Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/04593af5-4653-4d6a-8bb5-65270db84a4f.roa
File: 04593af5-4653-4d6a-8bb5-65270db84a4f.roa (raw, json)
Hash identifier: qKKIz7+hOPFuG0QOB1tWA5cLvwpf1+URdbx5xO1wotg=
Subject key identifier: B3:97:B4:6A:30:B0:E2:8C:3B:31:99:F4:EA:19:F4:2B:8E:22:8E:64
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 51C2E9545595F4D7917571CEF1B55465EAF1A863
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/04593af5-4653-4d6a-8bb5-65270db84a4f.roa
Signing time: Tue 21 Oct 2025 14:20:42 +0000
ROA not before: Tue 21 Oct 2025 14:20:42 +0000
ROA not after: Tue 25 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d02d::/36 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 29 Oct 2025 00:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
51:c2:e9:54:55:95:f4:d7:91:75:71:ce:f1:b5:54:65:ea:f1:a8:63
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Oct 21 14:20:42 2025 GMT
Not After : Nov 25 23:59:59 2025 GMT
Subject: serialNumber=dd3f89a508cedb8b1274d820d55c27dfa015b5dc1864319ecd5d9f12d8156e86, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9e:fb:5e:6b:2f:f3:ce:9c:46:5b:a3:43:0c:d8:
f8:f3:fc:56:79:40:50:1f:49:a7:69:00:8a:6a:3c:
69:52:c4:45:8e:21:a9:1c:5b:fa:d6:60:64:0a:4b:
d5:d7:d4:d9:20:91:c1:21:d8:e8:ec:5b:16:91:16:
55:99:44:76:01:3e:14:ad:f1:a6:8e:7c:cc:73:ad:
12:5e:f3:8b:f6:5b:cb:b1:15:91:9e:bd:80:94:68:
7f:aa:f7:1b:65:31:fb:81:b1:f2:5d:7d:16:bb:80:
7f:64:0a:2a:a9:88:20:97:a5:db:b2:59:e1:de:75:
16:1f:66:e1:8a:97:c6:59:4e:d3:6f:77:19:f0:b7:
a5:bf:1d:70:07:73:4d:91:af:9b:dc:f0:2a:fe:c6:
d3:7b:dd:bc:ed:a3:85:15:1a:0b:05:9c:c0:58:2c:
98:65:bf:62:0b:01:b3:a3:94:f1:3e:8a:31:01:3e:
98:a0:dc:89:d9:97:f5:83:9b:86:06:5b:c3:34:a4:
b6:89:37:cc:8c:db:37:ea:af:32:a0:a8:bc:31:13:
58:10:71:32:f2:d8:c4:e1:41:c9:58:3e:42:3e:0b:
ab:a1:71:5f:db:ed:dd:5e:24:56:f0:b2:81:55:c8:
ab:cb:7d:34:3c:c0:a5:71:46:f3:d9:ea:8c:e3:b2:
c6:51
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B3:97:B4:6A:30:B0:E2:8C:3B:31:99:F4:EA:19:F4:2B:8E:22:8E:64
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/04593af5-4653-4d6a-8bb5-65270db84a4f.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d02d::/36
Signature Algorithm: sha256WithRSAEncryption
56:d3:3e:22:35:d6:3a:81:c0:d2:80:0d:e6:af:79:d4:57:77:
0b:2a:08:05:43:a4:80:84:75:fa:23:d7:34:da:f1:d1:63:01:
1e:76:eb:d0:56:79:12:8a:d8:fc:08:7a:83:3b:2c:e9:f4:29:
88:3c:e2:2f:18:1d:46:5e:9a:af:e5:b2:ca:5a:6a:26:ad:5a:
fc:b8:55:ba:53:26:45:56:72:18:c8:a9:3c:92:6b:1b:0b:59:
1f:38:e3:ac:93:0b:92:1d:bc:53:4d:9d:42:f1:fc:9d:58:5f:
2b:b5:93:7c:3e:c4:50:09:85:df:cc:b1:dc:10:83:be:94:57:
9b:8a:c8:87:c1:48:a4:5d:93:ca:2a:8a:ec:39:0b:c8:c0:45:
5d:ee:8e:33:c2:f0:6d:43:20:a4:4c:7b:e0:d3:ae:56:86:6f:
48:67:02:35:b1:e9:86:d3:cd:7b:2c:19:8f:a2:7a:ac:6c:13:
40:34:da:f9:71:14:3e:d8:af:23:b3:46:88:0e:09:f6:50:b3:
ec:bf:fc:ef:d8:98:63:bf:c1:65:a9:a5:7f:04:b9:bc:f6:66:
08:f3:00:36:1b:06:8d:f4:63:75:95:50:09:e8:4f:a9:8a:bf:
ca:41:4a:07:6e:7e:dc:9c:80:dd:f6:62:d4:99:ff:0d:ee:00:
4f:bb:b5:5c
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUUcLpVFWV9NeRdXHO8bVUZerxqGMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMjExNDIwNDJaFw0yNTExMjUyMzU5NTlaMHoxSTBHBgNV
BAUTQGRkM2Y4OWE1MDhjZWRiOGIxMjc0ZDgyMGQ1NWMyN2RmYTAxNWI1ZGMxODY0
MzE5ZWNkNWQ5ZjEyZDgxNTZlODYxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJ77Xmsv886cRlujQwzY+PP8VnlAUB9Jp2kAimo8aVLERY4hqRxb+tZgZApL
1dfU2SCRwSHY6OxbFpEWVZlEdgE+FK3xpo58zHOtEl7zi/Zby7EVkZ69gJRof6r3
G2Ux+4Gx8l19FruAf2QKKqmIIJel27JZ4d51Fh9m4YqXxllO0293GfC3pb8dcAdz
TZGvm9zwKv7G03vdvO2jhRUaCwWcwFgsmGW/YgsBs6OU8T6KMQE+mKDcidmX9YOb
hgZbwzSktok3zIzbN+qvMqCovDETWBBxMvLYxOFByVg+Qj4Lq6FxX9vt3V4kVvCy
gVXIq8t9NDzApXFG89nqjOOyxlECAwEAAaOCAiMwggIfMB0GA1UdDgQWBBSzl7Rq
MLDijDsxmfTqGfQrjiKOZDAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MDQ1OTNhZjUtNDY1My00ZDZhLThiYjUtNjUyNzBkYjg0YTRmLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGBCoF0C0A
MA0GCSqGSIb3DQEBCwUAA4IBAQBW0z4iNdY6gcDSgA3mr3nUV3cLKggFQ6SAhHX6
I9c02vHRYwEeduvQVnkSitj8CHqDOyzp9CmIPOIvGB1GXpqv5bLKWmomrVr8uFW6
UyZFVnIYyKk8kmsbC1kfOOOskwuSHbxTTZ1C8fydWF8rtZN8PsRQCYXfzLHcEIO+
lFebisiHwUikXZPKKorsOQvIwEVd7o4zwvBtQyCkTHvg065Whm9IZwI1semG0817
LBmPonqsbBNANNr5cRQ+2K8js0aIDgn2ULPsv/zv2Jhjv8FlqaV/BLm89mYI8wA2
GwaN9GN1lVAJ6E+pir/KQUoHbn7cnIDd9mLUmf8N7gBPu7Vc
-----END CERTIFICATE-----
Generated at Tue Oct 28 04:15:13 2025 by rpki-client