Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/d29dd0b1-0945-430f-b5e5-44f68d05fdc6.roa
File: d29dd0b1-0945-430f-b5e5-44f68d05fdc6.roa (raw, json)
Hash identifier: TZ3k/f+YDvtLLaUca8xla3IaigNIQINRTB3HvLswuc4=
Subject key identifier: 92:92:78:EB:00:5C:CF:A6:B1:4E:71:F6:E2:F2:3D:26:C3:51:18:F3
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 14AFBA43726B89F5568C708477A9FB375928F650
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/d29dd0b1-0945-430f-b5e5-44f68d05fdc6.roa
Signing time: Thu 12 Mar 2026 15:40:05 +0000
ROA not before: Thu 12 Mar 2026 15:40:05 +0000
ROA not after: Wed 10 Jun 2026 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d033:4000::/40 maxlen: 40
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 15 Mar 2026 03:00:29 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
14:af:ba:43:72:6b:89:f5:56:8c:70:84:77:a9:fb:37:59:28:f6:50
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Mar 12 15:40:05 2026 GMT
Not After : Jun 10 23:59:59 2026 GMT
Subject: serialNumber=bb9205be332a5498c0f87e6d04d047aa3302857b43256a4ece71deae6b660cc5, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c9:fc:f1:cc:74:0e:17:1a:f6:41:ef:ab:f7:06:
fa:33:7e:e6:c2:62:ad:39:2f:7c:49:06:5d:41:f9:
42:19:ad:42:43:78:24:2f:66:26:6a:4d:2b:51:0f:
97:7f:59:7f:5e:5c:f1:42:a7:c6:2a:11:b9:ac:2a:
9d:4d:1b:f4:2c:c8:9e:22:e9:6d:a5:86:99:00:cb:
fb:15:1f:bb:49:9b:b4:25:62:1d:0a:47:6a:66:97:
c0:4a:7d:32:ae:45:ea:2e:4c:d9:c8:75:6d:ea:61:
08:66:22:df:b9:15:2b:6a:a7:13:34:1a:d7:3d:2a:
e2:14:fb:46:72:2f:00:95:35:57:cc:2a:de:35:1a:
d6:ac:97:21:c0:5e:90:ba:47:8d:8d:ee:6f:e1:29:
2f:c6:c1:4d:95:18:0b:53:0c:cb:f1:d4:ec:5d:07:
63:b1:1a:d7:7f:3e:52:67:8d:c5:79:4d:f0:24:e9:
c6:0e:c5:bc:cf:8b:72:18:0a:0f:2f:be:3d:f3:58:
9f:62:82:2d:3b:92:7d:52:9f:4a:cd:33:f7:a4:d9:
35:53:5f:2b:c4:9b:a5:4d:be:f8:f6:8e:4e:14:57:
5f:db:3b:1f:7d:05:b7:87:60:48:63:ba:7f:51:39:
53:04:55:ac:19:29:4a:21:a3:72:d5:75:0b:81:af:
fd:a9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
92:92:78:EB:00:5C:CF:A6:B1:4E:71:F6:E2:F2:3D:26:C3:51:18:F3
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/d29dd0b1-0945-430f-b5e5-44f68d05fdc6.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d033:4000::/40
Signature Algorithm: sha256WithRSAEncryption
66:5a:41:bd:f4:b0:27:e5:59:e5:ab:40:90:5f:2a:81:dd:00:
fd:ac:c5:bf:e4:75:b1:38:19:5a:c6:6a:d6:5b:e4:71:7e:c7:
ed:2d:31:a1:d1:d8:3c:9e:7e:1f:f6:09:9e:5c:0e:18:c4:e8:
56:e5:74:fd:f0:97:47:15:cb:52:aa:68:34:ee:76:c8:79:53:
4f:49:cd:7e:e0:16:d5:a8:72:59:c5:2c:5a:98:58:e4:24:42:
b4:88:16:aa:cb:20:b8:3c:ea:0a:69:b8:20:bf:00:00:4a:ec:
8e:11:1d:41:dc:db:d4:b6:a8:35:bf:81:10:75:94:d4:c0:d4:
9f:43:f0:1a:d7:c2:24:34:d3:8b:0a:8b:39:0a:03:d8:c3:e5:
49:6e:17:64:e2:3b:2a:1f:db:6f:8d:e0:c6:5e:21:78:5f:3d:
1f:f0:20:de:b9:fc:1c:d5:d7:7e:de:8f:2c:7a:36:ca:1c:fe:
38:d6:79:10:56:29:3f:8d:30:8d:6a:04:7b:de:95:95:ef:05:
92:e2:2b:9b:40:36:d2:d9:a6:2e:10:ad:80:44:f8:03:33:a9:
d4:71:5f:33:47:d8:77:a2:99:c5:f4:89:ae:43:fa:cd:c4:00:
7f:47:6a:f6:f4:6d:d1:13:6c:57:4f:21:73:a7:92:91:7c:93:
c2:e2:1f:3d
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUFK+6Q3JrifVWjHCEd6n7N1ko9lAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNjAzMTIxNTQwMDVaFw0yNjA2MTAyMzU5NTlaMHoxSTBHBgNV
BAUTQGJiOTIwNWJlMzMyYTU0OThjMGY4N2U2ZDA0ZDA0N2FhMzMwMjg1N2I0MzI1
NmE0ZWNlNzFkZWFlNmI2NjBjYzUxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMn88cx0Dhca9kHvq/cG+jN+5sJirTkvfEkGXUH5QhmtQkN4JC9mJmpNK1EP
l39Zf15c8UKnxioRuawqnU0b9CzIniLpbaWGmQDL+xUfu0mbtCViHQpHamaXwEp9
Mq5F6i5M2ch1bephCGYi37kVK2qnEzQa1z0q4hT7RnIvAJU1V8wq3jUa1qyXIcBe
kLpHjY3ub+EpL8bBTZUYC1MMy/HU7F0HY7Ea138+UmeNxXlN8CTpxg7FvM+LchgK
Dy++PfNYn2KCLTuSfVKfSs0z96TZNVNfK8SbpU2++PaOThRXX9s7H30Ft4dgSGO6
f1E5UwRVrBkpSiGjctV1C4Gv/akCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBSSknjr
AFzPprFOcfbi8j0mw1EY8zAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
ZDI5ZGQwYjEtMDk0NS00MzBmLWI1ZTUtNDRmNjhkMDVmZGM2LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0DNA
MA0GCSqGSIb3DQEBCwUAA4IBAQBmWkG99LAn5Vnlq0CQXyqB3QD9rMW/5HWxOBla
xmrWW+RxfsftLTGh0dg8nn4f9gmeXA4YxOhW5XT98JdHFctSqmg07nbIeVNPSc1+
4BbVqHJZxSxamFjkJEK0iBaqyyC4POoKabggvwAASuyOER1B3NvUtqg1v4EQdZTU
wNSfQ/Aa18IkNNOLCos5CgPYw+VJbhdk4jsqH9tvjeDGXiF4Xz0f8CDeufwc1dd+
3o8sejbKHP441nkQVik/jTCNagR73pWV7wWS4iubQDbS2aYuEK2ARPgDM6nUcV8z
R9h3opnF9ImuQ/rNxAB/R2r29G3RE2xXTyFzp5KRfJPC4h89
-----END CERTIFICATE-----
Generated at Sat Mar 14 09:14:55 2026 by rpki-client