Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/3c89eb14-e34b-4729-9b6f-b536e1e06692.roa
File: 3c89eb14-e34b-4729-9b6f-b536e1e06692.roa (raw, json)
Hash identifier: SJtwJVH+umY6rjFiyBsxtZ0pENF9IQQotZI+WsOY88Q=
Subject key identifier: C0:C5:34:19:BB:F2:9D:76:1C:17:97:E4:00:D7:31:EE:A6:4A:98:A6
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 2888601C9303BECA6F7DFBFBEDCE9FC326D39A02
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/3c89eb14-e34b-4729-9b6f-b536e1e06692.roa
Signing time: Mon 11 May 2026 01:50:51 +0000
ROA not before: Mon 11 May 2026 01:50:51 +0000
ROA not after: Sun 09 Aug 2026 23:59:59 +0000
asID: 16509
IP address blocks: 176.34.32.0/21 maxlen: 21
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 13 May 2026 14:18:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
28:88:60:1c:93:03:be:ca:6f:7d:fb:fb:ed:ce:9f:c3:26:d3:9a:02
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: May 11 01:50:51 2026 GMT
Not After : Aug 9 23:59:59 2026 GMT
Subject: serialNumber=030c66a6f1398c832a4d45d926753751dff721c629726cc2c2664e7dfe704ff1, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8b:42:86:7c:31:25:4f:62:5a:4f:de:9e:17:99:
89:58:95:43:1b:27:c3:a1:cd:5d:36:e3:2f:19:40:
7c:d4:8b:a8:86:78:98:86:38:40:b9:e0:13:23:eb:
a5:10:76:a2:e5:56:01:21:5c:c5:47:3c:d7:7b:2e:
d0:c9:f8:77:8b:63:9c:05:d1:56:7f:48:ab:81:a0:
2a:28:9c:1b:e7:43:89:4d:9e:c3:39:42:3f:f1:08:
0f:5f:45:1c:8f:f9:8d:84:a5:6d:f0:0b:9a:62:e9:
ec:f7:1b:37:07:ed:2e:bc:45:25:26:ee:38:b1:54:
a7:1d:d1:86:27:ff:9f:c6:55:fa:6c:38:9e:c3:40:
c9:2d:7d:47:4d:dc:fb:53:7d:03:24:43:5e:31:20:
5c:7a:4b:23:a1:7b:80:c4:f8:f6:33:21:f1:73:e5:
4c:22:05:f7:c1:0d:2f:6d:9e:77:6a:b0:bd:e1:1b:
1c:48:37:ee:93:7a:bb:71:52:80:78:b9:e3:25:94:
0d:da:e6:1f:99:7d:1e:29:da:90:27:c7:7a:4b:cb:
56:e9:b7:fd:8e:3e:89:00:d6:e4:f9:38:23:94:f2:
6d:b6:4d:2f:41:03:64:00:67:59:65:94:6d:18:92:
c7:30:36:fa:15:13:e2:47:6e:6a:5e:58:b1:75:dd:
c3:73
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C0:C5:34:19:BB:F2:9D:76:1C:17:97:E4:00:D7:31:EE:A6:4A:98:A6
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/3c89eb14-e34b-4729-9b6f-b536e1e06692.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
176.34.32.0/21
Signature Algorithm: sha256WithRSAEncryption
67:7e:07:d6:10:70:45:eb:a0:d2:7f:d3:83:43:46:f8:41:dd:
79:89:38:3c:0c:34:5e:69:d3:13:df:28:b4:fc:77:19:56:02:
05:9b:ce:31:9e:73:c3:98:6b:e3:8b:c3:7d:59:96:f1:02:cb:
b4:64:26:26:00:46:0b:3d:8a:66:94:fd:b2:52:24:88:8e:b3:
96:cd:92:f5:0f:4c:bf:78:d2:9a:41:b7:9a:ad:83:72:7b:eb:
cd:0d:42:f9:8b:95:06:cc:d5:08:2a:fd:a4:27:63:a1:26:61:
31:0d:6a:03:47:09:f5:23:16:73:64:d4:de:47:76:d3:30:96:
61:e9:32:20:77:83:7c:21:fe:da:04:0d:a5:f4:ad:a7:e8:35:
d7:92:01:0d:b7:a8:75:59:b8:73:a4:c8:9a:ee:fc:c4:40:59:
65:cc:c5:81:72:9f:50:19:d5:22:b1:d1:d2:c7:28:3d:e7:ec:
ff:bc:03:59:e3:eb:38:39:08:16:ba:f0:28:30:57:07:af:f9:
00:3e:63:46:eb:09:f7:a0:a5:87:98:7e:1b:bd:c6:a8:1d:94:
7c:a7:38:95:f7:7c:5f:cb:bc:22:fd:8f:b5:ad:99:af:78:1f:
09:73:dc:56:58:7b:d0:80:3c:6d:72:8e:e1:ad:9a:5d:4a:1b:
af:d3:c0:25
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUKIhgHJMDvspvffv77c6fwybTmgIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNjA1MTEwMTUwNTFaFw0yNjA4MDkyMzU5NTlaMHoxSTBHBgNV
BAUTQDAzMGM2NmE2ZjEzOThjODMyYTRkNDVkOTI2NzUzNzUxZGZmNzIxYzYyOTcy
NmNjMmMyNjY0ZTdkZmU3MDRmZjExLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAItChnwxJU9iWk/enheZiViVQxsnw6HNXTbjLxlAfNSLqIZ4mIY4QLngEyPr
pRB2ouVWASFcxUc813su0Mn4d4tjnAXRVn9Iq4GgKiicG+dDiU2ewzlCP/EID19F
HI/5jYSlbfALmmLp7PcbNwftLrxFJSbuOLFUpx3Rhif/n8ZV+mw4nsNAyS19R03c
+1N9AyRDXjEgXHpLI6F7gMT49jMh8XPlTCIF98ENL22ed2qwveEbHEg37pN6u3FS
gHi54yWUDdrmH5l9HinakCfHekvLVum3/Y4+iQDW5Pk4I5TybbZNL0EDZABnWWWU
bRiSxzA2+hUT4kdual5YsXXdw3MCAwEAAaOCAiEwggIdMB0GA1UdDgQWBBTAxTQZ
u/KddhwXl+QA1zHupkqYpjAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
M2M4OWViMTQtZTM0Yi00NzI5LTliNmYtYjUzNmUxZTA2NjkyLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEA7AiIDAN
BgkqhkiG9w0BAQsFAAOCAQEAZ34H1hBwReug0n/Tg0NG+EHdeYk4PAw0XmnTE98o
tPx3GVYCBZvOMZ5zw5hr44vDfVmW8QLLtGQmJgBGCz2KZpT9slIkiI6zls2S9Q9M
v3jSmkG3mq2DcnvrzQ1C+YuVBszVCCr9pCdjoSZhMQ1qA0cJ9SMWc2TU3kd20zCW
YekyIHeDfCH+2gQNpfStp+g115IBDbeodVm4c6TImu78xEBZZczFgXKfUBnVIrHR
0scoPefs/7wDWePrODkIFrrwKDBXB6/5AD5jRusJ96Clh5h+G73GqB2UfKc4lfd8
X8u8Iv2Pta2Zr3gfCXPcVlh70IA8bXKO4a2aXUobr9PAJQ==
-----END CERTIFICATE-----
Generated at Tue May 12 23:21:03 2026 by rpki-client