Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/dba2c5ec-b39c-4ba8-b607-71348e3be0c8.roa
File: dba2c5ec-b39c-4ba8-b607-71348e3be0c8.roa (raw, json)
Hash identifier: gg42ZulrhzWwyOVdzBng6UH0jWKaWvy+TxwXPH7ZJ00=
Subject key identifier: BB:87:E4:C8:A3:9D:B3:FF:26:7F:35:A4:FC:AF:74:11:21:BC:94:2B
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 67C0CC80AF8C76654F4B7F03171D1222710B6358
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/dba2c5ec-b39c-4ba8-b607-71348e3be0c8.roa
Signing time: Mon 27 Apr 2026 00:30:13 +0000
ROA not before: Mon 27 Apr 2026 00:30:13 +0000
ROA not after: Sun 26 Jul 2026 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d034:6080::/46 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 29 Apr 2026 14:21:59 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
67:c0:cc:80:af:8c:76:65:4f:4b:7f:03:17:1d:12:22:71:0b:63:58
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Apr 27 00:30:13 2026 GMT
Not After : Jul 26 23:59:59 2026 GMT
Subject: serialNumber=3adb78871b5b4169a72d7652fd449e18951e4a60d9f4f41dd505e024ddd9257f, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e1:db:c3:1a:32:2d:1a:51:b6:1a:4a:57:9e:7c:
31:e0:98:1f:74:1f:0f:8e:2f:4b:21:21:52:14:2f:
62:25:0e:1d:c0:30:15:6a:a1:ff:bb:9c:3d:94:65:
57:71:ed:91:19:ae:ec:91:87:6f:48:39:b0:35:57:
2d:f5:45:ec:39:9c:ab:0e:5c:78:b3:c1:8a:ba:fd:
c2:1f:f1:2d:12:93:c7:cc:7e:1d:77:c2:b1:ef:cc:
16:19:3b:e7:4a:af:a0:f6:6e:a5:db:01:8d:2e:3e:
d2:81:54:cc:ac:ca:f3:54:43:94:c7:51:8a:63:7c:
3a:4b:9f:23:0a:48:5b:00:89:6c:e3:41:32:55:96:
10:d6:3f:f6:8b:65:b7:a5:43:3d:d9:ea:4e:25:44:
36:7f:3d:15:bb:9e:69:14:48:53:81:b2:6a:6c:2f:
b8:ef:8f:44:d2:b0:50:d8:73:12:7b:fa:b5:9f:84:
20:04:ea:8f:e9:b8:41:c7:d9:46:63:57:48:7f:a6:
0f:0a:5a:1c:6a:00:0d:c1:07:6e:c6:df:ab:2f:f1:
c4:de:a0:79:21:d1:05:dc:5c:16:1a:b8:28:e6:69:
4d:83:0e:9f:1e:d6:a6:98:9a:4a:0d:69:65:a9:46:
19:06:79:c5:92:1f:6a:d3:4b:91:24:96:58:ad:b0:
2d:fd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BB:87:E4:C8:A3:9D:B3:FF:26:7F:35:A4:FC:AF:74:11:21:BC:94:2B
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/dba2c5ec-b39c-4ba8-b607-71348e3be0c8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d034:6080::/46
Signature Algorithm: sha256WithRSAEncryption
5f:2b:bc:be:ee:de:49:be:aa:9e:10:97:6f:0a:3c:5b:49:23:
66:e7:ea:8b:db:dd:bf:9f:0f:95:77:3d:a6:3f:2a:8b:93:1f:
bc:2c:b5:72:52:a7:f8:f6:13:3a:ec:c3:4a:4d:0c:47:f0:a5:
44:87:ff:c2:90:93:9b:9c:52:4e:3c:f6:e8:1f:eb:e0:d3:47:
e4:9e:de:d1:82:f3:a7:ee:32:b4:cf:20:be:ce:b9:88:6a:00:
1d:95:f6:dd:fe:6a:8f:3e:5a:7b:b3:0e:da:e1:7c:03:81:0b:
7c:71:6b:21:dc:24:7f:c1:0a:cf:d9:64:66:0a:23:8a:9a:b7:
05:15:1a:ea:e4:d3:6a:d3:23:1a:fb:21:e3:9a:fe:da:cd:56:
3a:c1:78:79:73:74:cb:e1:05:39:7d:ee:a6:a6:ba:69:c9:e5:
d2:c7:6b:ed:74:40:99:29:d1:90:c3:e9:6e:ee:68:3a:b4:0d:
8b:8f:11:1a:30:31:5b:4d:f3:53:df:e1:cf:e4:17:32:f3:3c:
4a:f4:8e:f2:ed:9d:24:09:0d:54:7e:99:63:24:0e:a4:63:fa:
94:2d:0d:8d:99:23:0b:96:18:bb:0f:24:73:f6:b2:22:e0:e8:
13:c7:ba:95:9a:15:5e:ac:17:08:ec:ab:63:d1:72:53:3a:c0:
93:1d:96:75
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUZ8DMgK+MdmVPS38DFx0SInELY1gwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNjA0MjcwMDMwMTNaFw0yNjA3MjYyMzU5NTlaMHoxSTBHBgNV
BAUTQDNhZGI3ODg3MWI1YjQxNjlhNzJkNzY1MmZkNDQ5ZTE4OTUxZTRhNjBkOWY0
ZjQxZGQ1MDVlMDI0ZGRkOTI1N2YxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAOHbwxoyLRpRthpKV558MeCYH3QfD44vSyEhUhQvYiUOHcAwFWqh/7ucPZRl
V3HtkRmu7JGHb0g5sDVXLfVF7Dmcqw5ceLPBirr9wh/xLRKTx8x+HXfCse/MFhk7
50qvoPZupdsBjS4+0oFUzKzK81RDlMdRimN8OkufIwpIWwCJbONBMlWWENY/9otl
t6VDPdnqTiVENn89FbueaRRIU4GyamwvuO+PRNKwUNhzEnv6tZ+EIATqj+m4QcfZ
RmNXSH+mDwpaHGoADcEHbsbfqy/xxN6geSHRBdxcFhq4KOZpTYMOnx7WppiaSg1p
ZalGGQZ5xZIfatNLkSSWWK2wLf0CAwEAAaOCAiQwggIgMB0GA1UdDgQWBBS7h+TI
o52z/yZ/NaT8r3QRIbyUKzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
ZGJhMmM1ZWMtYjM5Yy00YmE4LWI2MDctNzEzNDhlM2JlMGM4LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHAioF0DRg
gDANBgkqhkiG9w0BAQsFAAOCAQEAXyu8vu7eSb6qnhCXbwo8W0kjZufqi9vdv58P
lXc9pj8qi5MfvCy1clKn+PYTOuzDSk0MR/ClRIf/wpCTm5xSTjz26B/r4NNH5J7e
0YLzp+4ytM8gvs65iGoAHZX23f5qjz5ae7MO2uF8A4ELfHFrIdwkf8EKz9lkZgoj
ipq3BRUa6uTTatMjGvsh45r+2s1WOsF4eXN0y+EFOX3upqa6acnl0sdr7XRAmSnR
kMPpbu5oOrQNi48RGjAxW03zU9/hz+QXMvM8SvSO8u2dJAkNVH6ZYyQOpGP6lC0N
jZkjC5YYuw8kc/ayIuDoE8e6lZoVXqwXCOyrY9FyUzrAkx2WdQ==
-----END CERTIFICATE-----
Generated at Tue Apr 28 19:33:41 2026 by rpki-client