Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/44d8b686-7db5-4309-8f09-3af611be3753.roa
File: 44d8b686-7db5-4309-8f09-3af611be3753.roa (raw, json)
Hash identifier: FOEmCkr9ResLnQ7xuQeTCN1FEkw5PgYFA3/6xVihVQc=
Subject key identifier: 8C:D2:D8:B2:B2:A9:A2:BD:75:B8:0D:B9:F7:32:CB:C2:6A:7C:81:33
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 6EDB6A3F42F3A6D6B1BA0151A5125B042EBE5CC8
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/44d8b686-7db5-4309-8f09-3af611be3753.roa
Signing time: Tue 21 Oct 2025 13:10:15 +0000
ROA not before: Tue 21 Oct 2025 13:10:15 +0000
ROA not after: Tue 25 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d07a:c000::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 28 Oct 2025 21:56:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
6e:db:6a:3f:42:f3:a6:d6:b1:ba:01:51:a5:12:5b:04:2e:be:5c:c8
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Oct 21 13:10:15 2025 GMT
Not After : Nov 25 23:59:59 2025 GMT
Subject: serialNumber=2a87c8013810e4046ba110e94863f00ec6e6dee2fda0cb6f3c4c683701a157ea, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a5:24:61:bd:38:31:2f:ca:73:44:a3:cb:88:d6:
30:01:59:a0:7f:21:ae:66:07:87:e6:0c:6f:51:6d:
07:5f:3c:75:49:9e:d6:f6:39:7e:e9:c4:e3:b6:e1:
2c:25:e0:3c:92:f9:db:d0:48:1d:eb:f5:c4:ee:f3:
56:09:c3:7c:c3:ed:e4:55:03:5c:18:97:73:50:98:
b9:b0:71:89:03:20:b1:3e:20:55:94:db:24:94:3c:
bc:c1:cf:cd:51:c6:10:2b:4a:f5:b4:e7:9a:64:e6:
1d:e1:60:f9:ac:84:ca:88:11:27:44:27:e9:74:26:
74:9e:1c:f2:d1:be:c8:ee:78:ed:f4:d9:5a:5c:79:
69:ce:33:9c:d2:7d:81:dd:35:04:65:b8:ef:f6:c1:
40:39:e4:04:3b:43:77:a1:14:da:45:66:23:5e:9b:
a7:66:96:ef:08:47:24:f3:2d:17:b7:59:a7:a8:1a:
c2:2f:79:34:a6:1a:c1:e1:f3:98:c6:86:d0:3f:67:
6f:21:1f:85:cb:04:9c:ca:b3:fe:98:4c:66:98:ef:
23:15:fc:58:ee:d9:47:15:98:87:7a:c5:82:5b:ae:
49:f5:6c:78:6f:83:56:fd:d0:88:60:b2:b4:6e:f2:
69:1d:b2:a9:31:40:95:86:d3:43:d5:88:61:b4:ea:
e0:bf
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8C:D2:D8:B2:B2:A9:A2:BD:75:B8:0D:B9:F7:32:CB:C2:6A:7C:81:33
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/44d8b686-7db5-4309-8f09-3af611be3753.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d07a:c000::/40
Signature Algorithm: sha256WithRSAEncryption
0e:58:1c:7a:b8:d4:4a:31:1f:f0:f6:f0:e0:6d:7c:ab:ef:c9:
a8:ad:32:90:d9:62:f0:d5:30:58:ba:74:8e:a9:30:7b:64:6c:
1d:c6:f5:47:0f:9e:c8:b4:64:08:ca:4e:24:57:0b:59:ca:be:
36:e0:7e:08:57:c1:ce:48:89:34:95:0f:4d:90:d8:e5:50:75:
2c:a4:8f:26:54:39:bf:18:e4:d1:ae:f6:5c:c6:43:5f:24:8e:
34:ab:cc:fd:02:75:dc:aa:65:2f:1c:8e:36:be:9e:e4:18:37:
34:c9:1b:fa:88:35:47:f4:c3:9c:b7:a0:b4:1e:67:71:d1:3b:
71:45:1a:fd:3d:2c:e0:12:3b:ab:71:5c:6b:aa:2e:37:9a:71:
ec:6d:9e:8e:4a:25:7a:1e:f2:ed:f4:8f:d3:f1:f8:39:b6:ed:
b7:36:7a:6e:a9:29:91:bc:b2:11:b7:c7:24:3b:63:b5:4c:13:
6f:00:9b:58:f6:03:38:f0:9d:74:89:43:fc:e6:3c:69:bb:1b:
e1:5c:c3:10:3d:ab:23:68:40:2c:c6:e0:23:6a:3e:f0:8e:b8:
33:ac:53:40:c0:d3:d9:0b:cb:8a:fa:e3:14:67:48:9e:35:4c:
b4:27:67:08:a6:c6:5e:31:e0:99:d3:4c:ea:c2:6f:70:d1:9f:
67:d2:dd:00
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUbttqP0LzptaxugFRpRJbBC6+XMgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMjExMzEwMTVaFw0yNTExMjUyMzU5NTlaMHoxSTBHBgNV
BAUTQDJhODdjODAxMzgxMGU0MDQ2YmExMTBlOTQ4NjNmMDBlYzZlNmRlZTJmZGEw
Y2I2ZjNjNGM2ODM3MDFhMTU3ZWExLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKUkYb04MS/Kc0Sjy4jWMAFZoH8hrmYHh+YMb1FtB188dUme1vY5funE47bh
LCXgPJL529BIHev1xO7zVgnDfMPt5FUDXBiXc1CYubBxiQMgsT4gVZTbJJQ8vMHP
zVHGECtK9bTnmmTmHeFg+ayEyogRJ0Qn6XQmdJ4c8tG+yO547fTZWlx5ac4znNJ9
gd01BGW47/bBQDnkBDtDd6EU2kVmI16bp2aW7whHJPMtF7dZp6gawi95NKYaweHz
mMaG0D9nbyEfhcsEnMqz/phMZpjvIxX8WO7ZRxWYh3rFgluuSfVseG+DVv3QiGCy
tG7yaR2yqTFAlYbTQ9WIYbTq4L8CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBSM0tiy
sqmivXW4Dbn3MsvCanyBMzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NDRkOGI2ODYtN2RiNS00MzA5LThmMDktM2FmNjExYmUzNzUzLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0HrA
MA0GCSqGSIb3DQEBCwUAA4IBAQAOWBx6uNRKMR/w9vDgbXyr78morTKQ2WLw1TBY
unSOqTB7ZGwdxvVHD57ItGQIyk4kVwtZyr424H4IV8HOSIk0lQ9NkNjlUHUspI8m
VDm/GOTRrvZcxkNfJI40q8z9AnXcqmUvHI42vp7kGDc0yRv6iDVH9MOct6C0Hmdx
0TtxRRr9PSzgEjurcVxrqi43mnHsbZ6OSiV6HvLt9I/T8fg5tu23NnpuqSmRvLIR
t8ckO2O1TBNvAJtY9gM48J10iUP85jxpuxvhXMMQPasjaEAsxuAjaj7wjrgzrFNA
wNPZC8uK+uMUZ0ieNUy0J2cIpsZeMeCZ00zqwm9w0Z9n0t0A
-----END CERTIFICATE-----
Generated at Tue Oct 28 04:14:18 2025 by rpki-client