Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/fff94e8b-545d-470d-9a32-716ea7107d36.roa
File: fff94e8b-545d-470d-9a32-716ea7107d36.roa (raw, json)
Hash identifier: gbwQMDCN5NgsXCWSj8hrLJfzhfKILOAAdWMin5acQl8=
Subject key identifier: 51:0C:BE:D5:18:E0:43:53:E8:75:A8:E1:94:5A:18:3F:37:16:4C:28
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 0A494C874EE2CB5338217A67CAF6072323240C1A
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/fff94e8b-545d-470d-9a32-716ea7107d36.roa
Signing time: Thu 12 Mar 2026 15:36:49 +0000
ROA not before: Thu 12 Mar 2026 15:36:49 +0000
ROA not after: Wed 10 Jun 2026 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d05a:9040::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 15 Mar 2026 03:00:29 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
0a:49:4c:87:4e:e2:cb:53:38:21:7a:67:ca:f6:07:23:23:24:0c:1a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Mar 12 15:36:49 2026 GMT
Not After : Jun 10 23:59:59 2026 GMT
Subject: serialNumber=e1b451d8584819237f84ebf7ea360edae0f870b62bb4cb37454bc3af0c2e09c4, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:af:cf:fe:41:46:36:e2:f5:38:e6:27:38:0e:f5:
8e:82:78:f0:01:d7:a9:f0:77:9e:f3:95:a1:da:47:
5b:42:01:1b:19:14:89:e3:a5:56:df:0c:fb:be:8e:
a7:3d:57:56:9f:cb:f7:aa:69:25:8f:13:56:db:77:
b6:b0:02:50:cd:20:26:8b:72:bb:36:d5:b5:1a:9e:
72:d8:44:05:33:c3:4e:1c:0b:a6:db:04:90:19:e2:
6e:e7:6a:96:92:d5:48:bf:c9:f6:3d:34:02:97:94:
71:68:f6:8c:5a:12:bc:f3:83:fd:86:a7:c9:73:38:
08:4a:ea:1e:20:fb:ea:1a:5f:cc:d5:e9:3a:f3:cd:
64:e9:c6:41:31:7d:f5:8d:dd:74:f4:66:c3:85:c7:
f0:4d:14:94:9f:8d:1b:07:cb:49:8b:68:b7:dd:02:
cd:fd:9a:be:da:67:97:2d:0f:ad:f2:df:4e:b0:dd:
4d:23:a1:0e:a4:b2:df:c4:a4:ca:0c:ed:ce:b2:07:
d6:66:14:48:53:ce:d5:df:5c:e1:69:bc:03:59:9b:
40:af:86:27:4a:89:20:1e:ad:fb:f8:92:9d:f1:0d:
f8:80:9b:cf:44:dd:15:3a:cf:49:fa:95:19:07:34:
8f:d5:d8:4d:8c:30:44:fc:a2:a1:c1:d6:c3:58:04:
07:43
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
51:0C:BE:D5:18:E0:43:53:E8:75:A8:E1:94:5A:18:3F:37:16:4C:28
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/fff94e8b-545d-470d-9a32-716ea7107d36.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d05a:9040::/48
Signature Algorithm: sha256WithRSAEncryption
3c:84:71:a1:cf:af:0c:67:35:49:5d:1b:08:8e:52:7d:c2:20:
55:d5:cf:1f:89:a0:f5:65:1f:1b:77:c8:a0:d7:c7:c3:b6:92:
6b:72:3b:34:14:48:a5:15:15:68:c7:94:09:84:00:36:b8:9d:
7e:e9:b6:ad:45:04:75:43:74:18:79:f7:15:32:5f:7b:56:9d:
fe:07:df:c2:2a:34:2e:01:14:a6:6b:bc:97:14:c3:86:24:92:
3c:72:68:19:11:b0:af:a8:20:f8:42:cb:12:48:31:8b:78:ed:
f6:bd:73:3d:3e:19:1f:59:9d:bd:d4:1c:2b:f7:54:9e:bd:35:
44:05:f6:88:dc:1b:4d:f3:8f:cd:bd:76:fb:83:1c:15:3f:dd:
e5:c4:8a:4d:20:2e:b0:4f:5f:cf:ee:2f:b3:d6:39:39:e6:34:
8d:31:00:13:d1:a9:c4:d2:8d:7e:59:c8:7c:df:3d:fa:15:40:
00:d3:ae:d4:52:3e:18:b9:47:b9:7b:5c:b1:81:32:a9:89:0d:
42:60:c7:32:df:85:32:b9:63:95:e0:4a:32:e7:71:ee:c9:58:
67:cb:f8:af:5e:30:67:cb:97:70:df:73:14:2d:d4:2b:22:2c:
67:7b:8c:1f:71:73:b7:7f:79:a8:ef:36:f1:19:7b:9c:e8:a9:
67:48:77:e1
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUCklMh07iy1M4IXpnyvYHIyMkDBowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNjAzMTIxNTM2NDlaFw0yNjA2MTAyMzU5NTlaMHoxSTBHBgNV
BAUTQGUxYjQ1MWQ4NTg0ODE5MjM3Zjg0ZWJmN2VhMzYwZWRhZTBmODcwYjYyYmI0
Y2IzNzQ1NGJjM2FmMGMyZTA5YzQxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAK/P/kFGNuL1OOYnOA71joJ48AHXqfB3nvOVodpHW0IBGxkUieOlVt8M+76O
pz1XVp/L96ppJY8TVtt3trACUM0gJotyuzbVtRqecthEBTPDThwLptsEkBnibudq
lpLVSL/J9j00ApeUcWj2jFoSvPOD/YanyXM4CErqHiD76hpfzNXpOvPNZOnGQTF9
9Y3ddPRmw4XH8E0UlJ+NGwfLSYtot90Czf2avtpnly0PrfLfTrDdTSOhDqSy38Sk
ygztzrIH1mYUSFPO1d9c4Wm8A1mbQK+GJ0qJIB6t+/iSnfEN+ICbz0TdFTrPSfqV
GQc0j9XYTYwwRPyiocHWw1gEB0MCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBRRDL7V
GOBDU+h1qOGUWhg/NxZMKDAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
ZmZmOTRlOGItNTQ1ZC00NzBkLTlhMzItNzE2ZWE3MTA3ZDM2LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0FqQ
QDANBgkqhkiG9w0BAQsFAAOCAQEAPIRxoc+vDGc1SV0bCI5SfcIgVdXPH4mg9WUf
G3fIoNfHw7aSa3I7NBRIpRUVaMeUCYQANridfum2rUUEdUN0GHn3FTJfe1ad/gff
wio0LgEUpmu8lxTDhiSSPHJoGRGwr6gg+ELLEkgxi3jt9r1zPT4ZH1mdvdQcK/dU
nr01RAX2iNwbTfOPzb12+4McFT/d5cSKTSAusE9fz+4vs9Y5OeY0jTEAE9GpxNKN
flnIfN89+hVAANOu1FI+GLlHuXtcsYEyqYkNQmDHMt+FMrljleBKMudx7slYZ8v4
r14wZ8uXcN9zFC3UKyIsZ3uMH3Fzt395qO828Rl7nOipZ0h34Q==
-----END CERTIFICATE-----
Generated at Sat Mar 14 09:14:58 2026 by rpki-client