Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/455a2efe-3411-42cf-a196-73c25845d48c.roa
File: 455a2efe-3411-42cf-a196-73c25845d48c.roa (raw, json)
Hash identifier: tXNur4F7Xqh7xYp4pOGFgl49pplcNNtWPWKPKWfjxI8=
Subject key identifier: D3:5F:DD:DF:F2:59:36:96:3E:BE:E0:70:4D:8D:69:86:67:8F:90:CB
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 23F4C2E48762C90B2A1EADB1371491AEFED3B83A
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/455a2efe-3411-42cf-a196-73c25845d48c.roa
Signing time: Tue 21 Oct 2025 14:10:08 +0000
ROA not before: Tue 21 Oct 2025 14:10:08 +0000
ROA not after: Tue 25 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d058:2000::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 29 Oct 2025 00:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
23:f4:c2:e4:87:62:c9:0b:2a:1e:ad:b1:37:14:91:ae:fe:d3:b8:3a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Oct 21 14:10:08 2025 GMT
Not After : Nov 25 23:59:59 2025 GMT
Subject: serialNumber=316a15cd441550eac45c3a6fca8dd7e28ece4d24330c13eb1e2db81bbceeccfc, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:da:4d:f6:11:f4:1b:62:62:3b:6a:3f:77:e0:ca:
b0:8d:b4:2d:7b:d0:59:78:53:21:16:17:86:47:1f:
f7:f5:d7:f6:15:fb:3c:cc:45:d3:31:49:77:ff:b7:
78:09:39:8b:3a:29:8e:32:a9:97:07:42:cf:89:cd:
8d:13:f3:f7:dc:af:2d:01:7f:ce:28:8a:e1:c8:88:
48:fd:bf:38:98:d0:7e:d2:e3:80:6d:7f:45:7e:ac:
9a:28:81:5e:e7:dd:04:ee:cb:9c:81:ed:c3:21:b9:
6b:21:0e:b2:b3:84:fd:a5:a9:a2:f7:15:f3:81:38:
41:a7:89:7c:0a:ee:e4:05:1f:21:ec:a6:b6:37:c8:
8b:fb:8c:0b:01:4e:c4:43:70:e2:d7:f1:8b:dc:05:
a0:e2:80:28:c7:95:e2:0c:2c:d5:d6:ac:73:30:3c:
23:6f:17:ed:de:31:e4:79:f2:19:b6:5c:04:1b:72:
3f:6f:65:ac:46:bc:c6:f5:fc:1c:8f:b0:a4:29:fd:
04:46:38:ac:a2:c5:9e:a4:10:48:86:97:3a:3b:d9:
40:79:b2:8c:b9:c1:e3:ab:4d:cb:97:89:68:31:3d:
ca:a1:89:2f:cb:1a:c2:94:1a:97:b5:24:39:65:7e:
59:4c:53:62:86:db:09:c2:6f:ad:c7:de:53:46:89:
53:47
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D3:5F:DD:DF:F2:59:36:96:3E:BE:E0:70:4D:8D:69:86:67:8F:90:CB
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/455a2efe-3411-42cf-a196-73c25845d48c.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d058:2000::/40
Signature Algorithm: sha256WithRSAEncryption
31:6f:15:76:1c:94:f2:00:24:fc:7e:a8:ab:14:bf:e5:e6:cb:
8c:74:24:b5:c7:1a:29:38:59:cc:c2:aa:e0:cd:29:0f:47:79:
fa:b8:5a:cb:05:66:1b:a0:26:54:2d:18:e6:02:9d:e2:15:fc:
81:53:e4:60:ab:93:f9:0d:0e:a2:a6:aa:9a:f2:4d:03:ad:28:
c4:76:5a:f5:21:27:34:c4:03:67:b2:d7:d3:b2:84:d2:be:c4:
5e:9c:3e:4a:d9:d0:fb:be:8f:f4:39:4e:28:81:fa:da:ac:b8:
fd:1d:d7:66:d6:c1:ec:7f:d8:6c:36:a0:7e:7b:0e:c2:ee:33:
fd:cb:95:4f:be:34:49:f9:85:9d:63:5f:22:5b:81:cd:91:c3:
9f:ee:27:47:8e:8f:c1:88:b5:45:57:1f:b9:7d:07:13:59:d9:
08:77:cc:55:d9:f4:06:20:fd:f1:fb:f8:18:5d:d8:e4:37:89:
15:47:f5:c4:d3:7e:9c:5f:f6:b7:7d:af:83:62:0d:40:0a:b3:
75:ca:f6:ca:22:e3:dd:d1:1b:99:95:0b:46:d1:a0:6e:0c:36:
88:79:db:11:48:af:e0:28:bb:6e:d3:87:0d:ad:f3:b9:35:74:
d1:5c:38:a9:69:02:cb:87:01:47:5b:8b:9f:3f:52:84:f9:22:
49:cc:01:82
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUI/TC5IdiyQsqHq2xNxSRrv7TuDowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMjExNDEwMDhaFw0yNTExMjUyMzU5NTlaMHoxSTBHBgNV
BAUTQDMxNmExNWNkNDQxNTUwZWFjNDVjM2E2ZmNhOGRkN2UyOGVjZTRkMjQzMzBj
MTNlYjFlMmRiODFiYmNlZWNjZmMxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANpN9hH0G2JiO2o/d+DKsI20LXvQWXhTIRYXhkcf9/XX9hX7PMxF0zFJd/+3
eAk5izopjjKplwdCz4nNjRPz99yvLQF/ziiK4ciISP2/OJjQftLjgG1/RX6smiiB
XufdBO7LnIHtwyG5ayEOsrOE/aWpovcV84E4QaeJfAru5AUfIeymtjfIi/uMCwFO
xENw4tfxi9wFoOKAKMeV4gws1dasczA8I28X7d4x5HnyGbZcBBtyP29lrEa8xvX8
HI+wpCn9BEY4rKLFnqQQSIaXOjvZQHmyjLnB46tNy5eJaDE9yqGJL8sawpQal7Uk
OWV+WUxTYobbCcJvrcfeU0aJU0cCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBTTX93f
8lk2lj6+4HBNjWmGZ4+QyzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NDU1YTJlZmUtMzQxMS00MmNmLWExOTYtNzNjMjU4NDVkNDhjLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0Fgg
MA0GCSqGSIb3DQEBCwUAA4IBAQAxbxV2HJTyACT8fqirFL/l5suMdCS1xxopOFnM
wqrgzSkPR3n6uFrLBWYboCZULRjmAp3iFfyBU+Rgq5P5DQ6ipqqa8k0DrSjEdlr1
ISc0xANnstfTsoTSvsRenD5K2dD7vo/0OU4ogfrarLj9Hddm1sHsf9hsNqB+ew7C
7jP9y5VPvjRJ+YWdY18iW4HNkcOf7idHjo/BiLVFVx+5fQcTWdkId8xV2fQGIP3x
+/gYXdjkN4kVR/XE036cX/a3fa+DYg1ACrN1yvbKIuPd0RuZlQtG0aBuDDaIedsR
SK/gKLtu04cNrfO5NXTRXDipaQLLhwFHW4ufP1KE+SJJzAGC
-----END CERTIFICATE-----
Generated at Tue Oct 28 04:11:53 2025 by rpki-client