Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/0141b806-c012-49b3-a8da-73590b0cd2b5.roa
File: 0141b806-c012-49b3-a8da-73590b0cd2b5.roa (raw, json)
Hash identifier: 6s6SsNvCYuwmM1gxkvtlad+c6XBLCZO9O/0PJuypIJM=
Subject key identifier: 5A:1C:81:98:C8:F2:7A:B3:63:C4:ED:17:F3:48:C7:CF:99:25:8C:AB
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: BA399E903FDA74D8F88760695054E5CC9C8313
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/0141b806-c012-49b3-a8da-73590b0cd2b5.roa
Signing time: Tue 21 Oct 2025 14:00:38 +0000
ROA not before: Tue 21 Oct 2025 14:00:38 +0000
ROA not after: Tue 25 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d072:50c0::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 29 Oct 2025 00:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
ba:39:9e:90:3f:da:74:d8:f8:87:60:69:50:54:e5:cc:9c:83:13
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Oct 21 14:00:38 2025 GMT
Not After : Nov 25 23:59:59 2025 GMT
Subject: serialNumber=863547f1480185d8a837da6fc3edacec7aa930c9c60379bc3cabd0eafa715ac9, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:92:f8:a4:63:95:50:90:09:2a:71:0e:be:70:d5:
e9:7f:a1:10:74:ac:44:db:12:bf:9e:df:10:de:1e:
dd:b3:55:b1:78:d3:9d:de:9a:e3:3f:48:7f:f9:d8:
7a:a7:67:5c:35:4b:7f:8d:1a:c3:36:14:9e:e7:4f:
80:33:bf:61:45:a3:5f:c6:fe:d8:e9:3f:79:3e:88:
6e:d5:3c:65:32:32:f9:0d:19:c6:fd:fc:df:80:5e:
e9:6d:26:a9:1b:49:fe:02:f7:c0:6b:47:0b:d8:ae:
a9:9d:d3:a5:20:24:46:b4:8f:8f:3c:79:7a:da:72:
ef:0e:7b:8e:be:72:df:61:00:94:07:b6:3a:91:83:
0c:27:10:31:57:bd:89:3f:60:1d:dd:31:ae:2b:40:
c9:92:b8:f2:3d:69:78:47:fa:14:7a:70:b1:51:6a:
51:6b:40:91:26:04:da:49:cd:31:00:60:3d:d1:e1:
28:5c:1c:8f:14:b7:5f:4a:a7:23:20:b4:bd:1d:99:
c1:31:4d:35:00:2a:fb:50:65:ae:a2:b0:04:0e:29:
1f:d9:7d:e5:16:7a:2e:84:c9:a5:bd:79:71:d9:a5:
28:c3:bb:ef:c2:50:99:b1:a5:d4:b3:17:13:10:86:
ee:79:1b:bb:25:1a:40:ca:c3:c8:4a:c8:8a:ca:9e:
5f:f7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5A:1C:81:98:C8:F2:7A:B3:63:C4:ED:17:F3:48:C7:CF:99:25:8C:AB
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/0141b806-c012-49b3-a8da-73590b0cd2b5.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d072:50c0::/48
Signature Algorithm: sha256WithRSAEncryption
30:c8:ee:4b:23:64:6e:f8:a0:9b:04:c9:64:5b:fb:15:79:d0:
5f:dd:26:53:35:68:b9:5b:4b:72:c3:b9:92:22:cb:bb:09:0d:
b9:62:65:08:c8:f9:3a:39:32:0f:8b:fe:c5:67:56:52:13:35:
0b:79:92:6e:4d:96:d3:c4:d9:cc:03:2c:dd:da:b0:e3:09:32:
9c:c2:c4:96:10:9c:ea:8a:86:c6:87:0d:bc:f0:48:1e:07:d5:
59:08:20:01:ee:7e:aa:72:b4:03:e5:3b:21:74:de:9b:c0:84:
cc:12:c4:c2:8b:c1:22:05:0a:19:49:11:fa:c4:f2:94:54:4b:
61:d0:11:89:bc:d6:1b:af:56:0c:a6:98:4d:21:32:28:d0:c6:
f4:7c:dd:27:14:3b:73:23:13:c7:56:59:75:62:b2:56:32:02:
22:a6:19:4e:e7:45:28:83:71:f5:f4:50:18:61:89:06:b4:9f:
61:eb:6a:ca:f8:20:85:50:fc:be:89:35:bf:c0:ac:9e:24:4e:
f9:9a:2a:da:a3:51:9e:1e:4d:00:0e:c5:ea:2c:e5:e8:25:73:
d6:23:58:18:27:a1:8e:fe:d6:5f:bb:ee:f7:fd:24:f0:de:ea:
56:61:2f:8e:af:f3:d0:66:50:40:52:8d:13:a9:28:69:86:17:
37:93:ee:9d
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUALo5npA/2nTY+IdgaVBU5cycgxMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMjExNDAwMzhaFw0yNTExMjUyMzU5NTlaMHoxSTBHBgNV
BAUTQDg2MzU0N2YxNDgwMTg1ZDhhODM3ZGE2ZmMzZWRhY2VjN2FhOTMwYzljNjAz
NzliYzNjYWJkMGVhZmE3MTVhYzkxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJL4pGOVUJAJKnEOvnDV6X+hEHSsRNsSv57fEN4e3bNVsXjTnd6a4z9If/nY
eqdnXDVLf40awzYUnudPgDO/YUWjX8b+2Ok/eT6IbtU8ZTIy+Q0Zxv3834Be6W0m
qRtJ/gL3wGtHC9iuqZ3TpSAkRrSPjzx5etpy7w57jr5y32EAlAe2OpGDDCcQMVe9
iT9gHd0xritAyZK48j1peEf6FHpwsVFqUWtAkSYE2knNMQBgPdHhKFwcjxS3X0qn
IyC0vR2ZwTFNNQAq+1BlrqKwBA4pH9l95RZ6LoTJpb15cdmlKMO778JQmbGl1LMX
ExCG7nkbuyUaQMrDyErIisqeX/cCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBRaHIGY
yPJ6s2PE7RfzSMfPmSWMqzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MDE0MWI4MDYtYzAxMi00OWIzLWE4ZGEtNzM1OTBiMGNkMmI1LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0HJQ
wDANBgkqhkiG9w0BAQsFAAOCAQEAMMjuSyNkbvigmwTJZFv7FXnQX90mUzVouVtL
csO5kiLLuwkNuWJlCMj5OjkyD4v+xWdWUhM1C3mSbk2W08TZzAMs3dqw4wkynMLE
lhCc6oqGxocNvPBIHgfVWQggAe5+qnK0A+U7IXTem8CEzBLEwovBIgUKGUkR+sTy
lFRLYdARibzWG69WDKaYTSEyKNDG9HzdJxQ7cyMTx1ZZdWKyVjICIqYZTudFKINx
9fRQGGGJBrSfYetqyvgghVD8vok1v8CsniRO+Zoq2qNRnh5NAA7F6izl6CVz1iNY
GCehjv7WX7vu9/0k8N7qVmEvjq/z0GZQQFKNE6koaYYXN5PunQ==
-----END CERTIFICATE-----
Generated at Tue Oct 28 04:11:55 2025 by rpki-client