Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/0bf6cef8-8c60-4a0e-8932-cfda648d2772.roa
File: 0bf6cef8-8c60-4a0e-8932-cfda648d2772.roa (raw, json)
Hash identifier: x7Ri1YO2ulBqiYmaPgWCL11CnGc8dIg9xHnT8SWHbns=
Subject key identifier: 23:66:06:BD:E1:D6:03:A9:FD:26:91:C2:6F:D9:4A:30:B1:58:6A:F8
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 3FBF50FB9CFE839719E0B64487D469F312B233EA
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/0bf6cef8-8c60-4a0e-8932-cfda648d2772.roa
Signing time: Tue 21 Oct 2025 14:00:34 +0000
ROA not before: Tue 21 Oct 2025 14:00:34 +0000
ROA not after: Tue 25 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d018:1000::/36 maxlen: 36
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 28 Oct 2025 21:56:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
3f:bf:50:fb:9c:fe:83:97:19:e0:b6:44:87:d4:69:f3:12:b2:33:ea
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Oct 21 14:00:34 2025 GMT
Not After : Nov 25 23:59:59 2025 GMT
Subject: serialNumber=68c6bc08019bb105f3f77fc9bf1d5f57f926281969e8ed26fd25424841feccd4, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b2:4e:00:2e:ba:8a:a9:87:73:55:0d:e4:26:8d:
95:21:9d:45:10:00:d5:09:bc:1c:a7:7e:be:37:4a:
18:dc:79:eb:b0:93:d4:b8:58:84:2b:ed:ad:f5:e6:
17:ab:fc:42:86:dc:24:27:9d:df:ee:71:2e:c8:96:
04:c1:d1:f1:80:59:16:b6:0e:84:d7:f2:5a:ea:49:
a3:35:74:3c:ea:08:76:2f:14:d3:fe:06:92:5d:5b:
17:16:8d:fd:97:68:73:c8:c6:ac:71:bd:56:35:29:
b5:13:9e:d6:0c:fe:15:ad:89:47:65:e1:78:17:d4:
34:cf:3d:b8:67:92:ce:39:dc:33:e9:db:66:99:66:
33:b2:3e:ee:26:4a:82:78:88:a1:74:77:58:f6:55:
20:3d:66:b7:ba:37:b2:cd:1a:9e:2e:cf:58:43:e0:
3d:21:76:d2:68:f3:a8:6d:6e:d3:11:3b:1f:4a:cd:
68:87:93:45:6f:44:7a:13:4a:e4:36:68:92:59:c8:
fc:12:3c:27:d3:8d:55:20:72:d9:b9:88:89:f8:b6:
b5:31:07:96:2e:85:ff:ed:0f:f8:4b:ea:a5:21:c9:
56:c7:a7:f8:02:d9:f3:48:02:a3:4a:3d:19:15:16:
b5:a9:1f:f8:51:34:03:ef:d4:5b:97:35:77:9d:b1:
38:8d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
23:66:06:BD:E1:D6:03:A9:FD:26:91:C2:6F:D9:4A:30:B1:58:6A:F8
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/0bf6cef8-8c60-4a0e-8932-cfda648d2772.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d018:1000::/36
Signature Algorithm: sha256WithRSAEncryption
20:36:01:55:c7:84:46:fb:86:1b:28:77:e1:ef:e9:d8:77:c7:
13:37:fa:18:4f:e2:5e:39:9a:69:78:e2:4d:cd:ec:29:4e:7e:
78:9e:55:70:87:98:5e:85:c0:49:3c:4c:23:09:74:2f:e4:34:
10:45:18:08:47:e2:02:76:1f:1c:6b:0e:0f:7d:31:ee:67:59:
31:6b:cf:4c:24:ec:21:85:ee:bb:96:c2:08:1d:2b:0e:24:37:
54:84:52:8b:1b:15:40:8f:99:26:c8:75:a4:02:2d:ef:da:03:
cf:4e:89:44:3e:a2:0b:b5:22:89:35:91:b7:b5:d9:94:1d:0c:
42:4c:d2:7d:b4:c4:8b:6d:86:e7:ec:d8:43:c2:a4:79:b3:78:
25:5f:a8:35:e3:2f:51:88:a0:54:76:e7:a3:49:f5:7c:c7:bf:
ad:f5:96:e1:10:4b:42:0c:fd:1a:b7:44:7f:e1:71:97:f4:96:
16:3d:5b:92:23:96:ee:dd:ed:39:c2:79:3c:fc:76:bf:6a:0d:
74:2a:c1:dd:56:07:7e:08:5d:40:a5:29:ae:29:8f:3e:0e:32:
0c:b2:80:3e:91:61:2d:fc:8b:0f:36:8f:c3:37:04:e7:a0:a1:
38:68:f2:11:36:6b:11:12:b0:fd:f0:83:fc:08:03:c5:11:9d:
ad:72:1e:7f
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUP79Q+5z+g5cZ4LZEh9Rp8xKyM+owDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMjExNDAwMzRaFw0yNTExMjUyMzU5NTlaMHoxSTBHBgNV
BAUTQDY4YzZiYzA4MDE5YmIxMDVmM2Y3N2ZjOWJmMWQ1ZjU3ZjkyNjI4MTk2OWU4
ZWQyNmZkMjU0MjQ4NDFmZWNjZDQxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALJOAC66iqmHc1UN5CaNlSGdRRAA1Qm8HKd+vjdKGNx567CT1LhYhCvtrfXm
F6v8QobcJCed3+5xLsiWBMHR8YBZFrYOhNfyWupJozV0POoIdi8U0/4Gkl1bFxaN
/Zdoc8jGrHG9VjUptROe1gz+Fa2JR2XheBfUNM89uGeSzjncM+nbZplmM7I+7iZK
gniIoXR3WPZVID1mt7o3ss0ani7PWEPgPSF20mjzqG1u0xE7H0rNaIeTRW9EehNK
5DZoklnI/BI8J9ONVSBy2bmIifi2tTEHli6F/+0P+EvqpSHJVsen+ALZ80gCo0o9
GRUWtakf+FE0A+/UW5c1d52xOI0CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBQjZga9
4dYDqf0mkcJv2UowsVhq+DAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MGJmNmNlZjgtOGM2MC00YTBlLTg5MzItY2ZkYTY0OGQyNzcyLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGBCoF0BgQ
MA0GCSqGSIb3DQEBCwUAA4IBAQAgNgFVx4RG+4YbKHfh7+nYd8cTN/oYT+JeOZpp
eOJNzewpTn54nlVwh5hehcBJPEwjCXQv5DQQRRgIR+ICdh8caw4PfTHuZ1kxa89M
JOwhhe67lsIIHSsOJDdUhFKLGxVAj5kmyHWkAi3v2gPPTolEPqILtSKJNZG3tdmU
HQxCTNJ9tMSLbYbn7NhDwqR5s3glX6g14y9RiKBUduejSfV8x7+t9ZbhEEtCDP0a
t0R/4XGX9JYWPVuSI5bu3e05wnk8/Ha/ag10KsHdVgd+CF1ApSmuKY8+DjIMsoA+
kWEt/IsPNo/DNwTnoKE4aPIRNmsRErD98IP8CAPFEZ2tch5/
-----END CERTIFICATE-----
Generated at Tue Oct 28 04:11:14 2025 by rpki-client