Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/3a6271c8-6f02-45f1-97d6-ce27b463d3b5.roa
File: 3a6271c8-6f02-45f1-97d6-ce27b463d3b5.roa (raw, json)
Hash identifier: YQ/SmenwJCr/G2qrvwr9f2NmDLxThjUhhImNar/Q7vk=
Subject key identifier: 5B:24:EC:01:3A:B5:6C:07:C9:F6:CA:4A:C1:6B:78:F4:F9:2B:05:07
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 662D9E371B81454B3A6EC9DD225D0AF96D86C24C
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/3a6271c8-6f02-45f1-97d6-ce27b463d3b5.roa
Signing time: Tue 21 Oct 2025 14:00:09 +0000
ROA not before: Tue 21 Oct 2025 14:00:09 +0000
ROA not after: Tue 25 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d03a:a000::/40 maxlen: 40
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 28 Oct 2025 21:56:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
66:2d:9e:37:1b:81:45:4b:3a:6e:c9:dd:22:5d:0a:f9:6d:86:c2:4c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Oct 21 14:00:09 2025 GMT
Not After : Nov 25 23:59:59 2025 GMT
Subject: serialNumber=d0366ae24efe42208b7cd650daaa55e216d613c6336a6f26c657431b4ef2aef7, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b1:a8:ab:ef:3c:31:aa:ce:56:da:ec:ad:aa:77:
e1:8e:44:90:13:21:19:a0:d2:67:70:15:87:28:c1:
46:7e:66:88:4e:7a:2e:10:a2:8f:d0:43:f9:b7:be:
88:bf:6f:2e:8f:7b:23:5f:6f:f4:ab:9e:77:47:f8:
a9:ec:9f:39:d7:6c:2f:76:4b:2f:b1:de:90:25:18:
23:2b:88:a1:7a:1e:81:bb:8e:24:0a:81:c8:37:01:
9f:fa:4f:8b:40:ee:80:20:06:7f:2f:96:de:8f:ec:
5b:dc:bd:15:30:d8:0b:db:f1:1f:e8:0e:92:15:9e:
89:13:15:61:e1:5e:f4:9f:9e:e1:b7:b5:a5:3b:2e:
3d:23:46:1b:69:ef:3d:1d:75:53:0f:8b:b2:d4:ab:
eb:44:10:b5:36:57:fe:ee:31:41:9a:3d:22:d7:3d:
22:3d:b2:a7:df:3e:90:f7:23:38:94:35:ba:5c:bc:
36:aa:04:8c:80:9d:d6:50:83:74:c3:b5:2a:1e:9e:
12:bf:d4:05:21:ad:b7:99:13:69:24:ae:fd:9d:e6:
7f:72:17:a1:86:89:fe:5e:f8:47:1b:62:8d:3d:cc:
89:fc:66:f7:ee:0b:e9:3e:f1:5b:59:af:3f:c8:40:
71:3b:73:8a:a7:d8:c0:5e:2b:42:d0:16:b7:27:7a:
f2:73
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5B:24:EC:01:3A:B5:6C:07:C9:F6:CA:4A:C1:6B:78:F4:F9:2B:05:07
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/3a6271c8-6f02-45f1-97d6-ce27b463d3b5.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d03a:a000::/40
Signature Algorithm: sha256WithRSAEncryption
8a:24:e7:3a:90:2a:0f:86:09:15:00:c3:04:80:2e:ed:32:94:
82:5a:d4:87:d1:77:0d:4b:d9:91:f6:d2:3d:f6:1b:45:2d:d4:
4c:f5:35:dc:1b:4b:2e:f3:ba:25:ad:97:28:ef:be:1c:29:19:
c2:66:9c:7a:12:3d:16:7e:63:90:1c:e3:dc:cd:37:6b:31:69:
06:27:59:1b:ba:ab:9d:44:73:20:4a:ba:b1:46:ed:35:ae:3f:
17:c6:d7:d5:86:89:fb:a3:72:3c:54:52:c9:0a:b4:04:82:e6:
b6:2a:bd:13:90:48:ea:6d:c5:41:41:5f:92:86:98:89:72:20:
96:03:e9:c5:2c:5e:49:05:4a:86:88:41:eb:2f:49:f4:71:f3:
0f:d5:c2:1f:f5:49:34:d6:8a:33:1c:e5:0e:5c:34:8f:4e:eb:
ca:3d:01:0c:52:77:af:4d:7c:12:7e:41:01:df:3a:aa:91:26:
c8:a5:f0:a3:41:6f:a7:29:72:60:1e:61:77:e0:63:bd:f3:84:
09:d8:1a:17:e2:b7:a1:67:53:39:6c:0e:c6:80:25:ce:76:a7:
a4:7e:e1:3d:45:ee:5f:11:88:a8:19:8a:8f:52:cb:d3:e7:77:
19:c5:94:76:5b:07:10:c6:7c:12:fc:c8:44:32:5d:09:eb:d9:
64:7a:b0:e9
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUZi2eNxuBRUs6bsndIl0K+W2GwkwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMjExNDAwMDlaFw0yNTExMjUyMzU5NTlaMHoxSTBHBgNV
BAUTQGQwMzY2YWUyNGVmZTQyMjA4YjdjZDY1MGRhYWE1NWUyMTZkNjEzYzYzMzZh
NmYyNmM2NTc0MzFiNGVmMmFlZjcxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALGoq+88MarOVtrsrap34Y5EkBMhGaDSZ3AVhyjBRn5miE56LhCij9BD+be+
iL9vLo97I19v9Kued0f4qeyfOddsL3ZLL7HekCUYIyuIoXoegbuOJAqByDcBn/pP
i0DugCAGfy+W3o/sW9y9FTDYC9vxH+gOkhWeiRMVYeFe9J+e4be1pTsuPSNGG2nv
PR11Uw+LstSr60QQtTZX/u4xQZo9Itc9Ij2yp98+kPcjOJQ1uly8NqoEjICd1lCD
dMO1Kh6eEr/UBSGtt5kTaSSu/Z3mf3IXoYaJ/l74RxtijT3Mifxm9+4L6T7xW1mv
P8hAcTtziqfYwF4rQtAWtyd68nMCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBRbJOwB
OrVsB8n2ykrBa3j0+SsFBzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
M2E2MjcxYzgtNmYwMi00NWYxLTk3ZDYtY2UyN2I0NjNkM2I1LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0Dqg
MA0GCSqGSIb3DQEBCwUAA4IBAQCKJOc6kCoPhgkVAMMEgC7tMpSCWtSH0XcNS9mR
9tI99htFLdRM9TXcG0su87olrZco774cKRnCZpx6Ej0WfmOQHOPczTdrMWkGJ1kb
uqudRHMgSrqxRu01rj8XxtfVhon7o3I8VFLJCrQEgua2Kr0TkEjqbcVBQV+ShpiJ
ciCWA+nFLF5JBUqGiEHrL0n0cfMP1cIf9Uk01oozHOUOXDSPTuvKPQEMUnevTXwS
fkEB3zqqkSbIpfCjQW+nKXJgHmF34GO984QJ2BoX4rehZ1M5bA7GgCXOdqekfuE9
Re5fEYioGYqPUsvT53cZxZR2WwcQxnwS/MhEMl0J69lkerDp
-----END CERTIFICATE-----
Generated at Tue Oct 28 04:14:28 2025 by rpki-client