Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/1ba2d063-915b-4ef5-b1b8-00d73dc8a31a.roa
File: 1ba2d063-915b-4ef5-b1b8-00d73dc8a31a.roa (raw, json)
Hash identifier: AZjSMXf3Vzlo9qCUYoXL6863VF9ttnT2An/VTb8o790=
Subject key identifier: 9E:D8:31:BC:90:0C:45:F0:1F:09:9E:BF:C8:80:0B:BB:2C:0A:7C:C0
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 09B6015BA4EF0FF1AD02D392E2FAC0234AA62594
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/1ba2d063-915b-4ef5-b1b8-00d73dc8a31a.roa
Signing time: Fri 24 Oct 2025 00:20:33 +0000
ROA not before: Fri 24 Oct 2025 00:20:33 +0000
ROA not after: Fri 28 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d034:6000::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 29 Oct 2025 00:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
09:b6:01:5b:a4:ef:0f:f1:ad:02:d3:92:e2:fa:c0:23:4a:a6:25:94
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Oct 24 00:20:33 2025 GMT
Not After : Nov 28 23:59:59 2025 GMT
Subject: serialNumber=8359b6d021d31fc8a862d742c1728d9e4a4905845d459401a60f24c1ee71635e, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:aa:04:4c:c2:f0:f7:8d:6a:3f:6f:e0:f0:2c:31:
3b:f2:5f:2d:71:e9:55:12:f3:c6:64:b8:42:24:c0:
2e:73:ca:70:e4:16:62:90:8e:65:03:e5:d4:c5:80:
14:2d:29:36:d9:ee:80:31:02:9f:3b:ca:5a:da:e0:
ea:3b:7b:c2:6d:46:e0:3c:68:18:3c:18:53:27:02:
60:dc:d5:97:5f:2c:6b:46:12:56:e3:e1:97:91:3c:
81:e6:b7:49:05:06:ea:99:19:66:2b:fe:d7:60:4e:
94:b4:a2:ae:86:7a:9c:23:31:bd:58:21:b0:58:f1:
2e:ed:1d:59:3f:d1:fa:ca:8b:24:e4:24:d5:0c:f7:
f5:b6:2a:49:63:c9:21:8c:72:23:58:8b:8c:2d:a3:
0a:e4:f2:2e:15:60:1c:f7:3e:9c:75:87:90:4a:2b:
e0:2f:ef:90:69:bf:6b:d8:92:b0:0f:14:53:b4:57:
c5:7b:88:67:99:95:d1:61:b2:24:3c:29:bd:6a:2c:
21:24:35:67:fb:da:1d:5e:ed:99:8f:34:eb:aa:69:
43:32:00:b6:f0:0e:80:b8:52:e9:f6:1d:d9:62:f5:
d3:6d:e1:44:a8:4c:6b:fe:28:32:80:9d:30:1b:6b:
2a:68:60:94:7a:fb:65:54:e1:a9:ec:e0:f1:d9:e1:
77:41
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9E:D8:31:BC:90:0C:45:F0:1F:09:9E:BF:C8:80:0B:BB:2C:0A:7C:C0
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/1ba2d063-915b-4ef5-b1b8-00d73dc8a31a.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d034:6000::/40
Signature Algorithm: sha256WithRSAEncryption
3a:99:3c:37:91:7b:ba:0b:70:60:7c:f0:cc:78:b5:47:90:10:
2d:7d:7d:83:49:d3:09:05:36:48:99:5f:ae:69:4a:48:56:ec:
8a:52:35:2e:73:0d:ab:13:1f:cc:27:ce:f0:ab:d5:05:43:9c:
84:89:90:f8:58:59:21:d9:5e:e6:da:68:75:7c:70:99:c1:0f:
81:05:9f:42:59:fd:b5:7d:f4:ff:74:0c:ac:4a:6e:2d:47:0f:
68:cc:d8:8a:b3:95:2b:61:40:1e:76:9a:55:08:87:b1:6a:f6:
d9:46:ca:62:99:80:aa:63:89:5a:c8:cb:84:e0:1c:4a:e3:b1:
c0:c3:22:bc:01:8c:a4:09:52:1b:7f:18:68:e4:03:4d:5f:aa:
15:40:59:b7:67:a5:e9:33:27:10:7a:da:28:ab:ea:0a:df:23:
c2:b1:28:f0:4f:76:96:2a:1e:97:66:52:68:00:ab:30:6f:79:
65:5a:9e:01:4e:7c:98:f1:0c:cf:2f:45:da:99:3b:c6:21:8d:
22:43:fd:b8:a5:ff:5a:60:e0:8d:b5:98:18:e9:f8:2e:bc:94:
51:1b:5a:a1:e3:f8:d2:63:47:c0:80:37:2d:b3:9c:d7:81:d2:
42:76:c5:df:9d:e3:41:b3:64:bf:7a:95:3d:36:87:82:d4:04:
a9:70:2a:fc
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUCbYBW6TvD/GtAtOS4vrAI0qmJZQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMjQwMDIwMzNaFw0yNTExMjgyMzU5NTlaMHoxSTBHBgNV
BAUTQDgzNTliNmQwMjFkMzFmYzhhODYyZDc0MmMxNzI4ZDllNGE0OTA1ODQ1ZDQ1
OTQwMWE2MGYyNGMxZWU3MTYzNWUxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKoETMLw941qP2/g8CwxO/JfLXHpVRLzxmS4QiTALnPKcOQWYpCOZQPl1MWA
FC0pNtnugDECnzvKWtrg6jt7wm1G4DxoGDwYUycCYNzVl18sa0YSVuPhl5E8gea3
SQUG6pkZZiv+12BOlLSiroZ6nCMxvVghsFjxLu0dWT/R+sqLJOQk1Qz39bYqSWPJ
IYxyI1iLjC2jCuTyLhVgHPc+nHWHkEor4C/vkGm/a9iSsA8UU7RXxXuIZ5mV0WGy
JDwpvWosISQ1Z/vaHV7tmY8066ppQzIAtvAOgLhS6fYd2WL1023hRKhMa/4oMoCd
MBtrKmhglHr7ZVThqezg8dnhd0ECAwEAAaOCAiMwggIfMB0GA1UdDgQWBBSe2DG8
kAxF8B8Jnr/IgAu7LAp8wDAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MWJhMmQwNjMtOTE1Yi00ZWY1LWIxYjgtMDBkNzNkYzhhMzFhLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0DRg
MA0GCSqGSIb3DQEBCwUAA4IBAQA6mTw3kXu6C3BgfPDMeLVHkBAtfX2DSdMJBTZI
mV+uaUpIVuyKUjUucw2rEx/MJ87wq9UFQ5yEiZD4WFkh2V7m2mh1fHCZwQ+BBZ9C
Wf21ffT/dAysSm4tRw9ozNiKs5UrYUAedppVCIexavbZRspimYCqY4layMuE4BxK
47HAwyK8AYykCVIbfxho5ANNX6oVQFm3Z6XpMycQetooq+oK3yPCsSjwT3aWKh6X
ZlJoAKswb3llWp4BTnyY8QzPL0XamTvGIY0iQ/24pf9aYOCNtZgY6fguvJRRG1qh
4/jSY0fAgDcts5zXgdJCdsXfneNBs2S/epU9NoeC1ASpcCr8
-----END CERTIFICATE-----
Generated at Tue Oct 28 04:11:18 2025 by rpki-client