Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/4304a130-e9d1-47a4-8ecf-5d755740a478.roa
File: 4304a130-e9d1-47a4-8ecf-5d755740a478.roa (raw, json)
Hash identifier: QkHFR7bQeZkZt/ebcYUBwjFmE6227nCRmS/Aapm2/xs=
Subject key identifier: 5E:F4:20:BD:47:44:DB:7C:1A:9C:97:D1:BC:27:F6:A3:D9:94:33:64
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 50EF5E05A9DE94FEDD7BE64EA07FE1D72A7E27B1
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/4304a130-e9d1-47a4-8ecf-5d755740a478.roa
Signing time: Tue 21 Oct 2025 14:10:22 +0000
ROA not before: Tue 21 Oct 2025 14:10:22 +0000
ROA not after: Tue 25 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d000:80e0::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 29 Oct 2025 00:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
50:ef:5e:05:a9:de:94:fe:dd:7b:e6:4e:a0:7f:e1:d7:2a:7e:27:b1
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Oct 21 14:10:22 2025 GMT
Not After : Nov 25 23:59:59 2025 GMT
Subject: serialNumber=b51f8bb9b1f8ee91c1846fd4596ce867e66160c4f1438bcf2874d058783a068d, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b6:da:17:69:0e:6d:e3:eb:59:82:a2:0c:f7:ad:
35:f8:e6:fd:b9:39:44:c1:d9:13:86:4c:d7:49:b4:
95:05:72:15:c7:bc:d3:c4:ca:62:83:f7:67:c0:dd:
f6:6b:43:2a:c4:01:c3:02:08:c9:45:0e:04:e0:f9:
a6:68:a0:fc:aa:ca:cf:5c:b3:87:62:5c:89:fe:23:
83:40:fe:4d:d2:16:82:f2:c7:ea:82:ad:47:40:6d:
c8:11:9a:c2:3a:19:59:94:ad:07:b9:44:d5:ad:9c:
42:fc:5a:87:73:f5:b9:bc:d4:44:cd:f5:e6:6e:fc:
9b:c4:90:dd:3e:3e:d2:c0:c9:a3:69:93:fb:08:e1:
67:59:a2:56:8d:b2:37:bc:5b:6f:08:aa:ca:2f:46:
43:ed:c2:7e:f8:7a:a6:6e:a3:fb:da:ff:65:1c:aa:
35:97:f8:88:14:54:5a:b7:78:30:c4:d8:08:cd:ab:
b7:30:c9:b9:1f:27:95:1a:64:72:cf:6c:7c:2e:17:
47:f8:86:f8:4a:d0:d0:f8:59:1e:4a:dd:f4:70:f0:
65:24:25:0f:c2:7b:96:7a:10:ac:bb:9e:e0:73:0c:
e6:e9:65:7c:49:0a:53:c0:8d:fe:15:2c:4b:3d:5a:
e7:2e:65:ae:61:8f:c3:7d:29:62:af:01:d6:18:a1:
a9:6f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5E:F4:20:BD:47:44:DB:7C:1A:9C:97:D1:BC:27:F6:A3:D9:94:33:64
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/4304a130-e9d1-47a4-8ecf-5d755740a478.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d000:80e0::/48
Signature Algorithm: sha256WithRSAEncryption
c5:33:97:0f:b4:19:25:f3:f2:f2:d9:c5:d9:09:db:6a:a7:1d:
d1:3f:71:77:6c:c3:15:13:a9:95:76:5f:c8:b2:85:a2:06:38:
d0:df:79:9e:8e:9f:fc:d8:eb:4a:08:be:0d:e8:38:19:e6:76:
e9:09:6f:8c:b1:db:0a:a2:fc:4d:43:fa:c8:9c:06:6f:28:c0:
fa:05:bd:8b:e9:ee:d2:95:c0:91:4a:19:01:b7:1d:65:09:2a:
3f:5a:a7:b4:c7:48:c9:c3:d8:ef:bc:40:88:7c:1b:86:0f:25:
d4:38:53:90:4b:ec:40:b9:71:7f:d1:82:11:31:95:cc:66:14:
c9:71:fe:99:0b:49:ca:2a:c5:49:1c:49:90:16:75:a8:0e:53:
96:0b:3a:5c:56:1c:0b:33:49:55:4a:4f:f6:d8:8d:09:6a:53:
bf:be:98:b9:10:4f:8d:17:53:06:a9:c6:23:ed:2c:bf:41:12:
27:90:39:ff:32:d0:ec:ac:6d:c0:6d:15:09:17:97:f8:21:0c:
bb:ba:1b:91:81:b8:ae:2b:7c:85:ee:a1:2f:f9:78:d2:b6:6c:
0b:32:a5:cd:ca:78:b3:e0:18:46:4e:0a:83:47:1f:ed:42:80:
f3:6e:80:5f:4e:e4:79:a6:dc:c7:8f:d9:93:e9:a8:4f:d3:58:
9c:ed:b8:54
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUUO9eBanelP7de+ZOoH/h1yp+J7EwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMjExNDEwMjJaFw0yNTExMjUyMzU5NTlaMHoxSTBHBgNV
BAUTQGI1MWY4YmI5YjFmOGVlOTFjMTg0NmZkNDU5NmNlODY3ZTY2MTYwYzRmMTQz
OGJjZjI4NzRkMDU4NzgzYTA2OGQxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALbaF2kObePrWYKiDPetNfjm/bk5RMHZE4ZM10m0lQVyFce808TKYoP3Z8Dd
9mtDKsQBwwIIyUUOBOD5pmig/KrKz1yzh2Jcif4jg0D+TdIWgvLH6oKtR0BtyBGa
wjoZWZStB7lE1a2cQvxah3P1ubzURM315m78m8SQ3T4+0sDJo2mT+wjhZ1miVo2y
N7xbbwiqyi9GQ+3Cfvh6pm6j+9r/ZRyqNZf4iBRUWrd4MMTYCM2rtzDJuR8nlRpk
cs9sfC4XR/iG+ErQ0PhZHkrd9HDwZSQlD8J7lnoQrLue4HMM5ullfEkKU8CN/hUs
Sz1a5y5lrmGPw30pYq8B1hihqW8CAwEAAaOCAiQwggIgMB0GA1UdDgQWBBRe9CC9
R0TbfBqcl9G8J/aj2ZQzZDAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NDMwNGExMzAtZTlkMS00N2E0LThlY2YtNWQ3NTU3NDBhNDc4LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0ACA
4DANBgkqhkiG9w0BAQsFAAOCAQEAxTOXD7QZJfPy8tnF2Qnbaqcd0T9xd2zDFROp
lXZfyLKFogY40N95no6f/NjrSgi+Deg4GeZ26QlvjLHbCqL8TUP6yJwGbyjA+gW9
i+nu0pXAkUoZAbcdZQkqP1qntMdIycPY77xAiHwbhg8l1DhTkEvsQLlxf9GCETGV
zGYUyXH+mQtJyirFSRxJkBZ1qA5Tlgs6XFYcCzNJVUpP9tiNCWpTv76YuRBPjRdT
BqnGI+0sv0ESJ5A5/zLQ7KxtwG0VCReX+CEMu7obkYG4rit8he6hL/l40rZsCzKl
zcp4s+AYRk4Kg0cf7UKA826AX07keabcx4/Zk+moT9NYnO24VA==
-----END CERTIFICATE-----
Generated at Tue Oct 28 04:15:17 2025 by rpki-client