Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/09a66d07-54a4-4c26-8a49-e43710070e4d.roa
File: 09a66d07-54a4-4c26-8a49-e43710070e4d.roa (raw, json)
Hash identifier: pX9J6fXQfv1dbbnUo3mvmrC13fbeRmJFHI7RJ2/DIc8=
Subject key identifier: 08:74:C7:A1:FE:FC:0A:4D:D4:3A:3C:67:83:62:97:9A:10:0B:33:CA
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 27CB33EC85B461D8631020CE3A914AA0E049B3ED
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/09a66d07-54a4-4c26-8a49-e43710070e4d.roa
Signing time: Tue 21 Oct 2025 14:10:45 +0000
ROA not before: Tue 21 Oct 2025 14:10:45 +0000
ROA not after: Tue 25 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d07f:1080::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 29 Oct 2025 00:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
27:cb:33:ec:85:b4:61:d8:63:10:20:ce:3a:91:4a:a0:e0:49:b3:ed
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Oct 21 14:10:45 2025 GMT
Not After : Nov 25 23:59:59 2025 GMT
Subject: serialNumber=c02221d2a0fd0700d614906b0ac92e1c1f85e3ee436cb35c615aa8a662d41044, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a3:af:6e:07:c6:ce:13:be:b6:34:0d:47:c5:08:
b6:f9:4b:e1:5d:41:3e:15:03:76:58:af:ba:0c:82:
45:a4:67:2f:93:31:52:a7:ec:31:9c:de:45:2c:79:
99:ff:d4:81:42:d3:7b:84:1e:b1:d6:12:6a:40:15:
c8:38:d5:9e:21:a0:52:27:cb:c8:e2:da:0e:b4:07:
84:9b:fc:8a:cb:a4:f8:64:10:e7:fa:48:77:4a:32:
8a:af:b0:ca:04:9c:8d:a6:fe:b8:1e:ce:25:73:a3:
59:0e:37:7d:e0:50:48:d5:27:24:e9:68:4e:16:e4:
34:79:28:e9:aa:12:3a:15:56:0c:f1:cc:ae:2b:66:
be:3e:71:0e:77:d4:a3:99:6e:e5:15:67:b7:a2:80:
7e:4b:25:5e:a3:ba:68:6c:ee:9d:93:2f:22:4b:59:
04:fa:b7:9e:d9:e6:75:e8:60:9b:0e:e9:3b:d8:90:
7b:8a:7a:c1:02:70:c4:52:85:b2:20:33:61:da:2d:
62:20:68:a5:66:8e:c4:c9:04:a2:5c:ed:71:1c:b0:
71:19:96:92:ac:a5:29:34:d7:65:44:08:e3:b7:e2:
03:29:ba:5c:95:4d:3e:59:62:5f:d5:9e:6d:f2:3b:
78:47:7b:9f:a7:9c:d4:d1:ee:5f:20:c5:b4:cc:eb:
0a:17
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
08:74:C7:A1:FE:FC:0A:4D:D4:3A:3C:67:83:62:97:9A:10:0B:33:CA
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/09a66d07-54a4-4c26-8a49-e43710070e4d.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d07f:1080::/48
Signature Algorithm: sha256WithRSAEncryption
1d:c8:08:80:2c:94:44:b9:ef:05:9e:01:9d:48:ed:47:d0:e4:
ee:f3:ab:8f:72:0f:35:d8:c1:3e:52:83:06:3f:8a:b9:ab:66:
d8:62:36:8e:2c:8f:ee:ee:a3:74:00:dd:a1:f4:4c:3b:4d:2c:
f7:c2:35:98:16:9c:f2:93:cd:42:1b:ef:eb:5d:b6:dc:70:3a:
35:c6:fc:62:2a:b8:32:34:84:6c:e5:4b:81:9a:1e:b5:bf:7d:
b4:a5:b2:04:79:04:ee:fb:d0:f6:1f:ca:ed:2b:94:d1:47:6e:
28:2d:d3:98:0c:38:d3:ce:a6:ed:bd:98:a1:7e:70:2c:3c:ef:
d8:23:50:88:ea:36:54:4e:89:04:e2:91:e1:ab:f3:75:80:4e:
91:72:cf:a8:af:44:1e:54:2f:0e:b3:6f:66:f3:51:b1:04:23:
57:a8:24:67:8f:d1:0d:c4:76:2e:8e:f8:2e:83:35:8a:79:d4:
61:bd:0f:3a:29:c9:01:58:e3:8b:24:f4:60:7f:99:8b:2a:34:
94:6c:3c:2a:60:de:90:6c:74:a7:70:4f:27:9d:70:b7:27:e0:
2f:9d:1a:a8:3a:92:6c:b2:ee:d0:d2:fe:bf:89:d2:eb:6d:8d:
12:fb:dd:ae:29:c0:4e:9b:34:ba:79:20:be:11:34:90:c4:87:
18:23:b1:54
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUJ8sz7IW0YdhjECDOOpFKoOBJs+0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMjExNDEwNDVaFw0yNTExMjUyMzU5NTlaMHoxSTBHBgNV
BAUTQGMwMjIyMWQyYTBmZDA3MDBkNjE0OTA2YjBhYzkyZTFjMWY4NWUzZWU0MzZj
YjM1YzYxNWFhOGE2NjJkNDEwNDQxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKOvbgfGzhO+tjQNR8UItvlL4V1BPhUDdlivugyCRaRnL5MxUqfsMZzeRSx5
mf/UgULTe4QesdYSakAVyDjVniGgUifLyOLaDrQHhJv8isuk+GQQ5/pId0oyiq+w
ygScjab+uB7OJXOjWQ43feBQSNUnJOloThbkNHko6aoSOhVWDPHMritmvj5xDnfU
o5lu5RVnt6KAfkslXqO6aGzunZMvIktZBPq3ntnmdehgmw7pO9iQe4p6wQJwxFKF
siAzYdotYiBopWaOxMkEolztcRywcRmWkqylKTTXZUQI47fiAym6XJVNPlliX9We
bfI7eEd7n6ec1NHuXyDFtMzrChcCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBQIdMeh
/vwKTdQ6PGeDYpeaEAszyjAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MDlhNjZkMDctNTRhNC00YzI2LThhNDktZTQzNzEwMDcwZTRkLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0H8Q
gDANBgkqhkiG9w0BAQsFAAOCAQEAHcgIgCyURLnvBZ4BnUjtR9Dk7vOrj3IPNdjB
PlKDBj+Kuatm2GI2jiyP7u6jdADdofRMO00s98I1mBac8pPNQhvv61223HA6Ncb8
Yiq4MjSEbOVLgZoetb99tKWyBHkE7vvQ9h/K7SuU0UduKC3TmAw4086m7b2YoX5w
LDzv2CNQiOo2VE6JBOKR4avzdYBOkXLPqK9EHlQvDrNvZvNRsQQjV6gkZ4/RDcR2
Lo74LoM1innUYb0POinJAVjjiyT0YH+Ziyo0lGw8KmDekGx0p3BPJ51wtyfgL50a
qDqSbLLu0NL+v4nS622NEvvdrinATps0unkgvhE0kMSHGCOxVA==
-----END CERTIFICATE-----
Generated at Tue Oct 28 04:12:01 2025 by rpki-client