Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/27140a0d-612c-4da4-a60a-55c28faff6fe.roa
File: 27140a0d-612c-4da4-a60a-55c28faff6fe.roa (raw, json)
Hash identifier: AVIsMGnUwx0ugHGTVzetiJzGvqgVPTWil7fiTNukdJg=
Subject key identifier: 5C:D4:6A:F4:97:6C:84:F0:C0:C2:A7:E9:71:96:5C:14:89:CD:B6:4A
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 7E8E22A33EA86B1B5CF6E3DC92ECC756B38E13F3
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/27140a0d-612c-4da4-a60a-55c28faff6fe.roa
Signing time: Tue 21 Oct 2025 13:10:11 +0000
ROA not before: Tue 21 Oct 2025 13:10:11 +0000
ROA not after: Tue 25 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d06f:5000::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 28 Oct 2025 21:56:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
7e:8e:22:a3:3e:a8:6b:1b:5c:f6:e3:dc:92:ec:c7:56:b3:8e:13:f3
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Oct 21 13:10:11 2025 GMT
Not After : Nov 25 23:59:59 2025 GMT
Subject: serialNumber=a784448fd1fc5bb61d973a79370df37a58f670014368c4c394ee70bfc2966132, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b5:5c:e8:57:d9:b3:e6:a2:f0:fe:ad:a3:99:6f:
e9:c1:69:43:6a:2c:17:6c:e6:af:3a:7a:21:e9:e3:
16:c4:b3:61:0b:16:7d:26:49:e1:9f:77:bb:58:10:
61:de:fe:ac:f4:cd:e1:8d:73:e5:e6:ad:62:84:97:
dc:b4:7a:05:79:63:f4:d1:ac:d2:63:fd:0c:88:e8:
23:3a:4f:79:50:51:99:45:2c:7f:af:2a:78:bf:df:
1c:60:84:e1:a5:43:e6:47:96:e2:99:ec:24:08:2c:
c4:88:1c:38:e6:e9:d8:9f:07:54:08:ab:1e:d9:32:
de:4b:6b:8d:fe:46:2d:4e:d8:18:11:dc:f9:6a:46:
55:b0:85:fc:c8:0f:ab:b5:53:42:91:c2:c5:51:ab:
fd:d8:a4:fe:db:c3:25:86:49:b3:89:c2:ec:6c:b0:
f8:5b:9e:38:16:cc:1d:77:50:82:4d:9e:f3:5f:9b:
47:75:e2:07:11:4e:2d:81:13:f5:aa:00:1c:4c:33:
1c:b0:3c:9f:a6:e1:c3:b1:a6:49:8d:26:29:69:1a:
70:ef:4f:80:e0:10:1a:b4:ac:ff:c2:7f:9d:b6:b3:
b4:b9:c2:69:61:1a:f3:2a:76:62:4a:dd:57:1c:90:
5a:34:8c:b2:31:95:30:3c:7f:e6:a6:14:07:97:8a:
76:9f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5C:D4:6A:F4:97:6C:84:F0:C0:C2:A7:E9:71:96:5C:14:89:CD:B6:4A
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/27140a0d-612c-4da4-a60a-55c28faff6fe.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d06f:5000::/40
Signature Algorithm: sha256WithRSAEncryption
41:12:79:f5:45:41:90:1d:31:35:1f:21:74:f5:b9:3e:24:8c:
0c:50:c9:67:85:37:96:28:2b:e6:10:0f:7f:ef:d9:7c:b6:99:
e5:e0:ad:8c:55:35:4d:9c:dd:cd:cd:8f:cf:0a:90:b9:62:49:
ef:eb:63:68:91:48:aa:e7:b3:fb:25:2b:34:60:17:cd:6a:c8:
9e:91:52:84:83:9d:d5:22:a9:cc:df:c1:22:e3:09:87:7d:74:
b0:19:b5:85:88:d4:b4:68:fa:f0:a5:f2:34:87:42:07:03:28:
d3:19:48:c3:18:6a:99:6a:df:61:85:aa:04:b0:2d:62:af:fe:
da:b1:7b:83:35:58:ce:d9:de:c8:65:a9:83:67:59:11:39:7b:
00:45:45:e9:b2:48:1c:f4:b2:97:a1:cb:18:1c:3f:50:67:c5:
3b:fe:01:2b:92:1a:90:de:00:50:c9:b4:7b:74:08:09:6e:a5:
48:23:37:e1:56:70:29:95:ea:b6:c7:a6:70:12:03:ac:ac:c1:
b0:36:c0:9a:0d:57:70:68:57:d6:83:87:cc:44:85:a1:a0:ee:
2b:82:eb:17:6c:80:02:de:5f:c0:18:38:f8:fa:80:f4:f8:a6:
d3:4a:c0:69:2f:98:38:a7:fb:48:94:49:54:5e:ee:95:45:b7:
0e:a9:dd:b8
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUfo4ioz6oaxtc9uPckuzHVrOOE/MwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMjExMzEwMTFaFw0yNTExMjUyMzU5NTlaMHoxSTBHBgNV
BAUTQGE3ODQ0NDhmZDFmYzViYjYxZDk3M2E3OTM3MGRmMzdhNThmNjcwMDE0MzY4
YzRjMzk0ZWU3MGJmYzI5NjYxMzIxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALVc6FfZs+ai8P6to5lv6cFpQ2osF2zmrzp6IenjFsSzYQsWfSZJ4Z93u1gQ
Yd7+rPTN4Y1z5eatYoSX3LR6BXlj9NGs0mP9DIjoIzpPeVBRmUUsf68qeL/fHGCE
4aVD5keW4pnsJAgsxIgcOObp2J8HVAirHtky3ktrjf5GLU7YGBHc+WpGVbCF/MgP
q7VTQpHCxVGr/dik/tvDJYZJs4nC7Gyw+FueOBbMHXdQgk2e81+bR3XiBxFOLYET
9aoAHEwzHLA8n6bhw7GmSY0mKWkacO9PgOAQGrSs/8J/nbaztLnCaWEa8yp2Ykrd
VxyQWjSMsjGVMDx/5qYUB5eKdp8CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBRc1Gr0
l2yE8MDCp+lxllwUic22SjAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MjcxNDBhMGQtNjEyYy00ZGE0LWE2MGEtNTVjMjhmYWZmNmZlLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0G9Q
MA0GCSqGSIb3DQEBCwUAA4IBAQBBEnn1RUGQHTE1HyF09bk+JIwMUMlnhTeWKCvm
EA9/79l8tpnl4K2MVTVNnN3NzY/PCpC5Yknv62NokUiq57P7JSs0YBfNasiekVKE
g53VIqnM38Ei4wmHfXSwGbWFiNS0aPrwpfI0h0IHAyjTGUjDGGqZat9hhaoEsC1i
r/7asXuDNVjO2d7IZamDZ1kROXsARUXpskgc9LKXocsYHD9QZ8U7/gErkhqQ3gBQ
ybR7dAgJbqVIIzfhVnApleq2x6ZwEgOsrMGwNsCaDVdwaFfWg4fMRIWhoO4rgusX
bIAC3l/AGDj4+oD0+KbTSsBpL5g4p/tIlElUXu6VRbcOqd24
-----END CERTIFICATE-----
Generated at Tue Oct 28 04:11:14 2025 by rpki-client