Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/3db66c88-0bb0-44d6-b6a0-ad7dd0873c56.roa
File: 3db66c88-0bb0-44d6-b6a0-ad7dd0873c56.roa (raw, json)
Hash identifier: 0QWOqNGHTGEAAGn+bn9/ta7jNrs3iQL4vtDUf+6Ys/Y=
Subject key identifier: FF:BD:BD:69:F0:35:A5:4D:BD:26:69:C6:C5:31:F4:FB:89:1D:98:12
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 41F18C346771601638DC13E13C51DCF17F019C77
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/3db66c88-0bb0-44d6-b6a0-ad7dd0873c56.roa
Signing time: Tue 19 May 2026 05:00:04 +0000
ROA not before: Tue 19 May 2026 05:00:04 +0000
ROA not after: Mon 17 Aug 2026 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d000:40a0::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 14 Jun 2026 01:00:11 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
41:f1:8c:34:67:71:60:16:38:dc:13:e1:3c:51:dc:f1:7f:01:9c:77
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: May 19 05:00:04 2026 GMT
Not After : Aug 17 23:59:59 2026 GMT
Subject: serialNumber=a476c5734f684220433ffbd4c3115153ae9972cee40617dcff4473f6b2d8fb91, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d3:69:1d:04:07:d2:79:37:b5:ed:04:b9:64:95:
dc:fa:6e:37:81:23:f9:82:56:07:85:f9:f2:da:5b:
3e:d4:b2:1d:ff:6a:d6:70:cf:74:3b:19:95:1e:9e:
c5:52:bd:30:06:1e:2e:02:10:d0:c2:25:6d:31:00:
b1:db:6f:e6:9b:05:ed:2f:41:4c:e0:35:b4:ba:4f:
02:fb:48:b4:d9:c1:6c:57:22:f3:f9:39:15:c5:9e:
a0:58:a9:96:d0:09:40:c8:66:ac:ac:d4:48:36:53:
4c:36:8d:a4:cb:f9:d5:3c:4e:76:91:64:cb:cd:50:
8a:e1:ed:ee:42:86:76:8b:82:e1:8c:6d:5b:5d:a4:
b9:2e:23:1d:29:03:a3:58:c7:9b:2f:c6:1d:30:b9:
5c:fb:50:e0:1e:9b:6f:b3:79:4b:7f:48:7f:3f:f5:
cf:84:82:18:6e:83:77:a1:5d:d5:91:9a:85:11:ec:
fb:3b:ad:01:9e:3e:71:e8:72:34:dd:4c:40:28:f8:
2e:03:e3:51:dc:fe:21:89:00:15:c3:8a:22:7f:aa:
ad:ea:90:43:6a:ab:ef:32:7c:83:d9:b1:31:6a:70:
07:e2:95:19:e1:56:11:d5:7f:47:9c:e8:0c:55:2a:
3e:81:e2:bc:1f:c8:73:bb:0d:e8:04:5a:01:fc:cd:
d2:9f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FF:BD:BD:69:F0:35:A5:4D:BD:26:69:C6:C5:31:F4:FB:89:1D:98:12
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/3db66c88-0bb0-44d6-b6a0-ad7dd0873c56.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d000:40a0::/48
Signature Algorithm: sha256WithRSAEncryption
34:c9:6f:a2:2e:b2:99:0c:37:49:41:45:cd:eb:a8:a7:55:76:
76:e9:9d:82:3a:09:ed:5c:61:5d:85:38:59:64:87:d1:f5:5b:
58:39:c4:76:97:33:0f:19:25:c1:af:16:38:d1:a5:55:5e:b4:
d9:2e:8d:ba:d7:39:cb:61:dd:60:05:bd:a9:90:1c:36:9a:2f:
48:a5:89:d9:5b:b0:ea:c3:5b:fc:19:a1:17:19:94:fd:73:40:
03:18:86:6c:33:12:d5:c4:ce:d0:10:1a:18:77:ca:59:b4:40:
23:06:ea:2a:51:87:1b:cf:74:6b:06:bc:62:69:33:c3:6d:20:
3b:00:2a:d5:4f:e8:6d:17:8c:e8:20:14:46:c6:f9:14:27:f8:
2a:05:ca:2d:8c:3c:da:09:7d:3e:d3:e3:b1:65:64:fa:b9:51:
a4:76:f6:99:86:31:91:e0:9d:3a:22:a2:37:5e:1a:f5:96:91:
e4:2a:e2:59:85:67:a4:ea:a7:02:b4:91:a1:6e:20:12:68:de:
97:fb:c7:68:a0:49:eb:a4:48:4d:0c:95:89:75:ca:6e:ec:47:
bd:9b:7b:e0:b0:b6:60:0c:84:d8:a7:0b:bf:7f:00:ab:7d:0c:
98:6c:0b:40:1a:35:31:cb:4b:20:a5:51:7e:0a:0a:18:da:66:
22:80:56:db
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUQfGMNGdxYBY43BPhPFHc8X8BnHcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNjA1MTkwNTAwMDRaFw0yNjA4MTcyMzU5NTlaMHoxSTBHBgNV
BAUTQGE0NzZjNTczNGY2ODQyMjA0MzNmZmJkNGMzMTE1MTUzYWU5OTcyY2VlNDA2
MTdkY2ZmNDQ3M2Y2YjJkOGZiOTExLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANNpHQQH0nk3te0EuWSV3PpuN4Ej+YJWB4X58tpbPtSyHf9q1nDPdDsZlR6e
xVK9MAYeLgIQ0MIlbTEAsdtv5psF7S9BTOA1tLpPAvtItNnBbFci8/k5FcWeoFip
ltAJQMhmrKzUSDZTTDaNpMv51TxOdpFky81QiuHt7kKGdouC4YxtW12kuS4jHSkD
o1jHmy/GHTC5XPtQ4B6bb7N5S39Ifz/1z4SCGG6Dd6Fd1ZGahRHs+zutAZ4+cehy
NN1MQCj4LgPjUdz+IYkAFcOKIn+qreqQQ2qr7zJ8g9mxMWpwB+KVGeFWEdV/R5zo
DFUqPoHivB/Ic7sN6ARaAfzN0p8CAwEAAaOCAiQwggIgMB0GA1UdDgQWBBT/vb1p
8DWlTb0macbFMfT7iR2YEjAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
M2RiNjZjODgtMGJiMC00NGQ2LWI2YTAtYWQ3ZGQwODczYzU2LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0ABA
oDANBgkqhkiG9w0BAQsFAAOCAQEANMlvoi6ymQw3SUFFzeuop1V2dumdgjoJ7Vxh
XYU4WWSH0fVbWDnEdpczDxklwa8WONGlVV602S6Nutc5y2HdYAW9qZAcNpovSKWJ
2Vuw6sNb/BmhFxmU/XNAAxiGbDMS1cTO0BAaGHfKWbRAIwbqKlGHG890awa8Ymkz
w20gOwAq1U/obReM6CAURsb5FCf4KgXKLYw82gl9PtPjsWVk+rlRpHb2mYYxkeCd
OiKiN14a9ZaR5CriWYVnpOqnArSRoW4gEmjel/vHaKBJ66RITQyViXXKbuxHvZt7
4LC2YAyE2KcLv38Aq30MmGwLQBo1MctLIKVRfgoKGNpmIoBW2w==
-----END CERTIFICATE-----
Generated at Sat Jun 13 09:12:53 2026 by rpki-client