Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/9843a73f-18f2-433e-b871-f493b0645337.roa
File: 9843a73f-18f2-433e-b871-f493b0645337.roa (raw, json)
Hash identifier: DYUwsTU86z0/1zXjrKejRbWuMaSdP1EsFDMrervMrtU=
Subject key identifier: D7:20:4B:48:B0:4A:AF:A3:70:27:11:8B:EC:60:81:DC:94:60:69:F0
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 1324EA4F0312C303F4C0E58D8648D4E081EFC1A1
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/9843a73f-18f2-433e-b871-f493b0645337.roa
Signing time: Sun 17 May 2026 02:10:07 +0000
ROA not before: Sun 17 May 2026 02:10:07 +0000
ROA not after: Sat 15 Aug 2026 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d03a:800::/40 maxlen: 40
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 16 Jun 2026 07:00:11 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
13:24:ea:4f:03:12:c3:03:f4:c0:e5:8d:86:48:d4:e0:81:ef:c1:a1
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: May 17 02:10:07 2026 GMT
Not After : Aug 15 23:59:59 2026 GMT
Subject: serialNumber=93caf39bf02a8c9ffc91ac23bb0b8f4c572c2ec33b9fb40de27ad71b9c1a931f, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b1:58:37:4e:96:68:7b:1c:1d:0d:86:77:95:70:
f1:46:39:e2:a9:2d:6d:9e:d1:9a:3f:8a:87:d7:8d:
dc:9d:95:de:fb:9e:c9:ef:fe:10:30:d7:52:6d:d6:
7c:de:ad:34:b1:fc:f9:2d:4f:c7:60:f2:4d:7f:1e:
69:14:1e:ba:9a:4c:0a:d0:94:7a:4c:2d:65:7a:a5:
6e:11:85:f5:e3:fb:ec:56:cc:cc:f9:ac:cb:86:73:
c8:54:87:e0:87:2c:30:0e:4c:f4:18:da:21:1f:0a:
09:39:57:a4:9c:28:99:f1:de:4e:a9:40:99:18:d6:
e3:6f:15:1b:d5:aa:12:4c:3a:c8:7b:e9:5b:28:3e:
38:8c:98:2a:c3:67:b5:8b:7d:49:b4:de:b1:97:ca:
c4:98:09:3d:e4:39:f8:f5:fd:41:3b:4f:d1:36:68:
72:8c:03:3c:90:4d:cd:fe:e5:8c:be:2d:19:4c:d0:
95:f4:ae:bf:e1:10:99:84:5c:6d:3e:bf:c9:e0:d4:
93:4e:72:e2:67:b7:dd:e1:06:ef:b0:c9:5c:e7:e2:
4f:d5:97:42:f4:ab:9c:42:c5:8c:e8:ae:6f:c6:cd:
7a:d8:c1:f4:f4:b8:97:e6:fc:cc:e4:cf:ab:a7:98:
6f:49:eb:90:f8:c0:38:21:bb:30:e9:48:8e:56:49:
f4:e9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D7:20:4B:48:B0:4A:AF:A3:70:27:11:8B:EC:60:81:DC:94:60:69:F0
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/9843a73f-18f2-433e-b871-f493b0645337.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d03a:800::/40
Signature Algorithm: sha256WithRSAEncryption
bd:37:80:66:6e:6e:c6:d3:61:8b:5c:0e:79:ef:43:21:e7:12:
61:5f:48:e0:b5:32:45:ef:ce:c1:43:bc:a8:43:97:df:81:d4:
de:9e:63:0e:d9:d5:ce:69:ad:6b:cb:8c:74:7d:74:3d:6b:f8:
1f:69:14:63:2b:bd:3a:a9:bc:ee:9e:eb:ff:78:aa:dc:d7:99:
05:69:d8:db:ec:ac:5a:83:1c:4a:d7:76:bc:11:15:09:23:2f:
03:32:bc:c9:06:7b:43:a1:03:19:88:84:cf:52:ad:ef:71:2c:
be:01:7d:6c:fe:31:dc:b8:f4:a9:7b:b0:e3:ce:55:91:97:86:
8a:ff:f9:99:1a:93:de:12:96:dd:d8:3a:2b:f4:d0:45:e5:cc:
24:00:aa:68:ae:c5:d8:f7:cd:cb:9f:08:a3:24:e3:99:e1:2b:
ad:67:3d:66:5b:dd:00:db:f7:73:32:00:c5:7f:9b:c6:2d:21:
24:b1:e2:c9:a6:22:12:60:88:8d:7e:7e:ba:e8:af:62:09:e3:
a6:f7:cb:0a:56:c6:76:f6:13:b2:ff:03:6d:4e:39:dc:02:f5:
08:00:b1:b5:70:15:fc:82:56:37:b2:d8:7d:5c:9e:36:f8:12:
54:f8:30:90:30:5a:15:92:69:1e:8c:1c:68:a9:d7:2c:80:a8:
ea:01:c9:11
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUEyTqTwMSwwP0wOWNhkjU4IHvwaEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNjA1MTcwMjEwMDdaFw0yNjA4MTUyMzU5NTlaMHoxSTBHBgNV
BAUTQDkzY2FmMzliZjAyYThjOWZmYzkxYWMyM2JiMGI4ZjRjNTcyYzJlYzMzYjlm
YjQwZGUyN2FkNzFiOWMxYTkzMWYxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALFYN06WaHscHQ2Gd5Vw8UY54qktbZ7Rmj+Kh9eN3J2V3vueye/+EDDXUm3W
fN6tNLH8+S1Px2DyTX8eaRQeuppMCtCUekwtZXqlbhGF9eP77FbMzPmsy4ZzyFSH
4IcsMA5M9BjaIR8KCTlXpJwomfHeTqlAmRjW428VG9WqEkw6yHvpWyg+OIyYKsNn
tYt9SbTesZfKxJgJPeQ5+PX9QTtP0TZocowDPJBNzf7ljL4tGUzQlfSuv+EQmYRc
bT6/yeDUk05y4me33eEG77DJXOfiT9WXQvSrnELFjOiub8bNetjB9PS4l+b8zOTP
q6eYb0nrkPjAOCG7MOlIjlZJ9OkCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBTXIEtI
sEqvo3AnEYvsYIHclGBp8DAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
OTg0M2E3M2YtMThmMi00MzNlLWI4NzEtZjQ5M2IwNjQ1MzM3LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0DoI
MA0GCSqGSIb3DQEBCwUAA4IBAQC9N4Bmbm7G02GLXA5570Mh5xJhX0jgtTJF787B
Q7yoQ5ffgdTenmMO2dXOaa1ry4x0fXQ9a/gfaRRjK706qbzunuv/eKrc15kFadjb
7KxagxxK13a8ERUJIy8DMrzJBntDoQMZiITPUq3vcSy+AX1s/jHcuPSpe7DjzlWR
l4aK//mZGpPeEpbd2Dor9NBF5cwkAKporsXY983LnwijJOOZ4SutZz1mW90A2/dz
MgDFf5vGLSEkseLJpiISYIiNfn666K9iCeOm98sKVsZ29hOy/wNtTjncAvUIALG1
cBX8glY3sth9XJ42+BJU+DCQMFoVkmkejBxoqdcsgKjqAckR
-----END CERTIFICATE-----
Generated at Mon Jun 15 12:37:13 2026 by rpki-client