Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/bf0cf493-d65d-4886-a341-bcbb40fbf10b.roa
File: bf0cf493-d65d-4886-a341-bcbb40fbf10b.roa (raw, json)
Hash identifier: pvZsaVAE4bNy8LcIrS8blFtv/5H8tBk3pigOcSS4n9g=
Subject key identifier: CE:A0:A1:46:46:A9:10:F3:FD:A6:3B:C1:6B:39:3E:6F:CB:6D:11:81
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 6324B745E017F6D600064B4ADD6C7275E2990297
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/bf0cf493-d65d-4886-a341-bcbb40fbf10b.roa
Signing time: Mon 11 May 2026 01:40:08 +0000
ROA not before: Mon 11 May 2026 01:40:08 +0000
ROA not after: Sun 09 Aug 2026 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d074:4000::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 13 May 2026 14:18:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
63:24:b7:45:e0:17:f6:d6:00:06:4b:4a:dd:6c:72:75:e2:99:02:97
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: May 11 01:40:08 2026 GMT
Not After : Aug 9 23:59:59 2026 GMT
Subject: serialNumber=f62f7c62a44101791093b0543eca6985d24e89890dfed5192b90b241a73318ba, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b2:b2:7a:01:3c:c4:f3:e4:f5:52:4c:65:63:50:
c3:d9:16:64:40:00:ee:ef:f7:43:cd:3c:6a:80:87:
b9:73:a1:41:8f:68:f0:ae:86:cf:73:af:a5:58:64:
42:b7:ae:21:d3:cd:b3:b3:87:1c:63:e1:9f:ed:4a:
67:6b:d4:73:a0:80:ab:28:d4:30:d2:a5:3d:00:c8:
44:fb:81:12:65:ee:f6:c4:33:d6:52:73:a0:96:38:
72:96:7f:4a:d1:f6:09:bc:46:08:6b:1f:fd:85:7d:
fe:7a:72:18:c9:66:17:cc:44:81:55:7c:e5:63:9e:
6f:f5:e3:4e:9c:8b:a9:1f:7c:52:ed:d3:c9:b5:51:
ef:32:a7:e6:bc:32:b0:f6:c8:64:3f:eb:d6:93:fe:
7c:26:25:65:f5:87:41:11:85:15:96:ce:07:14:40:
9e:8f:91:36:a4:e3:45:89:64:d7:93:fb:0a:b4:56:
c6:13:11:7f:9c:9a:f8:72:44:b6:98:ce:b9:0d:21:
e9:cb:17:ca:1b:68:29:d4:6a:2a:25:a6:c9:87:bb:
71:d5:b7:33:4a:08:71:1a:95:be:f6:1d:6e:f2:e9:
b2:e1:4f:d9:c2:b6:f2:b6:ab:41:b0:70:01:6e:eb:
0a:4c:10:5f:ec:69:76:52:fe:f2:23:b5:49:cc:91:
0c:d7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CE:A0:A1:46:46:A9:10:F3:FD:A6:3B:C1:6B:39:3E:6F:CB:6D:11:81
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/bf0cf493-d65d-4886-a341-bcbb40fbf10b.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d074:4000::/40
Signature Algorithm: sha256WithRSAEncryption
10:ad:0b:8b:ef:a8:2c:2b:85:f8:fb:01:35:fd:39:47:b5:c4:
e5:56:28:f3:28:25:d5:fc:d7:5c:a3:33:1c:16:9b:e6:97:40:
3d:14:b5:be:eb:fa:33:f6:c5:30:63:3e:95:88:ee:dd:f3:eb:
4c:26:1a:51:11:09:24:1d:c7:bd:d5:45:e9:f6:ff:ba:ef:c4:
11:f7:55:69:76:96:2a:f0:8e:c9:aa:ea:01:ed:33:24:f3:b2:
de:78:63:63:20:60:0b:5c:b6:aa:9b:b1:8f:3c:45:28:59:23:
a7:1c:ec:f9:d3:87:f6:1c:72:f4:d1:0f:c7:cd:d9:2f:42:8e:
6c:22:bd:93:2c:d7:43:21:2d:56:46:ea:12:6b:16:91:9d:90:
aa:ba:a2:d4:44:df:ac:98:3b:b9:d8:c6:aa:d5:76:c8:67:ce:
48:74:e7:35:b7:16:47:5e:e6:98:f9:28:27:fb:45:4f:47:a8:
16:b3:c8:7d:da:f2:f0:7b:d6:14:c1:ef:23:3c:b9:66:f4:5a:
15:73:eb:6f:dd:bc:fe:29:04:ef:5a:d4:4c:ec:ca:6b:f4:64:
92:ac:0c:66:e5:f1:6c:f9:87:87:51:1d:2a:d3:87:dc:9a:04:
ed:e9:fb:db:8c:6a:93:9e:90:59:6d:de:64:6c:4c:05:e2:92:
f2:a8:0a:a6
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUYyS3ReAX9tYABktK3WxydeKZApcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNjA1MTEwMTQwMDhaFw0yNjA4MDkyMzU5NTlaMHoxSTBHBgNV
BAUTQGY2MmY3YzYyYTQ0MTAxNzkxMDkzYjA1NDNlY2E2OTg1ZDI0ZTg5ODkwZGZl
ZDUxOTJiOTBiMjQxYTczMzE4YmExLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALKyegE8xPPk9VJMZWNQw9kWZEAA7u/3Q808aoCHuXOhQY9o8K6Gz3OvpVhk
QreuIdPNs7OHHGPhn+1KZ2vUc6CAqyjUMNKlPQDIRPuBEmXu9sQz1lJzoJY4cpZ/
StH2CbxGCGsf/YV9/npyGMlmF8xEgVV85WOeb/XjTpyLqR98Uu3TybVR7zKn5rwy
sPbIZD/r1pP+fCYlZfWHQRGFFZbOBxRAno+RNqTjRYlk15P7CrRWxhMRf5ya+HJE
tpjOuQ0h6csXyhtoKdRqKiWmyYe7cdW3M0oIcRqVvvYdbvLpsuFP2cK28rarQbBw
AW7rCkwQX+xpdlL+8iO1ScyRDNcCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBTOoKFG
RqkQ8/2mO8FrOT5vy20RgTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
YmYwY2Y0OTMtZDY1ZC00ODg2LWEzNDEtYmNiYjQwZmJmMTBiLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0HRA
MA0GCSqGSIb3DQEBCwUAA4IBAQAQrQuL76gsK4X4+wE1/TlHtcTlVijzKCXV/Ndc
ozMcFpvml0A9FLW+6/oz9sUwYz6ViO7d8+tMJhpREQkkHce91UXp9v+678QR91Vp
dpYq8I7JquoB7TMk87LeeGNjIGALXLaqm7GPPEUoWSOnHOz504f2HHL00Q/Hzdkv
Qo5sIr2TLNdDIS1WRuoSaxaRnZCquqLURN+smDu52Maq1XbIZ85IdOc1txZHXuaY
+Sgn+0VPR6gWs8h92vLwe9YUwe8jPLlm9FoVc+tv3bz+KQTvWtRM7Mpr9GSSrAxm
5fFs+YeHUR0q04fcmgTt6fvbjGqTnpBZbd5kbEwF4pLyqAqm
-----END CERTIFICATE-----
Generated at Tue May 12 23:13:41 2026 by rpki-client