Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/968c7897-1d8d-4c3a-b38e-6602ae947f34.roa
File: 968c7897-1d8d-4c3a-b38e-6602ae947f34.roa (raw, json)
Hash identifier: jH3jIhKI6+0BLogLhCmAdrnVzX0c/0i5SGbU8ep+YwA=
Subject key identifier: B4:D6:1B:19:16:77:98:D9:25:0D:11:3A:4A:D1:F0:C4:2D:10:99:39
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 33BD7A6C1141DE1072B4E9AC5A40EFA714391732
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/968c7897-1d8d-4c3a-b38e-6602ae947f34.roa
Signing time: Fri 08 May 2026 03:30:11 +0000
ROA not before: Fri 08 May 2026 03:30:11 +0000
ROA not after: Thu 06 Aug 2026 23:59:59 +0000
asID: 16509
IP address blocks: 46.137.208.0/21 maxlen: 21
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 13 May 2026 14:18:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
33:bd:7a:6c:11:41:de:10:72:b4:e9:ac:5a:40:ef:a7:14:39:17:32
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: May 8 03:30:11 2026 GMT
Not After : Aug 6 23:59:59 2026 GMT
Subject: serialNumber=cd4d91ec68174c991e350679b3e5769993b18cf8b49634cdf5c47f3190d92b6f, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b0:0f:ff:1e:d3:7e:c1:af:8d:69:3e:66:30:f7:
64:5c:5b:8f:5c:82:09:a7:16:a5:93:8b:3f:6c:1c:
c6:11:c9:85:98:54:c0:ad:ea:72:6c:1a:fa:5a:b4:
f2:be:ef:ec:89:81:07:a2:08:49:60:5c:66:69:f5:
69:f1:f1:7f:3a:cf:fc:38:0b:e4:9e:ea:c5:26:a3:
ee:5b:4f:39:aa:a2:1e:66:9d:33:00:d1:43:b1:aa:
78:75:ea:e3:0a:37:0e:b4:9a:5c:d7:35:de:a5:1e:
74:a7:27:9c:bc:27:da:57:fc:51:5d:d7:af:6a:b8:
3e:8e:bd:e7:04:26:b4:48:61:bd:c0:db:f3:fa:da:
14:72:0a:43:e2:00:e5:15:81:88:34:42:8f:06:ad:
62:77:cb:44:c3:c3:ed:5d:e9:7b:08:82:4b:d5:8c:
79:83:f9:d7:69:d0:2e:dc:11:47:82:bf:16:2a:a6:
cc:c7:60:4c:8e:2e:1e:4d:a5:ce:02:a0:bb:fa:59:
c1:d4:96:15:50:71:30:36:0d:a8:9f:3a:49:12:d6:
ec:83:d2:23:4e:51:d5:bf:86:d4:50:a8:5f:ed:67:
09:cc:9f:44:72:5d:78:bf:44:52:16:16:23:01:33:
9c:d7:ec:c8:c5:0a:2c:a7:bb:34:21:a6:4b:b0:dd:
46:1d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B4:D6:1B:19:16:77:98:D9:25:0D:11:3A:4A:D1:F0:C4:2D:10:99:39
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/968c7897-1d8d-4c3a-b38e-6602ae947f34.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.137.208.0/21
Signature Algorithm: sha256WithRSAEncryption
c8:56:31:04:1e:09:90:16:ec:6e:64:94:24:a8:ec:d7:68:56:
a3:bc:a8:97:43:27:a7:ba:0e:35:8c:97:88:34:5f:d2:60:83:
ab:b4:c7:70:df:78:b6:6a:36:69:d6:6a:b2:1e:a1:42:5d:bb:
8a:3c:62:07:e4:a5:41:2d:14:6a:be:24:49:2c:89:14:82:8b:
f4:b9:7e:fc:1e:9e:6a:ac:e1:90:2a:bd:58:5b:3e:75:0a:4a:
32:4b:1a:40:05:83:e5:b1:16:1f:ef:c9:c8:5b:ca:8f:33:c9:
4a:e3:d8:79:35:9f:e5:30:11:fb:bc:99:32:7f:73:f1:c0:3c:
85:ce:ef:5f:16:20:72:c6:9e:18:e1:cc:fe:a9:40:ea:e9:fe:
18:07:b9:41:c8:83:9c:1d:70:f5:22:bb:1c:51:0e:8e:69:06:
b1:61:d0:64:69:01:b4:d7:54:c7:90:a5:34:22:cc:b4:21:79:
d6:c1:07:e3:37:8d:da:5f:fb:13:89:97:af:38:16:5d:46:e5:
ff:bc:59:b6:be:fe:9b:20:b1:b4:06:3d:81:d7:f1:8f:45:3b:
69:30:bf:a7:f0:ef:74:39:e4:19:d1:82:d4:45:41:86:3e:81:
4c:d7:88:80:25:1b:e3:03:23:f1:f0:35:9f:82:b2:74:1b:43:
b2:ad:d6:81
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUM716bBFB3hBytOmsWkDvpxQ5FzIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNjA1MDgwMzMwMTFaFw0yNjA4MDYyMzU5NTlaMHoxSTBHBgNV
BAUTQGNkNGQ5MWVjNjgxNzRjOTkxZTM1MDY3OWIzZTU3Njk5OTNiMThjZjhiNDk2
MzRjZGY1YzQ3ZjMxOTBkOTJiNmYxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALAP/x7TfsGvjWk+ZjD3ZFxbj1yCCacWpZOLP2wcxhHJhZhUwK3qcmwa+lq0
8r7v7ImBB6IISWBcZmn1afHxfzrP/DgL5J7qxSaj7ltPOaqiHmadMwDRQ7GqeHXq
4wo3DrSaXNc13qUedKcnnLwn2lf8UV3Xr2q4Po695wQmtEhhvcDb8/raFHIKQ+IA
5RWBiDRCjwatYnfLRMPD7V3pewiCS9WMeYP512nQLtwRR4K/FiqmzMdgTI4uHk2l
zgKgu/pZwdSWFVBxMDYNqJ86SRLW7IPSI05R1b+G1FCoX+1nCcyfRHJdeL9EUhYW
IwEznNfsyMUKLKe7NCGmS7DdRh0CAwEAAaOCAiEwggIdMB0GA1UdDgQWBBS01hsZ
FneY2SUNETpK0fDELRCZOTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
OTY4Yzc4OTctMWQ4ZC00YzNhLWIzOGUtNjYwMmFlOTQ3ZjM0LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAy6J0DAN
BgkqhkiG9w0BAQsFAAOCAQEAyFYxBB4JkBbsbmSUJKjs12hWo7yol0Mnp7oONYyX
iDRf0mCDq7THcN94tmo2adZqsh6hQl27ijxiB+SlQS0Uar4kSSyJFIKL9Ll+/B6e
aqzhkCq9WFs+dQpKMksaQAWD5bEWH+/JyFvKjzPJSuPYeTWf5TAR+7yZMn9z8cA8
hc7vXxYgcsaeGOHM/qlA6un+GAe5QciDnB1w9SK7HFEOjmkGsWHQZGkBtNdUx5Cl
NCLMtCF51sEH4zeN2l/7E4mXrzgWXUbl/7xZtr7+myCxtAY9gdfxj0U7aTC/p/Dv
dDnkGdGC1EVBhj6BTNeIgCUb4wMj8fA1n4KydBtDsq3WgQ==
-----END CERTIFICATE-----
Generated at Wed May 13 00:18:44 2026 by rpki-client