Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/1d9a8425-e89b-4598-a680-84c5b341edfd.roa
File: 1d9a8425-e89b-4598-a680-84c5b341edfd.roa (raw, json)
Hash identifier: kKmgUx2Tf9HbwR1DevhKF0JEBmw4+WkCkbzXA6Wb8Bw=
Subject key identifier: E5:A2:88:CD:89:2F:A9:86:A0:B0:9D:A2:F2:16:66:08:D0:79:A4:1E
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 24FE1941C9E43E3E5E8091299A6D549B37236CB8
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/1d9a8425-e89b-4598-a680-84c5b341edfd.roa
Signing time: Tue 21 Oct 2025 13:30:16 +0000
ROA not before: Tue 21 Oct 2025 13:30:16 +0000
ROA not after: Tue 25 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d050:2000::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 26 Oct 2025 08:33:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
24:fe:19:41:c9:e4:3e:3e:5e:80:91:29:9a:6d:54:9b:37:23:6c:b8
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Oct 21 13:30:16 2025 GMT
Not After : Nov 25 23:59:59 2025 GMT
Subject: serialNumber=9901b1d7645f019f2422618090a9d1d6fc306c1cbbd55d75f38d6de76a325337, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ae:19:69:44:ff:50:a1:75:be:8c:16:7b:76:46:
e9:c2:4f:27:a6:24:ca:9e:5a:ef:81:88:73:15:3f:
b1:ce:10:68:02:8a:c5:a0:a6:db:5a:64:29:6c:d9:
7e:ae:7e:4d:64:98:04:a6:29:5a:56:3c:fa:3f:ba:
bb:6b:f8:12:a8:ac:75:4c:71:08:06:17:0b:d7:86:
74:7d:c5:ee:b4:d7:8f:e7:7c:82:3d:86:ca:a4:b4:
dd:9a:b7:32:51:f2:24:dc:77:c5:7b:9b:73:f1:98:
d6:11:2c:ad:41:5f:22:b6:b4:10:fd:64:d8:0d:cb:
ac:65:ad:85:be:2a:1a:b0:f1:34:5b:b9:c6:29:75:
6e:37:40:2b:5e:06:81:a7:66:48:4c:74:b7:c5:6c:
d2:59:28:b6:d5:af:74:2d:11:ca:59:39:d5:41:f5:
44:4a:69:39:dc:f2:af:dd:54:a1:5c:2c:53:91:72:
88:e4:e6:72:a3:52:eb:a9:0f:fc:0b:66:75:11:d8:
ca:57:21:cc:c2:9f:a2:46:a3:97:23:f9:78:67:05:
33:e2:d5:83:b0:47:ed:5a:d6:ad:d3:fc:f6:4c:0d:
b1:86:9c:35:6f:1e:94:89:52:a7:42:42:ef:6c:2d:
56:4d:05:3d:6d:e0:b3:01:32:38:f0:42:ff:28:16:
f1:75
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E5:A2:88:CD:89:2F:A9:86:A0:B0:9D:A2:F2:16:66:08:D0:79:A4:1E
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/1d9a8425-e89b-4598-a680-84c5b341edfd.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d050:2000::/40
Signature Algorithm: sha256WithRSAEncryption
a2:00:86:80:0c:34:8c:1e:b1:e8:f0:4c:59:df:a6:23:66:5f:
9b:2a:aa:1c:de:1f:42:91:c0:90:5c:1d:2f:db:a5:6a:ae:81:
22:27:1a:41:e3:14:de:bf:09:4a:a4:07:42:ce:a1:1d:98:99:
da:24:3b:da:15:77:37:6b:d0:de:b1:e2:f6:d8:03:f8:2a:b6:
8b:eb:11:55:ff:fa:55:ce:14:02:62:75:05:87:c3:28:6c:65:
22:29:3b:97:b9:62:5b:3c:7d:17:9f:f6:c6:8d:16:24:ae:94:
25:90:74:ec:b9:36:2e:78:f7:97:88:a1:59:38:1c:51:80:a4:
cd:20:c9:55:c6:dd:a5:81:a3:09:26:84:7e:8b:d9:66:70:33:
25:27:74:a1:68:be:63:8f:86:10:98:f5:73:d0:57:57:19:e6:
39:5f:7c:22:a8:ab:bf:e5:ad:3a:57:2c:91:02:e1:0e:47:72:
6d:97:ad:19:8b:4e:76:f5:43:fd:70:b1:92:5f:ca:83:c0:df:
90:fb:cd:8e:47:2c:fc:aa:c6:1c:d6:30:d3:dd:ad:f0:26:b3:
81:6a:e5:66:c2:9f:14:f9:47:0b:e5:b4:3f:d1:82:d4:9d:3d:
49:8f:1c:78:2f:6f:19:31:48:7a:4e:25:e6:3d:38:5f:63:69:
20:54:8d:a8
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUJP4ZQcnkPj5egJEpmm1UmzcjbLgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMjExMzMwMTZaFw0yNTExMjUyMzU5NTlaMHoxSTBHBgNV
BAUTQDk5MDFiMWQ3NjQ1ZjAxOWYyNDIyNjE4MDkwYTlkMWQ2ZmMzMDZjMWNiYmQ1
NWQ3NWYzOGQ2ZGU3NmEzMjUzMzcxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAK4ZaUT/UKF1vowWe3ZG6cJPJ6Ykyp5a74GIcxU/sc4QaAKKxaCm21pkKWzZ
fq5+TWSYBKYpWlY8+j+6u2v4EqisdUxxCAYXC9eGdH3F7rTXj+d8gj2GyqS03Zq3
MlHyJNx3xXubc/GY1hEsrUFfIra0EP1k2A3LrGWthb4qGrDxNFu5xil1bjdAK14G
gadmSEx0t8Vs0lkottWvdC0Rylk51UH1REppOdzyr91UoVwsU5FyiOTmcqNS66kP
/AtmdRHYylchzMKfokajlyP5eGcFM+LVg7BH7VrWrdP89kwNsYacNW8elIlSp0JC
72wtVk0FPW3gswEyOPBC/ygW8XUCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBTloojN
iS+phqCwnaLyFmYI0HmkHjAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MWQ5YTg0MjUtZTg5Yi00NTk4LWE2ODAtODRjNWIzNDFlZGZkLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0FAg
MA0GCSqGSIb3DQEBCwUAA4IBAQCiAIaADDSMHrHo8ExZ36YjZl+bKqoc3h9CkcCQ
XB0v26VqroEiJxpB4xTevwlKpAdCzqEdmJnaJDvaFXc3a9DeseL22AP4KraL6xFV
//pVzhQCYnUFh8MobGUiKTuXuWJbPH0Xn/bGjRYkrpQlkHTsuTYuePeXiKFZOBxR
gKTNIMlVxt2lgaMJJoR+i9lmcDMlJ3ShaL5jj4YQmPVz0FdXGeY5X3wiqKu/5a06
VyyRAuEOR3Jtl60Zi0529UP9cLGSX8qDwN+Q+82ORyz8qsYc1jDT3a3wJrOBauVm
wp8U+UcL5bQ/0YLUnT1Jjxx4L28ZMUh6TiXmPThfY2kgVI2o
-----END CERTIFICATE-----
Generated at Sat Oct 25 15:05:44 2025 by rpki-client