Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/41abc6c7-a6fb-4666-b503-a8a0784797a1.roa
File: 41abc6c7-a6fb-4666-b503-a8a0784797a1.roa (raw, json)
Hash identifier: Qa47CCZOiIl1JTCorziiqFzevXFcb4dk3bgniO2i/TA=
Subject key identifier: 69:2B:AC:D5:DF:A5:13:89:9E:73:76:2B:73:34:E5:64:02:23:7F:61
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 0DF338935A61C3A4E6DDF1F03365B837427DB1BB
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/41abc6c7-a6fb-4666-b503-a8a0784797a1.roa
Signing time: Tue 21 Oct 2025 14:30:12 +0000
ROA not before: Tue 21 Oct 2025 14:30:12 +0000
ROA not after: Tue 25 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d000:8000::/40 maxlen: 40
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 29 Oct 2025 00:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
0d:f3:38:93:5a:61:c3:a4:e6:dd:f1:f0:33:65:b8:37:42:7d:b1:bb
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Oct 21 14:30:12 2025 GMT
Not After : Nov 25 23:59:59 2025 GMT
Subject: serialNumber=c5153f0e4907e364fe0942c98ed9e5bf949a351871001c8527a66bd376ecf8ea, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:be:1b:d3:20:e1:51:52:77:df:e8:6c:17:0e:a5:
02:56:b7:af:d7:39:dd:32:58:6e:07:f0:53:c4:7f:
cb:c0:b9:cf:6c:11:2e:9c:29:3b:3c:3a:db:20:4c:
cd:cc:46:c3:28:a9:cf:bd:c1:38:f8:f1:6b:2b:f4:
3c:b2:89:42:d7:11:4c:66:6c:60:0b:81:18:68:6a:
2b:f6:38:00:26:4b:3d:1f:af:0d:76:ed:bd:f7:bf:
df:f5:04:10:b8:14:a5:74:b6:f6:ea:cd:98:2d:95:
7f:f8:38:0a:1d:10:1d:e3:94:72:00:ad:17:99:7c:
21:9e:90:34:e5:ff:ba:c4:2e:c4:7d:03:cd:cf:6a:
ab:7d:e0:81:eb:11:48:84:29:5d:a3:05:20:a5:ce:
73:69:0e:d1:67:82:d2:d1:8a:9f:33:87:63:a3:61:
c8:28:f4:05:c7:6c:e5:3b:25:06:6d:da:a4:37:5e:
2f:15:18:fe:0a:95:74:0a:e2:81:22:0c:ed:ff:31:
21:9b:d3:b6:22:b8:a3:f6:6f:73:43:9f:77:da:ad:
c5:1f:f0:d4:30:d3:73:71:4b:13:91:fc:82:25:39:
6b:c9:0a:f1:b7:0f:cb:29:6e:8c:68:7c:89:4b:eb:
09:da:35:95:a8:4a:8e:0a:35:74:54:36:13:06:67:
ea:1d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
69:2B:AC:D5:DF:A5:13:89:9E:73:76:2B:73:34:E5:64:02:23:7F:61
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/41abc6c7-a6fb-4666-b503-a8a0784797a1.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d000:8000::/40
Signature Algorithm: sha256WithRSAEncryption
95:ad:32:e0:e8:74:08:6f:c7:09:ca:de:bc:23:33:8e:91:48:
cb:b1:2e:a7:81:39:d8:41:5a:f2:d0:00:d8:4b:1a:bb:d9:fa:
72:85:ca:52:07:07:7c:ac:68:4e:81:e9:94:bf:b5:8b:4b:ed:
86:c6:51:46:01:c7:b0:9f:32:8b:de:82:2f:c7:d0:57:f8:94:
11:d9:c2:71:2b:b1:e6:dd:6a:fa:77:15:47:62:b6:9b:7a:0d:
a3:69:31:bd:d9:fa:8c:f8:cb:35:4c:a3:0e:97:0a:4b:97:0b:
ba:ea:0e:54:cc:94:9e:dc:f5:6a:aa:6c:a1:28:d4:c4:d2:d8:
23:83:49:7e:53:ef:8a:02:b2:97:a0:e0:cc:e6:52:86:e2:61:
02:08:5c:c9:40:ab:3d:c3:e0:1a:ba:5a:c2:04:0f:2d:40:07:
bb:17:ec:05:1d:06:c4:36:0f:52:c2:e0:0b:35:e1:e1:b6:f9:
da:04:ea:86:4a:1f:2d:b4:b1:96:19:e9:37:7d:60:ed:66:2a:
78:f1:16:cb:9f:fa:f9:a1:6b:46:83:6d:62:2d:92:7c:f5:5e:
31:80:da:29:e2:f7:ee:02:57:cd:f6:2b:79:b3:72:6f:9d:23:
82:d1:0d:ea:4a:bd:09:90:74:34:4c:85:eb:cc:83:36:af:e5:
11:92:7c:1f
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUDfM4k1phw6Tm3fHwM2W4N0J9sbswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMjExNDMwMTJaFw0yNTExMjUyMzU5NTlaMHoxSTBHBgNV
BAUTQGM1MTUzZjBlNDkwN2UzNjRmZTA5NDJjOThlZDllNWJmOTQ5YTM1MTg3MTAw
MWM4NTI3YTY2YmQzNzZlY2Y4ZWExLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAL4b0yDhUVJ33+hsFw6lAla3r9c53TJYbgfwU8R/y8C5z2wRLpwpOzw62yBM
zcxGwyipz73BOPjxayv0PLKJQtcRTGZsYAuBGGhqK/Y4ACZLPR+vDXbtvfe/3/UE
ELgUpXS29urNmC2Vf/g4Ch0QHeOUcgCtF5l8IZ6QNOX/usQuxH0Dzc9qq33ggesR
SIQpXaMFIKXOc2kO0WeC0tGKnzOHY6NhyCj0Bcds5TslBm3apDdeLxUY/gqVdAri
gSIM7f8xIZvTtiK4o/Zvc0Ofd9qtxR/w1DDTc3FLE5H8giU5a8kK8bcPyylujGh8
iUvrCdo1lahKjgo1dFQ2EwZn6h0CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBRpK6zV
36UTiZ5zditzNOVkAiN/YTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NDFhYmM2YzctYTZmYi00NjY2LWI1MDMtYThhMDc4NDc5N2ExLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0ACA
MA0GCSqGSIb3DQEBCwUAA4IBAQCVrTLg6HQIb8cJyt68IzOOkUjLsS6ngTnYQVry
0ADYSxq72fpyhcpSBwd8rGhOgemUv7WLS+2GxlFGAcewnzKL3oIvx9BX+JQR2cJx
K7Hm3Wr6dxVHYrabeg2jaTG92fqM+Ms1TKMOlwpLlwu66g5UzJSe3PVqqmyhKNTE
0tgjg0l+U++KArKXoODM5lKG4mECCFzJQKs9w+AaulrCBA8tQAe7F+wFHQbENg9S
wuALNeHhtvnaBOqGSh8ttLGWGek3fWDtZip48RbLn/r5oWtGg21iLZJ89V4xgNop
4vfuAlfN9it5s3JvnSOC0Q3qSr0JkHQ0TIXrzIM2r+URknwf
-----END CERTIFICATE-----
Generated at Tue Oct 28 04:09:12 2025 by rpki-client