Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/c7799f50-6acc-4097-88e1-1a281b4503e4.roa
File: c7799f50-6acc-4097-88e1-1a281b4503e4.roa (raw, json)
Hash identifier: DMs/Yb+xblDwhPtrB46beux4UQH0jreSIGZgkq4DV34=
Subject key identifier: 3D:D4:22:6A:26:E9:87:90:E5:69:B6:34:13:34:08:4D:5F:23:A7:04
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 6EA1315969EAE24C313FCEDAB0D40D1A93FBDBE8
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/c7799f50-6acc-4097-88e1-1a281b4503e4.roa
Signing time: Thu 12 Mar 2026 15:41:33 +0000
ROA not before: Thu 12 Mar 2026 15:41:33 +0000
ROA not after: Wed 10 Jun 2026 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d07d:c000::/40 maxlen: 40
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 15 Mar 2026 03:00:29 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
6e:a1:31:59:69:ea:e2:4c:31:3f:ce:da:b0:d4:0d:1a:93:fb:db:e8
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Mar 12 15:41:33 2026 GMT
Not After : Jun 10 23:59:59 2026 GMT
Subject: serialNumber=0334ecdcf14cb16067fab06132a4b0e695465cfe15ef14aaf3349d362678119f, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ad:1e:df:c5:a0:e8:3c:52:f9:d6:1b:a3:27:9b:
8a:75:73:3e:95:5b:3d:4e:6c:4f:1f:4a:70:33:1d:
a2:ed:ff:34:40:e6:d5:22:fc:54:e2:d4:8a:a2:04:
85:7c:fd:cd:a5:51:8e:a3:e7:4c:f6:30:44:89:a9:
34:67:46:16:b6:61:ae:28:77:1f:98:9c:8f:0c:66:
dc:49:c9:c8:c4:5d:96:6f:d6:46:c8:35:ff:bb:bb:
68:16:dd:36:cf:35:8c:12:59:b1:21:39:bb:d6:1f:
88:1f:e8:b7:55:c1:28:b8:e0:b0:05:af:80:5c:8a:
11:6e:79:21:bf:6d:b5:d3:0e:44:9e:59:2e:9c:64:
fc:ab:77:bf:74:4b:ba:66:6f:a0:3f:64:a2:95:da:
db:46:97:2c:41:43:40:2b:35:6f:6b:ca:ce:f3:9e:
46:a1:b7:77:e6:ca:60:8c:8d:03:b5:bc:bc:5e:a6:
8e:9f:a4:09:c7:c4:47:bd:8a:d8:b8:63:3c:db:39:
22:5d:94:90:24:f1:a2:7a:10:52:c1:ac:15:7b:5e:
42:e8:de:5d:79:34:6b:a6:96:62:c1:a7:96:5f:21:
c2:b1:db:40:d0:58:7e:a0:0e:a0:a3:ce:ae:a6:c6:
df:36:6c:12:10:a1:1d:8f:2e:01:ec:6a:f7:b4:17:
7e:6d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3D:D4:22:6A:26:E9:87:90:E5:69:B6:34:13:34:08:4D:5F:23:A7:04
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/c7799f50-6acc-4097-88e1-1a281b4503e4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d07d:c000::/40
Signature Algorithm: sha256WithRSAEncryption
78:c0:86:86:4e:ef:49:80:12:6a:f1:63:d9:de:64:22:4e:e0:
08:c9:79:49:86:30:eb:b1:5c:1a:3d:6b:a3:7d:a7:32:35:10:
e9:19:11:a2:c6:e0:61:da:65:15:79:0f:5b:3d:9e:de:51:a1:
76:1d:81:77:e7:fe:9e:b9:af:55:79:db:cb:a8:7a:3e:99:77:
3b:13:b0:c0:5d:90:fd:39:f3:5a:7f:9b:86:7a:53:e1:4f:f4:
9e:2e:27:be:62:e9:7d:65:eb:ef:e7:8d:43:03:ea:f0:3e:52:
52:5b:f1:74:de:5f:5d:2d:36:58:d9:c1:c1:ed:9b:7b:b0:e3:
3d:43:f0:21:80:03:64:ac:ce:ea:ac:17:bd:86:d9:30:ad:1d:
ae:1e:61:cb:2f:d5:de:e8:be:e2:02:28:cb:b0:2e:ec:3f:6c:
e5:2f:12:07:0f:10:88:eb:43:2e:77:bb:ff:0a:74:85:64:66:
73:38:13:c4:d9:77:64:1c:21:44:d6:b3:fd:82:19:9b:14:47:
8f:fb:c9:48:b7:f6:f1:fd:45:d8:52:20:81:7b:82:c0:51:93:
1a:cf:2d:f1:7f:36:9c:a7:b5:b5:a3:ef:79:ad:bd:93:89:be:
e3:f9:fc:0b:9e:28:70:48:c1:13:05:b2:9c:21:8b:d1:c5:79:
e3:67:22:1a
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUbqExWWnq4kwxP87asNQNGpP72+gwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNjAzMTIxNTQxMzNaFw0yNjA2MTAyMzU5NTlaMHoxSTBHBgNV
BAUTQDAzMzRlY2RjZjE0Y2IxNjA2N2ZhYjA2MTMyYTRiMGU2OTU0NjVjZmUxNWVm
MTRhYWYzMzQ5ZDM2MjY3ODExOWYxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAK0e38Wg6DxS+dYboyebinVzPpVbPU5sTx9KcDMdou3/NEDm1SL8VOLUiqIE
hXz9zaVRjqPnTPYwRImpNGdGFrZhrih3H5icjwxm3EnJyMRdlm/WRsg1/7u7aBbd
Ns81jBJZsSE5u9YfiB/ot1XBKLjgsAWvgFyKEW55Ib9ttdMORJ5ZLpxk/Kt3v3RL
umZvoD9kopXa20aXLEFDQCs1b2vKzvOeRqG3d+bKYIyNA7W8vF6mjp+kCcfER72K
2LhjPNs5Il2UkCTxonoQUsGsFXteQujeXXk0a6aWYsGnll8hwrHbQNBYfqAOoKPO
rqbG3zZsEhChHY8uAexq97QXfm0CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBQ91CJq
JumHkOVptjQTNAhNXyOnBDAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
Yzc3OTlmNTAtNmFjYy00MDk3LTg4ZTEtMWEyODFiNDUwM2U0LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0H3A
MA0GCSqGSIb3DQEBCwUAA4IBAQB4wIaGTu9JgBJq8WPZ3mQiTuAIyXlJhjDrsVwa
PWujfacyNRDpGRGixuBh2mUVeQ9bPZ7eUaF2HYF35/6eua9VedvLqHo+mXc7E7DA
XZD9OfNaf5uGelPhT/SeLie+Yul9Zevv541DA+rwPlJSW/F03l9dLTZY2cHB7Zt7
sOM9Q/AhgANkrM7qrBe9htkwrR2uHmHLL9Xe6L7iAijLsC7sP2zlLxIHDxCI60Mu
d7v/CnSFZGZzOBPE2XdkHCFE1rP9ghmbFEeP+8lIt/bx/UXYUiCBe4LAUZMazy3x
fzacp7W1o+95rb2Tib7j+fwLnihwSMETBbKcIYvRxXnjZyIa
-----END CERTIFICATE-----
Generated at Sat Mar 14 09:15:18 2026 by rpki-client