Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/278dd4fa-de02-446c-a4ac-184c5f35a577.roa
File: 278dd4fa-de02-446c-a4ac-184c5f35a577.roa (raw, json)
Hash identifier: s/7N2HOdPDVWkYXJ0sosnsBsHzjk539IR6Vq7vbgkIs=
Subject key identifier: 8D:F1:1B:46:9A:CC:1E:8F:34:29:70:DE:F2:E3:9B:3C:71:82:E4:EA
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 04121DE8E07E13C5385CAFD2F248C1E16275240C
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/278dd4fa-de02-446c-a4ac-184c5f35a577.roa
Signing time: Tue 21 Oct 2025 14:30:36 +0000
ROA not before: Tue 21 Oct 2025 14:30:36 +0000
ROA not after: Tue 25 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d07f:a000::/40 maxlen: 40
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 28 Oct 2025 21:56:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
04:12:1d:e8:e0:7e:13:c5:38:5c:af:d2:f2:48:c1:e1:62:75:24:0c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Oct 21 14:30:36 2025 GMT
Not After : Nov 25 23:59:59 2025 GMT
Subject: serialNumber=f2a97283e0b7e56a3e39e969afcfded6e94656157914e4e3d90342b4c3b649f1, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b4:56:14:8f:e9:fc:2d:75:09:25:48:34:3f:2d:
f5:80:7c:6f:2f:63:39:e0:4e:a1:6b:d2:8d:78:92:
ed:fe:b8:5c:9a:59:cf:b9:5b:c6:df:d7:18:0a:79:
87:ce:37:aa:1d:92:d5:13:6b:8c:d6:d7:25:76:eb:
6b:6b:f9:8d:5a:80:b1:5c:80:0d:e5:c1:09:fa:8e:
24:3b:80:17:a6:0c:ac:50:a3:de:94:24:33:b5:d5:
62:45:4c:d2:87:3e:16:a5:52:a1:be:f2:eb:9a:40:
92:04:78:b2:c1:8b:eb:61:d8:0b:e7:27:84:bc:62:
a2:f7:7a:10:e6:a0:35:dc:39:35:f1:aa:05:ce:06:
82:29:16:4c:ac:6e:cf:2b:e3:61:6b:4e:64:24:36:
28:8a:6d:b4:c4:d3:a6:54:9e:ca:64:8f:1f:77:c7:
b4:c5:5a:eb:23:ca:31:3f:04:c4:61:e1:a2:8b:7c:
55:2c:f9:a3:e7:de:58:f9:de:5d:1e:55:ae:36:f4:
2b:44:22:96:ff:59:14:2f:9a:0d:cb:0e:04:b4:7c:
da:8c:91:4f:65:c9:0f:40:ea:17:b7:ad:03:86:28:
3a:a9:6b:ec:24:05:13:31:1f:1c:88:b8:40:f7:96:
f1:02:bb:23:a1:14:4b:d1:0b:c0:43:a5:13:17:2c:
0c:75
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8D:F1:1B:46:9A:CC:1E:8F:34:29:70:DE:F2:E3:9B:3C:71:82:E4:EA
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/278dd4fa-de02-446c-a4ac-184c5f35a577.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d07f:a000::/40
Signature Algorithm: sha256WithRSAEncryption
75:ec:4b:ed:2c:d7:ed:da:bf:59:b7:3b:ef:3c:f8:df:ee:35:
16:65:24:79:c1:ef:a3:d8:16:97:0b:fa:d8:d3:23:6c:db:6d:
14:d7:01:a5:40:5d:b1:d9:aa:31:a4:c1:01:0a:b1:5e:39:5d:
90:00:c7:e9:99:8c:f7:49:03:14:fd:90:26:89:df:bf:1e:d9:
b2:88:aa:4f:d2:9d:3d:be:d5:9a:ed:ee:ed:da:e9:42:21:88:
d5:0c:fb:1f:02:a5:31:f3:3e:a0:1b:1e:fa:6c:01:14:64:97:
30:82:af:51:40:2b:3a:6a:de:ae:30:61:1d:6d:c0:62:9f:d6:
bf:5a:cc:77:a6:69:c9:8c:8f:f4:a4:27:69:3c:d4:6c:5d:55:
5c:de:45:4d:33:7e:f3:ef:0b:84:50:72:da:65:22:b0:11:20:
67:ce:0c:fe:97:44:f2:13:56:5d:f2:ad:a4:ca:78:8a:e5:74:
68:5c:d4:5b:11:09:ea:15:1f:19:ce:d1:d9:85:26:4e:5d:46:
60:d8:a0:16:72:71:8e:8e:5f:79:f6:77:4b:64:04:5f:ab:49:
87:d0:42:f3:65:9c:1c:da:3c:14:8b:2a:3f:e7:03:ac:82:48:
f5:5f:c9:d4:65:1f:c2:5c:11:b9:83:41:4a:d0:67:63:4d:70:
17:16:71:d6
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUBBId6OB+E8U4XK/S8kjB4WJ1JAwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMjExNDMwMzZaFw0yNTExMjUyMzU5NTlaMHoxSTBHBgNV
BAUTQGYyYTk3MjgzZTBiN2U1NmEzZTM5ZTk2OWFmY2ZkZWQ2ZTk0NjU2MTU3OTE0
ZTRlM2Q5MDM0MmI0YzNiNjQ5ZjExLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALRWFI/p/C11CSVIND8t9YB8by9jOeBOoWvSjXiS7f64XJpZz7lbxt/XGAp5
h843qh2S1RNrjNbXJXbra2v5jVqAsVyADeXBCfqOJDuAF6YMrFCj3pQkM7XVYkVM
0oc+FqVSob7y65pAkgR4ssGL62HYC+cnhLxiovd6EOagNdw5NfGqBc4GgikWTKxu
zyvjYWtOZCQ2KIpttMTTplSeymSPH3fHtMVa6yPKMT8ExGHhoot8VSz5o+feWPne
XR5Vrjb0K0Qilv9ZFC+aDcsOBLR82oyRT2XJD0DqF7etA4YoOqlr7CQFEzEfHIi4
QPeW8QK7I6EUS9ELwEOlExcsDHUCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBSN8RtG
mswejzQpcN7y45s8cYLk6jAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
Mjc4ZGQ0ZmEtZGUwMi00NDZjLWE0YWMtMTg0YzVmMzVhNTc3LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0H+g
MA0GCSqGSIb3DQEBCwUAA4IBAQB17EvtLNft2r9ZtzvvPPjf7jUWZSR5we+j2BaX
C/rY0yNs220U1wGlQF2x2aoxpMEBCrFeOV2QAMfpmYz3SQMU/ZAmid+/HtmyiKpP
0p09vtWa7e7t2ulCIYjVDPsfAqUx8z6gGx76bAEUZJcwgq9RQCs6at6uMGEdbcBi
n9a/Wsx3pmnJjI/0pCdpPNRsXVVc3kVNM37z7wuEUHLaZSKwESBnzgz+l0TyE1Zd
8q2kyniK5XRoXNRbEQnqFR8ZztHZhSZOXUZg2KAWcnGOjl959ndLZARfq0mH0ELz
ZZwc2jwUiyo/5wOsgkj1X8nUZR/CXBG5g0FK0GdjTXAXFnHW
-----END CERTIFICATE-----
Generated at Tue Oct 28 04:09:13 2025 by rpki-client