Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/492ed8ca-efa4-4041-ac8d-b0a78ef05308.roa
File: 492ed8ca-efa4-4041-ac8d-b0a78ef05308.roa (raw, json)
Hash identifier: ppldeQuyuC36a/rEL79QpqokzmMVvBEfT5HjGz6FtVE=
Subject key identifier: 33:0A:93:3C:1F:FE:2E:BE:9B:C6:EE:43:19:A2:28:10:68:99:F6:FD
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 511998044508D3F4AFB326075109CFC8DB3138B0
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/492ed8ca-efa4-4041-ac8d-b0a78ef05308.roa
Signing time: Tue 21 Oct 2025 14:10:08 +0000
ROA not before: Tue 21 Oct 2025 14:10:08 +0000
ROA not after: Tue 25 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d06d:4000::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 29 Oct 2025 00:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
51:19:98:04:45:08:d3:f4:af:b3:26:07:51:09:cf:c8:db:31:38:b0
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Oct 21 14:10:08 2025 GMT
Not After : Nov 25 23:59:59 2025 GMT
Subject: serialNumber=c284f8036e569c3040c893b686ed87d69423e7e9df841f63b4e1f990870b9818, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:be:9b:27:de:06:a8:cf:fe:5b:bf:87:cf:eb:84:
08:ba:9b:85:4a:50:9b:b2:5a:8c:52:11:25:b0:06:
69:23:6b:a1:90:ad:98:f5:02:e7:47:43:0c:de:71:
db:36:8e:7b:07:6e:cf:5b:dc:28:a2:c6:52:eb:93:
3d:7e:47:34:6f:17:b3:b7:29:d7:04:96:f9:96:80:
c0:fd:2e:23:27:67:85:be:6e:64:61:9d:53:ae:a0:
13:8e:9d:3a:4d:7b:63:60:b8:3f:ef:e4:35:c4:24:
ce:69:9c:03:46:3c:14:e4:99:b8:26:8a:65:50:79:
89:ae:51:13:7e:3a:d7:22:24:02:60:e7:39:ff:56:
a1:af:9c:89:19:99:25:6f:47:1e:50:de:f1:c0:24:
98:b3:94:0e:96:30:df:e5:29:33:df:96:50:57:f7:
9a:c1:5b:c1:07:f2:a1:c7:ed:bb:4d:e9:e5:92:e3:
3a:52:a1:61:ea:79:d5:0e:b4:bb:a1:13:9a:c9:99:
2b:85:e0:d1:da:54:00:f7:94:9b:37:30:ed:6e:6b:
51:e3:d7:8f:48:bd:92:26:9c:11:6a:b8:73:9f:d4:
14:d3:09:53:b8:c1:eb:5e:7b:5f:b6:36:97:d5:94:
fc:03:a1:e7:5d:e4:d6:4b:18:f3:2a:20:73:cb:cf:
7a:e1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
33:0A:93:3C:1F:FE:2E:BE:9B:C6:EE:43:19:A2:28:10:68:99:F6:FD
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/492ed8ca-efa4-4041-ac8d-b0a78ef05308.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d06d:4000::/40
Signature Algorithm: sha256WithRSAEncryption
68:29:79:cb:22:0a:77:ec:12:1d:fb:76:5e:b3:88:02:a3:96:
dd:ed:c1:f2:32:1b:37:e1:c3:25:07:b7:2d:0e:e2:98:72:dc:
8d:13:71:b9:f7:56:a6:f6:5b:1c:67:1f:51:0e:83:2b:ac:90:
8b:10:96:b5:58:a0:bb:d4:12:66:44:81:df:46:c5:5a:45:11:
f4:a9:f7:8f:98:da:b3:19:b6:60:cb:6c:8d:5d:7b:ff:c8:a4:
a0:94:a6:ad:ea:ed:64:99:33:db:f0:b0:84:94:fd:ab:99:d2:
94:c3:72:d4:32:89:2d:b5:61:f3:7f:01:c6:4c:5d:02:f2:01:
11:af:fe:2f:b6:b3:f4:08:b5:5a:1e:0f:97:66:66:27:2c:97:
f5:29:f9:6b:8e:37:3b:25:d9:71:10:81:20:91:ec:80:92:a3:
63:3c:9a:bc:87:1c:f1:d7:70:1d:49:94:43:95:7c:4d:ef:f2:
9a:61:77:66:3f:01:36:1c:0b:cd:12:6a:89:f4:17:ef:29:0e:
e9:31:99:70:4e:ad:06:f4:3b:7f:75:4d:91:ab:eb:38:90:79:
da:35:02:9d:74:6c:a3:64:99:14:6d:fa:68:67:ff:a1:73:98:
75:a2:f7:8b:5e:b9:31:c5:7c:1c:81:a1:bc:61:5a:35:23:75:
b6:07:6d:a2
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUURmYBEUI0/SvsyYHUQnPyNsxOLAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMjExNDEwMDhaFw0yNTExMjUyMzU5NTlaMHoxSTBHBgNV
BAUTQGMyODRmODAzNmU1NjljMzA0MGM4OTNiNjg2ZWQ4N2Q2OTQyM2U3ZTlkZjg0
MWY2M2I0ZTFmOTkwODcwYjk4MTgxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAL6bJ94GqM/+W7+Hz+uECLqbhUpQm7JajFIRJbAGaSNroZCtmPUC50dDDN5x
2zaOewduz1vcKKLGUuuTPX5HNG8Xs7cp1wSW+ZaAwP0uIydnhb5uZGGdU66gE46d
Ok17Y2C4P+/kNcQkzmmcA0Y8FOSZuCaKZVB5ia5RE3461yIkAmDnOf9Woa+ciRmZ
JW9HHlDe8cAkmLOUDpYw3+UpM9+WUFf3msFbwQfyocftu03p5ZLjOlKhYep51Q60
u6ETmsmZK4Xg0dpUAPeUmzcw7W5rUePXj0i9kiacEWq4c5/UFNMJU7jB6157X7Y2
l9WU/AOh513k1ksY8yogc8vPeuECAwEAAaOCAiMwggIfMB0GA1UdDgQWBBQzCpM8
H/4uvpvG7kMZoigQaJn2/TAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NDkyZWQ4Y2EtZWZhNC00MDQxLWFjOGQtYjBhNzhlZjA1MzA4LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0G1A
MA0GCSqGSIb3DQEBCwUAA4IBAQBoKXnLIgp37BId+3Zes4gCo5bd7cHyMhs34cMl
B7ctDuKYctyNE3G591am9lscZx9RDoMrrJCLEJa1WKC71BJmRIHfRsVaRRH0qfeP
mNqzGbZgy2yNXXv/yKSglKat6u1kmTPb8LCElP2rmdKUw3LUMokttWHzfwHGTF0C
8gERr/4vtrP0CLVaHg+XZmYnLJf1Kflrjjc7JdlxEIEgkeyAkqNjPJq8hxzx13Ad
SZRDlXxN7/KaYXdmPwE2HAvNEmqJ9BfvKQ7pMZlwTq0G9Dt/dU2Rq+s4kHnaNQKd
dGyjZJkUbfpoZ/+hc5h1oveLXrkxxXwcgaG8YVo1I3W2B22i
-----END CERTIFICATE-----
Generated at Tue Oct 28 04:21:11 2025 by rpki-client