Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/1af8ee5d-0148-4672-a9da-a1980cfe4768.roa
File: 1af8ee5d-0148-4672-a9da-a1980cfe4768.roa (raw, json)
Hash identifier: JSrzwux/khdQUYewHzJazfpgK5IuHYt/AqIZoSQNZm0=
Subject key identifier: 9D:00:D5:67:6A:E0:15:27:14:E2:59:15:35:63:D9:1C:AD:EC:38:74
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 33DDC276337C054B25266867DAF88CDD99B5100C
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/1af8ee5d-0148-4672-a9da-a1980cfe4768.roa
Signing time: Tue 21 Oct 2025 14:20:43 +0000
ROA not before: Tue 21 Oct 2025 14:20:43 +0000
ROA not after: Tue 25 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d031:8080::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 28 Oct 2025 21:56:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
33:dd:c2:76:33:7c:05:4b:25:26:68:67:da:f8:8c:dd:99:b5:10:0c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Oct 21 14:20:43 2025 GMT
Not After : Nov 25 23:59:59 2025 GMT
Subject: serialNumber=3ae634afafe563df5bf5afd521ba5c7ae167948cb7b097fedb247c3264690a2f, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9f:39:95:dc:d4:12:42:72:26:cf:0d:6f:38:40:
d0:85:2a:ba:6a:32:b9:0c:c1:9e:f1:b5:5c:b4:37:
01:73:f2:7d:ae:b4:8d:a6:c2:59:f5:c9:8e:f9:94:
9b:5b:e6:87:c6:80:49:b2:d8:07:2f:ce:99:86:77:
1a:54:68:6d:bf:eb:bd:f7:fb:69:5d:23:f4:48:00:
22:51:62:b8:16:e5:30:74:9b:c5:d4:c3:f3:61:b0:
48:ea:5c:e6:38:b9:33:34:78:d3:e2:85:2d:5e:e1:
d6:25:8b:11:c6:e4:8b:37:10:bb:d0:60:70:22:f7:
b2:bd:d3:f6:ee:fb:91:d6:2a:a8:68:78:73:c1:fe:
9e:65:01:0f:40:16:28:14:b7:aa:a2:60:2d:80:d7:
3b:49:00:0d:b1:c6:b5:4a:ba:18:ae:c2:e4:56:3d:
72:6d:1d:c9:bd:47:4f:ae:a0:31:78:9b:9d:54:e1:
e2:0c:b9:44:5e:82:b8:3f:d8:07:17:18:5c:2f:12:
6d:6a:90:42:4d:65:f3:26:63:51:71:4c:80:39:f8:
36:13:d7:fc:a4:c6:88:e9:fc:23:5b:f8:9e:bf:71:
72:42:ae:8a:09:7f:17:4d:9c:82:d5:c1:9c:2c:51:
27:9b:fd:df:e0:83:85:96:e6:74:12:73:66:65:a5:
ab:87
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9D:00:D5:67:6A:E0:15:27:14:E2:59:15:35:63:D9:1C:AD:EC:38:74
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/1af8ee5d-0148-4672-a9da-a1980cfe4768.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d031:8080::/48
Signature Algorithm: sha256WithRSAEncryption
43:ae:d6:be:f2:c8:51:a1:d1:a4:f1:ff:45:f7:bf:b2:d6:f6:
18:d0:2c:e7:55:c7:9c:a3:72:1f:96:04:47:e3:fb:4b:4a:8b:
78:5e:42:a4:48:ea:09:85:6a:a9:5e:96:0a:49:d0:35:05:5c:
42:7e:20:8f:8b:39:b8:68:6f:5d:83:13:fc:69:c1:38:b8:28:
54:80:ed:22:e8:82:53:a1:91:34:a2:8f:22:13:6e:b2:b0:c9:
d1:f6:3c:a8:eb:f0:55:e4:63:08:f0:67:cc:1e:7a:d2:12:aa:
e9:27:a9:6c:44:bd:7e:1a:83:0b:dc:3d:c1:7b:73:b4:e7:77:
c7:43:b8:d3:bf:d1:94:f5:5c:ff:93:dc:b1:17:98:c3:90:4c:
78:dd:a0:10:56:f2:73:25:e0:54:71:1f:c5:47:b4:af:b5:b4:
6f:b3:29:3b:ff:2a:dd:db:15:fe:54:e6:e5:91:d4:31:f8:7f:
f0:63:04:7b:57:bf:0a:59:54:76:fa:3a:30:fe:e1:8b:5c:d9:
d4:43:8e:57:99:38:8a:fd:29:ac:5a:e7:ad:83:14:4f:af:83:
f4:38:9d:53:27:85:da:e8:35:1e:ae:f4:ff:e4:b2:fc:99:5b:
df:fb:d2:6c:62:09:45:e5:cc:f1:ce:6e:9c:f5:66:1f:c6:ac:
da:41:eb:5a
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUM93CdjN8BUslJmhn2viM3Zm1EAwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMjExNDIwNDNaFw0yNTExMjUyMzU5NTlaMHoxSTBHBgNV
BAUTQDNhZTYzNGFmYWZlNTYzZGY1YmY1YWZkNTIxYmE1YzdhZTE2Nzk0OGNiN2Iw
OTdmZWRiMjQ3YzMyNjQ2OTBhMmYxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJ85ldzUEkJyJs8NbzhA0IUqumoyuQzBnvG1XLQ3AXPyfa60jabCWfXJjvmU
m1vmh8aASbLYBy/OmYZ3GlRobb/rvff7aV0j9EgAIlFiuBblMHSbxdTD82GwSOpc
5ji5MzR40+KFLV7h1iWLEcbkizcQu9BgcCL3sr3T9u77kdYqqGh4c8H+nmUBD0AW
KBS3qqJgLYDXO0kADbHGtUq6GK7C5FY9cm0dyb1HT66gMXibnVTh4gy5RF6CuD/Y
BxcYXC8SbWqQQk1l8yZjUXFMgDn4NhPX/KTGiOn8I1v4nr9xckKuigl/F02cgtXB
nCxRJ5v93+CDhZbmdBJzZmWlq4cCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBSdANVn
auAVJxTiWRU1Y9kcrew4dDAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MWFmOGVlNWQtMDE0OC00NjcyLWE5ZGEtYTE5ODBjZmU0NzY4LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0DGA
gDANBgkqhkiG9w0BAQsFAAOCAQEAQ67WvvLIUaHRpPH/Rfe/stb2GNAs51XHnKNy
H5YER+P7S0qLeF5CpEjqCYVqqV6WCknQNQVcQn4gj4s5uGhvXYMT/GnBOLgoVIDt
IuiCU6GRNKKPIhNusrDJ0fY8qOvwVeRjCPBnzB560hKq6SepbES9fhqDC9w9wXtz
tOd3x0O407/RlPVc/5PcsReYw5BMeN2gEFbycyXgVHEfxUe0r7W0b7MpO/8q3dsV
/lTm5ZHUMfh/8GMEe1e/CllUdvo6MP7hi1zZ1EOOV5k4iv0prFrnrYMUT6+D9Did
UyeF2ug1Hq70/+Sy/Jlb3/vSbGIJReXM8c5unPVmH8as2kHrWg==
-----END CERTIFICATE-----
Generated at Tue Oct 28 04:19:34 2025 by rpki-client