Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/2dfb202f-6202-48da-a3b3-94f1ac000bc9.roa
File: 2dfb202f-6202-48da-a3b3-94f1ac000bc9.roa (raw, json)
Hash identifier: Ip7+cxPYB0iXQHq6w8wDrVXKv9/rIewUfCgyccwcnns=
Subject key identifier: 3A:D2:0F:F5:34:6D:03:86:3C:D5:91:97:E2:23:DE:EF:78:3F:4E:DF
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 792154E441B59CD5DD2DC738E48FF8E4B09A91CA
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/2dfb202f-6202-48da-a3b3-94f1ac000bc9.roa
Signing time: Tue 21 Oct 2025 14:40:04 +0000
ROA not before: Tue 21 Oct 2025 14:40:04 +0000
ROA not after: Tue 25 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d050:9000::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 28 Oct 2025 21:56:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
79:21:54:e4:41:b5:9c:d5:dd:2d:c7:38:e4:8f:f8:e4:b0:9a:91:ca
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Oct 21 14:40:04 2025 GMT
Not After : Nov 25 23:59:59 2025 GMT
Subject: serialNumber=cae2341ef7689170b05274594572031bef44884b9ef454320a3fa43d173c15a9, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d6:c6:e3:90:e4:b6:bc:83:f5:51:50:28:8b:e2:
5d:fb:25:cf:24:2a:4a:0c:95:7e:6e:68:3c:3f:5e:
37:2a:27:18:d6:4a:88:70:f3:e5:7a:e9:11:be:74:
fe:93:74:12:39:61:36:5e:a3:57:4b:d5:14:a5:87:
31:65:3b:2e:a2:96:bc:ec:59:39:31:65:c6:ce:ec:
21:6c:cf:6d:aa:72:a3:7c:90:d5:d6:62:5c:90:82:
fd:1c:bc:6c:cd:33:0e:b2:4b:67:db:0d:7f:d4:d6:
64:49:2b:72:42:20:33:6c:0d:8b:85:d0:a4:fb:3a:
df:d8:28:a0:ef:07:27:e9:cc:0f:08:5d:6a:9e:4b:
94:07:4c:47:e1:5a:c8:4a:61:85:7e:58:42:b8:34:
fa:a9:7c:e4:3d:e3:af:e9:1a:ef:ee:5d:63:14:d7:
87:5a:50:3e:a3:2b:dd:1b:c4:54:aa:da:4b:be:8e:
bd:08:60:c1:4e:bc:4b:e6:44:2e:fe:8e:e6:da:b0:
53:0a:c5:c4:c2:04:39:9d:55:3e:14:38:8e:48:b3:
e9:b0:c8:ae:0b:0b:6c:e3:87:1d:6e:8e:d9:9c:82:
2b:c1:75:4a:73:96:c5:48:96:ab:dc:1b:06:a9:67:
00:c0:6d:e3:f7:db:40:28:4f:3c:ab:86:99:72:2d:
54:6f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3A:D2:0F:F5:34:6D:03:86:3C:D5:91:97:E2:23:DE:EF:78:3F:4E:DF
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/2dfb202f-6202-48da-a3b3-94f1ac000bc9.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d050:9000::/40
Signature Algorithm: sha256WithRSAEncryption
38:fe:c6:3d:5a:90:97:51:0a:c0:0d:c4:ee:55:ae:60:61:c3:
f4:6c:90:85:d5:89:7f:9c:f2:1c:a0:35:98:c0:a7:96:10:d5:
fc:99:57:88:28:02:f2:2d:0d:3a:1b:de:9e:2e:9d:b4:4d:d8:
2d:c0:61:aa:d0:7b:b1:e8:2c:08:70:d5:c5:d5:ac:9a:bd:08:
85:98:94:d6:47:ff:6b:69:f7:8f:9f:60:72:74:93:0b:0e:5b:
8e:b4:37:c4:58:67:8c:5a:dc:28:97:20:26:1f:be:56:5b:6e:
8e:0d:73:61:cd:4a:19:39:e4:33:3d:f6:c5:70:d1:04:d7:a4:
1d:c6:48:46:43:6f:9d:f4:5c:11:2a:33:40:3f:67:e2:6e:d5:
50:f0:bf:d7:8a:91:6d:d9:57:f2:e8:4f:c0:da:97:6a:7a:d9:
d8:1b:bf:86:13:b1:8a:88:56:75:38:2d:47:3c:e5:b9:b1:99:
fd:6a:7d:5c:f4:08:35:ef:3a:6b:25:8d:3a:b8:b6:d6:fe:5a:
f3:d6:21:01:fd:d0:b4:38:37:1c:fc:a3:d4:6b:5a:fc:54:f9:
a3:91:4a:b5:73:d3:5e:67:7f:7a:d1:79:76:dc:65:30:c4:2e:
24:f0:dc:5d:ac:98:8b:f7:af:0d:ab:7b:0e:f6:89:c1:30:83:
8d:fd:9e:37
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUeSFU5EG1nNXdLcc45I/45LCakcowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMjExNDQwMDRaFw0yNTExMjUyMzU5NTlaMHoxSTBHBgNV
BAUTQGNhZTIzNDFlZjc2ODkxNzBiMDUyNzQ1OTQ1NzIwMzFiZWY0NDg4NGI5ZWY0
NTQzMjBhM2ZhNDNkMTczYzE1YTkxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANbG45DktryD9VFQKIviXfslzyQqSgyVfm5oPD9eNyonGNZKiHDz5XrpEb50
/pN0EjlhNl6jV0vVFKWHMWU7LqKWvOxZOTFlxs7sIWzPbapyo3yQ1dZiXJCC/Ry8
bM0zDrJLZ9sNf9TWZEkrckIgM2wNi4XQpPs639gooO8HJ+nMDwhdap5LlAdMR+Fa
yEphhX5YQrg0+ql85D3jr+ka7+5dYxTXh1pQPqMr3RvEVKraS76OvQhgwU68S+ZE
Lv6O5tqwUwrFxMIEOZ1VPhQ4jkiz6bDIrgsLbOOHHW6O2ZyCK8F1SnOWxUiWq9wb
BqlnAMBt4/fbQChPPKuGmXItVG8CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBQ60g/1
NG0DhjzVkZfiI97veD9O3zAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MmRmYjIwMmYtNjIwMi00OGRhLWEzYjMtOTRmMWFjMDAwYmM5LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0FCQ
MA0GCSqGSIb3DQEBCwUAA4IBAQA4/sY9WpCXUQrADcTuVa5gYcP0bJCF1Yl/nPIc
oDWYwKeWENX8mVeIKALyLQ06G96eLp20TdgtwGGq0Hux6CwIcNXF1ayavQiFmJTW
R/9rafePn2BydJMLDluOtDfEWGeMWtwolyAmH75WW26ODXNhzUoZOeQzPfbFcNEE
16QdxkhGQ2+d9FwRKjNAP2fibtVQ8L/XipFt2Vfy6E/A2pdqetnYG7+GE7GKiFZ1
OC1HPOW5sZn9an1c9Ag17zprJY06uLbW/lrz1iEB/dC0ODcc/KPUa1r8VPmjkUq1
c9NeZ3960Xl23GUwxC4k8NxdrJiL968Nq3sO9onBMION/Z43
-----END CERTIFICATE-----
Generated at Tue Oct 28 04:11:54 2025 by rpki-client