Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/87ec9982-c725-40e5-b829-ff0f06d939c8.roa
File: 87ec9982-c725-40e5-b829-ff0f06d939c8.roa (raw, json)
Hash identifier: vPg45s6MW7YqG2IG5JcU/Vw4FAyWzdQysvFpYsy/rWY=
Subject key identifier: 08:20:02:14:5A:D2:99:98:27:69:9E:F9:5A:E5:C0:D0:F0:24:49:D6
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 25CD11472203A272E8A50E00BC87742FA6A02400
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/87ec9982-c725-40e5-b829-ff0f06d939c8.roa
Signing time: Tue 19 May 2026 04:40:44 +0000
ROA not before: Tue 19 May 2026 04:40:44 +0000
ROA not after: Mon 17 Aug 2026 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d058:9000::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 14 Jun 2026 01:00:11 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
25:cd:11:47:22:03:a2:72:e8:a5:0e:00:bc:87:74:2f:a6:a0:24:00
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: May 19 04:40:44 2026 GMT
Not After : Aug 17 23:59:59 2026 GMT
Subject: serialNumber=151c36022467ef60b5d820413dc100b1d3f36ad640833e8a1b87ec8bcff46fcc, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a0:34:fe:f6:47:9a:d8:fe:7b:f9:7a:7f:fc:07:
88:fa:45:18:02:41:db:c2:83:8b:a3:fe:8a:93:34:
03:2f:59:04:8d:f7:e6:1f:3e:ef:21:bb:ba:b1:74:
2a:92:0f:e6:e3:d8:01:96:50:d2:bc:c7:da:26:5a:
ee:74:86:99:f2:0d:90:bc:1c:4a:57:92:82:b0:1a:
4e:60:58:4e:37:83:69:90:3f:07:01:3f:48:c6:33:
fa:23:3e:38:07:9f:53:e7:71:41:a9:66:41:0a:ed:
74:42:df:c8:e3:d5:f2:7e:e8:f8:99:2a:3f:99:91:
a4:95:ff:87:41:80:62:bf:f9:14:b1:86:a6:a8:69:
a5:b5:8c:fe:97:06:f3:aa:1f:f5:95:38:5f:a7:15:
bf:e6:c8:6d:93:65:53:43:d7:b1:51:05:4a:5c:03:
22:06:6d:9f:c7:92:d3:bd:a5:f3:26:3c:d7:81:b1:
fc:e3:b9:1c:6b:d1:f9:37:7f:79:01:f2:ad:80:06:
f7:1e:92:56:18:8e:73:58:f1:b0:91:34:2b:4b:71:
ed:6c:75:ad:ab:ad:d9:f5:85:9c:10:b1:9e:cd:a3:
32:b7:27:78:41:69:e6:54:a4:8f:d0:4d:95:20:fd:
72:a3:05:63:71:b2:8f:10:b2:6f:56:8e:03:3a:c7:
d9:bb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
08:20:02:14:5A:D2:99:98:27:69:9E:F9:5A:E5:C0:D0:F0:24:49:D6
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/87ec9982-c725-40e5-b829-ff0f06d939c8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d058:9000::/40
Signature Algorithm: sha256WithRSAEncryption
5d:bd:82:1c:63:d6:c4:d6:23:6f:72:38:e1:b2:3a:91:05:7a:
54:a7:6e:c7:58:60:b1:a7:ca:f3:50:38:a6:40:eb:9b:bb:81:
99:b5:4c:ac:d1:8f:3a:08:0e:94:46:11:26:31:3a:3e:a7:64:
aa:80:42:47:2f:55:e5:ea:c7:03:eb:87:97:1f:90:d6:4d:ae:
be:1a:2e:a3:ad:ad:6a:65:cc:e2:64:31:30:d9:28:ac:bf:4a:
b9:2f:a8:2e:d4:43:86:2e:db:42:c8:ef:54:6d:7c:31:7e:bc:
d1:aa:5f:c5:9d:60:5a:d1:8f:1f:43:98:4d:d7:62:f1:4c:9f:
f2:ea:54:dc:7a:5b:22:4e:ca:78:75:4e:6a:5d:4e:d0:ad:b3:
7e:4e:04:73:a9:89:b3:d7:76:f4:c2:c8:db:44:74:c3:d3:2d:
e3:16:80:77:c1:0d:95:4b:72:35:06:bf:6c:51:2a:65:3d:d0:
2b:e8:31:54:db:9e:07:09:16:e9:7b:d6:f7:e7:5c:d0:16:41:
02:59:d0:03:38:ff:82:12:1e:81:38:9c:8b:03:56:80:c7:21:
ae:bf:50:76:87:ac:66:f7:6e:b5:fc:a6:ca:6e:02:d1:c2:ee:
46:77:76:3b:9d:bb:a3:7d:09:3f:0e:80:9f:76:00:49:d4:16:
f9:e9:58:21
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUJc0RRyIDonLopQ4AvId0L6agJAAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNjA1MTkwNDQwNDRaFw0yNjA4MTcyMzU5NTlaMHoxSTBHBgNV
BAUTQDE1MWMzNjAyMjQ2N2VmNjBiNWQ4MjA0MTNkYzEwMGIxZDNmMzZhZDY0MDgz
M2U4YTFiODdlYzhiY2ZmNDZmY2MxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKA0/vZHmtj+e/l6f/wHiPpFGAJB28KDi6P+ipM0Ay9ZBI335h8+7yG7urF0
KpIP5uPYAZZQ0rzH2iZa7nSGmfINkLwcSleSgrAaTmBYTjeDaZA/BwE/SMYz+iM+
OAefU+dxQalmQQrtdELfyOPV8n7o+JkqP5mRpJX/h0GAYr/5FLGGpqhppbWM/pcG
86of9ZU4X6cVv+bIbZNlU0PXsVEFSlwDIgZtn8eS072l8yY814Gx/OO5HGvR+Td/
eQHyrYAG9x6SVhiOc1jxsJE0K0tx7Wx1raut2fWFnBCxns2jMrcneEFp5lSkj9BN
lSD9cqMFY3GyjxCyb1aOAzrH2bsCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBQIIAIU
WtKZmCdpnvla5cDQ8CRJ1jAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
ODdlYzk5ODItYzcyNS00MGU1LWI4MjktZmYwZjA2ZDkzOWM4LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0FiQ
MA0GCSqGSIb3DQEBCwUAA4IBAQBdvYIcY9bE1iNvcjjhsjqRBXpUp27HWGCxp8rz
UDimQOubu4GZtUys0Y86CA6URhEmMTo+p2SqgEJHL1Xl6scD64eXH5DWTa6+Gi6j
ra1qZcziZDEw2Sisv0q5L6gu1EOGLttCyO9UbXwxfrzRql/FnWBa0Y8fQ5hN12Lx
TJ/y6lTcelsiTsp4dU5qXU7QrbN+TgRzqYmz13b0wsjbRHTD0y3jFoB3wQ2VS3I1
Br9sUSplPdAr6DFU254HCRbpe9b351zQFkECWdADOP+CEh6BOJyLA1aAxyGuv1B2
h6xm9261/KbKbgLRwu5Gd3Y7nbujfQk/DoCfdgBJ1Bb56Vgh
-----END CERTIFICATE-----
Generated at Sat Jun 13 10:44:43 2026 by rpki-client