Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/10aa39be-4f99-4b39-b428-f034a0b57d69.roa
File: 10aa39be-4f99-4b39-b428-f034a0b57d69.roa (raw, json)
Hash identifier: cICwViLJgAL8HAI1cvHJWljYYv39M4+Rk234Pz6HN+0=
Subject key identifier: 66:77:74:D5:31:AD:58:B9:D9:09:D1:F4:6E:D1:AA:82:0A:0E:97:51
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 218CE6752F0FC2912F0C6F5043E70DCA10053CF8
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/10aa39be-4f99-4b39-b428-f034a0b57d69.roa
Signing time: Tue 21 Oct 2025 13:40:29 +0000
ROA not before: Tue 21 Oct 2025 13:40:29 +0000
ROA not after: Tue 25 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d000:b000::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 28 Oct 2025 21:56:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
21:8c:e6:75:2f:0f:c2:91:2f:0c:6f:50:43:e7:0d:ca:10:05:3c:f8
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Oct 21 13:40:29 2025 GMT
Not After : Nov 25 23:59:59 2025 GMT
Subject: serialNumber=8c276c9eb75c9b364365b452f9260f8195ca0e55e8cf80c900ff59e9e4839917, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c4:36:5d:a7:90:04:e3:19:5e:d8:ca:78:b8:c0:
44:81:6f:1a:c7:5a:af:21:36:07:48:fa:8a:a5:42:
3c:ee:8b:1e:cc:94:30:c9:94:71:14:83:15:f8:ec:
bd:3b:78:58:d4:59:44:de:8c:cd:07:eb:55:06:ed:
12:97:f7:35:4e:db:0a:2b:69:45:17:be:7f:1c:0e:
6e:5e:a2:57:20:06:e9:91:af:fe:0c:7c:e0:ac:40:
c0:10:ee:6e:25:da:7a:fc:79:05:a8:4c:2f:c6:00:
9d:a2:a3:f3:5a:44:c5:79:a9:6e:b7:c8:cc:37:77:
99:ed:36:23:86:35:3b:36:5b:71:90:66:ab:39:8a:
1e:9b:b3:71:ec:ec:32:28:50:62:71:08:70:84:fb:
c5:d9:1c:0a:dc:cf:64:6e:0b:88:3d:f7:3b:e4:4c:
a9:ed:ce:62:6c:30:87:0d:53:08:31:ee:66:fa:a1:
6c:51:83:b6:09:a6:9e:51:95:10:06:eb:dd:c2:ed:
09:ce:39:03:c9:34:77:1f:2d:dc:40:85:29:bf:9d:
88:7a:a9:f8:2a:50:68:d4:c9:47:ab:89:83:53:b2:
d2:b4:1f:23:02:9e:d0:f3:b5:5a:2b:83:fa:d9:28:
de:3c:d9:73:18:de:de:ee:2d:cd:b0:f1:7d:05:9b:
5f:b5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
66:77:74:D5:31:AD:58:B9:D9:09:D1:F4:6E:D1:AA:82:0A:0E:97:51
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/10aa39be-4f99-4b39-b428-f034a0b57d69.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d000:b000::/40
Signature Algorithm: sha256WithRSAEncryption
c3:3e:a6:8e:92:df:d7:f2:e2:cd:50:0a:27:d0:55:37:ee:bd:
96:a3:e5:11:b1:67:33:d6:5f:17:ae:87:27:18:d9:7d:bb:c6:
f9:40:b9:e6:51:ba:af:0e:b4:a5:ed:84:4f:17:14:6c:c8:8e:
d6:de:27:01:30:1c:ee:5d:83:28:b1:eb:41:41:38:65:b4:a8:
3c:1b:67:88:d0:23:d4:3a:97:9b:fb:b0:d9:d8:05:99:45:57:
1f:81:fe:66:23:98:db:38:da:02:13:ac:b6:37:1c:02:8d:64:
3f:c2:8b:c5:53:ec:2a:32:9f:77:3e:d6:a2:13:ee:6f:0e:ff:
54:94:f6:b5:2d:33:e2:da:99:40:6d:c5:39:c8:7e:2a:a2:64:
11:4e:3a:92:d3:20:08:34:f1:68:fb:59:63:99:e6:34:99:8d:
db:a8:ff:43:2a:f1:64:ce:03:29:7e:d3:d7:d0:f4:2d:a7:20:
d7:1b:c7:e9:3d:d2:f0:98:2f:ec:cf:a4:5b:20:2f:85:fb:b5:
c9:6d:64:14:80:df:9a:92:bc:76:5f:de:85:43:77:3d:cf:d1:
eb:05:84:92:45:e4:6c:7a:2e:96:96:3a:71:b6:30:56:a6:eb:
a4:cc:6f:03:7e:4d:b9:5b:68:c8:d7:58:e2:6c:c9:be:af:e2:
2f:da:0c:47
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUIYzmdS8PwpEvDG9QQ+cNyhAFPPgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMjExMzQwMjlaFw0yNTExMjUyMzU5NTlaMHoxSTBHBgNV
BAUTQDhjMjc2YzllYjc1YzliMzY0MzY1YjQ1MmY5MjYwZjgxOTVjYTBlNTVlOGNm
ODBjOTAwZmY1OWU5ZTQ4Mzk5MTcxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMQ2XaeQBOMZXtjKeLjARIFvGsdaryE2B0j6iqVCPO6LHsyUMMmUcRSDFfjs
vTt4WNRZRN6MzQfrVQbtEpf3NU7bCitpRRe+fxwObl6iVyAG6ZGv/gx84KxAwBDu
biXaevx5BahML8YAnaKj81pExXmpbrfIzDd3me02I4Y1OzZbcZBmqzmKHpuzcezs
MihQYnEIcIT7xdkcCtzPZG4LiD33O+RMqe3OYmwwhw1TCDHuZvqhbFGDtgmmnlGV
EAbr3cLtCc45A8k0dx8t3ECFKb+diHqp+CpQaNTJR6uJg1Oy0rQfIwKe0PO1WiuD
+tko3jzZcxje3u4tzbDxfQWbX7UCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBRmd3TV
Ma1YudkJ0fRu0aqCCg6XUTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MTBhYTM5YmUtNGY5OS00YjM5LWI0MjgtZjAzNGEwYjU3ZDY5LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0ACw
MA0GCSqGSIb3DQEBCwUAA4IBAQDDPqaOkt/X8uLNUAon0FU37r2Wo+URsWcz1l8X
rocnGNl9u8b5QLnmUbqvDrSl7YRPFxRsyI7W3icBMBzuXYMosetBQThltKg8G2eI
0CPUOpeb+7DZ2AWZRVcfgf5mI5jbONoCE6y2NxwCjWQ/wovFU+wqMp93PtaiE+5v
Dv9UlPa1LTPi2plAbcU5yH4qomQRTjqS0yAINPFo+1ljmeY0mY3bqP9DKvFkzgMp
ftPX0PQtpyDXG8fpPdLwmC/sz6RbIC+F+7XJbWQUgN+akrx2X96FQ3c9z9HrBYSS
ReRsei6WljpxtjBWpuukzG8Dfk25W2jI11jibMm+r+Iv2gxH
-----END CERTIFICATE-----
Generated at Tue Oct 28 04:11:11 2025 by rpki-client