Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/2cee858e-c572-427b-8123-23b2e05abc40.roa
File: 2cee858e-c572-427b-8123-23b2e05abc40.roa (raw, json)
Hash identifier: ntN5l1XJCebmHp4LNxFyukq7tTNW87s0pO/O50mTvyM=
Subject key identifier: 09:0D:D5:48:E5:08:CD:0B:35:94:61:A7:DA:9C:1D:1B:20:2E:9D:02
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 0A856FAABA3F0F62C3F84D96BE38E38BF9BE7601
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/2cee858e-c572-427b-8123-23b2e05abc40.roa
Signing time: Tue 21 Oct 2025 13:10:14 +0000
ROA not before: Tue 21 Oct 2025 13:10:14 +0000
ROA not after: Tue 25 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d072:c080::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 28 Oct 2025 21:56:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
0a:85:6f:aa:ba:3f:0f:62:c3:f8:4d:96:be:38:e3:8b:f9:be:76:01
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Oct 21 13:10:14 2025 GMT
Not After : Nov 25 23:59:59 2025 GMT
Subject: serialNumber=c111783c4095b66e0724a19174852aca9fbe7ff0e1bea0dfd8419146d8ddb67b, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8d:6b:9a:33:30:52:72:1d:7e:dc:81:13:81:75:
97:d6:1e:70:7a:73:94:e6:94:7d:02:60:0e:d8:26:
fa:c1:02:39:99:34:c4:59:a7:bc:6a:d1:f7:0b:f4:
4b:56:5e:62:d0:9c:0c:c2:e0:f9:0a:49:b0:b7:79:
b0:7f:a9:81:c7:10:10:2c:15:83:ed:7e:33:10:ce:
4b:d0:61:cc:96:02:38:91:9b:76:e9:e5:0c:63:c3:
ae:f9:87:91:2d:8f:ee:90:80:f9:98:a8:fa:1f:c1:
54:b9:62:6b:9a:68:12:d8:6e:eb:09:00:39:d8:d9:
7b:0e:9c:d5:ac:97:8c:d5:17:3a:bd:fc:53:aa:6c:
8e:21:a2:f5:4a:f7:d6:71:70:1e:dc:57:85:cd:83:
ee:1c:44:21:15:60:34:d6:10:44:68:75:a3:d2:98:
98:ae:1a:65:c0:9e:a1:02:a4:01:b2:9a:83:b2:6f:
fb:59:32:4f:a8:19:c7:3e:2f:d3:d8:86:49:83:61:
41:21:94:e9:3f:50:00:3c:68:01:28:b0:92:f5:0f:
5e:60:5f:a9:e4:65:97:15:45:17:0c:1c:70:db:05:
51:43:a5:b0:b5:d2:51:4b:66:2f:dc:b6:08:49:74:
13:1c:e0:12:d6:fe:8e:dc:46:78:30:93:0c:78:00:
ed:37
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
09:0D:D5:48:E5:08:CD:0B:35:94:61:A7:DA:9C:1D:1B:20:2E:9D:02
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/2cee858e-c572-427b-8123-23b2e05abc40.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d072:c080::/48
Signature Algorithm: sha256WithRSAEncryption
95:a3:8a:56:6b:e0:33:06:3c:78:ae:a7:a2:ec:4b:d8:50:1d:
a7:14:ce:3a:16:03:e1:65:f3:f6:a0:17:e5:fb:b9:59:74:14:
5c:ff:9a:f4:b0:9b:a6:02:4d:22:5e:2d:f7:1a:b1:4f:5a:df:
60:82:cf:88:e4:06:1a:ce:65:e6:0a:48:a6:46:fd:e7:39:d1:
48:13:c1:73:73:e9:ef:8d:4a:09:5f:a2:29:e0:43:d0:1e:31:
5a:ac:e6:b1:14:05:50:83:e4:7c:1f:45:2f:75:74:ed:66:ea:
22:b3:18:9d:ad:ac:0b:a5:fa:ff:7f:97:1e:1f:93:3b:a0:7c:
29:68:fe:f0:c5:5e:32:f8:b8:ff:85:31:d7:e0:88:6d:27:04:
5b:83:67:bf:39:5a:c4:b7:ba:3d:2e:0b:72:f8:fc:e4:ce:e7:
45:d7:13:08:c9:61:63:74:1e:57:fe:07:d6:f8:2c:23:a0:1c:
03:fa:c9:c9:3f:b1:ac:da:0b:5b:49:ae:21:cd:c3:00:eb:5a:
c2:6c:57:ae:50:ae:46:0b:eb:9a:77:f7:52:97:6f:3c:69:c6:
c7:b7:61:41:ff:2d:54:de:91:b4:18:61:d4:44:26:b5:21:1f:
c8:59:a4:67:d1:84:78:e9:10:d2:20:a1:87:15:f6:95:e1:f4:
a5:61:33:24
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUCoVvqro/D2LD+E2Wvjjji/m+dgEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMjExMzEwMTRaFw0yNTExMjUyMzU5NTlaMHoxSTBHBgNV
BAUTQGMxMTE3ODNjNDA5NWI2NmUwNzI0YTE5MTc0ODUyYWNhOWZiZTdmZjBlMWJl
YTBkZmQ4NDE5MTQ2ZDhkZGI2N2IxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAI1rmjMwUnIdftyBE4F1l9YecHpzlOaUfQJgDtgm+sECOZk0xFmnvGrR9wv0
S1ZeYtCcDMLg+QpJsLd5sH+pgccQECwVg+1+MxDOS9BhzJYCOJGbdunlDGPDrvmH
kS2P7pCA+Zio+h/BVLlia5poEthu6wkAOdjZew6c1ayXjNUXOr38U6psjiGi9Ur3
1nFwHtxXhc2D7hxEIRVgNNYQRGh1o9KYmK4aZcCeoQKkAbKag7Jv+1kyT6gZxz4v
09iGSYNhQSGU6T9QADxoASiwkvUPXmBfqeRllxVFFwwccNsFUUOlsLXSUUtmL9y2
CEl0ExzgEtb+jtxGeDCTDHgA7TcCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBQJDdVI
5QjNCzWUYafanB0bIC6dAjAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MmNlZTg1OGUtYzU3Mi00MjdiLTgxMjMtMjNiMmUwNWFiYzQwLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0HLA
gDANBgkqhkiG9w0BAQsFAAOCAQEAlaOKVmvgMwY8eK6nouxL2FAdpxTOOhYD4WXz
9qAX5fu5WXQUXP+a9LCbpgJNIl4t9xqxT1rfYILPiOQGGs5l5gpIpkb95znRSBPB
c3Pp741KCV+iKeBD0B4xWqzmsRQFUIPkfB9FL3V07WbqIrMYna2sC6X6/3+XHh+T
O6B8KWj+8MVeMvi4/4Ux1+CIbScEW4NnvzlaxLe6PS4Lcvj85M7nRdcTCMlhY3Qe
V/4H1vgsI6AcA/rJyT+xrNoLW0muIc3DAOtawmxXrlCuRgvrmnf3UpdvPGnGx7dh
Qf8tVN6RtBhh1EQmtSEfyFmkZ9GEeOkQ0iChhxX2leH0pWEzJA==
-----END CERTIFICATE-----
Generated at Tue Oct 28 04:19:34 2025 by rpki-client