGFTJ4UNS6L3
3ZyqFSZydadSct5I9boickd/hcPbucEvlt2bQeRXJav5a+xxqeZ9nN7iKUw0nXO5
XxUFk7OZuOWd1uxUfFiCYp0AcAVHX1vTLSDa7ArpeiW4mEVBt5TniRMT8Tpcz0fn
p8SBQKNfbI/hbImtw7N5GZ1LCvJu7gO9McXOOPDr02xZQyAQAqQtuquJXG6TAJSr
WUzMuwgNIKYWgxNYJuyU5kSe5tFePk7gXXgBJM+Si78PcYIxvg==
-----END CERTIFICATE-----
Generated at Sat Mar 14 09:16:19 2026 by rpki-client