Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/b89b3c5d-e121-4769-9f3e-0d4c4f0780db.roa
File: b89b3c5d-e121-4769-9f3e-0d4c4f0780db.roa (raw, json)
Hash identifier: 59wb6pK1YnPoz10xABnkfknyo1djQWlhrEP/nb8b7WY=
Subject key identifier: 8A:D5:B5:FC:F0:51:79:1B:D1:4D:20:A5:95:7B:2F:6E:00:89:32:74
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 44028BD1C74ACCCAAD918B58A76F11DAB572BC71
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/b89b3c5d-e121-4769-9f3e-0d4c4f0780db.roa
Signing time: Fri 08 May 2026 03:20:51 +0000
ROA not before: Fri 08 May 2026 03:20:51 +0000
ROA not after: Thu 06 Aug 2026 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d059:6000::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 13 May 2026 14:18:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
44:02:8b:d1:c7:4a:cc:ca:ad:91:8b:58:a7:6f:11:da:b5:72:bc:71
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: May 8 03:20:51 2026 GMT
Not After : Aug 6 23:59:59 2026 GMT
Subject: serialNumber=898264774b34c8535e14654415ae524b879ec6a33e186734bd5928f8412168c3, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ec:4e:cf:20:ff:66:4c:da:0e:90:d6:3f:40:99:
f3:d0:a6:76:43:d7:61:9a:f5:8f:7b:42:13:bf:26:
52:e3:1e:f7:da:b7:7b:08:6a:ab:13:21:69:36:04:
7f:91:be:5d:a8:5c:49:5e:45:63:38:bd:7c:60:e9:
56:b4:95:a8:5b:78:4f:09:32:c9:25:10:7b:8a:58:
c5:66:ae:dc:35:4f:11:af:32:f5:2d:67:e0:0e:c7:
61:d4:87:ba:28:71:ab:a1:35:b5:39:9d:23:e8:51:
eb:23:3e:21:3b:87:72:67:ee:bd:bd:e1:09:d6:de:
63:91:c0:cb:eb:26:04:39:03:27:f7:49:73:21:88:
5b:36:06:ed:01:b5:5c:f3:ef:9b:96:53:9f:c2:c6:
97:8f:58:3a:7c:26:bc:bd:cf:c3:49:3b:d3:a3:5d:
0d:df:d2:2c:95:d2:d0:5f:27:1b:58:c3:3f:7b:b3:
f4:41:ca:0e:bd:30:42:f3:e8:a2:24:48:7e:3f:30:
21:71:91:bf:ee:d1:a2:63:da:0f:33:55:58:2a:1e:
56:71:e4:99:47:66:4c:86:14:84:31:7c:fa:7a:88:
f0:d0:1e:44:9c:94:d1:c1:4a:f9:cd:6e:a3:f2:d5:
fd:bc:a7:a5:65:25:a3:17:53:5c:5f:51:2f:73:5b:
46:ad
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8A:D5:B5:FC:F0:51:79:1B:D1:4D:20:A5:95:7B:2F:6E:00:89:32:74
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/b89b3c5d-e121-4769-9f3e-0d4c4f0780db.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d059:6000::/40
Signature Algorithm: sha256WithRSAEncryption
48:a8:5d:75:c5:5c:57:62:d8:1a:6a:04:65:68:7a:62:92:24:
85:e6:b1:b0:79:ef:4c:63:dd:d5:01:a3:0b:fa:83:14:3e:b0:
3f:7c:5c:23:13:f8:77:16:14:6a:65:c6:2f:63:9c:28:72:d3:
e2:f0:a9:43:64:c6:f0:3a:87:f2:77:2d:84:59:2e:da:50:8e:
68:f7:2e:c0:cb:47:f4:00:13:9f:c4:9f:e4:51:6e:34:89:fc:
5f:55:e3:00:4f:92:30:bb:c6:93:69:0a:1a:27:5b:38:bc:e2:
85:96:09:94:a7:0e:ec:95:55:65:d0:cd:d6:c9:79:8a:02:f4:
65:d1:48:bd:1a:c4:aa:0e:42:b1:34:80:81:e7:fc:8e:4f:c3:
82:09:2c:d9:af:8b:7a:3a:82:84:3e:ea:52:c8:4e:6e:ac:a3:
24:aa:6e:03:93:b0:8f:4d:7d:9b:13:e8:0b:40:fc:01:d3:91:
d4:55:e7:0b:bd:74:be:cd:a3:14:d6:2d:a6:05:70:5e:dd:38:
c6:3d:21:98:9d:b4:66:2c:70:16:9e:f3:e4:81:95:0b:90:2c:
25:15:9b:dd:9d:19:bf:1e:a2:7a:7d:7a:63:92:9f:82:d6:49:
ca:72:41:1a:f5:a2:94:7f:b3:d7:3a:2d:76:04:7c:03:da:1c:
d1:c7:b4:8f
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIURAKL0cdKzMqtkYtYp28R2rVyvHEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNjA1MDgwMzIwNTFaFw0yNjA4MDYyMzU5NTlaMHoxSTBHBgNV
BAUTQDg5ODI2NDc3NGIzNGM4NTM1ZTE0NjU0NDE1YWU1MjRiODc5ZWM2YTMzZTE4
NjczNGJkNTkyOGY4NDEyMTY4YzMxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAOxOzyD/ZkzaDpDWP0CZ89CmdkPXYZr1j3tCE78mUuMe99q3ewhqqxMhaTYE
f5G+XahcSV5FYzi9fGDpVrSVqFt4TwkyySUQe4pYxWau3DVPEa8y9S1n4A7HYdSH
uihxq6E1tTmdI+hR6yM+ITuHcmfuvb3hCdbeY5HAy+smBDkDJ/dJcyGIWzYG7QG1
XPPvm5ZTn8LGl49YOnwmvL3Pw0k706NdDd/SLJXS0F8nG1jDP3uz9EHKDr0wQvPo
oiRIfj8wIXGRv+7RomPaDzNVWCoeVnHkmUdmTIYUhDF8+nqI8NAeRJyU0cFK+c1u
o/LV/bynpWUloxdTXF9RL3NbRq0CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBSK1bX8
8FF5G9FNIKWVey9uAIkydDAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
Yjg5YjNjNWQtZTEyMS00NzY5LTlmM2UtMGQ0YzRmMDc4MGRiLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0Flg
MA0GCSqGSIb3DQEBCwUAA4IBAQBIqF11xVxXYtgaagRlaHpikiSF5rGwee9MY93V
AaML+oMUPrA/fFwjE/h3FhRqZcYvY5woctPi8KlDZMbwOofydy2EWS7aUI5o9y7A
y0f0ABOfxJ/kUW40ifxfVeMAT5Iwu8aTaQoaJ1s4vOKFlgmUpw7slVVl0M3WyXmK
AvRl0Ui9GsSqDkKxNICB5/yOT8OCCSzZr4t6OoKEPupSyE5urKMkqm4Dk7CPTX2b
E+gLQPwB05HUVecLvXS+zaMU1i2mBXBe3TjGPSGYnbRmLHAWnvPkgZULkCwlFZvd
nRm/HqJ6fXpjkp+C1knKckEa9aKUf7PXOi12BHwD2hzRx7SP
-----END CERTIFICATE-----
Generated at Tue May 12 23:36:15 2026 by rpki-client