Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/0f3fbd71-85b4-48a7-8479-e942c9578262.roa
File: 0f3fbd71-85b4-48a7-8479-e942c9578262.roa (raw, json)
Hash identifier: byhtJZxFqAkPzDzQzrxWRspI+/17IWhLJBXusVvK81c=
Subject key identifier: 6E:99:DB:B6:31:53:16:3D:7E:C8:11:1F:62:C0:6C:7E:14:BE:6F:A9
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 3CB9E417DCD2F5249960299CC8F581F2207C92D3
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/0f3fbd71-85b4-48a7-8479-e942c9578262.roa
Signing time: Tue 19 May 2026 05:21:03 +0000
ROA not before: Tue 19 May 2026 05:21:03 +0000
ROA not after: Mon 17 Aug 2026 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d071:1000::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 14 Jun 2026 01:00:11 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
3c:b9:e4:17:dc:d2:f5:24:99:60:29:9c:c8:f5:81:f2:20:7c:92:d3
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: May 19 05:21:03 2026 GMT
Not After : Aug 17 23:59:59 2026 GMT
Subject: serialNumber=dca178ce088d3b0e1a6a7456d86ad5c3fa2ed592a6f435204869c8df138d43c3, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:df:27:0f:3f:0f:c4:b2:76:3e:e5:c1:cc:ce:41:
da:4a:c9:1e:e3:00:ed:14:3f:b3:cb:23:39:ec:0d:
94:8a:1e:77:31:53:5d:d1:16:96:48:9b:66:a9:cb:
8e:50:c3:1b:79:ee:85:25:45:ed:83:0a:b8:b6:ed:
fa:cc:b7:8d:76:ec:9b:09:ca:b5:df:03:1a:a1:cb:
39:da:13:d1:fe:49:00:c1:63:54:02:f8:61:b1:2e:
51:ec:a5:91:a3:9a:fc:56:c4:00:ae:8b:f1:76:5e:
8a:52:f9:18:34:61:49:22:ed:c3:9c:60:1c:f4:40:
8d:a5:2f:ee:a8:9e:44:1a:68:a3:d6:7d:42:70:84:
bc:50:11:e8:d1:a4:c9:6c:e0:19:1d:2b:ca:d9:23:
ba:62:a4:87:bb:4f:0c:c3:83:c7:3a:c2:2b:1a:0d:
8e:81:1f:ec:d5:a7:69:e1:70:2a:99:71:b0:76:55:
b7:5f:34:29:42:6c:55:d1:e3:26:2e:49:be:ab:bb:
9f:e2:a9:a8:60:e5:48:3e:e6:1c:e3:98:76:92:49:
58:aa:2f:b6:f4:6f:14:25:9e:60:32:38:cb:1d:73:
b2:5e:bd:c4:d2:08:fb:ab:82:43:ea:2e:65:f1:19:
f9:15:ac:2c:29:8b:b0:31:19:34:dd:79:33:3d:af:
d6:53
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6E:99:DB:B6:31:53:16:3D:7E:C8:11:1F:62:C0:6C:7E:14:BE:6F:A9
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/0f3fbd71-85b4-48a7-8479-e942c9578262.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d071:1000::/40
Signature Algorithm: sha256WithRSAEncryption
9a:7d:26:02:11:dc:3c:cd:52:e4:22:ff:72:ab:ba:b8:0b:bc:
1e:77:9d:12:98:32:64:68:d8:bb:bc:8e:20:34:64:cd:fb:6c:
a4:e7:4c:92:26:39:90:0b:66:2d:c6:38:92:53:56:29:7e:fe:
69:d4:52:e0:07:6f:5f:ff:73:78:09:31:af:84:31:22:b2:00:
26:3d:e8:11:a2:00:fa:5d:84:6a:b4:da:d8:7b:6b:80:a9:9e:
aa:fa:01:de:af:a4:ae:ff:f0:77:75:97:37:a7:13:76:c1:8e:
d4:83:f4:c3:33:e4:40:93:73:b2:cd:a0:f2:01:26:d4:d0:b8:
dc:fe:d0:bd:46:07:17:52:a8:04:33:fa:39:91:1d:cf:66:7d:
c3:71:13:3a:59:7b:47:16:a8:5e:b2:20:3d:b1:5f:b2:93:1d:
8e:15:d4:12:b7:13:dc:78:32:0d:a9:b0:b6:2d:40:ef:0b:d3:
5c:43:dd:a3:62:ba:36:fb:45:d3:29:30:9d:04:c5:39:63:ae:
43:e8:55:f8:98:b9:51:c5:ab:ad:8d:c0:c4:33:bb:3d:5a:34:
da:81:00:b3:ad:3c:33:8e:3a:c8:2a:f1:ef:f3:75:9b:fb:c4:
44:17:d5:b6:fd:fa:17:67:09:5e:3a:7c:a4:3a:b9:53:94:a9:
17:1c:7e:cd
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUPLnkF9zS9SSZYCmcyPWB8iB8ktMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNjA1MTkwNTIxMDNaFw0yNjA4MTcyMzU5NTlaMHoxSTBHBgNV
BAUTQGRjYTE3OGNlMDg4ZDNiMGUxYTZhNzQ1NmQ4NmFkNWMzZmEyZWQ1OTJhNmY0
MzUyMDQ4NjljOGRmMTM4ZDQzYzMxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAN8nDz8PxLJ2PuXBzM5B2krJHuMA7RQ/s8sjOewNlIoedzFTXdEWlkibZqnL
jlDDG3nuhSVF7YMKuLbt+sy3jXbsmwnKtd8DGqHLOdoT0f5JAMFjVAL4YbEuUeyl
kaOa/FbEAK6L8XZeilL5GDRhSSLtw5xgHPRAjaUv7qieRBpoo9Z9QnCEvFAR6NGk
yWzgGR0rytkjumKkh7tPDMODxzrCKxoNjoEf7NWnaeFwKplxsHZVt180KUJsVdHj
Ji5Jvqu7n+KpqGDlSD7mHOOYdpJJWKovtvRvFCWeYDI4yx1zsl69xNII+6uCQ+ou
ZfEZ+RWsLCmLsDEZNN15Mz2v1lMCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBRumdu2
MVMWPX7IER9iwGx+FL5vqTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MGYzZmJkNzEtODViNC00OGE3LTg0NzktZTk0MmM5NTc4MjYyLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0HEQ
MA0GCSqGSIb3DQEBCwUAA4IBAQCafSYCEdw8zVLkIv9yq7q4C7wed50SmDJkaNi7
vI4gNGTN+2yk50ySJjmQC2YtxjiSU1Ypfv5p1FLgB29f/3N4CTGvhDEisgAmPegR
ogD6XYRqtNrYe2uAqZ6q+gHer6Su//B3dZc3pxN2wY7Ug/TDM+RAk3OyzaDyASbU
0Ljc/tC9RgcXUqgEM/o5kR3PZn3DcRM6WXtHFqhesiA9sV+ykx2OFdQStxPceDIN
qbC2LUDvC9NcQ92jYro2+0XTKTCdBMU5Y65D6FX4mLlRxautjcDEM7s9WjTagQCz
rTwzjjrIKvHv83Wb+8REF9W2/foXZwleOnykOrlTlKkXHH7N
-----END CERTIFICATE-----
Generated at Sat Jun 13 09:12:40 2026 by rpki-client