Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/fc452689-b0a6-4816-a48a-8c8854d225f8.roa
File: fc452689-b0a6-4816-a48a-8c8854d225f8.roa (raw, json)
Hash identifier: HdoFN7dLRLPQUqnXFSn6R74Ej/l1fbyixlHuKOL0XYE=
Subject key identifier: D8:61:5C:65:D0:60:32:03:E7:8D:E1:E9:0D:FE:61:34:DA:74:26:E3
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 259A4FA3593FF499B02F318EBFDBB95093396762
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/fc452689-b0a6-4816-a48a-8c8854d225f8.roa
Signing time: Fri 08 May 2026 03:21:11 +0000
ROA not before: Fri 08 May 2026 03:21:11 +0000
ROA not after: Thu 06 Aug 2026 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d074:c000::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 13 May 2026 14:18:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
25:9a:4f:a3:59:3f:f4:99:b0:2f:31:8e:bf:db:b9:50:93:39:67:62
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: May 8 03:21:11 2026 GMT
Not After : Aug 6 23:59:59 2026 GMT
Subject: serialNumber=74f83eb48fffa6e1950bdc0e6e584195ac74fdb2f95d6546e7ed686b61b7ad1e, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b4:81:2f:72:ee:09:02:35:99:21:47:d1:ea:f8:
90:b6:01:d7:59:4b:a9:9d:04:5a:23:41:03:dc:8d:
c1:e8:76:ba:49:5c:1c:ed:cc:83:70:bb:da:95:72:
4e:d2:1d:6d:52:e7:ff:90:5d:b1:63:39:bd:df:62:
a5:34:b2:36:3d:6e:eb:59:10:70:26:1b:72:72:d6:
dc:bd:fc:cf:10:b5:03:e7:ce:42:70:9a:ec:46:6f:
e5:35:43:e3:27:4d:ec:5a:c2:14:24:aa:3b:d7:17:
00:6c:5d:ef:50:8c:6d:65:7c:85:82:ac:98:97:3a:
61:fc:61:dd:89:87:b0:ee:b0:09:36:1d:c1:93:6a:
04:80:89:cc:f1:ba:63:34:c4:22:09:75:f9:2b:84:
1d:86:71:7a:5f:24:89:05:95:51:c9:c1:f7:af:82:
c1:e3:52:c7:13:11:e8:0c:b3:d8:4a:7f:fb:ff:cc:
b7:e0:a2:c0:93:93:f3:e8:03:8f:ea:de:0e:50:24:
2b:92:d9:c9:6b:a0:9d:ba:a9:94:50:f3:d4:73:54:
df:7d:33:3f:ea:de:a2:cb:a0:12:28:3b:1c:29:b5:
77:b9:1d:6e:ee:aa:27:75:12:bf:0d:7c:fe:a4:19:
44:db:65:c9:78:b8:ab:62:5a:91:e8:84:f8:96:0b:
47:c5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D8:61:5C:65:D0:60:32:03:E7:8D:E1:E9:0D:FE:61:34:DA:74:26:E3
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/fc452689-b0a6-4816-a48a-8c8854d225f8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d074:c000::/40
Signature Algorithm: sha256WithRSAEncryption
69:b4:0d:ac:da:8e:0f:b6:32:6c:e9:70:34:26:4b:a8:f5:78:
ed:fb:e8:d1:3b:f6:4c:71:db:38:28:6b:67:40:6a:71:b4:90:
99:a5:2d:55:85:a3:ed:4a:36:46:11:7a:a0:5c:a4:6d:24:26:
c8:34:33:a8:f5:c8:d8:65:43:88:5f:db:cb:d3:d5:09:c5:f3:
ed:3b:31:06:dc:f8:97:e5:30:57:e5:a8:fd:3e:ec:6c:d0:84:
86:85:de:8c:d7:d9:ef:99:f6:51:14:96:47:41:c2:8c:bb:57:
6e:89:b8:f3:ac:3b:de:ca:d2:32:8f:1b:e8:66:13:f4:40:fd:
16:62:c3:ee:c0:44:82:28:30:b2:b0:42:70:5c:9a:ab:07:08:
f7:06:4e:d1:43:36:8d:51:73:e5:7a:3f:74:cd:df:fd:29:e0:
44:9d:5e:16:ca:d7:d2:04:27:76:ba:f6:a5:3e:53:a0:ad:c7:
d5:e8:5e:2a:9e:be:c7:a1:7c:50:d9:ce:5b:db:3e:20:22:fb:
45:b0:a0:10:f8:e9:a9:6c:f9:8b:ec:cd:73:e3:31:0b:15:71:
e8:03:67:66:80:a8:c8:1b:9a:a7:8d:25:6c:89:6e:b8:e4:e1:
be:6d:39:96:50:6c:fa:1b:53:61:dd:7e:58:ea:6c:47:01:e7:
dd:32:07:e9
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUJZpPo1k/9JmwLzGOv9u5UJM5Z2IwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNjA1MDgwMzIxMTFaFw0yNjA4MDYyMzU5NTlaMHoxSTBHBgNV
BAUTQDc0ZjgzZWI0OGZmZmE2ZTE5NTBiZGMwZTZlNTg0MTk1YWM3NGZkYjJmOTVk
NjU0NmU3ZWQ2ODZiNjFiN2FkMWUxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALSBL3LuCQI1mSFH0er4kLYB11lLqZ0EWiNBA9yNweh2uklcHO3Mg3C72pVy
TtIdbVLn/5BdsWM5vd9ipTSyNj1u61kQcCYbcnLW3L38zxC1A+fOQnCa7EZv5TVD
4ydN7FrCFCSqO9cXAGxd71CMbWV8hYKsmJc6Yfxh3YmHsO6wCTYdwZNqBICJzPG6
YzTEIgl1+SuEHYZxel8kiQWVUcnB96+CweNSxxMR6Ayz2Ep/+//Mt+CiwJOT8+gD
j+reDlAkK5LZyWugnbqplFDz1HNU330zP+reosugEig7HCm1d7kdbu6qJ3USvw18
/qQZRNtlyXi4q2JakeiE+JYLR8UCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBTYYVxl
0GAyA+eN4ekN/mE02nQm4zAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
ZmM0NTI2ODktYjBhNi00ODE2LWE0OGEtOGM4ODU0ZDIyNWY4LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0HTA
MA0GCSqGSIb3DQEBCwUAA4IBAQBptA2s2o4PtjJs6XA0Jkuo9Xjt++jRO/ZMcds4
KGtnQGpxtJCZpS1VhaPtSjZGEXqgXKRtJCbINDOo9cjYZUOIX9vL09UJxfPtOzEG
3PiX5TBX5aj9Puxs0ISGhd6M19nvmfZRFJZHQcKMu1duibjzrDveytIyjxvoZhP0
QP0WYsPuwESCKDCysEJwXJqrBwj3Bk7RQzaNUXPlej90zd/9KeBEnV4WytfSBCd2
uvalPlOgrcfV6F4qnr7HoXxQ2c5b2z4gIvtFsKAQ+OmpbPmL7M1z4zELFXHoA2dm
gKjIG5qnjSVsiW645OG+bTmWUGz6G1Nh3X5Y6mxHAefdMgfp
-----END CERTIFICATE-----
Generated at Tue May 12 22:59:10 2026 by rpki-client