Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/11f67075-d744-49be-809b-fca0d72c41e0.roa
File: 11f67075-d744-49be-809b-fca0d72c41e0.roa (raw, json)
Hash identifier: Km+H+6B9lQ/0LbvgO5V8c4ylmvI/PYbLGXUH2GqXNdI=
Subject key identifier: 35:55:ED:70:B2:B7:5A:0F:1C:36:93:AB:40:7D:3F:A9:D6:20:6A:52
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 27D5A452E0795E7EB4244FBE1BF471E29B02AE9F
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/11f67075-d744-49be-809b-fca0d72c41e0.roa
Signing time: Tue 21 Oct 2025 13:31:05 +0000
ROA not before: Tue 21 Oct 2025 13:31:05 +0000
ROA not after: Tue 25 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d078:2000::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 28 Oct 2025 21:56:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
27:d5:a4:52:e0:79:5e:7e:b4:24:4f:be:1b:f4:71:e2:9b:02:ae:9f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Oct 21 13:31:05 2025 GMT
Not After : Nov 25 23:59:59 2025 GMT
Subject: serialNumber=eb0cc648ec6e71d5e03c2d67e8d18ea9883e267f8952a1347b4954a96745d761, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:99:04:0c:b9:57:b8:8d:71:65:bb:91:50:a9:7c:
b4:3f:f2:a1:0c:a6:98:0d:2b:be:75:48:c6:d5:6f:
be:95:49:9c:91:3e:ae:51:01:b2:61:d8:6b:23:b9:
11:39:cf:59:74:5b:18:3d:b0:79:3d:fb:b2:52:ca:
94:db:e7:2f:bc:80:63:a9:2b:2b:0d:d8:a0:35:78:
17:52:12:c0:71:01:29:fd:63:a5:2d:90:cd:cc:55:
26:53:e4:a0:ca:c1:93:e9:e0:57:4d:d5:31:a5:09:
b6:3a:86:48:b8:fa:0f:10:0e:50:92:bf:b8:82:9d:
89:ed:7f:38:c2:ec:7f:7f:28:21:ba:95:40:e9:d3:
fc:97:d1:7e:38:f7:8c:dc:4b:76:0f:25:68:33:0d:
47:ce:4f:3c:0b:16:09:1b:d3:95:29:e4:0f:57:48:
76:06:37:28:81:4f:54:d0:8c:33:20:4c:24:bb:dd:
1e:8c:27:ec:47:b1:57:86:1f:89:b8:0d:cf:66:1f:
6d:10:2f:e3:2c:c1:aa:93:55:65:db:8d:69:fe:5d:
40:a7:82:f8:67:3e:65:c3:54:c4:29:d9:07:1f:b0:
85:06:ea:d6:03:79:c6:67:3d:4c:83:08:62:66:5b:
59:27:6e:7e:0f:95:56:9e:c4:d4:b0:40:b7:63:f0:
0f:db
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
35:55:ED:70:B2:B7:5A:0F:1C:36:93:AB:40:7D:3F:A9:D6:20:6A:52
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/11f67075-d744-49be-809b-fca0d72c41e0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d078:2000::/40
Signature Algorithm: sha256WithRSAEncryption
ae:f0:11:26:ca:c9:4d:d9:4f:a0:26:8b:80:f7:38:48:71:1b:
11:86:62:9e:75:89:95:12:af:55:88:73:94:31:32:d8:49:f3:
d0:09:af:2b:6c:de:06:bd:5d:a8:51:26:fd:0d:1a:08:1b:d5:
b1:dd:4d:af:e0:2a:ae:7f:d5:a8:54:4f:a0:03:81:27:62:5f:
35:b7:2e:dd:49:fc:7f:61:9a:6b:70:d2:31:43:fb:ab:d4:c2:
0c:36:85:a9:e7:d5:b6:0b:f5:8b:d5:af:24:62:f6:9f:d9:15:
8c:14:0f:21:ac:36:59:cb:08:e5:f4:f1:d5:4b:ec:eb:a9:05:
82:71:2c:a4:6c:e2:08:37:3f:f8:aa:22:45:16:20:2d:0a:a3:
58:5f:6e:0f:6d:18:cd:00:f4:7e:ef:54:bb:c9:93:e2:3f:61:
33:ee:b5:72:83:3d:b6:d1:67:2d:a3:29:99:3d:39:50:4d:a1:
c5:d0:9a:86:12:16:bb:9c:17:ec:1c:a9:05:fe:46:3a:19:bb:
c8:15:e5:1c:5f:4e:a1:dc:3c:5a:f6:fa:6f:75:1b:b6:bb:3b:
bf:3d:be:84:52:b4:b9:8b:77:c6:d5:72:8f:49:50:a2:93:15:
a7:97:aa:73:07:b2:81:6d:36:3f:f3:fa:41:7a:8e:95:c9:ec:
05:bb:c5:50
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUJ9WkUuB5Xn60JE++G/Rx4psCrp8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMjExMzMxMDVaFw0yNTExMjUyMzU5NTlaMHoxSTBHBgNV
BAUTQGViMGNjNjQ4ZWM2ZTcxZDVlMDNjMmQ2N2U4ZDE4ZWE5ODgzZTI2N2Y4OTUy
YTEzNDdiNDk1NGE5Njc0NWQ3NjExLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJkEDLlXuI1xZbuRUKl8tD/yoQymmA0rvnVIxtVvvpVJnJE+rlEBsmHYayO5
ETnPWXRbGD2weT37slLKlNvnL7yAY6krKw3YoDV4F1ISwHEBKf1jpS2QzcxVJlPk
oMrBk+ngV03VMaUJtjqGSLj6DxAOUJK/uIKdie1/OMLsf38oIbqVQOnT/JfRfjj3
jNxLdg8laDMNR85PPAsWCRvTlSnkD1dIdgY3KIFPVNCMMyBMJLvdHown7EexV4Yf
ibgNz2YfbRAv4yzBqpNVZduNaf5dQKeC+Gc+ZcNUxCnZBx+whQbq1gN5xmc9TIMI
YmZbWSdufg+VVp7E1LBAt2PwD9sCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBQ1Ve1w
srdaDxw2k6tAfT+p1iBqUjAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MTFmNjcwNzUtZDc0NC00OWJlLTgwOWItZmNhMGQ3MmM0MWUwLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0Hgg
MA0GCSqGSIb3DQEBCwUAA4IBAQCu8BEmyslN2U+gJouA9zhIcRsRhmKedYmVEq9V
iHOUMTLYSfPQCa8rbN4GvV2oUSb9DRoIG9Wx3U2v4Cquf9WoVE+gA4EnYl81ty7d
Sfx/YZprcNIxQ/ur1MIMNoWp59W2C/WL1a8kYvaf2RWMFA8hrDZZywjl9PHVS+zr
qQWCcSykbOIINz/4qiJFFiAtCqNYX24PbRjNAPR+71S7yZPiP2Ez7rVygz220Wct
oymZPTlQTaHF0JqGEha7nBfsHKkF/kY6GbvIFeUcX06h3Dxa9vpvdRu2uzu/Pb6E
UrS5i3fG1XKPSVCikxWnl6pzB7KBbTY/8/pBeo6VyewFu8VQ
-----END CERTIFICATE-----
Generated at Tue Oct 28 04:14:27 2025 by rpki-client