Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/bfae711e-b0c4-404f-be1f-a99990818ac6.roa
File: bfae711e-b0c4-404f-be1f-a99990818ac6.roa (raw, json)
Hash identifier: WCQcsRKJlrJzeI+Sc2U6jR76cidnW6LLmdY9yRAkNJg=
Subject key identifier: E2:5B:3C:CB:8B:9A:B6:B9:03:25:64:4D:55:44:47:57:AB:AA:75:F7
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 19F0DF4B9732ABAF6CC8428ABB95D66D9F815D84
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/bfae711e-b0c4-404f-be1f-a99990818ac6.roa
Signing time: Sat 28 Feb 2026 06:21:23 +0000
ROA not before: Sat 28 Feb 2026 06:21:23 +0000
ROA not after: Fri 29 May 2026 23:59:59 +0000
asID: 16509
IP address blocks: 79.125.0.0/23 maxlen: 23
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 02 Mar 2026 15:00:27 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
19:f0:df:4b:97:32:ab:af:6c:c8:42:8a:bb:95:d6:6d:9f:81:5d:84
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Feb 28 06:21:23 2026 GMT
Not After : May 29 23:59:59 2026 GMT
Subject: serialNumber=b17bbef93d57ae04f9c29536b3cfd0e865e127a69230b847eb8c5a03958bfedb, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c6:5a:0b:b6:51:ed:1f:6f:78:9e:2d:32:75:c7:
cf:7a:d4:95:7d:c0:56:aa:35:4b:3d:cc:d3:d4:84:
ea:f9:1a:5a:28:87:82:27:c1:55:58:73:69:ac:6f:
e2:b0:5b:b0:9d:8c:3f:1f:22:6d:e8:c2:23:7a:00:
27:33:09:a2:ac:cd:c7:b5:9b:ec:da:ad:9d:67:1d:
55:19:ec:ae:91:54:30:6e:4e:47:01:50:99:36:27:
de:07:5a:9f:d2:20:91:c6:a9:97:d7:32:cc:48:9e:
3b:3e:cd:01:e1:b1:cc:83:56:4b:c7:d9:5b:64:73:
83:76:5a:ab:0a:4e:5e:2f:f7:a4:bc:f1:ec:f8:3d:
f4:7c:43:52:b1:f8:98:71:ef:48:6d:2a:18:6d:60:
99:e1:81:4e:36:0f:78:d4:66:68:cb:13:1d:4d:7b:
92:26:82:1d:8d:a0:5c:4a:5d:c5:8a:3d:71:b4:76:
aa:8c:96:b7:d9:a2:56:70:bc:1c:10:3c:3c:ad:52:
88:4d:b1:ef:09:37:24:d3:90:34:b4:87:d4:19:4c:
d5:e4:dd:ad:7f:2f:56:17:2a:37:dd:8d:06:12:c4:
e6:dd:a9:14:3a:55:7d:27:2f:11:11:cd:15:d4:75:
bc:00:1b:1e:9d:63:4a:7f:cf:00:fc:23:96:02:a3:
39:1d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E2:5B:3C:CB:8B:9A:B6:B9:03:25:64:4D:55:44:47:57:AB:AA:75:F7
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/bfae711e-b0c4-404f-be1f-a99990818ac6.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
79.125.0.0/23
Signature Algorithm: sha256WithRSAEncryption
81:5f:cc:ea:1c:12:2b:7d:35:f2:62:e4:a8:62:4d:06:04:1a:
31:c2:1b:ef:ac:5e:c1:e2:43:08:14:71:53:dd:65:61:88:1f:
54:7e:96:6c:8d:50:9e:00:79:fa:e2:b1:48:35:12:c9:4b:2d:
41:d7:d4:bb:6f:f9:62:8d:8e:41:b8:a1:74:3e:f3:22:8c:69:
57:f0:1e:e0:53:57:b6:af:0b:67:a4:bf:b8:23:5e:9c:9f:be:
9c:f4:e8:d8:a9:2f:a7:ad:29:b8:35:d2:35:bd:a2:ef:49:cc:
ae:ff:dd:f1:ce:fb:60:7d:52:8f:f6:98:e1:7b:46:0c:66:9d:
63:5e:90:f1:9c:0d:d6:74:1f:f7:bf:36:e7:f7:38:62:02:47:
6f:3f:ac:b5:7f:9d:2f:fc:57:30:44:99:00:d7:ae:69:82:8e:
ed:e8:18:b7:bf:3f:5f:01:e5:3b:76:12:01:03:16:42:54:af:
12:1a:18:ad:95:73:fd:9b:5e:0f:ad:be:f2:af:c0:70:30:a1:
ca:14:0b:41:e1:f4:6d:8e:9d:2f:22:45:a0:85:d2:d7:b2:ff:
27:b0:c5:86:55:0b:6c:09:f8:7c:62:76:14:9c:95:71:6a:0d:
4f:c5:03:65:7d:10:eb:89:af:69:13:10:32:de:06:b1:d4:fd:
78:88:9c:c1
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUGfDfS5cyq69syEKKu5XWbZ+BXYQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNjAyMjgwNjIxMjNaFw0yNjA1MjkyMzU5NTlaMHoxSTBHBgNV
BAUTQGIxN2JiZWY5M2Q1N2FlMDRmOWMyOTUzNmIzY2ZkMGU4NjVlMTI3YTY5MjMw
Yjg0N2ViOGM1YTAzOTU4YmZlZGIxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMZaC7ZR7R9veJ4tMnXHz3rUlX3AVqo1Sz3M09SE6vkaWiiHgifBVVhzaaxv
4rBbsJ2MPx8ibejCI3oAJzMJoqzNx7Wb7NqtnWcdVRnsrpFUMG5ORwFQmTYn3gda
n9Igkcapl9cyzEieOz7NAeGxzINWS8fZW2Rzg3ZaqwpOXi/3pLzx7Pg99HxDUrH4
mHHvSG0qGG1gmeGBTjYPeNRmaMsTHU17kiaCHY2gXEpdxYo9cbR2qoyWt9miVnC8
HBA8PK1SiE2x7wk3JNOQNLSH1BlM1eTdrX8vVhcqN92NBhLE5t2pFDpVfScvERHN
FdR1vAAbHp1jSn/PAPwjlgKjOR0CAwEAAaOCAiEwggIdMB0GA1UdDgQWBBTiWzzL
i5q2uQMlZE1VREdXq6p19zAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
YmZhZTcxMWUtYjBjNC00MDRmLWJlMWYtYTk5OTkwODE4YWM2LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAU99ADAN
BgkqhkiG9w0BAQsFAAOCAQEAgV/M6hwSK3018mLkqGJNBgQaMcIb76xeweJDCBRx
U91lYYgfVH6WbI1QngB5+uKxSDUSyUstQdfUu2/5Yo2OQbihdD7zIoxpV/Ae4FNX
tq8LZ6S/uCNenJ++nPTo2Kkvp60puDXSNb2i70nMrv/d8c77YH1Sj/aY4XtGDGad
Y16Q8ZwN1nQf97825/c4YgJHbz+stX+dL/xXMESZANeuaYKO7egYt78/XwHlO3YS
AQMWQlSvEhoYrZVz/ZteD62+8q/AcDChyhQLQeH0bY6dLyJFoIXS17L/J7DFhlUL
bAn4fGJ2FJyVcWoNT8UDZX0Q64mvaRMQMt4GsdT9eIicwQ==
-----END CERTIFICATE-----
Generated at Sun Mar 1 21:45:49 2026 by rpki-client