Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/be43dd39-558d-4a44-9ced-00461f1d4c42.roa
File: be43dd39-558d-4a44-9ced-00461f1d4c42.roa (raw, json)
Hash identifier: okFlKihzHYgP9F6OHKpwhLhPPsuCqs5Mo7cSJDiaEYs=
Subject key identifier: 27:4E:00:69:85:53:AC:06:F3:E0:2E:1F:4B:1A:47:92:99:41:43:43
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 5580E8376BD4004FA079E1AD3F658BFA46101833
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/be43dd39-558d-4a44-9ced-00461f1d4c42.roa
Signing time: Sat 02 May 2026 01:30:26 +0000
ROA not before: Sat 02 May 2026 01:30:26 +0000
ROA not after: Fri 31 Jul 2026 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d06a:2000::/40 maxlen: 40
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 13 May 2026 14:18:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
55:80:e8:37:6b:d4:00:4f:a0:79:e1:ad:3f:65:8b:fa:46:10:18:33
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: May 2 01:30:26 2026 GMT
Not After : Jul 31 23:59:59 2026 GMT
Subject: serialNumber=c66696840586e0367fadb7449c40bc4910714fffc42433a53b75d89150da2afc, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ae:8f:18:57:95:1b:8f:fa:1e:22:f6:64:bc:24:
1c:17:af:0b:da:52:3c:46:5c:38:61:11:2f:ba:76:
13:a4:79:61:51:ed:17:5f:ca:c6:f5:54:a8:9b:ce:
c4:13:51:13:0e:9c:ec:c5:60:ba:5a:7e:df:94:d7:
bf:6d:b1:45:bd:9a:8c:e3:84:5e:e2:fd:0d:ce:fd:
a6:a7:65:e0:81:f6:f9:0c:ca:df:46:f7:29:14:9b:
57:ea:90:02:34:94:d7:7e:8e:19:a5:30:e9:4c:b7:
cc:1b:91:00:d9:e8:19:ba:d1:d7:f0:5f:3b:ee:a1:
6f:f3:83:db:5a:ed:57:52:dc:43:84:77:e6:e6:35:
9b:d3:b1:46:49:21:55:99:73:a5:0c:ef:3c:da:59:
d7:9f:09:49:ee:69:1a:3a:95:24:62:e3:2b:e6:23:
93:9c:d1:7c:50:b8:28:c3:62:30:31:58:68:5d:c0:
02:45:b8:d7:27:39:e0:54:c5:54:ba:08:63:47:33:
b0:70:24:5f:90:35:b2:93:5c:38:0f:73:64:34:38:
50:53:79:22:75:2d:fd:cd:be:22:73:b7:53:4b:87:
e5:12:71:7a:f9:9c:93:3f:a0:81:13:40:94:a6:4b:
05:fd:c8:bc:9d:1e:a1:e7:c9:8f:b4:1f:86:6e:49:
b1:4d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
27:4E:00:69:85:53:AC:06:F3:E0:2E:1F:4B:1A:47:92:99:41:43:43
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/be43dd39-558d-4a44-9ced-00461f1d4c42.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d06a:2000::/40
Signature Algorithm: sha256WithRSAEncryption
c8:e8:96:9d:7a:54:28:3f:53:12:68:74:c4:f9:54:87:c0:39:
54:be:fa:44:2d:b2:e3:f1:62:be:71:e4:e5:cc:ad:74:2b:5f:
aa:d6:7e:a2:a4:bf:e6:80:52:8c:6b:c2:43:e7:10:a9:49:7e:
88:a7:98:41:44:e6:3d:76:8f:ed:de:92:89:87:79:58:eb:ff:
41:54:73:4f:6e:57:1e:c5:0a:36:52:e2:8d:49:a7:d9:26:12:
5a:20:5d:ca:48:8c:d5:84:59:0c:e6:dc:d4:66:ed:cb:46:bf:
a2:05:e8:a2:0e:76:3b:49:ac:e2:bd:01:d6:54:ab:a8:8a:43:
90:11:16:fb:8f:62:00:45:06:40:55:b4:73:9c:b0:7e:76:4b:
cc:69:e1:ab:8c:3c:23:4c:39:bc:9a:a5:5f:2d:da:28:59:3f:
cb:8e:94:ec:22:0e:b0:7f:86:21:7a:2d:8d:5b:03:7e:38:6f:
fb:a6:1e:bd:d2:4a:73:c3:c0:1c:88:26:3a:63:c9:23:97:4c:
d4:8b:f2:c1:13:b6:72:24:af:cd:fb:4e:c6:1e:6c:11:ff:a7:
84:fb:dc:fa:dc:00:83:17:5b:a9:ad:ee:36:09:cc:9d:81:db:
7b:ce:ee:79:99:2a:51:72:f0:26:5d:ac:c9:74:9b:cd:c5:9c:
33:09:b2:27
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUVYDoN2vUAE+geeGtP2WL+kYQGDMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNjA1MDIwMTMwMjZaFw0yNjA3MzEyMzU5NTlaMHoxSTBHBgNV
BAUTQGM2NjY5Njg0MDU4NmUwMzY3ZmFkYjc0NDljNDBiYzQ5MTA3MTRmZmZjNDI0
MzNhNTNiNzVkODkxNTBkYTJhZmMxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAK6PGFeVG4/6HiL2ZLwkHBevC9pSPEZcOGERL7p2E6R5YVHtF1/KxvVUqJvO
xBNREw6c7MVgulp+35TXv22xRb2ajOOEXuL9Dc79pqdl4IH2+QzK30b3KRSbV+qQ
AjSU136OGaUw6Uy3zBuRANnoGbrR1/BfO+6hb/OD21rtV1LcQ4R35uY1m9OxRkkh
VZlzpQzvPNpZ158JSe5pGjqVJGLjK+Yjk5zRfFC4KMNiMDFYaF3AAkW41yc54FTF
VLoIY0czsHAkX5A1spNcOA9zZDQ4UFN5InUt/c2+InO3U0uH5RJxevmckz+ggRNA
lKZLBf3IvJ0eoefJj7Qfhm5JsU0CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBQnTgBp
hVOsBvPgLh9LGkeSmUFDQzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
YmU0M2RkMzktNTU4ZC00YTQ0LTljZWQtMDA0NjFmMWQ0YzQyLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0Gog
MA0GCSqGSIb3DQEBCwUAA4IBAQDI6JadelQoP1MSaHTE+VSHwDlUvvpELbLj8WK+
ceTlzK10K1+q1n6ipL/mgFKMa8JD5xCpSX6Ip5hBROY9do/t3pKJh3lY6/9BVHNP
blcexQo2UuKNSafZJhJaIF3KSIzVhFkM5tzUZu3LRr+iBeiiDnY7SazivQHWVKuo
ikOQERb7j2IARQZAVbRznLB+dkvMaeGrjDwjTDm8mqVfLdooWT/LjpTsIg6wf4Yh
ei2NWwN+OG/7ph690kpzw8AciCY6Y8kjl0zUi/LBE7ZyJK/N+07GHmwR/6eE+9z6
3ACDF1upre42Ccydgdt7zu55mSpRcvAmXazJdJvNxZwzCbIn
-----END CERTIFICATE-----
Generated at Tue May 12 23:14:49 2026 by rpki-client