Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/cb4a73e1-be6b-4cba-b130-a22bb39cf671.roa
File: cb4a73e1-be6b-4cba-b130-a22bb39cf671.roa (raw, json)
Hash identifier: kPNVFau/ccFvP0Pgj8ta/pKQMdZcFDhQTRVM5W/689w=
Subject key identifier: 31:8C:80:E8:0C:95:2A:45:3E:01:B3:5A:E5:3C:63:AD:45:29:06:01
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 18F51732400F39457E019401EF47CB249E1F5410
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/cb4a73e1-be6b-4cba-b130-a22bb39cf671.roa
Signing time: Tue 19 May 2026 05:40:52 +0000
ROA not before: Tue 19 May 2026 05:40:52 +0000
ROA not after: Mon 17 Aug 2026 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d032:a000::/40 maxlen: 40
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 14 Jun 2026 01:00:11 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
18:f5:17:32:40:0f:39:45:7e:01:94:01:ef:47:cb:24:9e:1f:54:10
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: May 19 05:40:52 2026 GMT
Not After : Aug 17 23:59:59 2026 GMT
Subject: serialNumber=09404cf822bc36240ff1081c689593f3fa99b56d05e89509d6dd5b633320e33e, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ba:92:e2:ae:82:dc:d3:7a:0b:39:3b:75:9f:b7:
dd:b7:10:5d:6b:5b:47:ce:76:e6:cf:2d:bc:c4:f3:
db:e2:40:34:19:c7:76:5d:e3:e0:f9:40:4f:a5:20:
9c:f2:a4:95:0f:27:cf:48:95:06:ed:63:cb:74:be:
05:96:55:f1:0a:4a:1d:da:d4:93:19:be:16:ab:21:
49:47:53:5f:9e:a8:07:41:97:11:db:42:66:02:c9:
fd:ac:46:7a:03:91:06:18:6d:84:ec:12:45:cf:5e:
59:87:97:12:6d:38:ca:2a:05:a2:19:62:72:d0:21:
6e:b4:05:5c:09:e2:96:3e:4a:cb:7d:45:cc:1b:e0:
36:9d:31:6f:c5:15:4c:60:44:25:10:a9:3b:1e:48:
29:c2:f6:54:fc:97:4a:05:c1:0e:56:df:e3:7b:40:
7f:6a:4b:80:b0:9f:71:43:6c:5d:24:dc:36:2d:67:
f0:8f:e4:bc:05:6e:a4:ec:23:2f:90:aa:cc:36:64:
79:93:e3:0f:91:72:72:01:ef:03:fb:0d:db:fb:81:
d5:74:b5:04:01:cc:31:08:a8:91:0d:2a:5e:5d:81:
ab:51:4a:76:a5:7b:72:7f:96:c2:0c:0f:cc:d6:48:
46:1f:86:56:01:a1:42:08:d2:d4:55:d5:04:c0:35:
74:a1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
31:8C:80:E8:0C:95:2A:45:3E:01:B3:5A:E5:3C:63:AD:45:29:06:01
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/cb4a73e1-be6b-4cba-b130-a22bb39cf671.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d032:a000::/40
Signature Algorithm: sha256WithRSAEncryption
1e:46:4f:a8:b6:a0:92:b9:67:72:9d:79:e5:14:08:6d:46:1c:
18:65:18:2b:b6:a2:f1:06:4d:6d:f0:d8:d9:b2:e5:22:77:94:
5e:c7:4f:9f:18:ef:70:be:3a:bd:86:78:26:73:31:22:41:fa:
ac:a1:be:2e:78:c8:d3:c9:ec:4c:cc:63:c4:9a:5f:83:6b:fb:
35:86:1c:94:1a:c6:b3:72:20:12:21:cb:f4:ef:e0:5f:2f:3c:
c9:b5:37:da:56:29:c2:a9:3c:c3:5c:66:93:2c:61:34:b7:fa:
42:83:e6:c1:60:2b:3b:6c:49:dc:56:ed:57:1c:bb:7b:85:27:
2d:77:bb:40:4a:dd:85:6b:90:0c:6b:4d:90:34:63:6a:7f:93:
0b:8b:02:58:64:e6:43:ab:f1:20:fa:1c:91:53:9d:36:5d:e6:
47:6d:b6:64:4b:3a:ad:09:d4:6d:02:be:da:59:cf:4c:71:32:
be:bd:5b:ff:bc:f5:10:59:b2:45:48:0a:c4:df:60:2a:d9:de:
de:76:ba:03:c5:2a:2f:71:39:02:cc:53:94:c8:b8:14:32:0b:
62:2a:bc:47:a5:10:d2:22:a2:da:5d:00:c3:b5:6c:f0:26:9d:
c9:92:91:c7:5a:8e:3d:7d:ed:4b:ee:7c:9d:60:0c:8d:9f:03:
21:d4:6c:a7
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUGPUXMkAPOUV+AZQB70fLJJ4fVBAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNjA1MTkwNTQwNTJaFw0yNjA4MTcyMzU5NTlaMHoxSTBHBgNV
BAUTQDA5NDA0Y2Y4MjJiYzM2MjQwZmYxMDgxYzY4OTU5M2YzZmE5OWI1NmQwNWU4
OTUwOWQ2ZGQ1YjYzMzMyMGUzM2UxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALqS4q6C3NN6Czk7dZ+33bcQXWtbR8525s8tvMTz2+JANBnHdl3j4PlAT6Ug
nPKklQ8nz0iVBu1jy3S+BZZV8QpKHdrUkxm+FqshSUdTX56oB0GXEdtCZgLJ/axG
egORBhhthOwSRc9eWYeXEm04yioFohlictAhbrQFXAnilj5Ky31FzBvgNp0xb8UV
TGBEJRCpOx5IKcL2VPyXSgXBDlbf43tAf2pLgLCfcUNsXSTcNi1n8I/kvAVupOwj
L5CqzDZkeZPjD5FycgHvA/sN2/uB1XS1BAHMMQiokQ0qXl2Bq1FKdqV7cn+WwgwP
zNZIRh+GVgGhQgjS1FXVBMA1dKECAwEAAaOCAiMwggIfMB0GA1UdDgQWBBQxjIDo
DJUqRT4Bs1rlPGOtRSkGATAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
Y2I0YTczZTEtYmU2Yi00Y2JhLWIxMzAtYTIyYmIzOWNmNjcxLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0DKg
MA0GCSqGSIb3DQEBCwUAA4IBAQAeRk+otqCSuWdynXnlFAhtRhwYZRgrtqLxBk1t
8NjZsuUid5Rex0+fGO9wvjq9hngmczEiQfqsob4ueMjTyexMzGPEml+Da/s1hhyU
GsazciASIcv07+BfLzzJtTfaVinCqTzDXGaTLGE0t/pCg+bBYCs7bEncVu1XHLt7
hSctd7tASt2Fa5AMa02QNGNqf5MLiwJYZOZDq/Eg+hyRU502XeZHbbZkSzqtCdRt
Ar7aWc9McTK+vVv/vPUQWbJFSArE32Aq2d7edroDxSovcTkCzFOUyLgUMgtiKrxH
pRDSIqLaXQDDtWzwJp3JkpHHWo49fe1L7nydYAyNnwMh1Gyn
-----END CERTIFICATE-----
Generated at Sat Jun 13 07:59:46 2026 by rpki-client