Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/9eee349d-d986-4c9f-98e3-a5256e038112.roa
File: 9eee349d-d986-4c9f-98e3-a5256e038112.roa (raw, json)
Hash identifier: gZLKUvf7doucLGgY7U2xsex4RkgyiKA/BhIp6I6aq7k=
Subject key identifier: 00:02:2E:17:25:22:76:E1:EE:9E:FE:D6:98:E3:E8:B0:0E:8B:9A:19
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 2D80E9366FC3C961C2624111FA1067DCAB5EBF98
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/9eee349d-d986-4c9f-98e3-a5256e038112.roa
Signing time: Thu 12 Mar 2026 15:38:22 +0000
ROA not before: Thu 12 Mar 2026 15:38:22 +0000
ROA not after: Wed 10 Jun 2026 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d05a:b080::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 15 Mar 2026 03:00:29 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
2d:80:e9:36:6f:c3:c9:61:c2:62:41:11:fa:10:67:dc:ab:5e:bf:98
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Mar 12 15:38:22 2026 GMT
Not After : Jun 10 23:59:59 2026 GMT
Subject: serialNumber=a6f0762527a2b230de3af7a515e3c3aab5ec72cbc1471ea593c012461bc15273, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bc:5c:9d:19:73:54:cc:ba:d9:85:1d:f6:3f:df:
d5:45:90:19:cd:34:94:38:bd:7c:8c:a8:a2:1a:61:
92:50:f3:c6:00:90:5d:a3:74:a0:16:87:d3:95:ef:
6e:85:a6:5e:ab:88:1c:cb:79:cf:7d:5a:5b:17:b1:
cc:2b:4d:56:3c:40:7f:0e:73:ec:1e:7f:30:36:9d:
37:24:11:51:e5:c1:6c:12:6d:63:ed:bd:ba:99:db:
33:99:cd:84:89:8d:ab:18:c7:0c:7b:08:12:79:83:
83:42:4f:7c:e4:8a:9b:b5:65:4d:88:d5:5b:75:35:
cb:79:9d:3d:3a:d0:2a:54:cf:c1:d6:3f:f1:1b:de:
bd:9f:88:ad:39:6f:4e:2c:6c:fc:86:ff:0e:32:f4:
93:4d:0e:d5:db:0b:ec:c7:45:09:1a:0b:94:f3:ca:
c9:d8:7d:55:58:23:84:fd:ee:18:78:0d:f8:f1:7f:
b0:d5:33:1f:fa:03:5b:a8:22:26:84:ab:40:2e:f3:
bf:14:f4:85:c4:17:42:ea:36:d3:1a:18:cc:e0:60:
a8:28:db:62:33:e1:e8:9f:43:a6:ee:70:08:f4:cf:
36:38:a2:f6:c4:83:84:12:b1:fc:d4:4a:8a:d2:0d:
91:dd:32:eb:fd:c9:98:1c:e3:09:17:67:e6:a7:c6:
54:eb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
00:02:2E:17:25:22:76:E1:EE:9E:FE:D6:98:E3:E8:B0:0E:8B:9A:19
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/9eee349d-d986-4c9f-98e3-a5256e038112.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d05a:b080::/48
Signature Algorithm: sha256WithRSAEncryption
b2:ba:af:c1:8b:4b:ad:f0:8b:db:eb:4f:2c:8a:cc:60:7c:f1:
32:87:7c:7a:ba:40:ee:03:ff:c1:25:d1:6f:af:d9:ad:c5:d4:
4b:92:6a:71:15:60:be:f7:7b:93:ad:d1:30:95:bf:46:75:e3:
1a:05:5c:5d:fe:15:6a:ab:fe:05:4c:0c:4c:7e:ed:45:59:0b:
fa:0e:3d:d8:50:d0:3f:e1:1d:96:ce:cf:14:08:80:b2:8a:14:
bc:98:21:cc:23:77:78:6b:e2:3f:4b:b0:24:ea:1b:f0:3d:e7:
0d:d2:6f:28:12:e7:76:af:81:17:7b:49:21:a6:8d:f6:88:0a:
c4:62:b1:d4:cb:0e:a7:62:74:fb:95:cc:7a:46:05:46:84:26:
11:03:a7:a3:a1:09:c3:59:f3:ac:fe:13:fb:68:93:9d:19:22:
2e:35:13:45:0d:e5:11:6a:e0:05:ef:78:d4:f5:38:32:20:1c:
8f:ce:9e:71:35:ee:42:fa:72:2c:d3:ae:49:30:01:95:f7:08:
f6:a8:93:95:9e:3c:26:b7:ad:ae:14:9b:ff:39:7d:9d:33:12:
b2:4e:fe:4a:c1:c1:fc:cb:4b:d8:35:3e:fd:28:80:93:82:12:
89:93:b2:a6:9a:b7:7d:52:b4:0c:46:3f:fa:27:c4:a5:ba:5d:
10:ab:2b:ac
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIULYDpNm/DyWHCYkER+hBn3Ktev5gwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNjAzMTIxNTM4MjJaFw0yNjA2MTAyMzU5NTlaMHoxSTBHBgNV
BAUTQGE2ZjA3NjI1MjdhMmIyMzBkZTNhZjdhNTE1ZTNjM2FhYjVlYzcyY2JjMTQ3
MWVhNTkzYzAxMjQ2MWJjMTUyNzMxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALxcnRlzVMy62YUd9j/f1UWQGc00lDi9fIyoohphklDzxgCQXaN0oBaH05Xv
boWmXquIHMt5z31aWxexzCtNVjxAfw5z7B5/MDadNyQRUeXBbBJtY+29upnbM5nN
hImNqxjHDHsIEnmDg0JPfOSKm7VlTYjVW3U1y3mdPTrQKlTPwdY/8RvevZ+IrTlv
Tixs/Ib/DjL0k00O1dsL7MdFCRoLlPPKydh9VVgjhP3uGHgN+PF/sNUzH/oDW6gi
JoSrQC7zvxT0hcQXQuo20xoYzOBgqCjbYjPh6J9Dpu5wCPTPNjii9sSDhBKx/NRK
itINkd0y6/3JmBzjCRdn5qfGVOsCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBQAAi4X
JSJ24e6e/taY4+iwDouaGTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
OWVlZTM0OWQtZDk4Ni00YzlmLTk4ZTMtYTUyNTZlMDM4MTEyLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0Fqw
gDANBgkqhkiG9w0BAQsFAAOCAQEAsrqvwYtLrfCL2+tPLIrMYHzxMod8erpA7gP/
wSXRb6/ZrcXUS5JqcRVgvvd7k63RMJW/RnXjGgVcXf4Vaqv+BUwMTH7tRVkL+g49
2FDQP+Edls7PFAiAsooUvJghzCN3eGviP0uwJOob8D3nDdJvKBLndq+BF3tJIaaN
9ogKxGKx1MsOp2J0+5XMekYFRoQmEQOno6EJw1nzrP4T+2iTnRkiLjUTRQ3lEWrg
Be941PU4MiAcj86ecTXuQvpyLNOuSTABlfcI9qiTlZ48JretrhSb/zl9nTMSsk7+
SsHB/MtL2DU+/SiAk4ISiZOyppq3fVK0DEY/+ifEpbpdEKsrrA==
-----END CERTIFICATE-----
Generated at Sat Mar 14 09:14:56 2026 by rpki-client