Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/207860c2-8f39-42e7-9631-e06b6a545c7d.roa
File: 207860c2-8f39-42e7-9631-e06b6a545c7d.roa (raw, json)
Hash identifier: PscdH7lSrrV83UgH3iAPV5dPQLGGUrk8Q/MITxgbcQU=
Subject key identifier: 86:58:11:32:E9:48:EE:7D:8D:E6:CB:93:05:B9:83:B8:B0:30:45:14
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 4434F344DBE09F1E5C0BB7C10D58166F85412C7E
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/207860c2-8f39-42e7-9631-e06b6a545c7d.roa
Signing time: Tue 21 Oct 2025 13:50:39 +0000
ROA not before: Tue 21 Oct 2025 13:50:39 +0000
ROA not after: Tue 25 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d031:60c0::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 29 Oct 2025 00:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
44:34:f3:44:db:e0:9f:1e:5c:0b:b7:c1:0d:58:16:6f:85:41:2c:7e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Oct 21 13:50:39 2025 GMT
Not After : Nov 25 23:59:59 2025 GMT
Subject: serialNumber=2f5a6c24a830e70b574c45783bec890af5bd708d23e98a70db5c603c3ea8de48, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:99:cd:1f:ab:41:28:9e:e0:14:d7:67:3a:52:fd:
fc:13:66:b8:bb:a4:f4:71:10:a8:1f:25:48:f8:43:
64:db:81:96:17:2c:fc:f5:54:52:a3:9e:c8:ce:61:
9d:06:a5:a8:b9:44:28:8e:f5:ad:fb:f6:a2:ad:37:
0f:84:fc:5a:1b:6e:ed:8d:0a:92:3b:cd:83:43:09:
3f:27:6b:06:8e:15:f7:f6:7d:9b:95:65:b6:a1:cd:
49:cf:85:44:33:61:bf:53:80:22:5a:6a:47:a9:df:
26:a4:18:40:2a:62:f8:be:e5:fd:b0:1c:d0:4d:0a:
83:33:b1:27:c2:ef:8f:11:20:8a:af:5e:91:d2:ae:
00:10:d2:de:59:ac:68:c6:90:38:c2:b0:24:94:9d:
2a:bf:ea:d9:bc:9f:aa:c7:c6:6d:29:0e:33:c4:b8:
7b:fe:e2:63:1b:31:39:39:61:28:e3:30:f5:45:eb:
2c:1c:f1:1c:73:ce:a1:da:e2:6e:07:14:15:7f:85:
bf:ae:15:50:9f:38:1c:6c:63:3e:eb:3e:b9:a2:71:
88:c3:a1:b0:75:db:7f:c0:ef:7f:cd:e8:da:12:7f:
25:3d:90:7a:84:03:33:7c:0b:0a:2d:c0:48:13:7e:
44:8f:0c:18:1f:18:04:ff:03:a7:00:84:4c:e3:f5:
ab:8f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
86:58:11:32:E9:48:EE:7D:8D:E6:CB:93:05:B9:83:B8:B0:30:45:14
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/207860c2-8f39-42e7-9631-e06b6a545c7d.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d031:60c0::/48
Signature Algorithm: sha256WithRSAEncryption
26:b3:67:ca:ba:d9:2e:42:51:c5:08:d3:1a:ad:27:fa:da:89:
ce:2d:2f:55:24:91:73:e8:16:6a:c9:c0:8f:db:ad:af:6f:15:
a8:57:39:85:d9:17:b3:b0:28:97:fd:8e:2e:51:7c:3d:f1:ca:
f8:c5:94:82:3a:c7:60:6f:fd:66:16:54:39:80:64:84:43:4b:
59:26:6a:83:ce:d4:c3:f1:f0:ca:94:12:2c:6f:1f:ef:a0:04:
00:71:89:a2:45:6e:60:d1:0e:47:9e:6b:07:1a:28:d5:20:7c:
43:da:23:ce:ec:9e:a7:56:c4:bf:0a:0d:21:6d:a4:e5:b8:a5:
7f:a7:c7:84:7b:86:6b:fb:79:e5:92:7e:2c:1a:1f:66:0d:ee:
d8:6d:57:44:16:8c:98:c4:4c:e1:90:4a:a3:83:3a:5d:21:ea:
77:78:5e:57:17:b8:d0:80:52:69:13:d0:5b:6d:a1:0b:83:2c:
75:0c:59:1d:2d:d6:13:57:54:70:f1:e8:f2:99:26:8f:56:91:
71:e8:94:5a:40:1f:21:50:c3:32:8d:ba:ad:33:33:70:d7:55:
e5:07:60:13:e1:a1:e5:d4:30:d4:32:24:c4:64:9c:04:b7:99:
aa:8c:22:e5:e9:ce:a4:d5:50:45:02:4a:7c:27:c4:9f:25:f3:
fd:56:ee:65
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIURDTzRNvgnx5cC7fBDVgWb4VBLH4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMjExMzUwMzlaFw0yNTExMjUyMzU5NTlaMHoxSTBHBgNV
BAUTQDJmNWE2YzI0YTgzMGU3MGI1NzRjNDU3ODNiZWM4OTBhZjViZDcwOGQyM2U5
OGE3MGRiNWM2MDNjM2VhOGRlNDgxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJnNH6tBKJ7gFNdnOlL9/BNmuLuk9HEQqB8lSPhDZNuBlhcs/PVUUqOeyM5h
nQalqLlEKI71rfv2oq03D4T8Whtu7Y0KkjvNg0MJPydrBo4V9/Z9m5VltqHNSc+F
RDNhv1OAIlpqR6nfJqQYQCpi+L7l/bAc0E0KgzOxJ8LvjxEgiq9ekdKuABDS3lms
aMaQOMKwJJSdKr/q2byfqsfGbSkOM8S4e/7iYxsxOTlhKOMw9UXrLBzxHHPOodri
bgcUFX+Fv64VUJ84HGxjPus+uaJxiMOhsHXbf8Dvf83o2hJ/JT2QeoQDM3wLCi3A
SBN+RI8MGB8YBP8DpwCETOP1q48CAwEAAaOCAiQwggIgMB0GA1UdDgQWBBSGWBEy
6UjufY3my5MFuYO4sDBFFDAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MjA3ODYwYzItOGYzOS00MmU3LTk2MzEtZTA2YjZhNTQ1YzdkLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0DFg
wDANBgkqhkiG9w0BAQsFAAOCAQEAJrNnyrrZLkJRxQjTGq0n+tqJzi0vVSSRc+gW
asnAj9utr28VqFc5hdkXs7Aol/2OLlF8PfHK+MWUgjrHYG/9ZhZUOYBkhENLWSZq
g87Uw/HwypQSLG8f76AEAHGJokVuYNEOR55rBxoo1SB8Q9ojzuyep1bEvwoNIW2k
5bilf6fHhHuGa/t55ZJ+LBofZg3u2G1XRBaMmMRM4ZBKo4M6XSHqd3heVxe40IBS
aRPQW22hC4MsdQxZHS3WE1dUcPHo8pkmj1aRceiUWkAfIVDDMo26rTMzcNdV5Qdg
E+Gh5dQw1DIkxGScBLeZqowi5enOpNVQRQJKfCfEnyXz/VbuZQ==
-----END CERTIFICATE-----
Generated at Tue Oct 28 04:11:18 2025 by rpki-client