Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/470b6c76-cd1a-4db4-baf5-1c6d8654a52c.roa
File: 470b6c76-cd1a-4db4-baf5-1c6d8654a52c.roa (raw, json)
Hash identifier: O8hf4qq/KW60jOosL5LXz/7vFQghPVhdXOTxeFji3aI=
Subject key identifier: 75:C2:60:3F:DB:7E:06:22:0A:B8:A2:FB:32:AE:14:9A:8B:D2:46:BE
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 6E7AC807D738AC030030F5E3FD1485AA45BE5F0F
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/470b6c76-cd1a-4db4-baf5-1c6d8654a52c.roa
Signing time: Tue 21 Oct 2025 14:00:05 +0000
ROA not before: Tue 21 Oct 2025 14:00:05 +0000
ROA not after: Tue 25 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d000:1000::/40 maxlen: 40
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 28 Oct 2025 21:56:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
6e:7a:c8:07:d7:38:ac:03:00:30:f5:e3:fd:14:85:aa:45:be:5f:0f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Oct 21 14:00:05 2025 GMT
Not After : Nov 25 23:59:59 2025 GMT
Subject: serialNumber=7779e8191624c0970469643aab529ec9ea0892d927ce5a6422e326c46ab1314a, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9d:50:59:51:d5:ae:9c:bc:2b:cf:29:53:43:62:
1f:bc:7c:2f:8c:cd:3c:c2:18:17:2e:c1:fe:88:1c:
06:63:bc:e0:64:22:b4:f6:ab:54:7f:c6:cf:f5:c1:
04:1d:af:f4:fd:87:e1:ae:f7:e7:a0:bf:e5:3e:e3:
9e:5b:51:6d:ad:8d:9d:85:aa:82:4c:c1:45:45:d6:
01:cf:96:84:4b:79:cd:d6:b0:e2:0c:77:82:39:c8:
d5:8e:9d:6a:aa:4c:fe:2d:29:6c:82:33:72:09:47:
bc:d0:21:15:b5:59:6f:2d:d0:ae:de:04:3f:be:d4:
83:f9:ef:30:35:1a:c8:2e:41:10:87:08:e6:98:e8:
ec:e3:c8:18:45:8b:4c:1e:ce:aa:02:de:77:3c:86:
12:b4:5a:9a:1a:0a:d2:d7:2c:fc:c7:2c:9d:ae:47:
ab:4d:c9:c6:29:a0:aa:5c:df:97:8c:46:aa:38:06:
24:29:9d:80:b2:88:03:2e:12:20:37:34:57:5c:71:
9f:2e:4a:86:fb:71:83:bd:50:79:50:81:64:a5:45:
a4:31:5a:d7:df:44:0a:0d:90:56:c8:de:92:7d:74:
62:3e:d9:9a:8f:a9:60:90:48:64:13:2c:55:89:67:
67:92:d8:3e:dc:f6:0b:66:73:97:d5:5c:6c:27:71:
19:55
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
75:C2:60:3F:DB:7E:06:22:0A:B8:A2:FB:32:AE:14:9A:8B:D2:46:BE
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/470b6c76-cd1a-4db4-baf5-1c6d8654a52c.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d000:1000::/40
Signature Algorithm: sha256WithRSAEncryption
93:03:29:c8:2c:bd:63:33:36:02:a1:12:60:ab:4a:1a:f9:ee:
e0:70:b1:f9:b7:70:97:99:72:ed:6b:e4:0a:da:5f:39:dd:97:
9c:69:8c:79:08:86:54:65:10:6b:3e:d1:a2:39:6e:64:e2:bf:
b4:77:36:df:4b:bc:65:7a:47:d1:a4:a8:38:e9:e9:e0:9e:b9:
d8:d9:73:46:da:dd:09:98:3f:85:e0:a2:5f:1c:5d:1a:3b:a7:
d6:1e:be:34:a3:c9:3a:59:59:e0:1f:c0:87:b5:d2:6e:73:77:
ac:21:bc:a6:27:3c:ef:a4:ee:56:a1:5f:72:65:42:48:30:ff:
cd:09:e6:f8:25:88:47:4c:3e:d3:43:24:33:d7:d8:c4:6d:bd:
38:b1:6f:75:d6:39:39:59:94:d8:37:06:b6:ad:2b:98:b2:d4:
23:ad:61:24:78:f2:f9:54:7b:7e:09:69:5d:32:53:82:c1:f8:
ed:8a:52:06:00:51:88:21:f7:ef:86:0f:ae:2d:8c:95:c8:c0:
db:1c:26:0c:08:1b:2a:88:25:eb:56:bb:25:9e:7d:68:dc:fc:
cf:70:b4:d4:51:50:2f:a7:c0:82:00:89:45:8b:95:00:9d:cc:
c7:8c:a8:e5:6f:05:2b:13:9b:a1:a5:b1:8e:19:e6:79:91:60:
51:d5:b1:6a
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUbnrIB9c4rAMAMPXj/RSFqkW+Xw8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMjExNDAwMDVaFw0yNTExMjUyMzU5NTlaMHoxSTBHBgNV
BAUTQDc3NzllODE5MTYyNGMwOTcwNDY5NjQzYWFiNTI5ZWM5ZWEwODkyZDkyN2Nl
NWE2NDIyZTMyNmM0NmFiMTMxNGExLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJ1QWVHVrpy8K88pU0NiH7x8L4zNPMIYFy7B/ogcBmO84GQitParVH/Gz/XB
BB2v9P2H4a7356C/5T7jnltRba2NnYWqgkzBRUXWAc+WhEt5zdaw4gx3gjnI1Y6d
aqpM/i0pbIIzcglHvNAhFbVZby3Qrt4EP77Ug/nvMDUayC5BEIcI5pjo7OPIGEWL
TB7OqgLedzyGErRamhoK0tcs/Mcsna5Hq03Jximgqlzfl4xGqjgGJCmdgLKIAy4S
IDc0V1xxny5Khvtxg71QeVCBZKVFpDFa199ECg2QVsjekn10Yj7Zmo+pYJBIZBMs
VYlnZ5LYPtz2C2Zzl9VcbCdxGVUCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBR1wmA/
234GIgq4ovsyrhSai9JGvjAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NDcwYjZjNzYtY2QxYS00ZGI0LWJhZjUtMWM2ZDg2NTRhNTJjLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0AAQ
MA0GCSqGSIb3DQEBCwUAA4IBAQCTAynILL1jMzYCoRJgq0oa+e7gcLH5t3CXmXLt
a+QK2l853ZecaYx5CIZUZRBrPtGiOW5k4r+0dzbfS7xlekfRpKg46engnrnY2XNG
2t0JmD+F4KJfHF0aO6fWHr40o8k6WVngH8CHtdJuc3esIbymJzzvpO5WoV9yZUJI
MP/NCeb4JYhHTD7TQyQz19jEbb04sW911jk5WZTYNwa2rSuYstQjrWEkePL5VHt+
CWldMlOCwfjtilIGAFGIIffvhg+uLYyVyMDbHCYMCBsqiCXrVrslnn1o3PzPcLTU
UVAvp8CCAIlFi5UAnczHjKjlbwUrE5uhpbGOGeZ5kWBR1bFq
-----END CERTIFICATE-----
Generated at Tue Oct 28 04:19:32 2025 by rpki-client