Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/1bd4661a-6576-46e1-b4db-aac6262599da.roa
File: 1bd4661a-6576-46e1-b4db-aac6262599da.roa (raw, json)
Hash identifier: QQWbB7vT30t5tMvCEavyLGnM9b1MgnqcUMLE74NHch8=
Subject key identifier: 45:56:41:CE:4D:9B:DA:5B:7D:BD:2D:98:11:B4:B6:44:2B:A5:A8:A2
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 50607CF110E1664B3F4A2D6B0E1F9EF5013A7690
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/1bd4661a-6576-46e1-b4db-aac6262599da.roa
Signing time: Fri 22 May 2026 16:01:52 +0000
ROA not before: Fri 22 May 2026 16:01:52 +0000
ROA not after: Thu 20 Aug 2026 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d031:8000::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 14 Jun 2026 01:00:11 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
50:60:7c:f1:10:e1:66:4b:3f:4a:2d:6b:0e:1f:9e:f5:01:3a:76:90
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: May 22 16:01:52 2026 GMT
Not After : Aug 20 23:59:59 2026 GMT
Subject: serialNumber=f663e5dbd872a00eac9250ee82311fa351d95a72cadf95d2cff9b895ba57f103, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9d:21:9d:2f:16:88:b7:14:9c:91:cd:a9:a5:e5:
ee:7a:bc:40:6e:90:12:0f:c3:31:49:d8:be:78:37:
43:c9:f2:9c:78:8c:9c:01:f1:9a:d3:85:f3:8a:d5:
1f:b8:b6:7b:76:b0:af:5b:c2:0f:5c:6c:0d:20:7b:
79:93:39:d4:30:17:e9:da:6b:e0:03:4a:cb:fb:3b:
31:ee:5b:86:a9:4d:37:c3:e8:28:d6:c0:bd:cd:84:
ed:ea:6a:94:d9:f2:73:4b:62:ff:65:11:d6:bf:59:
0b:7d:5e:c3:7d:95:54:32:39:14:e8:ad:d5:01:5f:
57:7a:d4:08:d0:ce:5d:47:da:d3:80:80:06:4c:47:
a0:df:52:d8:4b:f2:eb:ad:9a:55:2d:89:06:07:62:
52:12:19:8e:43:87:2b:ae:30:26:b4:f2:0a:5f:c1:
a0:1d:90:15:26:15:2f:4d:37:fb:13:9c:6d:97:c0:
bc:1c:03:fe:37:70:84:81:ae:19:71:06:52:8d:17:
6f:96:a0:ac:87:2a:e7:d3:f5:a7:47:e3:f7:a0:8a:
f5:0e:ce:cb:ee:b5:1b:9e:6b:34:90:27:5a:5f:ba:
e4:7b:f1:d6:ea:49:12:0c:29:e0:ea:6d:1c:b0:be:
78:e0:78:13:0d:03:9e:08:5a:60:27:73:45:b0:ca:
e7:59
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
45:56:41:CE:4D:9B:DA:5B:7D:BD:2D:98:11:B4:B6:44:2B:A5:A8:A2
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/1bd4661a-6576-46e1-b4db-aac6262599da.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d031:8000::/40
Signature Algorithm: sha256WithRSAEncryption
19:01:64:7f:7a:c6:96:de:a0:c0:8c:27:f6:93:6e:dc:3b:d6:
06:8a:a0:d9:b1:47:3c:6b:e2:82:8f:0b:00:36:11:55:60:bd:
59:ed:42:63:42:2a:39:93:0e:6a:2a:80:57:20:9c:1c:12:5d:
93:6e:c0:95:e9:cd:0e:b9:d2:c0:5c:81:6a:2b:96:d6:86:4b:
7a:fd:6e:c4:0c:a1:9c:ce:92:fb:12:6d:06:b7:12:10:73:dd:
9b:e8:05:12:1e:51:05:ce:50:5f:3c:48:cf:5c:1f:47:6d:1e:
a3:1c:12:a6:29:7c:e6:f7:fa:39:68:8c:29:fd:44:1f:9b:ad:
42:f0:42:6b:e9:07:1d:00:98:f4:3c:2a:c2:85:79:c0:45:5c:
1a:a4:6a:92:0f:e7:23:62:5d:94:62:fe:10:df:f7:4a:d3:4e:
16:5d:91:d6:83:ff:7e:74:b4:c1:a2:69:c6:a0:9b:de:b5:96:
50:1f:77:18:49:4b:44:f9:3c:54:97:0f:1b:0e:0e:02:73:c7:
7c:6f:35:2e:47:fe:b1:22:7e:2c:f6:50:09:80:bb:be:e4:d6:
c1:49:6a:9e:ec:95:ee:4b:99:70:50:24:3b:52:94:66:a9:70:
0f:6b:6b:39:8d:a9:95:bf:b0:be:de:c1:2a:e5:1f:b2:d0:ff:
97:86:37:66
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUUGB88RDhZks/Si1rDh+e9QE6dpAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNjA1MjIxNjAxNTJaFw0yNjA4MjAyMzU5NTlaMHoxSTBHBgNV
BAUTQGY2NjNlNWRiZDg3MmEwMGVhYzkyNTBlZTgyMzExZmEzNTFkOTVhNzJjYWRm
OTVkMmNmZjliODk1YmE1N2YxMDMxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJ0hnS8WiLcUnJHNqaXl7nq8QG6QEg/DMUnYvng3Q8nynHiMnAHxmtOF84rV
H7i2e3awr1vCD1xsDSB7eZM51DAX6dpr4ANKy/s7Me5bhqlNN8PoKNbAvc2E7epq
lNnyc0ti/2UR1r9ZC31ew32VVDI5FOit1QFfV3rUCNDOXUfa04CABkxHoN9S2Evy
662aVS2JBgdiUhIZjkOHK64wJrTyCl/BoB2QFSYVL003+xOcbZfAvBwD/jdwhIGu
GXEGUo0Xb5agrIcq59P1p0fj96CK9Q7Oy+61G55rNJAnWl+65Hvx1upJEgwp4Opt
HLC+eOB4Ew0DnghaYCdzRbDK51kCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBRFVkHO
TZvaW329LZgRtLZEK6WoojAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MWJkNDY2MWEtNjU3Ni00NmUxLWI0ZGItYWFjNjI2MjU5OWRhLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0DGA
MA0GCSqGSIb3DQEBCwUAA4IBAQAZAWR/esaW3qDAjCf2k27cO9YGiqDZsUc8a+KC
jwsANhFVYL1Z7UJjQio5kw5qKoBXIJwcEl2TbsCV6c0OudLAXIFqK5bWhkt6/W7E
DKGczpL7Em0GtxIQc92b6AUSHlEFzlBfPEjPXB9HbR6jHBKmKXzm9/o5aIwp/UQf
m61C8EJr6QcdAJj0PCrChXnARVwapGqSD+cjYl2UYv4Q3/dK004WXZHWg/9+dLTB
omnGoJvetZZQH3cYSUtE+TxUlw8bDg4Cc8d8bzUuR/6xIn4s9lAJgLu+5NbBSWqe
7JXuS5lwUCQ7UpRmqXAPa2s5jamVv7C+3sEq5R+y0P+Xhjdm
-----END CERTIFICATE-----
Generated at Sat Jun 13 10:16:40 2026 by rpki-client