Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/35ae0aa1-bb4f-48d3-9926-1e5852d54c6d.roa
File: 35ae0aa1-bb4f-48d3-9926-1e5852d54c6d.roa (raw, json)
Hash identifier: Jl2BS5FlxuQCPZRewID/6s+q3JmD6B31wAKLJaN3e+Y=
Subject key identifier: B8:8F:AD:60:B9:98:BF:86:55:DE:42:1E:A7:36:BB:60:A9:FD:87:C8
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 613F2F6DF27235EBA278FDAA626169DB7C485664
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/35ae0aa1-bb4f-48d3-9926-1e5852d54c6d.roa
Signing time: Tue 21 Oct 2025 13:30:46 +0000
ROA not before: Tue 21 Oct 2025 13:30:46 +0000
ROA not after: Tue 25 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d07f:40a0::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 28 Oct 2025 21:56:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
61:3f:2f:6d:f2:72:35:eb:a2:78:fd:aa:62:61:69:db:7c:48:56:64
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Oct 21 13:30:46 2025 GMT
Not After : Nov 25 23:59:59 2025 GMT
Subject: serialNumber=ccf96fbc5416155c6fceb398e024ebd2116744c92d068d3462cf6ee36e45602e, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c7:0f:5c:06:d1:a4:f4:51:29:ce:1f:6d:b4:2f:
9d:d3:74:43:d8:11:e9:b0:3e:ae:4c:bb:4a:a3:ab:
f2:89:f3:e1:c1:d3:de:20:76:b8:9e:6a:86:14:ca:
8b:d2:92:d2:4e:15:70:c6:d3:9c:a7:e6:c8:b6:89:
98:bb:3e:99:33:cc:49:d0:4d:0a:ee:97:34:bd:12:
35:d9:d6:13:56:db:59:3b:f4:2e:db:b6:07:b8:97:
fb:8a:1d:b7:df:15:c2:7e:ff:c9:8c:26:1a:03:d4:
e3:15:f8:b4:67:53:ad:5e:9a:28:14:5b:6c:75:e1:
44:c2:60:c7:3e:73:d3:4b:c8:17:95:d1:f4:7f:83:
6c:d9:a0:31:57:a3:fa:7c:65:91:42:e1:9a:ca:d3:
ce:89:e7:fa:56:3e:c4:11:94:f7:45:c2:ed:0f:80:
16:2b:be:b2:66:89:23:20:b1:70:2a:a8:87:fb:9a:
69:9f:aa:30:c3:1e:60:b1:a4:ef:e0:3a:f2:9b:ca:
40:35:c3:99:49:9d:dc:ad:7c:28:89:4b:a8:5f:be:
d7:f1:e2:22:d3:c3:d0:70:e6:85:87:72:1e:61:df:
37:5e:1e:0c:f6:f7:8e:0c:cc:4f:10:98:c7:bd:ea:
f0:6a:9a:c0:20:af:0f:44:2f:a3:10:76:69:72:a7:
b9:db
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B8:8F:AD:60:B9:98:BF:86:55:DE:42:1E:A7:36:BB:60:A9:FD:87:C8
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/35ae0aa1-bb4f-48d3-9926-1e5852d54c6d.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d07f:40a0::/48
Signature Algorithm: sha256WithRSAEncryption
70:2a:8d:66:a2:73:8a:e9:24:8d:fc:b0:a6:8e:25:13:6d:b1:
82:43:06:52:6b:62:4f:25:c3:09:ec:7e:b5:67:97:cd:13:cc:
82:fe:b8:57:aa:de:1f:20:8c:e8:1d:af:95:7a:20:1f:0a:3d:
71:bc:33:6e:c9:d1:01:04:fe:9e:a9:df:1d:81:fe:03:98:70:
90:7a:c5:98:8b:38:4d:cc:a2:1d:fe:0a:04:16:0d:61:a5:2e:
c8:f5:86:ca:48:82:9f:af:6f:32:52:a3:21:b3:ba:3b:46:c2:
7b:5a:6a:77:84:f0:f0:b1:e3:d1:e2:0c:0b:16:71:60:51:49:
f5:0e:eb:a8:73:ff:86:12:8f:62:aa:07:21:9a:d0:dd:ce:88:
c6:08:23:34:f3:56:f8:a2:7f:38:d6:d2:0e:d9:c2:48:5d:ce:
7a:af:6b:7b:5a:1b:7a:da:eb:b1:96:b0:21:2e:91:10:b1:31:
19:99:71:de:d6:a6:51:62:a8:2e:66:e7:dd:a0:02:2c:0b:95:
fb:cb:8e:92:58:d3:a4:c8:51:4f:c3:ee:dc:76:24:e9:44:d4:
f3:bf:a9:11:b3:af:8f:a3:4a:58:b1:af:a0:03:8a:c9:8a:a3:
c4:8d:f7:f9:16:69:46:63:70:91:86:31:87:09:d9:e2:5b:1c:
5c:44:fd:61
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUYT8vbfJyNeuieP2qYmFp23xIVmQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMjExMzMwNDZaFw0yNTExMjUyMzU5NTlaMHoxSTBHBgNV
BAUTQGNjZjk2ZmJjNTQxNjE1NWM2ZmNlYjM5OGUwMjRlYmQyMTE2NzQ0YzkyZDA2
OGQzNDYyY2Y2ZWUzNmU0NTYwMmUxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMcPXAbRpPRRKc4fbbQvndN0Q9gR6bA+rky7SqOr8onz4cHT3iB2uJ5qhhTK
i9KS0k4VcMbTnKfmyLaJmLs+mTPMSdBNCu6XNL0SNdnWE1bbWTv0Ltu2B7iX+4od
t98Vwn7/yYwmGgPU4xX4tGdTrV6aKBRbbHXhRMJgxz5z00vIF5XR9H+DbNmgMVej
+nxlkULhmsrTzonn+lY+xBGU90XC7Q+AFiu+smaJIyCxcCqoh/uaaZ+qMMMeYLGk
7+A68pvKQDXDmUmd3K18KIlLqF++1/HiItPD0HDmhYdyHmHfN14eDPb3jgzMTxCY
x73q8GqawCCvD0QvoxB2aXKnudsCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBS4j61g
uZi/hlXeQh6nNrtgqf2HyDAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MzVhZTBhYTEtYmI0Zi00OGQzLTk5MjYtMWU1ODUyZDU0YzZkLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0H9A
oDANBgkqhkiG9w0BAQsFAAOCAQEAcCqNZqJziukkjfywpo4lE22xgkMGUmtiTyXD
Cex+tWeXzRPMgv64V6reHyCM6B2vlXogHwo9cbwzbsnRAQT+nqnfHYH+A5hwkHrF
mIs4TcyiHf4KBBYNYaUuyPWGykiCn69vMlKjIbO6O0bCe1pqd4Tw8LHj0eIMCxZx
YFFJ9Q7rqHP/hhKPYqoHIZrQ3c6IxggjNPNW+KJ/ONbSDtnCSF3Oeq9re1obetrr
sZawIS6RELExGZlx3tamUWKoLmbn3aACLAuV+8uOkljTpMhRT8Pu3HYk6UTU87+p
EbOvj6NKWLGvoAOKyYqjxI33+RZpRmNwkYYxhwnZ4lscXET9YQ==
-----END CERTIFICATE-----
Generated at Tue Oct 28 04:19:30 2025 by rpki-client