Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/3f1caa71-8276-42c2-bf3a-470ac560fb89.roa
File: 3f1caa71-8276-42c2-bf3a-470ac560fb89.roa (raw, json)
Hash identifier: +Msj6M0Q1h8rZQ1NKm4VT+AEBEppYch2yD6Y98lfd9k=
Subject key identifier: DE:01:0E:42:F3:CD:6B:D5:8F:EE:B9:8F:71:F3:D4:73:1F:D4:F5:F9
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 2D2139ACF66FB480A658956C6C8791E7D4EFB5D7
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/3f1caa71-8276-42c2-bf3a-470ac560fb89.roa
Signing time: Tue 21 Oct 2025 13:10:40 +0000
ROA not before: Tue 21 Oct 2025 13:10:40 +0000
ROA not after: Tue 25 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d01d::/37 maxlen: 37
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 28 Oct 2025 21:56:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
2d:21:39:ac:f6:6f:b4:80:a6:58:95:6c:6c:87:91:e7:d4:ef:b5:d7
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Oct 21 13:10:40 2025 GMT
Not After : Nov 25 23:59:59 2025 GMT
Subject: serialNumber=500fe8743de5a753b411440fd6e7e87187dbceef8894ceebbd7d5535be4ea76c, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bc:3b:52:c1:d5:8f:77:d6:33:e1:90:fe:b6:c8:
06:e7:6b:76:fa:74:6e:c9:e4:b3:52:6e:67:49:66:
7e:32:d4:58:1f:f7:7a:ed:02:a6:8a:48:b5:ec:9f:
25:70:6c:16:aa:1a:92:54:e6:bf:06:66:c8:38:40:
dc:80:fd:b5:dc:20:2d:fe:23:70:70:dc:77:21:8f:
19:fc:fc:01:b4:38:d4:57:92:37:05:14:0f:69:48:
7a:21:ae:d3:6f:40:b2:06:7c:31:35:78:0d:53:93:
7e:6b:3a:25:61:2f:8d:aa:b0:87:99:bd:1c:32:42:
12:16:47:1a:2b:8a:f8:61:27:93:60:5d:ed:02:60:
a9:f0:e8:88:34:32:d8:11:4c:4b:4f:9f:c5:03:d5:
d6:6a:f4:2f:3c:40:1a:59:3f:a4:f6:d2:04:cc:5e:
81:9c:7b:2d:d3:cb:b0:42:9f:b2:fd:2d:52:47:6c:
91:9b:30:4a:94:7a:a4:0b:81:d2:15:32:43:df:45:
65:89:85:3b:bc:06:b2:f5:ae:64:eb:c6:0f:78:79:
12:b6:8d:cf:00:cf:60:98:e9:e6:fe:b9:1d:9d:6a:
9c:5f:c4:77:62:3a:37:fe:fe:5f:d6:d3:52:f7:eb:
77:42:98:01:d6:9a:76:6a:49:3d:c1:f2:2d:7b:0b:
62:1d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DE:01:0E:42:F3:CD:6B:D5:8F:EE:B9:8F:71:F3:D4:73:1F:D4:F5:F9
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/3f1caa71-8276-42c2-bf3a-470ac560fb89.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d01d::/37
Signature Algorithm: sha256WithRSAEncryption
b1:10:48:26:0d:f7:36:71:1c:75:c2:cb:88:67:be:3c:89:f4:
7b:d6:58:93:d8:5b:36:32:d5:23:78:37:fe:d1:a2:35:27:3e:
7a:13:f9:50:3e:b5:a1:fa:f7:76:e8:3e:d4:de:7e:ea:e5:fc:
92:d4:0b:ae:96:6e:ff:1c:47:45:61:ed:4e:83:61:7b:3c:9a:
c1:95:1f:a6:74:7a:78:c4:17:8f:63:a1:57:b2:78:38:49:7a:
91:5a:0b:3b:b3:89:2e:d0:03:45:bf:64:3c:2b:55:62:f8:d1:
97:1b:a2:cd:01:d7:77:8e:c1:ed:fb:58:95:c3:1e:b3:8d:d8:
c2:e6:4a:8d:6c:b5:9c:ee:94:1d:d9:92:0d:7d:b6:7f:a3:c9:
3c:d0:77:ad:74:f7:e3:38:94:99:4f:39:1a:5d:57:49:ab:ee:
71:87:70:c9:9c:59:fc:c0:e1:dd:2d:f9:46:ef:84:63:ca:5a:
2c:0e:cc:2d:96:f2:7e:eb:e9:36:e1:6c:2d:54:8f:eb:fc:b7:
b4:5c:95:55:44:6b:20:34:a6:ba:08:b9:a3:a8:63:11:ba:10:
23:3b:42:04:c5:a9:3b:1e:ca:e6:b6:03:4f:f5:9d:a1:c1:2d:
84:86:b0:a3:d0:fe:83:8f:f3:74:5f:48:fb:6c:ad:b7:f3:be:
0f:48:0b:cb
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIULSE5rPZvtICmWJVsbIeR59TvtdcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMjExMzEwNDBaFw0yNTExMjUyMzU5NTlaMHoxSTBHBgNV
BAUTQDUwMGZlODc0M2RlNWE3NTNiNDExNDQwZmQ2ZTdlODcxODdkYmNlZWY4ODk0
Y2VlYmJkN2Q1NTM1YmU0ZWE3NmMxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALw7UsHVj3fWM+GQ/rbIBudrdvp0bsnks1JuZ0lmfjLUWB/3eu0CpopIteyf
JXBsFqoaklTmvwZmyDhA3ID9tdwgLf4jcHDcdyGPGfz8AbQ41FeSNwUUD2lIeiGu
029AsgZ8MTV4DVOTfms6JWEvjaqwh5m9HDJCEhZHGiuK+GEnk2Bd7QJgqfDoiDQy
2BFMS0+fxQPV1mr0LzxAGlk/pPbSBMxegZx7LdPLsEKfsv0tUkdskZswSpR6pAuB
0hUyQ99FZYmFO7wGsvWuZOvGD3h5EraNzwDPYJjp5v65HZ1qnF/Ed2I6N/7+X9bT
Uvfrd0KYAdaadmpJPcHyLXsLYh0CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBTeAQ5C
881r1Y/uuY9x89RzH9T1+TAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
M2YxY2FhNzEtODI3Ni00MmMyLWJmM2EtNDcwYWM1NjBmYjg5LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGAyoF0B0A
MA0GCSqGSIb3DQEBCwUAA4IBAQCxEEgmDfc2cRx1wsuIZ748ifR71liT2Fs2MtUj
eDf+0aI1Jz56E/lQPrWh+vd26D7U3n7q5fyS1Auulm7/HEdFYe1Og2F7PJrBlR+m
dHp4xBePY6FXsng4SXqRWgs7s4ku0ANFv2Q8K1Vi+NGXG6LNAdd3jsHt+1iVwx6z
jdjC5kqNbLWc7pQd2ZINfbZ/o8k80HetdPfjOJSZTzkaXVdJq+5xh3DJnFn8wOHd
LflG74RjylosDswtlvJ+6+k24WwtVI/r/Le0XJVVRGsgNKa6CLmjqGMRuhAjO0IE
xak7HsrmtgNP9Z2hwS2EhrCj0P6Dj/N0X0j7bK23874PSAvL
-----END CERTIFICATE-----
Generated at Tue Oct 28 04:15:09 2025 by rpki-client