Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/66a9dd44-c480-43a5-b35d-b4772a0b43d5.roa
File: 66a9dd44-c480-43a5-b35d-b4772a0b43d5.roa (raw, json)
Hash identifier: 9zl795CT3Gxj31K0GKUrV+3NCbIYC4MfhivGbgAxVBk=
Subject key identifier: 9A:13:A8:63:84:20:A4:20:E3:30:52:E6:C6:56:A0:8C:9A:48:45:D2
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 651A3026263F84088243338CA51A4D32DE67470A
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/66a9dd44-c480-43a5-b35d-b4772a0b43d5.roa
Signing time: Thu 12 Mar 2026 15:41:24 +0000
ROA not before: Thu 12 Mar 2026 15:41:24 +0000
ROA not after: Wed 10 Jun 2026 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d05a:4000::/40 maxlen: 40
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 15 Mar 2026 03:00:29 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
65:1a:30:26:26:3f:84:08:82:43:33:8c:a5:1a:4d:32:de:67:47:0a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Mar 12 15:41:24 2026 GMT
Not After : Jun 10 23:59:59 2026 GMT
Subject: serialNumber=99e688bc3581ebacd15152d858456854e2810e46bd2e5523ae68d45fa5709aca, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c5:37:f1:bf:20:74:63:bc:c1:9e:d1:64:53:2a:
8f:1c:05:0a:1d:6c:af:2c:37:44:49:9d:a9:2f:45:
7f:ee:c8:3c:69:f9:fe:5d:92:65:da:0a:b7:77:77:
57:9c:a5:f0:d9:fc:6b:9c:70:0d:e7:db:43:c7:17:
6c:5b:53:3e:1b:4f:f1:ec:d0:14:fd:c9:52:aa:b5:
92:fc:ec:98:cf:0b:5d:96:36:b0:ba:ac:35:cb:73:
b6:7d:f0:35:67:75:90:e7:54:cb:42:bf:52:84:00:
fe:2a:11:d8:0a:28:24:cc:f8:0b:c3:93:44:fe:f8:
32:bf:a3:15:cb:96:c3:de:c5:de:67:b2:de:1f:b8:
08:0f:24:c7:e5:4f:f2:d6:ef:47:1e:5d:a1:ba:f2:
1f:a5:f6:14:1d:fb:9b:fa:0f:d6:a3:a1:6f:c4:f9:
18:96:9b:60:ed:ef:f4:4f:05:b3:01:93:a4:40:8b:
dc:50:fb:11:28:75:32:2b:03:aa:79:ba:19:99:d3:
86:b0:c8:67:2f:b6:1f:da:44:ed:ff:30:29:3c:b9:
68:e0:9f:5a:9a:6c:1f:09:5b:61:8d:84:e5:51:cc:
73:44:04:eb:a9:55:16:de:59:c9:01:ec:d2:7e:57:
c4:5f:1e:fe:f1:82:b8:95:fd:4e:4d:c5:f7:49:54:
d9:1f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9A:13:A8:63:84:20:A4:20:E3:30:52:E6:C6:56:A0:8C:9A:48:45:D2
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/66a9dd44-c480-43a5-b35d-b4772a0b43d5.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d05a:4000::/40
Signature Algorithm: sha256WithRSAEncryption
1d:fc:7f:63:de:20:5b:87:4a:d5:79:83:d6:32:d4:75:f7:1f:
9c:74:e3:de:9d:be:00:07:52:02:21:40:6c:06:da:69:1b:48:
2c:6b:00:20:00:91:ed:d9:e6:51:22:5d:11:b7:2b:68:4b:2f:
9e:89:0d:39:1a:cc:01:7b:7c:9d:22:9d:f3:5e:87:7b:46:8b:
12:8f:ba:4e:2d:e1:48:8f:1d:8a:81:df:56:6e:0e:8a:50:f1:
48:dc:71:d8:69:b6:89:ad:5a:6a:8e:7a:b9:5e:ac:e2:89:f4:
7f:59:af:23:ae:91:ea:4e:63:26:d0:36:4b:6b:b6:9b:3c:9f:
bf:2b:8e:c5:c0:4a:49:78:b8:c7:b7:d5:c7:ae:4b:8b:20:3d:
c1:16:17:08:6a:0d:14:33:52:c7:de:b4:a2:96:fd:60:07:5f:
4d:5c:e8:65:14:c1:72:bd:d8:a7:63:fd:01:bd:7c:1b:7c:be:
de:22:f3:5a:91:88:14:b7:74:8a:e6:dc:61:fc:3a:2c:7a:e7:
b9:fc:66:02:5a:17:64:b5:ae:b0:9c:66:f3:1f:48:ee:e8:21:
32:33:1b:9f:8b:f2:d7:cc:2e:38:e7:b9:3c:2e:75:be:4c:56:
53:22:b7:6c:aa:7b:e5:9a:c4:86:07:ea:ca:8c:a9:5e:35:16:
cf:b0:b1:00
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUZRowJiY/hAiCQzOMpRpNMt5nRwowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNjAzMTIxNTQxMjRaFw0yNjA2MTAyMzU5NTlaMHoxSTBHBgNV
BAUTQDk5ZTY4OGJjMzU4MWViYWNkMTUxNTJkODU4NDU2ODU0ZTI4MTBlNDZiZDJl
NTUyM2FlNjhkNDVmYTU3MDlhY2ExLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMU38b8gdGO8wZ7RZFMqjxwFCh1sryw3REmdqS9Ff+7IPGn5/l2SZdoKt3d3
V5yl8Nn8a5xwDefbQ8cXbFtTPhtP8ezQFP3JUqq1kvzsmM8LXZY2sLqsNctztn3w
NWd1kOdUy0K/UoQA/ioR2AooJMz4C8OTRP74Mr+jFcuWw97F3mey3h+4CA8kx+VP
8tbvRx5dobryH6X2FB37m/oP1qOhb8T5GJabYO3v9E8FswGTpECL3FD7ESh1MisD
qnm6GZnThrDIZy+2H9pE7f8wKTy5aOCfWppsHwlbYY2E5VHMc0QE66lVFt5ZyQHs
0n5XxF8e/vGCuJX9Tk3F90lU2R8CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBSaE6hj
hCCkIOMwUubGVqCMmkhF0jAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NjZhOWRkNDQtYzQ4MC00M2E1LWIzNWQtYjQ3NzJhMGI0M2Q1LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0FpA
MA0GCSqGSIb3DQEBCwUAA4IBAQAd/H9j3iBbh0rVeYPWMtR19x+cdOPenb4AB1IC
IUBsBtppG0gsawAgAJHt2eZRIl0RtytoSy+eiQ05GswBe3ydIp3zXod7RosSj7pO
LeFIjx2Kgd9Wbg6KUPFI3HHYabaJrVpqjnq5XqziifR/Wa8jrpHqTmMm0DZLa7ab
PJ+/K47FwEpJeLjHt9XHrkuLID3BFhcIag0UM1LH3rSilv1gB19NXOhlFMFyvdin
Y/0BvXwbfL7eIvNakYgUt3SK5txh/Doseue5/GYCWhdkta6wnGbzH0ju6CEyMxuf
i/LXzC4457k8LnW+TFZTIrdsqnvlmsSGB+rKjKleNRbPsLEA
-----END CERTIFICATE-----
Generated at Sat Mar 14 09:14:56 2026 by rpki-client