Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/28fc43ad-0c3b-4d77-aa32-5efc431e69c3.roa
File: 28fc43ad-0c3b-4d77-aa32-5efc431e69c3.roa (raw, json)
Hash identifier: dlbdDVYhAOslwJwcKDvYXOMn4v0c4Ot/cK1qKS0FMYk=
Subject key identifier: D7:93:A0:27:16:52:EF:EE:D7:CD:3F:20:6E:3F:50:95:50:29:B0:A9
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 0BB4F2BE18A5B09574935AA1BE1E5B207A2CDE78
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/28fc43ad-0c3b-4d77-aa32-5efc431e69c3.roa
Signing time: Tue 21 Oct 2025 14:31:15 +0000
ROA not before: Tue 21 Oct 2025 14:31:15 +0000
ROA not after: Tue 25 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d07f:80e0::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 28 Oct 2025 21:56:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
0b:b4:f2:be:18:a5:b0:95:74:93:5a:a1:be:1e:5b:20:7a:2c:de:78
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Oct 21 14:31:15 2025 GMT
Not After : Nov 25 23:59:59 2025 GMT
Subject: serialNumber=a32a99d72eae3e8ae2e6f359ba946dcbe0c7b9091de54677dc0cb7ce9b755362, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9c:b8:41:bb:c0:84:32:f2:02:b7:53:23:9e:3c:
37:51:48:94:94:37:91:12:41:c4:94:01:fb:63:85:
a5:6d:54:6e:6a:3a:25:2b:c2:de:2f:6f:80:06:33:
03:e7:85:d5:71:c1:29:66:99:34:b5:e7:2d:d5:39:
a6:f4:94:c7:1c:1e:4e:06:fd:d4:e3:41:01:56:81:
47:bd:95:bb:2a:e9:e7:72:41:f4:eb:1f:ca:e3:27:
3f:53:3b:02:fc:5d:e6:45:92:08:f6:09:bf:3d:3d:
c7:a3:65:a5:5a:62:85:18:d4:ae:23:e4:94:d1:85:
1f:ae:20:83:ed:58:80:e7:4f:36:1a:80:36:60:66:
a3:73:7f:2f:c2:fa:ac:9b:17:cd:c3:7e:47:e9:e4:
4b:09:06:24:fe:72:0f:ed:bd:89:6e:cb:67:65:6c:
2a:76:5e:47:3b:c3:18:8a:3d:83:40:d8:78:55:d7:
6a:f7:d8:75:ec:52:ea:31:23:01:d9:53:bb:03:58:
a8:e4:08:96:6f:bd:94:47:98:a8:cc:df:23:48:b8:
69:98:3d:81:34:a7:91:dd:62:cb:24:2b:26:b3:ed:
59:f1:3b:df:44:67:1b:09:22:0f:ac:98:f5:aa:5b:
1b:76:ee:b5:bf:aa:09:34:14:0e:ab:b6:db:9a:9d:
b8:f7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D7:93:A0:27:16:52:EF:EE:D7:CD:3F:20:6E:3F:50:95:50:29:B0:A9
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/28fc43ad-0c3b-4d77-aa32-5efc431e69c3.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d07f:80e0::/48
Signature Algorithm: sha256WithRSAEncryption
6b:54:bf:f7:1a:7c:86:cd:5d:27:58:6b:e8:30:e4:cf:da:25:
55:ec:5c:0b:bd:01:18:19:e1:6b:75:6e:e4:cc:9e:24:b2:a7:
d7:e9:ea:91:fd:21:9e:83:ab:6e:47:d6:c4:3a:d9:f3:e8:46:
4e:30:51:2d:f5:a9:47:86:92:52:3b:81:5a:41:3d:bb:c7:12:
1c:00:6e:3c:40:9c:8b:e1:73:55:f4:58:3a:48:4f:ad:05:36:
1a:2a:2a:2b:11:fb:0a:ae:ef:35:e5:89:e2:67:57:7e:c5:db:
c2:ec:30:3f:2b:f8:8b:50:6a:33:38:41:53:3d:c0:bb:ad:25:
d9:a9:44:7c:02:25:f8:04:af:3f:7a:ca:3a:68:2d:ce:11:1b:
04:c3:ed:3b:a6:ec:b3:1b:f4:39:53:eb:31:e2:13:89:69:bb:
82:6f:fb:b7:f3:b5:6e:c0:4f:5e:28:59:0c:79:51:ac:76:05:
c1:d8:c8:16:2c:99:2c:d7:76:b9:55:b9:c9:27:ba:43:86:4f:
e5:b1:d9:7a:a0:2a:8b:29:4a:80:b9:2e:21:0e:d4:54:79:53:
c8:58:ed:04:41:c6:2d:b6:5c:1e:25:5a:04:58:a1:2c:77:50:
bb:79:1b:d3:3b:ff:26:01:23:58:fc:42:90:db:ff:46:5a:90:
a7:ec:35:d4
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUC7TyvhilsJV0k1qhvh5bIHos3ngwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMjExNDMxMTVaFw0yNTExMjUyMzU5NTlaMHoxSTBHBgNV
BAUTQGEzMmE5OWQ3MmVhZTNlOGFlMmU2ZjM1OWJhOTQ2ZGNiZTBjN2I5MDkxZGU1
NDY3N2RjMGNiN2NlOWI3NTUzNjIxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJy4QbvAhDLyArdTI548N1FIlJQ3kRJBxJQB+2OFpW1Ubmo6JSvC3i9vgAYz
A+eF1XHBKWaZNLXnLdU5pvSUxxweTgb91ONBAVaBR72Vuyrp53JB9OsfyuMnP1M7
Avxd5kWSCPYJvz09x6NlpVpihRjUriPklNGFH64gg+1YgOdPNhqANmBmo3N/L8L6
rJsXzcN+R+nkSwkGJP5yD+29iW7LZ2VsKnZeRzvDGIo9g0DYeFXXavfYdexS6jEj
AdlTuwNYqOQIlm+9lEeYqMzfI0i4aZg9gTSnkd1iyyQrJrPtWfE730RnGwkiD6yY
9apbG3butb+qCTQUDqu225qduPcCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBTXk6An
FlLv7tfNPyBuP1CVUCmwqTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MjhmYzQzYWQtMGMzYi00ZDc3LWFhMzItNWVmYzQzMWU2OWMzLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0H+A
4DANBgkqhkiG9w0BAQsFAAOCAQEAa1S/9xp8hs1dJ1hr6DDkz9olVexcC70BGBnh
a3Vu5MyeJLKn1+nqkf0hnoOrbkfWxDrZ8+hGTjBRLfWpR4aSUjuBWkE9u8cSHABu
PECci+FzVfRYOkhPrQU2GioqKxH7Cq7vNeWJ4mdXfsXbwuwwPyv4i1BqMzhBUz3A
u60l2alEfAIl+ASvP3rKOmgtzhEbBMPtO6bssxv0OVPrMeITiWm7gm/7t/O1bsBP
XihZDHlRrHYFwdjIFiyZLNd2uVW5ySe6Q4ZP5bHZeqAqiylKgLkuIQ7UVHlTyFjt
BEHGLbZcHiVaBFihLHdQu3kb0zv/JgEjWPxCkNv/RlqQp+w11A==
-----END CERTIFICATE-----
Generated at Tue Oct 28 04:11:55 2025 by rpki-client