Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/431d8e22-a384-419e-9218-32a80c0ce0e3.roa
File: 431d8e22-a384-419e-9218-32a80c0ce0e3.roa (raw, json)
Hash identifier: ZESa2WmUKkt0JhCMfEzI+2SxrjnF52ps/ZrLDzico+s=
Subject key identifier: 54:BC:47:F8:DB:03:52:32:8E:52:5E:7C:90:78:47:67:1D:97:6D:A5
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 2549BC97EC09B8E3D89BD4945049A5D51812700E
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/431d8e22-a384-419e-9218-32a80c0ce0e3.roa
Signing time: Sat 16 May 2026 00:40:07 +0000
ROA not before: Sat 16 May 2026 00:40:07 +0000
ROA not after: Fri 14 Aug 2026 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d076:e000::/40 maxlen: 40
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 14 Jun 2026 01:00:11 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
25:49:bc:97:ec:09:b8:e3:d8:9b:d4:94:50:49:a5:d5:18:12:70:0e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: May 16 00:40:07 2026 GMT
Not After : Aug 14 23:59:59 2026 GMT
Subject: serialNumber=6d6606b2d58ffc693aec6497669a543335850a66f7e5344033905e677f937183, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bb:6a:36:20:41:13:6b:9c:42:f1:08:03:0f:65:
33:93:19:78:7c:f2:fb:47:91:53:20:37:f5:b7:5f:
a0:1c:d6:7d:bd:ec:76:39:24:5d:c0:b3:e4:65:bf:
0a:95:35:27:74:81:56:6a:15:c6:5d:5a:21:2a:8b:
75:a7:6c:cb:a1:cf:b8:24:81:d4:e6:1b:dd:a2:18:
74:fa:b6:20:5f:4c:9e:d4:2b:38:b2:1e:11:26:3e:
63:3f:fa:3a:15:83:27:e4:a6:00:b0:5d:75:9d:20:
ea:aa:7a:fc:0f:5c:0d:ba:f5:02:e3:c8:f9:fa:78:
69:73:65:c5:4c:f8:92:d5:b8:d6:f4:6b:94:64:33:
90:10:c6:ca:55:33:19:fa:a5:90:1c:2b:84:b5:82:
59:ba:e9:87:8f:ac:b8:d7:a7:66:ed:fa:a5:7d:8a:
a7:c2:b3:ff:af:2d:7c:9a:84:f8:cb:77:a2:42:82:
d0:cc:d3:23:86:9e:b2:1e:81:77:ef:1d:de:78:d8:
65:9b:2a:ad:ef:0b:ee:3d:f9:35:2a:1d:d2:db:80:
48:1a:93:4d:dc:f5:07:59:5b:45:37:1a:fb:79:1a:
ef:42:66:d3:51:fc:04:a3:4d:e6:d4:3e:05:b1:04:
61:8d:ec:db:a1:27:06:c7:c5:5a:0f:1a:5c:34:b5:
dd:c1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
54:BC:47:F8:DB:03:52:32:8E:52:5E:7C:90:78:47:67:1D:97:6D:A5
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/431d8e22-a384-419e-9218-32a80c0ce0e3.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d076:e000::/40
Signature Algorithm: sha256WithRSAEncryption
b5:0b:72:0d:3f:d4:0e:4c:49:ec:7b:31:d2:c0:9f:99:97:f4:
ff:c5:33:e7:69:b2:56:4c:2f:67:a9:23:fe:6c:77:dd:d5:6b:
a9:67:d1:32:e0:3a:e8:9d:4e:18:cf:11:80:74:89:83:36:89:
8f:52:53:40:f3:d8:be:48:d6:6c:1a:63:94:2c:ef:d9:67:3f:
d9:78:59:f1:5d:18:94:ff:85:d9:90:97:b5:b3:e4:1d:97:01:
49:36:be:9e:5f:6d:16:88:0f:cf:54:83:e1:66:16:97:39:0b:
e6:6c:b7:d3:8c:ca:21:19:48:2b:aa:26:91:d7:98:a7:e8:70:
cf:93:a7:eb:ee:b6:5c:8d:06:9a:5e:5b:ae:64:01:fa:25:10:
a0:ea:c3:7e:df:ea:12:ec:e6:7a:14:f9:14:05:d8:65:de:c6:
09:60:d8:a2:53:12:93:8d:5b:98:13:74:81:43:12:c7:33:03:
d7:0b:f6:5c:d8:de:88:49:86:0d:86:0e:54:a7:cc:f7:3f:c4:
ef:31:f9:6d:7a:39:ab:23:d3:8f:e4:54:ae:78:19:0b:0d:e6:
87:c7:8e:89:22:a8:15:a0:fe:65:76:fc:b8:da:66:a7:2c:0e:
3b:2f:c8:17:7d:2d:b2:fa:07:a5:62:08:ca:54:d7:1d:44:63:
05:47:43:77
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUJUm8l+wJuOPYm9SUUEml1RgScA4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNjA1MTYwMDQwMDdaFw0yNjA4MTQyMzU5NTlaMHoxSTBHBgNV
BAUTQDZkNjYwNmIyZDU4ZmZjNjkzYWVjNjQ5NzY2OWE1NDMzMzU4NTBhNjZmN2U1
MzQ0MDMzOTA1ZTY3N2Y5MzcxODMxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALtqNiBBE2ucQvEIAw9lM5MZeHzy+0eRUyA39bdfoBzWfb3sdjkkXcCz5GW/
CpU1J3SBVmoVxl1aISqLdadsy6HPuCSB1OYb3aIYdPq2IF9MntQrOLIeESY+Yz/6
OhWDJ+SmALBddZ0g6qp6/A9cDbr1AuPI+fp4aXNlxUz4ktW41vRrlGQzkBDGylUz
GfqlkBwrhLWCWbrph4+suNenZu36pX2Kp8Kz/68tfJqE+Mt3okKC0MzTI4aesh6B
d+8d3njYZZsqre8L7j35NSod0tuASBqTTdz1B1lbRTca+3ka70Jm01H8BKNN5tQ+
BbEEYY3s26EnBsfFWg8aXDS13cECAwEAAaOCAiMwggIfMB0GA1UdDgQWBBRUvEf4
2wNSMo5SXnyQeEdnHZdtpTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NDMxZDhlMjItYTM4NC00MTllLTkyMTgtMzJhODBjMGNlMGUzLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0Hbg
MA0GCSqGSIb3DQEBCwUAA4IBAQC1C3INP9QOTEnsezHSwJ+Zl/T/xTPnabJWTC9n
qSP+bHfd1WupZ9Ey4DronU4YzxGAdImDNomPUlNA89i+SNZsGmOULO/ZZz/ZeFnx
XRiU/4XZkJe1s+QdlwFJNr6eX20WiA/PVIPhZhaXOQvmbLfTjMohGUgrqiaR15in
6HDPk6fr7rZcjQaaXluuZAH6JRCg6sN+3+oS7OZ6FPkUBdhl3sYJYNiiUxKTjVuY
E3SBQxLHMwPXC/Zc2N6ISYYNhg5Up8z3P8TvMfltejmrI9OP5FSueBkLDeaHx46J
IqgVoP5ldvy42manLA47L8gXfS2y+gelYgjKVNcdRGMFR0N3
-----END CERTIFICATE-----
Generated at Sat Jun 13 09:13:19 2026 by rpki-client