Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/248ea861-facc-4167-976d-1e65c556b074.roa
File: 248ea861-facc-4167-976d-1e65c556b074.roa (raw, json)
Hash identifier: 1f5ZKwBybAACqFD57tvVAzkoqYCnWhv8XhnqQTQb3es=
Subject key identifier: 43:CA:8E:EA:57:69:D0:A4:AF:0C:CC:8E:53:2A:82:7D:0D:C8:ED:B9
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 5428AFA324988A470EE89BB5BE1D13408EEA6AD8
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/248ea861-facc-4167-976d-1e65c556b074.roa
Signing time: Tue 19 May 2026 05:30:46 +0000
ROA not before: Tue 19 May 2026 05:30:46 +0000
ROA not after: Mon 17 Aug 2026 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d036:1000::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 14 Jun 2026 01:00:11 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
54:28:af:a3:24:98:8a:47:0e:e8:9b:b5:be:1d:13:40:8e:ea:6a:d8
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: May 19 05:30:46 2026 GMT
Not After : Aug 17 23:59:59 2026 GMT
Subject: serialNumber=8c26b6c0ede1b6f7529c17dab6ae0103427c4393ed389d8a9b60721dd50e7135, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:af:07:9f:9b:69:c4:ce:fa:9b:ae:2b:3a:03:23:
18:4a:c7:cf:53:e7:f4:f4:fa:e6:ef:94:bd:4b:59:
97:d2:bd:f7:50:d4:6b:75:cf:53:ed:03:ae:8a:06:
83:74:1c:6d:e4:1f:0e:64:13:1c:a2:cd:bc:13:a7:
9c:21:56:9c:05:a8:87:67:10:2e:5c:ce:2b:11:9d:
30:ce:ae:5c:cd:41:8f:08:db:21:d3:ff:27:c1:b8:
af:10:c1:26:1e:10:00:6f:92:0e:ea:5e:90:ec:12:
c9:4a:11:a9:89:2f:0e:d8:aa:aa:98:c1:0c:30:3a:
d2:39:7e:79:04:c8:44:65:0d:11:a6:c3:f4:b7:06:
5a:11:b9:ae:2d:68:2f:01:d8:54:57:4d:61:c4:8d:
8f:72:36:c8:68:9c:80:ec:74:c8:45:f6:ef:c0:cb:
12:a8:cc:b6:aa:b4:ed:65:06:29:cf:62:ea:75:1d:
43:5e:9b:6e:c3:f1:79:eb:60:62:64:f3:42:11:b2:
3a:e4:22:6a:76:c0:cf:92:6d:fa:08:87:0c:02:91:
83:82:ed:b8:42:89:6e:db:90:7c:13:7c:bf:d9:6a:
3d:67:8d:59:4a:36:bf:1b:de:db:ee:9a:4e:3e:7a:
e1:86:73:80:ab:a2:01:f5:03:80:61:6a:c1:c7:00:
2d:57
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
43:CA:8E:EA:57:69:D0:A4:AF:0C:CC:8E:53:2A:82:7D:0D:C8:ED:B9
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/248ea861-facc-4167-976d-1e65c556b074.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d036:1000::/40
Signature Algorithm: sha256WithRSAEncryption
95:34:db:e3:28:bc:07:cc:cb:b2:76:33:86:f0:cb:80:8b:76:
f0:e8:a7:bd:1e:2f:db:a1:ac:d7:61:5f:c9:f9:3c:d8:87:98:
d8:f1:f4:b3:c3:f5:7f:b0:1b:0b:b6:ed:b2:25:2e:1e:29:5d:
ca:6a:bd:c1:96:04:0c:0d:04:6f:4f:d6:86:4c:34:dd:9f:bb:
a5:80:43:f4:3a:68:ae:2e:f7:7f:cd:00:e3:7c:03:5e:1e:7e:
b1:f2:1d:ef:6d:68:45:c2:7f:24:e1:19:74:12:4c:d5:44:ed:
36:94:da:c0:e1:f2:23:75:18:55:db:17:5b:c2:de:20:ae:e3:
c3:cb:93:2c:84:01:1b:a4:9b:4e:fd:f7:9e:18:67:37:43:f3:
1e:81:c0:46:c7:0c:bc:1e:58:8d:24:45:cd:d1:42:0c:8f:4d:
3e:9c:7d:18:fa:a7:5b:15:76:cb:3f:22:28:f2:f7:b1:b6:96:
cc:1e:e5:73:6e:a7:28:e4:9c:92:98:a7:03:9a:51:13:8f:19:
07:96:bd:91:e1:53:09:2f:7d:c6:18:72:08:75:96:9c:1a:7d:
a2:88:a8:a9:95:ca:45:6d:38:e7:7e:bd:75:42:d2:ff:d7:8f:
c8:05:71:8f:8c:de:1a:85:aa:ff:40:9e:e7:12:0e:f6:31:59:
c7:11:53:14
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUVCivoySYikcO6Ju1vh0TQI7qatgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNjA1MTkwNTMwNDZaFw0yNjA4MTcyMzU5NTlaMHoxSTBHBgNV
BAUTQDhjMjZiNmMwZWRlMWI2Zjc1MjljMTdkYWI2YWUwMTAzNDI3YzQzOTNlZDM4
OWQ4YTliNjA3MjFkZDUwZTcxMzUxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAK8Hn5tpxM76m64rOgMjGErHz1Pn9PT65u+UvUtZl9K991DUa3XPU+0DrooG
g3QcbeQfDmQTHKLNvBOnnCFWnAWoh2cQLlzOKxGdMM6uXM1BjwjbIdP/J8G4rxDB
Jh4QAG+SDupekOwSyUoRqYkvDtiqqpjBDDA60jl+eQTIRGUNEabD9LcGWhG5ri1o
LwHYVFdNYcSNj3I2yGicgOx0yEX278DLEqjMtqq07WUGKc9i6nUdQ16bbsPxeetg
YmTzQhGyOuQianbAz5Jt+giHDAKRg4LtuEKJbtuQfBN8v9lqPWeNWUo2vxve2+6a
Tj564YZzgKuiAfUDgGFqwccALVcCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBRDyo7q
V2nQpK8MzI5TKoJ9DcjtuTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MjQ4ZWE4NjEtZmFjYy00MTY3LTk3NmQtMWU2NWM1NTZiMDc0LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0DYQ
MA0GCSqGSIb3DQEBCwUAA4IBAQCVNNvjKLwHzMuydjOG8MuAi3bw6Ke9Hi/boazX
YV/J+TzYh5jY8fSzw/V/sBsLtu2yJS4eKV3Kar3BlgQMDQRvT9aGTDTdn7ulgEP0
OmiuLvd/zQDjfANeHn6x8h3vbWhFwn8k4Rl0EkzVRO02lNrA4fIjdRhV2xdbwt4g
ruPDy5MshAEbpJtO/feeGGc3Q/MegcBGxwy8HliNJEXN0UIMj00+nH0Y+qdbFXbL
PyIo8vextpbMHuVzbqco5JySmKcDmlETjxkHlr2R4VMJL33GGHIIdZacGn2iiKip
lcpFbTjnfr11QtL/14/IBXGPjN4ahar/QJ7nEg72MVnHEVMU
-----END CERTIFICATE-----
Generated at Sat Jun 13 08:05:56 2026 by rpki-client