Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/22cb20bc-8063-4169-9e4b-a3ad29aeedc7.roa
File: 22cb20bc-8063-4169-9e4b-a3ad29aeedc7.roa (raw, json)
Hash identifier: dwcqQGhawI4Wr9pX8DOn4Bav0shKD8K55FFyI7oC00A=
Subject key identifier: A2:45:A6:A4:C9:8E:5F:D0:29:15:9E:A0:CA:C4:6B:3D:72:27:77:01
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 222FC9EA050716342B57AC112C548EA63AED6628
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/22cb20bc-8063-4169-9e4b-a3ad29aeedc7.roa
Signing time: Tue 21 Oct 2025 14:31:14 +0000
ROA not before: Tue 21 Oct 2025 14:31:14 +0000
ROA not after: Tue 25 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d050:4000::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 29 Oct 2025 00:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
22:2f:c9:ea:05:07:16:34:2b:57:ac:11:2c:54:8e:a6:3a:ed:66:28
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Oct 21 14:31:14 2025 GMT
Not After : Nov 25 23:59:59 2025 GMT
Subject: serialNumber=84bfcbb4bc06ae323875ec8c04d10d0c51b2a37fb791ece61be69c3eb4f0d506, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ae:74:53:7a:b7:41:9a:5a:68:5b:fb:19:9e:9e:
a6:70:a9:fc:01:30:90:6b:58:b8:fc:43:12:dd:ed:
bd:b6:04:be:81:ce:cc:4b:b2:9a:32:90:e3:39:ba:
2d:03:64:4b:92:13:f5:1b:58:ca:0b:00:4d:74:a1:
4e:6d:a5:3b:31:46:89:5e:b0:f0:39:4d:bd:a1:db:
f5:00:20:20:f9:57:c7:5e:5c:3c:a7:06:96:3c:96:
93:5a:78:f8:98:92:84:52:e4:1d:09:b6:88:66:42:
ce:ea:1e:c2:30:fd:02:4c:52:b9:1a:c4:27:62:0e:
ea:12:ee:dc:65:1e:a8:02:f0:27:5f:9a:88:a2:1a:
84:98:0b:c0:29:02:55:1d:31:c1:07:0a:5c:12:9a:
e5:f3:40:ea:2d:e2:25:2a:ea:72:0f:07:3d:b8:38:
37:5a:be:2f:19:94:55:00:19:2f:d2:e3:86:d6:17:
e7:39:a8:05:e9:88:2d:5a:2a:ec:d8:f0:34:e6:4d:
45:27:5d:cf:a8:06:da:ac:76:d0:58:c5:25:b3:bb:
f0:fb:44:91:cc:77:55:bb:78:ef:66:89:02:b7:b6:
ed:c7:15:55:d0:48:cc:ac:8b:2d:b4:d3:c1:39:21:
e5:20:59:c6:58:3b:04:ff:6b:e1:eb:88:30:06:9f:
26:e1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A2:45:A6:A4:C9:8E:5F:D0:29:15:9E:A0:CA:C4:6B:3D:72:27:77:01
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/22cb20bc-8063-4169-9e4b-a3ad29aeedc7.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d050:4000::/40
Signature Algorithm: sha256WithRSAEncryption
39:63:0d:8e:98:34:56:ef:e8:c6:47:c5:7b:41:59:67:0d:12:
25:4d:e6:db:37:d6:f5:8f:8d:87:c3:96:87:77:e9:05:d5:9f:
50:a3:21:6e:6e:96:ad:c2:7f:17:aa:d2:be:64:88:74:17:68:
00:d6:34:ab:b3:af:b0:cb:10:66:2b:2e:b2:b6:a0:e2:a0:b7:
58:b7:d5:e4:11:fd:6a:e4:69:c2:9b:c0:be:75:5b:0f:18:3e:
bd:a5:2c:39:f2:a3:83:85:99:aa:aa:b5:83:92:e2:91:bf:6c:
0e:01:88:23:cc:64:f7:d4:68:4f:c1:18:4d:7b:ce:c5:44:c9:
e5:e7:9c:cd:1a:c6:5f:22:f4:c4:db:83:4c:4f:33:0f:2c:cc:
a5:44:83:87:f2:22:71:03:6a:e6:07:0a:af:71:65:77:4e:a0:
6f:b1:f2:dd:9f:34:8d:8f:e4:0f:59:46:01:66:a1:b2:05:8c:
ec:3c:9f:88:d0:f6:3b:79:47:a1:7c:c9:94:05:ae:c5:87:b7:
79:50:39:ed:07:59:8a:87:ec:05:38:0c:47:94:e7:ef:2e:23:
29:43:48:bc:6a:d5:db:ea:fb:68:14:15:6c:69:77:09:74:63:
81:72:b5:ce:ff:e5:4a:be:b9:45:b1:e1:1c:53:09:05:92:52:
d4:53:ab:c2
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUIi/J6gUHFjQrV6wRLFSOpjrtZigwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMjExNDMxMTRaFw0yNTExMjUyMzU5NTlaMHoxSTBHBgNV
BAUTQDg0YmZjYmI0YmMwNmFlMzIzODc1ZWM4YzA0ZDEwZDBjNTFiMmEzN2ZiNzkx
ZWNlNjFiZTY5YzNlYjRmMGQ1MDYxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAK50U3q3QZpaaFv7GZ6epnCp/AEwkGtYuPxDEt3tvbYEvoHOzEuymjKQ4zm6
LQNkS5IT9RtYygsATXShTm2lOzFGiV6w8DlNvaHb9QAgIPlXx15cPKcGljyWk1p4
+JiShFLkHQm2iGZCzuoewjD9AkxSuRrEJ2IO6hLu3GUeqALwJ1+aiKIahJgLwCkC
VR0xwQcKXBKa5fNA6i3iJSrqcg8HPbg4N1q+LxmUVQAZL9LjhtYX5zmoBemILVoq
7NjwNOZNRSddz6gG2qx20FjFJbO78PtEkcx3Vbt472aJAre27ccVVdBIzKyLLbTT
wTkh5SBZxlg7BP9r4euIMAafJuECAwEAAaOCAiMwggIfMB0GA1UdDgQWBBSiRaak
yY5f0CkVnqDKxGs9cid3ATAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MjJjYjIwYmMtODA2My00MTY5LTllNGItYTNhZDI5YWVlZGM3LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0FBA
MA0GCSqGSIb3DQEBCwUAA4IBAQA5Yw2OmDRW7+jGR8V7QVlnDRIlTebbN9b1j42H
w5aHd+kF1Z9QoyFubpatwn8XqtK+ZIh0F2gA1jSrs6+wyxBmKy6ytqDioLdYt9Xk
Ef1q5GnCm8C+dVsPGD69pSw58qODhZmqqrWDkuKRv2wOAYgjzGT31GhPwRhNe87F
RMnl55zNGsZfIvTE24NMTzMPLMylRIOH8iJxA2rmBwqvcWV3TqBvsfLdnzSNj+QP
WUYBZqGyBYzsPJ+I0PY7eUehfMmUBa7Fh7d5UDntB1mKh+wFOAxHlOfvLiMpQ0i8
atXb6vtoFBVsaXcJdGOBcrXO/+VKvrlFseEcUwkFklLUU6vC
-----END CERTIFICATE-----
Generated at Tue Oct 28 04:14:25 2025 by rpki-client