Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/1d9a8425-e89b-4598-a680-84c5b341edfd.roa
File: 1d9a8425-e89b-4598-a680-84c5b341edfd.roa (raw, json)
Hash identifier: P++N9cD32qeMuntFpkb3mGR1wLyY45MjQC+8vJEDaqc=
Subject key identifier: A4:DF:9B:AE:64:9E:51:F5:6D:87:F6:24:62:4C:A4:39:9E:FE:B3:BC
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 4D17AB637CBBB2EEAFAB666C0E1C3A8AE5BD6959
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/1d9a8425-e89b-4598-a680-84c5b341edfd.roa
Signing time: Sat 15 Nov 2025 05:41:28 +0000
ROA not before: Sat 15 Nov 2025 05:41:28 +0000
ROA not after: Sat 20 Dec 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d050:2000::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 16 Nov 2025 12:00:37 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
4d:17:ab:63:7c:bb:b2:ee:af:ab:66:6c:0e:1c:3a:8a:e5:bd:69:59
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Nov 15 05:41:28 2025 GMT
Not After : Dec 20 23:59:59 2025 GMT
Subject: serialNumber=c78028f70f0c4100be77e4533b086d1c86fdd6189f952fa4a24ffb045450cd69, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f5:ec:cb:a0:8a:b1:50:16:4d:33:bd:59:cc:14:
fd:d6:a5:6e:e6:93:8a:21:6b:26:58:4f:cd:c8:61:
3a:0e:34:9f:a2:27:82:0d:c4:5b:ec:c5:18:51:56:
87:73:a1:aa:68:cf:06:22:5b:60:32:04:c9:59:e2:
b8:8c:7b:ac:13:ab:35:50:d3:8f:9d:ad:c5:cd:ea:
fa:d2:9d:20:13:0e:f2:3e:e2:2d:52:b1:e7:96:28:
93:06:97:82:3d:ee:7f:e2:db:c2:2f:72:ca:c9:82:
8b:1c:71:8a:fe:1e:33:ab:6e:40:63:fd:34:92:d9:
4d:0b:6d:fa:45:fd:0c:30:27:53:6a:0e:fa:fb:f5:
31:fa:3f:fd:b9:f0:06:83:ef:0a:bb:4d:1f:a7:f7:
b5:d0:18:b3:89:8d:92:13:47:44:20:cb:09:64:f9:
1d:07:50:bb:3a:43:b7:84:9d:f9:61:cc:58:26:61:
f9:c2:6b:91:31:d3:0a:a3:e8:e6:36:7a:da:fc:35:
25:c6:51:f6:ca:42:1c:bd:8f:69:e8:92:27:81:17:
03:e1:1a:5b:77:1e:80:1b:b4:e6:43:09:5e:bc:fb:
9e:a0:b0:4c:23:66:eb:72:0e:c9:45:ab:a4:d4:a6:
f7:8e:1f:13:c8:f7:01:df:e3:50:b9:62:a2:9e:c2:
42:3f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A4:DF:9B:AE:64:9E:51:F5:6D:87:F6:24:62:4C:A4:39:9E:FE:B3:BC
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/1d9a8425-e89b-4598-a680-84c5b341edfd.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d050:2000::/40
Signature Algorithm: sha256WithRSAEncryption
96:c5:6e:0e:7b:14:97:47:aa:23:c1:c8:13:1f:f8:1b:1d:4c:
21:8e:8e:f6:e5:bc:f0:7e:0c:49:a2:75:53:99:b5:89:50:9d:
4d:5d:95:b5:4e:c4:d0:31:3e:f5:b7:f8:f5:13:cd:aa:e3:80:
e6:1d:c7:1a:8a:49:d1:e5:36:a3:51:d8:36:8c:6e:5c:03:d4:
b8:52:9a:ce:d6:9e:7c:b4:9a:c3:c9:6c:f0:18:8b:b2:00:b3:
cd:a9:75:02:ab:78:df:4e:eb:31:9b:18:2e:70:76:07:77:72:
84:04:f9:3f:35:a1:ec:6a:bc:f0:47:4f:c0:1c:c0:e5:c4:92:
56:9e:f7:71:52:89:86:a1:15:ff:27:e7:c0:0b:bd:80:cc:47:
54:1a:92:6a:15:0f:14:8f:34:16:50:48:b3:57:bb:15:85:1c:
56:7d:63:2d:af:ba:54:3a:77:71:d5:f1:d2:81:11:d1:d8:1c:
04:33:86:42:e7:0b:83:2a:6d:d0:3f:44:d7:f4:3a:2b:af:76:
65:70:40:db:82:39:86:c8:50:81:0c:b5:75:84:ee:d4:7c:6b:
37:17:5e:38:5e:a9:68:7a:6a:6f:b7:bb:27:be:30:fe:5d:20:
e2:84:a9:74:e7:95:99:3f:dc:9e:29:0e:a3:59:76:48:38:07:
e6:57:fd:90
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUTRerY3y7su6vq2ZsDhw6iuW9aVkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTExMTUwNTQxMjhaFw0yNTEyMjAyMzU5NTlaMHoxSTBHBgNV
BAUTQGM3ODAyOGY3MGYwYzQxMDBiZTc3ZTQ1MzNiMDg2ZDFjODZmZGQ2MTg5Zjk1
MmZhNGEyNGZmYjA0NTQ1MGNkNjkxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAPXsy6CKsVAWTTO9WcwU/dalbuaTiiFrJlhPzchhOg40n6Ingg3EW+zFGFFW
h3OhqmjPBiJbYDIEyVniuIx7rBOrNVDTj52txc3q+tKdIBMO8j7iLVKx55YokwaX
gj3uf+Lbwi9yysmCixxxiv4eM6tuQGP9NJLZTQtt+kX9DDAnU2oO+vv1Mfo//bnw
BoPvCrtNH6f3tdAYs4mNkhNHRCDLCWT5HQdQuzpDt4Sd+WHMWCZh+cJrkTHTCqPo
5jZ62vw1JcZR9spCHL2PaeiSJ4EXA+EaW3cegBu05kMJXrz7nqCwTCNm63IOyUWr
pNSm944fE8j3Ad/jULliop7CQj8CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBSk35uu
ZJ5R9W2H9iRiTKQ5nv6zvDAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MWQ5YTg0MjUtZTg5Yi00NTk4LWE2ODAtODRjNWIzNDFlZGZkLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0FAg
MA0GCSqGSIb3DQEBCwUAA4IBAQCWxW4OexSXR6ojwcgTH/gbHUwhjo725bzwfgxJ
onVTmbWJUJ1NXZW1TsTQMT71t/j1E82q44DmHccaiknR5TajUdg2jG5cA9S4UprO
1p58tJrDyWzwGIuyALPNqXUCq3jfTusxmxgucHYHd3KEBPk/NaHsarzwR0/AHMDl
xJJWnvdxUomGoRX/J+fAC72AzEdUGpJqFQ8UjzQWUEizV7sVhRxWfWMtr7pUOndx
1fHSgRHR2BwEM4ZC5wuDKm3QP0TX9Dorr3ZlcEDbgjmGyFCBDLV1hO7UfGs3F144
Xqloempvt7snvjD+XSDihKl055WZP9yeKQ6jWXZIOAfmV/2Q
-----END CERTIFICATE-----
Generated at Sat Nov 15 21:51:04 2025 by rpki-client