Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/f97778b4-85b1-4580-ac38-a4872d19261b.roa
File: f97778b4-85b1-4580-ac38-a4872d19261b.roa (raw, json)
Hash identifier: IyUaJ5t6aEECKPaaMi0wgrJ6+1ASOa5aOcvBfRE0Rv4=
Subject key identifier: B4:3D:8F:4C:56:61:B3:59:52:41:8C:2C:BB:07:61:27:D2:54:8B:EA
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 549227164B23BBB253FD19DCA079897E7AEF0D92
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/f97778b4-85b1-4580-ac38-a4872d19261b.roa
Signing time: Sat 28 Feb 2026 06:20:08 +0000
ROA not before: Sat 28 Feb 2026 06:20:08 +0000
ROA not after: Fri 29 May 2026 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d034:5000::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 01 Mar 2026 12:00:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
54:92:27:16:4b:23:bb:b2:53:fd:19:dc:a0:79:89:7e:7a:ef:0d:92
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Feb 28 06:20:08 2026 GMT
Not After : May 29 23:59:59 2026 GMT
Subject: serialNumber=0734ecfc2d02f99335a6bdd47852a181f83102c417d91f9573a4b8e69145313c, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b9:a5:67:8c:11:81:42:cf:df:45:03:a1:b9:8d:
23:80:8a:c1:ad:d1:57:75:a6:7a:c2:54:58:1c:82:
7b:1d:6a:19:be:3f:00:09:c9:91:7d:66:45:72:77:
4e:1e:56:87:a9:8c:db:d4:a8:11:bb:87:50:36:e3:
ce:24:60:53:2c:ad:c4:49:2f:cf:3a:b9:de:c4:12:
85:fe:8b:cd:ae:e7:c8:f6:a2:a7:09:68:06:98:52:
00:44:29:7f:98:03:05:4a:31:5b:c6:95:2d:3b:19:
de:97:fb:f9:be:81:b6:c2:66:98:94:86:f0:ef:29:
c4:4f:a9:d1:ac:cf:d4:58:7a:c8:cd:0f:28:4c:fb:
90:8a:57:d4:9e:bd:f8:c5:a2:d1:aa:02:d0:fa:af:
40:4c:2d:f7:e2:03:46:47:b7:c0:f5:50:e8:47:66:
f8:c1:c4:0b:bd:b5:91:9b:1d:c3:25:64:e7:bc:f9:
40:ac:5f:78:03:d5:4d:f1:44:63:83:65:32:f3:e5:
80:f0:ad:eb:bb:73:d9:01:d7:d2:da:85:c0:db:47:
65:a9:e2:84:07:0e:e0:c3:5f:80:2a:91:01:42:90:
f5:00:5e:10:3b:03:48:d8:e3:c8:3a:d9:b8:dc:f2:
fe:c7:47:2a:5a:4c:07:34:23:34:63:e3:52:80:8e:
66:e9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B4:3D:8F:4C:56:61:B3:59:52:41:8C:2C:BB:07:61:27:D2:54:8B:EA
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/f97778b4-85b1-4580-ac38-a4872d19261b.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d034:5000::/40
Signature Algorithm: sha256WithRSAEncryption
70:5e:d0:fa:43:5c:51:e8:e3:2d:59:e1:2f:e9:ba:d5:9f:73:
7c:2f:31:d2:b0:d5:33:a2:17:df:1e:25:2d:3c:38:3a:21:89:
b4:28:91:3b:6f:94:c7:3d:da:a9:bd:d2:bf:6b:55:47:71:51:
51:d9:44:77:52:d7:2d:81:cd:1c:f7:34:6c:84:c1:28:04:b2:
8d:bf:fa:5d:e0:5c:00:0f:50:ab:69:dd:94:40:0e:5c:2a:40:
e3:af:9b:e2:af:ba:fe:30:4a:8f:fd:95:16:ff:b9:e3:b3:b8:
8e:7d:91:b6:3a:a8:0d:5c:a3:15:f9:c2:fc:01:a2:f8:f9:87:
04:77:67:02:f7:3c:e9:b7:41:1b:76:f2:31:12:aa:73:fa:1b:
f2:d4:84:66:61:de:7e:b5:c9:d3:86:88:cf:21:20:da:6b:bb:
4f:32:b6:b7:90:9b:b3:82:a4:a7:40:25:90:b9:8e:51:fa:74:
57:89:93:46:65:1d:bb:0f:4c:8c:e7:51:21:af:a6:3d:df:11:
d5:4b:15:9d:ff:d8:d2:10:ac:b8:c7:91:c2:36:ee:2e:7b:49:
b9:e4:27:ca:ca:80:5d:d1:8c:6c:b4:0b:59:fa:f2:e0:25:a8:
c8:a6:23:d5:c1:3d:e8:72:f6:49:9f:3b:59:02:03:d0:bf:73:
ca:e9:32:72
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUVJInFksju7JT/RncoHmJfnrvDZIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNjAyMjgwNjIwMDhaFw0yNjA1MjkyMzU5NTlaMHoxSTBHBgNV
BAUTQDA3MzRlY2ZjMmQwMmY5OTMzNWE2YmRkNDc4NTJhMTgxZjgzMTAyYzQxN2Q5
MWY5NTczYTRiOGU2OTE0NTMxM2MxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALmlZ4wRgULP30UDobmNI4CKwa3RV3WmesJUWByCex1qGb4/AAnJkX1mRXJ3
Th5Wh6mM29SoEbuHUDbjziRgUyytxEkvzzq53sQShf6Lza7nyPaipwloBphSAEQp
f5gDBUoxW8aVLTsZ3pf7+b6BtsJmmJSG8O8pxE+p0azP1Fh6yM0PKEz7kIpX1J69
+MWi0aoC0PqvQEwt9+IDRke3wPVQ6Edm+MHEC721kZsdwyVk57z5QKxfeAPVTfFE
Y4NlMvPlgPCt67tz2QHX0tqFwNtHZanihAcO4MNfgCqRAUKQ9QBeEDsDSNjjyDrZ
uNzy/sdHKlpMBzQjNGPjUoCOZukCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBS0PY9M
VmGzWVJBjCy7B2En0lSL6jAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
Zjk3Nzc4YjQtODViMS00NTgwLWFjMzgtYTQ4NzJkMTkyNjFiLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0DRQ
MA0GCSqGSIb3DQEBCwUAA4IBAQBwXtD6Q1xR6OMtWeEv6brVn3N8LzHSsNUzohff
HiUtPDg6IYm0KJE7b5THPdqpvdK/a1VHcVFR2UR3Utctgc0c9zRshMEoBLKNv/pd
4FwAD1Crad2UQA5cKkDjr5vir7r+MEqP/ZUW/7njs7iOfZG2OqgNXKMV+cL8AaL4
+YcEd2cC9zzpt0EbdvIxEqpz+hvy1IRmYd5+tcnThojPISDaa7tPMra3kJuzgqSn
QCWQuY5R+nRXiZNGZR27D0yM51Ehr6Y93xHVSxWd/9jSEKy4x5HCNu4ue0m55CfK
yoBd0YxstAtZ+vLgJajIpiPVwT3ocvZJnztZAgPQv3PK6TJy
-----END CERTIFICATE-----
Generated at Sat Feb 28 19:59:06 2026 by rpki-client