Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/3901d4e7-d120-481a-a199-4762783cff5b.roa
File: 3901d4e7-d120-481a-a199-4762783cff5b.roa (raw, json)
Hash identifier: +cWCKLuWQx18zpoVt6e8qyW4D1u9lUj6+qNql9Z35lo=
Subject key identifier: FA:90:AE:F9:0D:D1:E3:C9:7B:9D:E5:30:51:AF:95:BC:B0:DE:5C:B1
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 2B0028D90D256F5E7DFD30AD6D62269C361267F0
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/3901d4e7-d120-481a-a199-4762783cff5b.roa
Signing time: Tue 19 May 2026 05:10:40 +0000
ROA not before: Tue 19 May 2026 05:10:40 +0000
ROA not after: Mon 17 Aug 2026 23:59:59 +0000
asID: 14618
IP address blocks: 2a05:d059:4000::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 14 Jun 2026 01:00:11 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
2b:00:28:d9:0d:25:6f:5e:7d:fd:30:ad:6d:62:26:9c:36:12:67:f0
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: May 19 05:10:40 2026 GMT
Not After : Aug 17 23:59:59 2026 GMT
Subject: serialNumber=5be3a6efcd0c83c6b457206444b028a3d236a5de31f8f7c8f75110d4569a767a, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d8:95:eb:f6:15:a0:91:11:09:79:ee:53:f1:3e:
a6:81:07:50:5d:34:ac:79:c5:87:ed:69:cf:6c:c9:
79:de:21:59:9d:67:d3:58:2d:a5:54:44:bf:c6:cd:
07:41:9e:37:29:03:cd:1f:14:a1:89:24:17:2a:b5:
07:56:ae:3f:f7:c9:0c:9f:c1:a6:c7:dc:d1:7d:df:
9f:8a:76:f9:ce:84:8b:91:2a:03:97:6f:64:06:f4:
0a:fe:39:0f:d1:f0:6a:fb:cb:c1:b6:1e:56:40:25:
7a:46:d3:a5:f8:65:c3:d3:78:0e:cd:24:02:33:51:
28:25:a7:fe:6f:49:78:31:51:cc:55:49:11:f3:70:
ba:72:2c:52:f7:1a:06:b7:a4:b3:90:cb:05:3c:83:
e1:b3:50:67:c8:19:97:ca:a2:1f:84:23:d0:ce:15:
7d:a7:97:f4:b5:7b:42:d6:ec:05:cc:51:bf:b7:48:
c3:dd:41:a0:4f:4b:42:8c:ca:cd:1d:5d:a9:c6:3b:
23:f4:2d:80:5d:f5:da:5b:ff:56:d4:73:47:8f:05:
f9:94:bf:0f:2b:f9:5f:df:d3:52:41:de:d8:49:cb:
aa:ce:fd:36:7b:b2:61:3d:9c:7b:6c:ef:dc:ad:d0:
61:84:a1:ba:e4:95:fc:35:57:c7:14:fa:11:ff:60:
d6:07
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FA:90:AE:F9:0D:D1:E3:C9:7B:9D:E5:30:51:AF:95:BC:B0:DE:5C:B1
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/3901d4e7-d120-481a-a199-4762783cff5b.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d059:4000::/40
Signature Algorithm: sha256WithRSAEncryption
95:88:da:a5:69:98:84:27:5c:b7:c5:a3:7a:b2:83:c8:d8:10:
2c:95:72:4b:93:3e:a7:b8:40:62:d0:bb:59:bc:ba:eb:75:18:
e2:f9:d2:d0:91:b4:bc:3d:63:b5:95:aa:22:23:93:1d:33:f4:
23:28:51:2e:a0:a6:ca:2c:2b:6e:ed:c2:80:3e:cd:e6:0d:6b:
db:fe:86:0b:12:c6:68:49:52:e8:dd:d3:ba:25:2e:b0:6f:59:
23:78:0c:51:e1:38:ad:a8:66:97:f7:12:e1:c4:df:35:e4:4b:
e1:46:46:d5:a2:04:20:9c:a2:03:f1:50:45:34:bd:79:9a:03:
91:aa:33:f5:52:65:a9:ed:a9:f3:77:76:36:bb:40:53:be:cb:
2c:f6:48:27:87:e9:5a:10:bc:39:9b:5f:ca:cb:b6:ab:9a:0b:
2b:96:7a:c5:6d:cf:52:27:c9:e3:3f:77:cd:8c:5d:4d:89:64:
5e:08:67:83:ad:91:55:96:6f:65:5a:db:dd:aa:e1:eb:25:87:
0d:5a:98:a8:fa:20:a5:57:cd:57:8b:3c:31:1b:33:2a:b2:d9:
ea:45:ce:21:6e:ea:a2:1a:9e:97:5a:a2:e4:db:48:0a:fe:e1:
fd:b8:36:cd:b7:2b:d9:69:3f:55:47:a4:6e:27:c4:3c:ae:95:
8d:0e:6e:02
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUKwAo2Q0lb159/TCtbWImnDYSZ/AwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNjA1MTkwNTEwNDBaFw0yNjA4MTcyMzU5NTlaMHoxSTBHBgNV
BAUTQDViZTNhNmVmY2QwYzgzYzZiNDU3MjA2NDQ0YjAyOGEzZDIzNmE1ZGUzMWY4
ZjdjOGY3NTExMGQ0NTY5YTc2N2ExLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANiV6/YVoJERCXnuU/E+poEHUF00rHnFh+1pz2zJed4hWZ1n01gtpVREv8bN
B0GeNykDzR8UoYkkFyq1B1auP/fJDJ/Bpsfc0X3fn4p2+c6Ei5EqA5dvZAb0Cv45
D9HwavvLwbYeVkAlekbTpfhlw9N4Ds0kAjNRKCWn/m9JeDFRzFVJEfNwunIsUvca
Breks5DLBTyD4bNQZ8gZl8qiH4Qj0M4VfaeX9LV7QtbsBcxRv7dIw91BoE9LQozK
zR1dqcY7I/QtgF312lv/VtRzR48F+ZS/Dyv5X9/TUkHe2EnLqs79NnuyYT2ce2zv
3K3QYYShuuSV/DVXxxT6Ef9g1gcCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBT6kK75
DdHjyXud5TBRr5W8sN5csTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MzkwMWQ0ZTctZDEyMC00ODFhLWExOTktNDc2Mjc4M2NmZjViLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0FlA
MA0GCSqGSIb3DQEBCwUAA4IBAQCViNqlaZiEJ1y3xaN6soPI2BAslXJLkz6nuEBi
0LtZvLrrdRji+dLQkbS8PWO1laoiI5MdM/QjKFEuoKbKLCtu7cKAPs3mDWvb/oYL
EsZoSVLo3dO6JS6wb1kjeAxR4TitqGaX9xLhxN815EvhRkbVogQgnKID8VBFNL15
mgORqjP1UmWp7anzd3Y2u0BTvsss9kgnh+laELw5m1/Ky7armgsrlnrFbc9SJ8nj
P3fNjF1NiWReCGeDrZFVlm9lWtvdquHrJYcNWpio+iClV81XizwxGzMqstnqRc4h
buqiGp6XWqLk20gK/uH9uDbNtyvZaT9VR6RuJ8Q8rpWNDm4C
-----END CERTIFICATE-----
Generated at Sat Jun 13 05:41:14 2026 by rpki-client