Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/bad6d47b-d932-44b6-8939-bd8993b444d2.roa
File: bad6d47b-d932-44b6-8939-bd8993b444d2.roa (raw, json)
Hash identifier: BDp/nXrzGtl8/XSX9zGf3pijHjRZibjxFevsdVgy8dk=
Subject key identifier: 74:9E:BA:B7:8C:5B:C1:86:29:BD:32:D8:48:A5:A6:1A:91:71:CB:E4
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 71841776A03923A66B70F98196303E6E860B4F5C
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/bad6d47b-d932-44b6-8939-bd8993b444d2.roa
Signing time: Mon 27 Apr 2026 00:40:05 +0000
ROA not before: Mon 27 Apr 2026 00:40:05 +0000
ROA not after: Sun 26 Jul 2026 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d034:80c0::/46 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 29 Apr 2026 14:21:59 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
71:84:17:76:a0:39:23:a6:6b:70:f9:81:96:30:3e:6e:86:0b:4f:5c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Apr 27 00:40:05 2026 GMT
Not After : Jul 26 23:59:59 2026 GMT
Subject: serialNumber=045b39f257186e2b1bd651a7f1df06d88845713058c4402cc759d56ca87b5fc3, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c3:54:73:d6:2f:dc:fa:70:06:dc:95:7d:94:be:
8f:20:e4:8c:a8:81:7a:db:af:e4:a3:9f:3c:d8:de:
4d:73:4b:db:d0:d0:06:2a:f3:51:90:b6:67:f3:71:
cf:8a:c7:45:6b:a4:02:12:ed:2e:af:33:34:4f:fb:
0e:8b:fc:4f:74:03:a6:9e:47:11:6c:56:ec:ae:4a:
ad:60:1b:fc:67:21:5f:77:21:d9:cb:b2:55:92:86:
3e:5d:3e:56:e0:66:8a:07:11:48:25:c0:bb:97:b4:
d2:48:fd:b6:6f:cb:86:61:61:38:b9:57:38:74:3d:
c6:19:e0:1e:b1:ce:71:86:ca:b7:cf:00:3c:0e:19:
d1:2c:bd:14:ff:9e:c5:fd:73:c1:38:b6:b6:c8:b5:
f2:f8:3a:2e:29:43:e5:11:7c:af:eb:69:16:67:0e:
b2:32:70:4a:a7:3f:6e:ec:4e:34:f8:18:b1:16:83:
b9:bb:ec:64:72:0e:d0:bc:98:39:d6:43:68:19:06:
64:10:02:43:45:61:03:f4:35:8c:f8:a5:f5:ad:5b:
d1:5e:c3:c3:02:00:04:5f:e4:17:46:e4:ba:cb:8e:
bf:a8:37:77:59:bb:9c:c3:5e:80:5e:f9:36:f7:73:
a5:cb:db:9c:45:fb:60:f2:32:4e:75:0c:dc:62:c7:
0b:f5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
74:9E:BA:B7:8C:5B:C1:86:29:BD:32:D8:48:A5:A6:1A:91:71:CB:E4
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/bad6d47b-d932-44b6-8939-bd8993b444d2.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d034:80c0::/46
Signature Algorithm: sha256WithRSAEncryption
5b:6b:e3:d7:eb:b6:c3:fe:78:ac:5b:8a:c3:61:a6:d8:75:ea:
50:f6:57:79:95:4d:f0:11:43:c7:a2:58:87:65:d5:bb:8e:d7:
b9:61:c4:a3:a9:70:1e:88:32:01:92:ae:be:52:fc:0c:cd:a8:
3f:f5:ca:0e:65:75:bb:3d:22:e0:db:f4:bc:f8:7e:b6:27:62:
da:22:00:2f:2a:ed:f7:d7:76:40:ca:fa:c2:f9:f2:a2:24:82:
6f:6c:ff:a0:22:27:d7:07:71:56:d4:2a:da:09:97:ea:fe:0e:
27:a8:1a:a0:c4:6f:06:b2:fb:99:5a:8f:bf:d5:27:92:65:db:
eb:90:cd:4b:cc:71:c9:1c:9a:6b:85:ae:b0:de:dd:0a:29:0d:
d8:a9:b1:08:d1:00:0e:0f:80:f4:b3:67:6a:b7:30:60:3b:f4:
e0:02:0f:22:dd:3b:ae:de:18:ec:59:06:16:62:17:f5:80:b3:
22:04:c8:65:94:e0:50:fd:ca:b0:3d:e4:92:40:a4:b3:25:55:
97:71:40:8a:75:d1:af:4d:18:39:4a:9a:fc:09:18:2a:76:71:
ae:c3:c7:e7:a3:ba:78:22:92:5c:a7:28:4e:b4:18:85:36:a3:
5f:cd:3d:72:98:10:b6:70:a7:25:ca:fc:a1:f7:28:6c:d4:89:
48:84:9c:45
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUcYQXdqA5I6ZrcPmBljA+boYLT1wwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNjA0MjcwMDQwMDVaFw0yNjA3MjYyMzU5NTlaMHoxSTBHBgNV
BAUTQDA0NWIzOWYyNTcxODZlMmIxYmQ2NTFhN2YxZGYwNmQ4ODg0NTcxMzA1OGM0
NDAyY2M3NTlkNTZjYTg3YjVmYzMxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMNUc9Yv3PpwBtyVfZS+jyDkjKiBetuv5KOfPNjeTXNL29DQBirzUZC2Z/Nx
z4rHRWukAhLtLq8zNE/7Dov8T3QDpp5HEWxW7K5KrWAb/GchX3ch2cuyVZKGPl0+
VuBmigcRSCXAu5e00kj9tm/LhmFhOLlXOHQ9xhngHrHOcYbKt88APA4Z0Sy9FP+e
xf1zwTi2tsi18vg6LilD5RF8r+tpFmcOsjJwSqc/buxONPgYsRaDubvsZHIO0LyY
OdZDaBkGZBACQ0VhA/Q1jPil9a1b0V7DwwIABF/kF0bkusuOv6g3d1m7nMNegF75
NvdzpcvbnEX7YPIyTnUM3GLHC/UCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBR0nrq3
jFvBhim9MthIpaYakXHL5DAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
YmFkNmQ0N2ItZDkzMi00NGI2LTg5MzktYmQ4OTkzYjQ0NGQyLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHAioF0DSA
wDANBgkqhkiG9w0BAQsFAAOCAQEAW2vj1+u2w/54rFuKw2Gm2HXqUPZXeZVN8BFD
x6JYh2XVu47XuWHEo6lwHogyAZKuvlL8DM2oP/XKDmV1uz0i4Nv0vPh+tidi2iIA
Lyrt99d2QMr6wvnyoiSCb2z/oCIn1wdxVtQq2gmX6v4OJ6gaoMRvBrL7mVqPv9Un
kmXb65DNS8xxyRyaa4WusN7dCikN2KmxCNEADg+A9LNnarcwYDv04AIPIt07rt4Y
7FkGFmIX9YCzIgTIZZTgUP3KsD3kkkCksyVVl3FAinXRr00YOUqa/AkYKnZxrsPH
56O6eCKSXKcoTrQYhTajX809cpgQtnCnJcr8ofcobNSJSIScRQ==
-----END CERTIFICATE-----
Generated at Tue Apr 28 19:33:59 2026 by rpki-client