Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/bc5d1e04-86cf-43aa-989a-a5801b5a73db.roa
File: bc5d1e04-86cf-43aa-989a-a5801b5a73db.roa (raw, json)
Hash identifier: 8LGOOB93URM+H6/tGA88Zcbmygu9f+Hvc2TL4PR3QfU=
Subject key identifier: DD:93:8C:94:7D:A1:BC:BC:22:36:DF:0D:A4:59:5B:B1:B2:39:BE:BE
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 2C3527838084EC7B617A17694E7E5AB86F1647E0
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/bc5d1e04-86cf-43aa-989a-a5801b5a73db.roa
Signing time: Sat 02 May 2026 01:20:09 +0000
ROA not before: Sat 02 May 2026 01:20:09 +0000
ROA not after: Fri 31 Jul 2026 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d06a:1040::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 13 May 2026 14:18:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
2c:35:27:83:80:84:ec:7b:61:7a:17:69:4e:7e:5a:b8:6f:16:47:e0
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: May 2 01:20:09 2026 GMT
Not After : Jul 31 23:59:59 2026 GMT
Subject: serialNumber=e6d77d7f6d73de8ad2cb28abf22934280813729e9afe04a745b3f6e8ef5a45f3, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:af:8f:34:6a:4d:e6:fa:bd:d0:9e:ca:08:3c:4c:
7f:44:aa:61:83:84:4c:bb:43:57:d0:39:12:b6:dd:
e5:0c:5b:42:75:f3:4c:e5:18:2d:b4:f0:02:98:88:
60:b9:5f:61:9c:ec:03:b2:8e:e8:f3:36:41:b5:f3:
3a:c9:a4:fe:51:29:83:84:88:a0:c5:7c:11:dd:6b:
8a:23:48:cb:8a:64:e4:71:ed:ce:af:fd:64:67:56:
bd:d0:a7:04:9d:b1:5c:61:db:1b:4f:0d:73:db:06:
39:90:55:59:30:ea:8f:34:6e:7d:c3:85:be:81:d8:
5e:c5:1d:4a:03:91:34:b0:6c:5e:ae:6f:3e:a8:6a:
82:8c:4f:13:e2:31:91:46:3f:90:b8:ba:3e:42:c8:
f0:12:dd:de:96:07:eb:e6:9b:b4:a6:cb:6b:5b:9d:
cb:4b:70:35:d2:4e:74:ae:c4:da:7f:62:f5:e9:6d:
a3:d9:7a:b1:0b:c8:a3:39:23:f3:a1:25:c7:59:d0:
fd:a0:88:ee:a0:06:bb:92:06:31:29:8a:ea:25:5a:
95:f6:8a:b5:c1:29:d5:42:22:c7:b9:33:94:02:46:
aa:13:46:85:95:d3:a6:dc:8c:25:92:1f:54:55:35:
15:0d:1f:3e:13:f5:b3:78:2b:72:6b:95:80:10:48:
8f:3b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DD:93:8C:94:7D:A1:BC:BC:22:36:DF:0D:A4:59:5B:B1:B2:39:BE:BE
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/bc5d1e04-86cf-43aa-989a-a5801b5a73db.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d06a:1040::/48
Signature Algorithm: sha256WithRSAEncryption
56:b2:90:e1:fd:05:9c:de:8c:64:d4:ca:7f:e6:52:8a:3c:b0:
be:25:a0:31:e0:0a:d3:ac:35:c3:84:29:63:dc:09:73:e2:f3:
5c:af:e2:0c:b6:92:c4:14:88:8c:45:fb:cc:8b:ca:b5:d3:13:
42:ea:bb:a0:ac:42:22:97:d0:7e:56:0f:83:0a:c3:e4:23:26:
65:84:46:c5:12:46:2f:dc:41:6b:80:87:49:37:5b:23:e9:c0:
99:a0:e2:d4:d4:63:99:b2:c2:17:3c:41:6e:5a:b0:f1:7d:2f:
7e:a1:62:29:81:94:cd:ae:0b:d0:e8:43:66:05:b5:d5:53:74:
08:36:ed:eb:d8:d6:32:dd:b9:37:ba:d9:8f:c2:6e:40:cb:12:
2f:cd:75:f2:74:0c:12:e7:08:c0:86:9b:a7:fe:0b:1e:39:bf:
56:59:d5:f2:70:ba:05:fe:b5:f2:5e:8b:2c:25:38:ce:31:9d:
80:20:00:e3:d4:0f:4d:bf:69:19:37:13:ae:3a:a0:dc:61:1b:
37:d0:57:db:eb:94:6c:e1:dc:e0:f3:b4:99:ea:9c:d9:3b:95:
59:c3:6c:5e:86:b5:c3:38:26:76:2b:53:a8:a9:a6:ea:a8:20:
cf:98:d3:06:a5:f2:e5:ae:da:d1:5a:49:7b:e0:78:7a:68:7f:
38:b7:70:d6
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIULDUng4CE7HthehdpTn5auG8WR+AwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNjA1MDIwMTIwMDlaFw0yNjA3MzEyMzU5NTlaMHoxSTBHBgNV
BAUTQGU2ZDc3ZDdmNmQ3M2RlOGFkMmNiMjhhYmYyMjkzNDI4MDgxMzcyOWU5YWZl
MDRhNzQ1YjNmNmU4ZWY1YTQ1ZjMxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAK+PNGpN5vq90J7KCDxMf0SqYYOETLtDV9A5Erbd5QxbQnXzTOUYLbTwApiI
YLlfYZzsA7KO6PM2QbXzOsmk/lEpg4SIoMV8Ed1riiNIy4pk5HHtzq/9ZGdWvdCn
BJ2xXGHbG08Nc9sGOZBVWTDqjzRufcOFvoHYXsUdSgORNLBsXq5vPqhqgoxPE+Ix
kUY/kLi6PkLI8BLd3pYH6+abtKbLa1udy0twNdJOdK7E2n9i9elto9l6sQvIozkj
86Elx1nQ/aCI7qAGu5IGMSmK6iValfaKtcEp1UIix7kzlAJGqhNGhZXTptyMJZIf
VFU1FQ0fPhP1s3grcmuVgBBIjzsCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBTdk4yU
faG8vCI23w2kWVuxsjm+vjAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
YmM1ZDFlMDQtODZjZi00M2FhLTk4OWEtYTU4MDFiNWE3M2RiLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0GoQ
QDANBgkqhkiG9w0BAQsFAAOCAQEAVrKQ4f0FnN6MZNTKf+ZSijywviWgMeAK06w1
w4QpY9wJc+LzXK/iDLaSxBSIjEX7zIvKtdMTQuq7oKxCIpfQflYPgwrD5CMmZYRG
xRJGL9xBa4CHSTdbI+nAmaDi1NRjmbLCFzxBblqw8X0vfqFiKYGUza4L0OhDZgW1
1VN0CDbt69jWMt25N7rZj8JuQMsSL8118nQMEucIwIabp/4LHjm/VlnV8nC6Bf61
8l6LLCU4zjGdgCAA49QPTb9pGTcTrjqg3GEbN9BX2+uUbOHc4PO0meqc2TuVWcNs
Xoa1wzgmditTqKmm6qggz5jTBqXy5a7a0VpJe+B4emh/OLdw1g==
-----END CERTIFICATE-----
Generated at Tue May 12 23:12:19 2026 by rpki-client