Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/455182aa-6d74-4447-81a6-6be09732e55d.roa
File: 455182aa-6d74-4447-81a6-6be09732e55d.roa (raw, json)
Hash identifier: P9M5yj3nDHOpxGtGI71qUFmbJV9nH3df5kuWzUqogMc=
Subject key identifier: 40:66:FB:9F:83:77:D4:3B:DB:69:4E:7B:BD:1A:C9:69:16:EF:14:39
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 382A05422DD7C09E67D4D2742BBA2FDF3C845495
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/455182aa-6d74-4447-81a6-6be09732e55d.roa
Signing time: Tue 21 Oct 2025 13:40:30 +0000
ROA not before: Tue 21 Oct 2025 13:40:30 +0000
ROA not after: Tue 25 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d01e:c00::/38 maxlen: 38
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 29 Oct 2025 00:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
38:2a:05:42:2d:d7:c0:9e:67:d4:d2:74:2b:ba:2f:df:3c:84:54:95
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Oct 21 13:40:30 2025 GMT
Not After : Nov 25 23:59:59 2025 GMT
Subject: serialNumber=a16f44255f7b070a80a597d17f6da0b5c83e56db230e3cc9bb108dad8daf0087, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:aa:85:15:7e:c5:83:f5:6c:73:5c:61:65:aa:16:
c3:56:d7:3f:92:81:e2:3c:76:df:d2:b5:bd:34:44:
6a:7e:82:57:a5:61:f4:52:0a:5d:ec:60:3e:8b:89:
35:9d:ae:7a:60:1e:3b:29:cd:60:49:9b:c2:ce:14:
52:da:a1:c6:7f:22:9e:a5:8f:1d:3d:bb:6b:29:13:
a7:c8:28:49:21:b0:43:08:a0:17:af:53:3f:d3:bf:
c6:37:de:f5:46:1d:c0:17:1d:ca:52:84:e3:b4:12:
9e:6a:0c:58:f8:61:50:21:91:27:cc:ac:fc:7d:2e:
3c:a2:c0:3b:f1:cc:49:88:69:08:44:d2:f4:09:de:
d6:a5:02:89:b4:cf:b1:89:fc:3b:46:f6:25:d9:26:
84:98:26:2d:03:02:5b:9c:f5:08:d7:fb:5b:c1:1f:
57:87:c1:d7:2a:55:60:e8:3d:d4:c9:96:28:67:48:
64:1f:39:cb:f5:af:99:f2:2a:ac:84:ea:9d:3c:2b:
6a:8a:5c:8b:0f:56:11:59:55:64:26:df:47:0d:90:
78:1b:2c:d7:c9:f4:39:8b:f5:5a:79:41:ab:ca:7c:
73:76:49:61:af:ab:05:24:6b:2b:07:23:f1:c9:f9:
61:15:33:6f:ef:23:2e:02:ba:dd:57:55:96:f4:31:
1a:97
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
40:66:FB:9F:83:77:D4:3B:DB:69:4E:7B:BD:1A:C9:69:16:EF:14:39
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/455182aa-6d74-4447-81a6-6be09732e55d.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d01e:c00::/38
Signature Algorithm: sha256WithRSAEncryption
66:69:1b:d2:91:95:a7:70:a1:71:8e:c9:af:50:15:10:b3:13:
74:e2:11:de:89:6a:95:83:54:3f:8c:cd:5d:78:69:04:15:82:
74:68:25:2a:9d:34:7a:13:19:7d:38:88:48:11:94:ee:77:79:
c5:73:50:74:57:98:15:be:e1:7c:85:28:42:87:97:ed:ff:34:
e5:66:cd:68:bb:36:e3:4f:0f:f7:ef:bd:7e:9a:1b:74:2f:0d:
b3:f7:bb:43:f7:7f:d9:59:e5:59:c4:4d:52:be:5c:bf:7a:8c:
97:9d:ae:52:45:f0:69:20:29:a3:d9:22:5c:b5:d3:82:28:4d:
b9:5b:d6:63:c7:d6:66:e0:2e:33:04:79:ad:f3:58:28:99:bf:
6b:22:2d:1a:af:42:4f:f7:44:8d:1d:0b:09:5b:97:d5:bd:25:
72:af:77:f3:17:e8:4e:16:0b:84:24:62:e3:76:69:3d:8b:57:
bf:48:95:bf:fd:02:2e:82:69:88:58:ba:0a:ab:3d:8b:2a:55:
4c:e4:ac:90:bf:c9:57:63:d9:84:78:13:be:16:47:0d:e3:9c:
5f:83:c8:91:af:e0:f9:d5:e4:2f:78:ba:89:50:ce:b4:a3:b5:
07:48:05:fc:da:f3:d4:1d:6c:10:b4:df:d6:34:28:41:fb:be:
51:b5:b6:c3
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUOCoFQi3XwJ5n1NJ0K7ov3zyEVJUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMjExMzQwMzBaFw0yNTExMjUyMzU5NTlaMHoxSTBHBgNV
BAUTQGExNmY0NDI1NWY3YjA3MGE4MGE1OTdkMTdmNmRhMGI1YzgzZTU2ZGIyMzBl
M2NjOWJiMTA4ZGFkOGRhZjAwODcxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKqFFX7Fg/Vsc1xhZaoWw1bXP5KB4jx239K1vTREan6CV6Vh9FIKXexgPouJ
NZ2uemAeOynNYEmbws4UUtqhxn8inqWPHT27aykTp8goSSGwQwigF69TP9O/xjfe
9UYdwBcdylKE47QSnmoMWPhhUCGRJ8ys/H0uPKLAO/HMSYhpCETS9Ane1qUCibTP
sYn8O0b2JdkmhJgmLQMCW5z1CNf7W8EfV4fB1ypVYOg91MmWKGdIZB85y/WvmfIq
rITqnTwraopciw9WEVlVZCbfRw2QeBss18n0OYv1WnlBq8p8c3ZJYa+rBSRrKwcj
8cn5YRUzb+8jLgK63VdVlvQxGpcCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBRAZvuf
g3fUO9tpTnu9GslpFu8UOTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NDU1MTgyYWEtNmQ3NC00NDQ3LTgxYTYtNmJlMDk3MzJlNTVkLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGAioF0B4M
MA0GCSqGSIb3DQEBCwUAA4IBAQBmaRvSkZWncKFxjsmvUBUQsxN04hHeiWqVg1Q/
jM1deGkEFYJ0aCUqnTR6Exl9OIhIEZTud3nFc1B0V5gVvuF8hShCh5ft/zTlZs1o
uzbjTw/3771+mht0Lw2z97tD93/ZWeVZxE1Svly/eoyXna5SRfBpICmj2SJctdOC
KE25W9Zjx9Zm4C4zBHmt81gomb9rIi0ar0JP90SNHQsJW5fVvSVyr3fzF+hOFguE
JGLjdmk9i1e/SJW//QIugmmIWLoKqz2LKlVM5KyQv8lXY9mEeBO+FkcN45xfg8iR
r+D51eQveLqJUM60o7UHSAX82vPUHWwQtN/WNChB+75RtbbD
-----END CERTIFICATE-----
Generated at Tue Oct 28 04:15:16 2025 by rpki-client