Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/0b28278f-4fad-45f4-a194-c2e785f1c443.roa
File: 0b28278f-4fad-45f4-a194-c2e785f1c443.roa (raw, json)
Hash identifier: I7hXXJkK6Wl9ucF9rmMALETjG+2J7RoRIXO/SOX+cnk=
Subject key identifier: 2D:4A:D5:3C:FF:44:93:E8:9B:51:80:E5:52:0B:74:34:3C:0C:BB:2E
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 045502DA467DE9AF0F4CD5F6EEFBD22714D1D349
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/0b28278f-4fad-45f4-a194-c2e785f1c443.roa
Signing time: Tue 21 Oct 2025 12:30:10 +0000
ROA not before: Tue 21 Oct 2025 12:30:10 +0000
ROA not after: Tue 25 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d019:800::/38 maxlen: 38
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 28 Oct 2025 21:56:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
04:55:02:da:46:7d:e9:af:0f:4c:d5:f6:ee:fb:d2:27:14:d1:d3:49
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Oct 21 12:30:10 2025 GMT
Not After : Nov 25 23:59:59 2025 GMT
Subject: serialNumber=9fe701b8640ff292d3f99c1cef5cce52a3c508e84435603e07ae35d1670f858c, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b5:10:14:0e:1b:fd:4d:d2:f8:f1:f5:03:fd:37:
8f:17:54:f5:f7:d2:1d:6b:fa:33:38:36:a5:24:00:
51:09:62:60:51:f1:c7:7d:cc:e2:31:4c:0e:07:0e:
e8:02:f5:47:2b:42:31:be:41:ee:82:56:36:c6:42:
7f:65:f3:74:be:f5:9b:a9:7e:12:9d:e0:05:01:91:
57:9f:a7:48:27:de:9f:3a:08:72:c7:30:8c:09:ea:
f5:f6:b6:98:06:e2:cf:a8:70:52:9d:32:07:38:a2:
7e:e9:40:e6:a9:3c:ff:cd:ad:c4:05:15:d0:a3:85:
d7:5d:06:b9:3b:bd:2f:17:db:da:dd:5f:48:56:6c:
d1:b7:1b:de:a8:9e:0d:22:07:11:06:b5:20:13:dd:
53:48:5b:9d:3d:75:c3:6f:8f:16:d0:b2:eb:b2:92:
53:00:03:d8:0f:21:4b:6c:aa:44:43:f0:43:38:a7:
16:0d:dd:d4:30:de:9e:b5:b4:73:db:d9:a1:87:9d:
22:54:06:b5:9e:ac:31:36:55:48:70:07:1c:7d:9c:
09:84:80:27:2d:9b:f5:a8:09:4f:88:f1:b7:34:c9:
25:86:f1:f5:4c:21:bc:10:62:aa:8a:1f:54:85:c7:
17:1e:69:db:33:1a:71:da:9d:16:c1:1f:e9:39:f7:
6b:2d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2D:4A:D5:3C:FF:44:93:E8:9B:51:80:E5:52:0B:74:34:3C:0C:BB:2E
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/0b28278f-4fad-45f4-a194-c2e785f1c443.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d019:800::/38
Signature Algorithm: sha256WithRSAEncryption
47:e6:22:92:5a:40:7e:a3:bf:c1:5a:f1:b9:13:2c:5e:72:07:
cc:d0:c4:ce:49:1d:de:97:3e:82:d4:7a:57:b7:93:f3:fc:a1:
28:87:24:a5:49:51:0b:a1:b1:9d:95:7f:83:e0:45:24:dc:a4:
a0:ac:75:3e:e4:b8:bd:86:ae:3b:c6:51:ad:6c:79:c5:4b:0f:
68:da:68:3c:45:db:b4:73:05:77:0e:64:a6:ba:6c:c8:c9:c9:
26:ae:a1:2e:ef:bf:3f:c9:74:de:8d:a6:a1:65:04:04:e1:67:
78:3c:0f:f1:e8:e4:f1:e4:99:6b:8d:26:b8:49:31:14:de:70:
01:fc:98:93:e4:72:e2:ef:16:eb:ce:55:66:e6:26:78:db:51:
eb:75:24:05:9d:47:78:ad:14:38:2a:56:60:c4:5b:ca:4c:b1:
d0:fd:c5:3d:73:dc:63:7c:a7:88:e3:f8:c1:89:fa:a6:e3:4a:
38:cc:ce:23:21:38:cb:2f:31:b0:bf:f4:50:6f:36:d9:e5:e7:
79:5d:72:7a:37:1b:79:ba:3c:b5:25:de:f6:3f:fd:d4:1c:df:
39:00:ba:a1:5a:6f:3c:8f:43:da:eb:ab:bf:b9:ea:fe:b7:62:
f0:78:83:32:46:4d:1f:e4:bc:27:8c:03:71:2b:99:89:e4:86:
1a:93:4c:13
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUBFUC2kZ96a8PTNX27vvSJxTR00kwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMjExMjMwMTBaFw0yNTExMjUyMzU5NTlaMHoxSTBHBgNV
BAUTQDlmZTcwMWI4NjQwZmYyOTJkM2Y5OWMxY2VmNWNjZTUyYTNjNTA4ZTg0NDM1
NjAzZTA3YWUzNWQxNjcwZjg1OGMxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALUQFA4b/U3S+PH1A/03jxdU9ffSHWv6Mzg2pSQAUQliYFHxx33M4jFMDgcO
6AL1RytCMb5B7oJWNsZCf2XzdL71m6l+Ep3gBQGRV5+nSCfenzoIcscwjAnq9fa2
mAbiz6hwUp0yBziifulA5qk8/82txAUV0KOF110GuTu9Lxfb2t1fSFZs0bcb3qie
DSIHEQa1IBPdU0hbnT11w2+PFtCy67KSUwAD2A8hS2yqREPwQzinFg3d1DDenrW0
c9vZoYedIlQGtZ6sMTZVSHAHHH2cCYSAJy2b9agJT4jxtzTJJYbx9UwhvBBiqoof
VIXHFx5p2zMacdqdFsEf6Tn3ay0CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBQtStU8
/0ST6JtRgOVSC3Q0PAy7LjAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MGIyODI3OGYtNGZhZC00NWY0LWExOTQtYzJlNzg1ZjFjNDQzLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGAioF0BkI
MA0GCSqGSIb3DQEBCwUAA4IBAQBH5iKSWkB+o7/BWvG5EyxecgfM0MTOSR3elz6C
1HpXt5Pz/KEohySlSVELobGdlX+D4EUk3KSgrHU+5Li9hq47xlGtbHnFSw9o2mg8
Rdu0cwV3DmSmumzIyckmrqEu778/yXTejaahZQQE4Wd4PA/x6OTx5JlrjSa4STEU
3nAB/JiT5HLi7xbrzlVm5iZ421HrdSQFnUd4rRQ4KlZgxFvKTLHQ/cU9c9xjfKeI
4/jBifqm40o4zM4jITjLLzGwv/RQbzbZ5ed5XXJ6Nxt5ujy1Jd72P/3UHN85ALqh
Wm88j0Pa66u/uer+t2LweIMyRk0f5LwnjANxK5mJ5IYak0wT
-----END CERTIFICATE-----
Generated at Tue Oct 28 04:15:17 2025 by rpki-client