Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/0f3fbd71-85b4-48a7-8479-e942c9578262.roa
File: 0f3fbd71-85b4-48a7-8479-e942c9578262.roa (raw, json)
Hash identifier: pS1/28MN/kKJbRcLeKf3QhhQH+kew5x0msTJBsPWZI0=
Subject key identifier: 90:D4:A2:06:64:40:33:2E:57:B7:DF:A6:A1:11:BB:B0:CE:CA:B4:F9
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 755C0B5ED90A0C49B914E78CEC59D68752822C92
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/0f3fbd71-85b4-48a7-8479-e942c9578262.roa
Signing time: Tue 21 Oct 2025 14:10:27 +0000
ROA not before: Tue 21 Oct 2025 14:10:27 +0000
ROA not after: Tue 25 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d071:1000::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 29 Oct 2025 00:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
75:5c:0b:5e:d9:0a:0c:49:b9:14:e7:8c:ec:59:d6:87:52:82:2c:92
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Oct 21 14:10:27 2025 GMT
Not After : Nov 25 23:59:59 2025 GMT
Subject: serialNumber=b62e5287119040710f33c5cac081e0f2ef0636132e8e5c5d1d791be3023a0c1c, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bf:7d:df:e9:75:1c:f5:8b:32:dc:35:0e:51:26:
cf:d8:84:82:0a:58:63:0a:c0:83:39:a2:e1:4a:88:
a7:ef:4e:ae:de:64:9b:e5:aa:20:c7:02:d8:80:b6:
7a:0e:12:5e:18:d2:2d:48:e8:1c:a7:3a:75:7d:7b:
39:a0:82:64:90:16:41:62:49:95:f3:31:e1:ab:d7:
1f:2d:66:88:19:2f:68:22:bd:40:71:02:17:03:34:
28:a3:4a:3a:cf:94:67:5f:15:0d:ca:8f:2a:f0:06:
03:d0:62:28:ac:cc:5e:db:e8:00:c6:6d:6b:ab:83:
f5:84:ac:ff:9d:69:d4:ee:ee:e4:12:ee:be:5e:ae:
50:9a:aa:f6:1b:f1:80:d2:64:11:bd:66:df:5d:e6:
e2:bd:f0:60:77:74:0a:13:47:b0:9a:c7:83:65:94:
ff:2d:69:37:b3:c8:cb:a6:eb:cb:b4:14:4f:37:98:
f9:4a:6e:55:78:e9:67:fb:f8:1b:7c:29:7e:2e:09:
2e:1e:33:51:e7:13:46:bc:b3:77:43:75:08:b1:c9:
fa:ac:ef:c9:43:d5:06:92:25:81:d7:d2:57:53:45:
55:6b:0f:f3:df:f1:d2:8e:79:80:58:32:ad:6e:4c:
91:b8:8c:2f:36:bf:07:50:9b:cd:d2:dc:62:cf:32:
64:a9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
90:D4:A2:06:64:40:33:2E:57:B7:DF:A6:A1:11:BB:B0:CE:CA:B4:F9
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/0f3fbd71-85b4-48a7-8479-e942c9578262.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d071:1000::/40
Signature Algorithm: sha256WithRSAEncryption
7d:07:70:cd:23:7c:c3:f6:38:49:bf:bf:02:04:64:a4:0e:71:
5e:2a:70:6a:15:69:83:0d:01:7a:00:01:fb:1e:57:ed:eb:be:
db:1c:86:94:d2:51:7e:4c:48:1e:4e:c7:0f:8a:c2:cd:71:18:
ce:06:fe:c8:e2:58:cf:13:af:90:26:bd:92:f6:2e:05:3c:3d:
7e:db:5b:97:ca:69:37:e7:cb:05:01:96:61:ce:79:24:bc:e7:
39:d6:71:ab:1b:28:44:03:70:2e:b5:35:23:37:56:eb:43:22:
3b:0d:eb:e7:cc:d7:67:c6:e1:df:ec:5c:4e:6a:8c:44:f9:2f:
72:22:d6:15:4a:a1:70:6d:c2:8b:40:17:42:58:02:0f:fa:ea:
9b:8c:2a:5d:76:9b:a3:76:8b:b9:8b:7d:fa:08:8d:49:79:c0:
21:bb:75:bb:f4:dc:a5:95:16:c5:ce:56:46:9f:e6:2f:4b:1e:
dc:94:cb:ff:a2:e0:7b:0f:3b:67:39:3e:a7:e8:e9:74:d1:4f:
cc:1f:b4:3a:77:10:7b:6c:31:9d:88:d0:a3:18:05:3f:9d:fc:
39:09:c6:3d:20:88:97:df:42:93:b3:75:15:02:88:9d:98:3d:
b6:31:9f:26:04:9a:b2:6d:85:48:b7:8e:19:aa:2c:45:af:9e:
ad:1a:52:cd
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUdVwLXtkKDEm5FOeM7FnWh1KCLJIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMjExNDEwMjdaFw0yNTExMjUyMzU5NTlaMHoxSTBHBgNV
BAUTQGI2MmU1Mjg3MTE5MDQwNzEwZjMzYzVjYWMwODFlMGYyZWYwNjM2MTMyZThl
NWM1ZDFkNzkxYmUzMDIzYTBjMWMxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAL993+l1HPWLMtw1DlEmz9iEggpYYwrAgzmi4UqIp+9Ort5km+WqIMcC2IC2
eg4SXhjSLUjoHKc6dX17OaCCZJAWQWJJlfMx4avXHy1miBkvaCK9QHECFwM0KKNK
Os+UZ18VDcqPKvAGA9BiKKzMXtvoAMZta6uD9YSs/51p1O7u5BLuvl6uUJqq9hvx
gNJkEb1m313m4r3wYHd0ChNHsJrHg2WU/y1pN7PIy6bry7QUTzeY+UpuVXjpZ/v4
G3wpfi4JLh4zUecTRryzd0N1CLHJ+qzvyUPVBpIlgdfSV1NFVWsP89/x0o55gFgy
rW5MkbiMLza/B1CbzdLcYs8yZKkCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBSQ1KIG
ZEAzLle336ahEbuwzsq0+TAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MGYzZmJkNzEtODViNC00OGE3LTg0NzktZTk0MmM5NTc4MjYyLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0HEQ
MA0GCSqGSIb3DQEBCwUAA4IBAQB9B3DNI3zD9jhJv78CBGSkDnFeKnBqFWmDDQF6
AAH7Hlft677bHIaU0lF+TEgeTscPisLNcRjOBv7I4ljPE6+QJr2S9i4FPD1+21uX
ymk358sFAZZhznkkvOc51nGrGyhEA3AutTUjN1brQyI7DevnzNdnxuHf7FxOaoxE
+S9yItYVSqFwbcKLQBdCWAIP+uqbjCpddpujdou5i336CI1JecAhu3W79NyllRbF
zlZGn+YvSx7clMv/ouB7DztnOT6n6Ol00U/MH7Q6dxB7bDGdiNCjGAU/nfw5CcY9
IIiX30KTs3UVAoidmD22MZ8mBJqybYVIt44ZqixFr56tGlLN
-----END CERTIFICATE-----
Generated at Tue Oct 28 04:14:23 2025 by rpki-client