Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/4a3909fa-da3d-4cd8-918f-7755304d49d1.roa
File: 4a3909fa-da3d-4cd8-918f-7755304d49d1.roa (raw, json)
Hash identifier: lYlTi1mfrUZRJjRqaKJ5pgRTjAwF/xrXPIdBVzluMW0=
Subject key identifier: 1B:F2:14:6A:22:58:E1:F4:CA:0C:0E:45:33:3E:6E:F7:65:F6:68:15
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 200C1AAC5404E965A0E8467E593290F2818014BB
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/4a3909fa-da3d-4cd8-918f-7755304d49d1.roa
Signing time: Tue 19 May 2026 04:30:08 +0000
ROA not before: Tue 19 May 2026 04:30:08 +0000
ROA not after: Mon 17 Aug 2026 23:59:59 +0000
asID: 14618
IP address blocks: 2a05:d06f:a000::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 14 Jun 2026 01:00:11 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
20:0c:1a:ac:54:04:e9:65:a0:e8:46:7e:59:32:90:f2:81:80:14:bb
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: May 19 04:30:08 2026 GMT
Not After : Aug 17 23:59:59 2026 GMT
Subject: serialNumber=e2b3afef3546262f22de29d0fd9f746d9375771263ad71a7291ed100c7be0576, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c8:32:76:52:75:46:d9:c5:44:42:86:cb:62:15:
0f:35:a1:e5:8f:43:f8:f5:dd:f0:f2:84:93:c0:6e:
31:0b:61:fb:e6:0f:ea:9f:9c:ef:90:b3:60:3e:10:
21:42:e4:39:04:9e:9b:4f:5d:d3:4c:92:28:72:e3:
f1:6a:f0:8a:32:0e:71:35:a9:4a:18:54:ca:98:47:
84:bd:b5:b3:58:2e:7c:1b:68:c0:4d:46:81:62:6c:
56:db:6d:df:b0:76:90:f5:26:43:1a:c0:a9:b6:71:
44:74:b1:fa:f9:8e:2d:99:98:bb:84:e0:63:ca:2b:
1d:99:cc:6e:fb:30:c2:93:5e:c8:82:91:29:08:37:
c6:a5:e3:50:59:44:c2:df:2d:7c:53:69:bc:bd:ba:
5b:e7:4d:62:4d:c4:af:f2:29:ef:5c:c1:2a:e2:1a:
33:15:0c:e8:a8:31:89:05:7e:d5:d3:39:dd:16:b9:
5d:82:5a:b6:aa:11:7c:c0:c3:fa:ae:ea:8e:7a:02:
38:4d:55:a7:d1:98:27:c5:b7:e6:3f:8c:da:83:4c:
d7:53:48:8c:df:0d:2f:6b:41:45:e7:08:45:8f:a8:
2d:d9:76:97:00:af:c4:b9:15:07:89:94:09:b9:f1:
95:30:60:b2:29:a3:9a:46:2e:6d:9b:a3:9f:51:d8:
ed:1d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1B:F2:14:6A:22:58:E1:F4:CA:0C:0E:45:33:3E:6E:F7:65:F6:68:15
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/4a3909fa-da3d-4cd8-918f-7755304d49d1.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d06f:a000::/40
Signature Algorithm: sha256WithRSAEncryption
37:48:3c:44:b2:77:c4:d9:42:34:20:86:52:69:20:1d:33:c9:
33:e4:9c:79:0c:98:39:f4:25:64:ab:17:c1:c8:3a:20:2d:c3:
f7:2b:40:15:0c:94:39:02:d6:7f:49:78:e9:c9:36:61:f6:33:
3c:f1:81:e6:85:e7:32:c9:cf:be:c4:01:45:e8:3f:bf:55:aa:
b5:8d:ab:30:25:e7:be:31:d1:67:2b:e7:cf:3e:c9:e0:24:ed:
31:aa:2a:65:de:ee:98:a9:07:a4:72:de:55:27:49:5e:62:b3:
ed:0b:1d:15:f1:84:44:f8:b8:45:36:30:cc:e7:ba:0b:23:5b:
ad:46:af:29:29:c3:25:4d:75:5e:da:3e:02:e7:fe:ba:a0:cc:
0c:ba:0f:56:78:e2:3f:d0:6c:70:aa:6c:df:b2:e4:cb:72:c1:
5e:e2:16:f6:f2:23:08:fc:d2:c0:02:cf:ea:a3:43:42:d8:6c:
ea:79:de:8d:e5:74:d1:15:04:68:07:82:64:6b:87:61:25:20:
7b:0f:ea:e1:4b:4e:f3:dc:35:3f:1c:a5:78:18:be:6b:c9:2b:
eb:7e:e3:d9:84:2c:e9:7c:1e:69:53:8a:e3:66:5b:b1:a1:7a:
4c:c8:32:a8:72:30:f3:e6:52:05:d2:40:43:03:79:79:e1:21:
e6:43:e6:1e
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUIAwarFQE6WWg6EZ+WTKQ8oGAFLswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNjA1MTkwNDMwMDhaFw0yNjA4MTcyMzU5NTlaMHoxSTBHBgNV
BAUTQGUyYjNhZmVmMzU0NjI2MmYyMmRlMjlkMGZkOWY3NDZkOTM3NTc3MTI2M2Fk
NzFhNzI5MWVkMTAwYzdiZTA1NzYxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMgydlJ1RtnFREKGy2IVDzWh5Y9D+PXd8PKEk8BuMQth++YP6p+c75CzYD4Q
IULkOQSem09d00ySKHLj8WrwijIOcTWpShhUyphHhL21s1gufBtowE1GgWJsVttt
37B2kPUmQxrAqbZxRHSx+vmOLZmYu4TgY8orHZnMbvswwpNeyIKRKQg3xqXjUFlE
wt8tfFNpvL26W+dNYk3Er/Ip71zBKuIaMxUM6KgxiQV+1dM53Ra5XYJatqoRfMDD
+q7qjnoCOE1Vp9GYJ8W35j+M2oNM11NIjN8NL2tBRecIRY+oLdl2lwCvxLkVB4mU
CbnxlTBgsimjmkYubZujn1HY7R0CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBQb8hRq
Iljh9MoMDkUzPm73ZfZoFTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NGEzOTA5ZmEtZGEzZC00Y2Q4LTkxOGYtNzc1NTMwNGQ0OWQxLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0G+g
MA0GCSqGSIb3DQEBCwUAA4IBAQA3SDxEsnfE2UI0IIZSaSAdM8kz5Jx5DJg59CVk
qxfByDogLcP3K0AVDJQ5AtZ/SXjpyTZh9jM88YHmhecyyc++xAFF6D+/Vaq1jasw
Jee+MdFnK+fPPsngJO0xqipl3u6YqQekct5VJ0leYrPtCx0V8YRE+LhFNjDM57oL
I1utRq8pKcMlTXVe2j4C5/66oMwMug9WeOI/0GxwqmzfsuTLcsFe4hb28iMI/NLA
As/qo0NC2Gzqed6N5XTRFQRoB4Jka4dhJSB7D+rhS07z3DU/HKV4GL5rySvrfuPZ
hCzpfB5pU4rjZluxoXpMyDKocjDz5lIF0kBDA3l54SHmQ+Ye
-----END CERTIFICATE-----
Generated at Sat Jun 13 06:44:59 2026 by rpki-client