Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/3ef5e7b8-24ad-41af-8334-2eff292a769d.roa
File: 3ef5e7b8-24ad-41af-8334-2eff292a769d.roa (raw, json)
Hash identifier: +AAJAStIZY/PcgG+0eLYzG9lWebcscEeC6M+1CKprdk=
Subject key identifier: EE:D9:02:0B:A1:94:0C:3C:B7:96:3D:B6:70:3F:D3:FF:9F:AF:D6:49
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 2E97A37E72EF4EF7D91E85F01904950BB83D7DAA
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/3ef5e7b8-24ad-41af-8334-2eff292a769d.roa
Signing time: Tue 21 Oct 2025 14:10:10 +0000
ROA not before: Tue 21 Oct 2025 14:10:10 +0000
ROA not after: Tue 25 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d07f:60c0::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 29 Oct 2025 00:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
2e:97:a3:7e:72:ef:4e:f7:d9:1e:85:f0:19:04:95:0b:b8:3d:7d:aa
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Oct 21 14:10:10 2025 GMT
Not After : Nov 25 23:59:59 2025 GMT
Subject: serialNumber=bdf6f34b454a5a94e8e52c526f160afd972d6a234e6b382d66826a3bb700a91c, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b6:4e:f7:65:b1:88:41:fc:85:52:18:41:f1:0d:
0d:09:1a:75:be:67:ff:7d:6f:ac:ea:82:b6:4c:09:
2d:5c:38:d4:65:05:ae:e9:b3:b2:47:58:78:4d:be:
d6:e6:f5:b7:e8:12:11:1e:00:96:8e:33:26:0a:8b:
8e:17:7e:9e:36:bd:a3:a9:4f:2a:67:43:25:b6:f6:
9d:c3:9c:a4:96:cf:05:2b:08:fd:9e:aa:98:74:8b:
e1:8c:42:3b:fd:ca:e3:5c:fe:12:a2:e0:7b:cc:c5:
4d:4f:79:70:88:9c:ef:83:76:67:a5:32:20:9d:38:
96:ab:c5:65:70:a7:9f:f6:2d:9c:88:e5:84:1b:87:
4a:38:f3:07:02:81:57:98:9c:f1:7c:d6:47:82:fe:
d1:80:ce:b6:d9:a4:f9:dd:68:01:5b:40:ec:60:42:
6f:27:64:60:ce:24:bd:10:2e:32:97:d4:d6:78:a6:
46:73:61:31:26:07:57:fb:c5:49:c1:d9:63:9d:05:
69:fb:56:e8:b9:16:92:2f:ac:f5:60:68:bb:48:0b:
db:c3:c1:82:8b:e0:ab:e9:e6:97:3c:2d:15:8d:2d:
27:88:84:2c:c9:cb:ef:53:cf:17:7f:25:18:26:9b:
e7:0e:73:20:ab:7c:e7:86:a6:67:a6:c5:ad:f8:0a:
e1:99
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
EE:D9:02:0B:A1:94:0C:3C:B7:96:3D:B6:70:3F:D3:FF:9F:AF:D6:49
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/3ef5e7b8-24ad-41af-8334-2eff292a769d.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d07f:60c0::/48
Signature Algorithm: sha256WithRSAEncryption
08:49:37:50:f9:c5:52:19:c3:db:2b:09:68:47:d4:51:14:54:
9c:a4:24:7f:41:01:9a:df:60:6b:dc:cb:f7:f6:ae:12:c6:e2:
29:0b:fc:ea:b7:06:40:b5:d0:40:28:1c:ff:60:0e:06:c6:7b:
07:3e:41:fc:07:13:0b:3f:30:4f:18:30:12:05:4c:3c:7b:26:
a1:78:d5:21:79:0e:b2:be:e0:cc:11:7d:d3:91:ed:86:6a:bb:
6e:dd:7c:54:b9:08:bb:d2:b2:1d:76:6b:3d:88:6d:9a:a7:30:
12:77:b3:36:3a:5c:41:20:6d:61:97:f1:f4:64:05:17:fd:18:
09:4f:6e:09:9a:1c:6a:3b:0e:18:03:5a:25:cb:cb:28:3a:09:
a5:0d:f2:07:fd:60:63:ee:33:8d:e0:a0:fd:59:e7:ef:87:a5:
4c:ba:aa:10:bf:2f:fc:f0:63:88:29:4c:43:99:f1:e9:a3:bf:
e5:8f:34:45:ba:9a:f7:3f:80:1a:cd:24:44:60:84:28:0e:65:
ce:f4:c3:d6:1f:d3:c8:c5:17:46:b6:0f:3e:32:95:11:cb:2e:
1c:33:24:e5:34:63:55:2d:cb:05:40:1d:02:5b:a0:80:27:c6:
c2:82:29:b9:7b:3e:40:50:9d:33:d9:b3:9c:91:1a:c5:1f:f6:
ba:14:2e:05
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIULpejfnLvTvfZHoXwGQSVC7g9faowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMjExNDEwMTBaFw0yNTExMjUyMzU5NTlaMHoxSTBHBgNV
BAUTQGJkZjZmMzRiNDU0YTVhOTRlOGU1MmM1MjZmMTYwYWZkOTcyZDZhMjM0ZTZi
MzgyZDY2ODI2YTNiYjcwMGE5MWMxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALZO92WxiEH8hVIYQfENDQkadb5n/31vrOqCtkwJLVw41GUFrumzskdYeE2+
1ub1t+gSER4Alo4zJgqLjhd+nja9o6lPKmdDJbb2ncOcpJbPBSsI/Z6qmHSL4YxC
O/3K41z+EqLge8zFTU95cIic74N2Z6UyIJ04lqvFZXCnn/YtnIjlhBuHSjjzBwKB
V5ic8XzWR4L+0YDOttmk+d1oAVtA7GBCbydkYM4kvRAuMpfU1nimRnNhMSYHV/vF
ScHZY50FaftW6LkWki+s9WBou0gL28PBgovgq+nmlzwtFY0tJ4iELMnL71PPF38l
GCab5w5zIKt854amZ6bFrfgK4ZkCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBTu2QIL
oZQMPLeWPbZwP9P/n6/WSTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
M2VmNWU3YjgtMjRhZC00MWFmLTgzMzQtMmVmZjI5MmE3NjlkLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0H9g
wDANBgkqhkiG9w0BAQsFAAOCAQEACEk3UPnFUhnD2ysJaEfUURRUnKQkf0EBmt9g
a9zL9/auEsbiKQv86rcGQLXQQCgc/2AOBsZ7Bz5B/AcTCz8wTxgwEgVMPHsmoXjV
IXkOsr7gzBF905Hthmq7bt18VLkIu9KyHXZrPYhtmqcwEnezNjpcQSBtYZfx9GQF
F/0YCU9uCZocajsOGANaJcvLKDoJpQ3yB/1gY+4zjeCg/Vnn74elTLqqEL8v/PBj
iClMQ5nx6aO/5Y80Rbqa9z+AGs0kRGCEKA5lzvTD1h/TyMUXRrYPPjKVEcsuHDMk
5TRjVS3LBUAdAluggCfGwoIpuXs+QFCdM9mznJEaxR/2uhQuBQ==
-----END CERTIFICATE-----
Generated at Tue Oct 28 04:21:15 2025 by rpki-client