Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/3cf7ae9d-d863-4db2-9635-fb86479cf09a.roa
File: 3cf7ae9d-d863-4db2-9635-fb86479cf09a.roa (raw, json)
Hash identifier: tD3PdF/fVTFiBz6mX/2fpJW4mzZn1/WFvvgPqTDH8O0=
Subject key identifier: 71:88:EB:57:50:41:AE:22:16:E1:9E:C8:46:19:4E:5A:03:8D:DF:4F
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 308802F8EA43E9013E36F6BFEDAD94C965C45619
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/3cf7ae9d-d863-4db2-9635-fb86479cf09a.roa
Signing time: Tue 21 Oct 2025 14:30:30 +0000
ROA not before: Tue 21 Oct 2025 14:30:30 +0000
ROA not after: Tue 25 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d016::/38 maxlen: 38
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 29 Oct 2025 00:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
30:88:02:f8:ea:43:e9:01:3e:36:f6:bf:ed:ad:94:c9:65:c4:56:19
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Oct 21 14:30:30 2025 GMT
Not After : Nov 25 23:59:59 2025 GMT
Subject: serialNumber=429c88d6e49942cb0e03f62706ebe2ccfc089df716a681e6b53b124dcd74dd3c, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cc:0b:3d:a9:68:a4:dd:bb:e7:a9:0a:f6:5a:aa:
4e:da:77:9b:d5:ee:72:40:3e:ce:df:d0:59:83:a0:
a9:6a:15:46:43:06:d4:9f:a1:5d:4b:9e:eb:9a:10:
35:e1:eb:bb:99:4b:78:ea:0c:d9:a5:1d:9a:ca:e5:
7e:d0:48:90:b6:7b:0c:a1:cf:65:7a:68:86:3b:ef:
0b:d6:46:67:ce:26:50:93:c0:24:ef:81:d8:81:5f:
34:97:2d:07:b3:b1:6d:7f:af:0d:8f:ca:4e:16:f1:
b8:e7:d7:43:96:13:d5:d6:7b:7f:2e:bd:5c:f6:f2:
cd:a2:5d:7d:6f:1f:ab:0b:c3:a0:e1:05:a7:05:06:
58:ea:f9:54:62:f4:30:a2:fc:bf:2a:eb:33:bc:84:
f0:1e:af:2e:67:b7:01:9e:72:eb:2d:0a:f6:86:7a:
39:b4:b6:85:91:40:4a:32:4c:d0:83:e9:e5:b7:c1:
b9:b0:0a:df:d6:38:c6:88:8f:d6:1e:a8:25:c5:54:
40:e0:bf:2b:46:d4:0d:4b:9a:b4:28:46:42:43:37:
b7:1e:f1:b0:bb:ea:41:64:6e:50:95:ed:39:28:55:
56:b4:7e:51:e3:87:9e:b6:e7:1e:e3:5d:ad:65:e6:
ca:63:e0:80:99:bc:fd:2b:29:4c:a4:54:0e:93:f6:
79:77
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
71:88:EB:57:50:41:AE:22:16:E1:9E:C8:46:19:4E:5A:03:8D:DF:4F
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/3cf7ae9d-d863-4db2-9635-fb86479cf09a.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d016::/38
Signature Algorithm: sha256WithRSAEncryption
a7:14:fe:57:a6:32:22:43:07:fc:a6:b6:30:73:c1:63:d3:7b:
46:44:d9:2c:de:2e:55:de:9f:70:86:82:62:ef:1f:e0:4e:22:
85:9c:54:f9:4b:20:fd:39:85:32:ca:05:fa:55:f9:3c:2f:84:
5a:5b:03:33:36:f1:8b:3f:29:ed:e2:c1:ee:24:07:8a:ce:16:
3c:b7:f7:b4:24:db:39:88:a5:dd:f3:e8:cd:90:e6:c2:e1:0a:
83:84:07:5f:5b:38:a3:4a:ea:d1:f6:69:ec:65:fa:70:a5:2b:
71:cb:bd:7f:e0:48:4b:71:09:5b:c7:3d:2a:34:03:77:77:5a:
62:0e:88:9c:16:7f:95:6f:c3:92:d6:4c:f1:c0:05:55:57:87:
7b:cd:b6:14:e3:a6:5e:c6:0c:47:fc:df:0b:76:d5:2a:85:76:
64:ed:7c:f4:cd:97:f0:75:ed:e3:a8:00:44:26:c3:77:32:6f:
9e:73:3b:03:70:a1:4e:41:0b:fa:a7:55:7b:99:43:4e:72:0d:
27:b8:46:fd:54:6e:5c:36:b4:6e:cb:ef:a9:f6:cb:ff:11:51:
50:20:f7:82:d0:60:d5:a5:3f:3b:de:07:3e:19:59:cf:1f:d6:
e3:19:2f:ac:e7:4b:dc:9e:ec:f3:1a:00:7c:7c:0f:c9:2c:f3:
aa:bc:d3:90
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUMIgC+OpD6QE+Nva/7a2UyWXEVhkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMjExNDMwMzBaFw0yNTExMjUyMzU5NTlaMHoxSTBHBgNV
BAUTQDQyOWM4OGQ2ZTQ5OTQyY2IwZTAzZjYyNzA2ZWJlMmNjZmMwODlkZjcxNmE2
ODFlNmI1M2IxMjRkY2Q3NGRkM2MxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMwLPalopN2756kK9lqqTtp3m9XuckA+zt/QWYOgqWoVRkMG1J+hXUue65oQ
NeHru5lLeOoM2aUdmsrlftBIkLZ7DKHPZXpohjvvC9ZGZ84mUJPAJO+B2IFfNJct
B7OxbX+vDY/KThbxuOfXQ5YT1dZ7fy69XPbyzaJdfW8fqwvDoOEFpwUGWOr5VGL0
MKL8vyrrM7yE8B6vLme3AZ5y6y0K9oZ6ObS2hZFASjJM0IPp5bfBubAK39Y4xoiP
1h6oJcVUQOC/K0bUDUuatChGQkM3tx7xsLvqQWRuUJXtOShVVrR+UeOHnrbnHuNd
rWXmymPggJm8/SspTKRUDpP2eXcCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBRxiOtX
UEGuIhbhnshGGU5aA43fTzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
M2NmN2FlOWQtZDg2My00ZGIyLTk2MzUtZmI4NjQ3OWNmMDlhLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGAioF0BYA
MA0GCSqGSIb3DQEBCwUAA4IBAQCnFP5XpjIiQwf8prYwc8Fj03tGRNks3i5V3p9w
hoJi7x/gTiKFnFT5SyD9OYUyygX6Vfk8L4RaWwMzNvGLPynt4sHuJAeKzhY8t/e0
JNs5iKXd8+jNkObC4QqDhAdfWzijSurR9mnsZfpwpStxy71/4EhLcQlbxz0qNAN3
d1piDoicFn+Vb8OS1kzxwAVVV4d7zbYU46ZexgxH/N8LdtUqhXZk7Xz0zZfwde3j
qABEJsN3Mm+eczsDcKFOQQv6p1V7mUNOcg0nuEb9VG5cNrRuy++p9sv/EVFQIPeC
0GDVpT873gc+GVnPH9bjGS+s50vcnuzzGgB8fA/JLPOqvNOQ
-----END CERTIFICATE-----
Generated at Tue Oct 28 04:14:28 2025 by rpki-client