Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/4a3909fa-da3d-4cd8-918f-7755304d49d1.roa
File: 4a3909fa-da3d-4cd8-918f-7755304d49d1.roa (raw, json)
Hash identifier: 6hcyDPxE9pqxVmz3HrHAj2zfb5zi+hUlzwnGz2AQqSI=
Subject key identifier: 22:1D:79:9D:B1:36:3D:89:8C:95:4C:DA:7F:CF:F9:A9:A1:C0:99:A3
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 7473710AF796B309E23C5385CEC783596380582B
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/4a3909fa-da3d-4cd8-918f-7755304d49d1.roa
Signing time: Tue 21 Oct 2025 12:30:14 +0000
ROA not before: Tue 21 Oct 2025 12:30:14 +0000
ROA not after: Tue 25 Nov 2025 23:59:59 +0000
asID: 14618
IP address blocks: 2a05:d06f:a000::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 28 Oct 2025 21:56:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
74:73:71:0a:f7:96:b3:09:e2:3c:53:85:ce:c7:83:59:63:80:58:2b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Oct 21 12:30:14 2025 GMT
Not After : Nov 25 23:59:59 2025 GMT
Subject: serialNumber=52b08cd63ac77d4f22c90c77fa84b01dc1f4341f7baa54e4fbec9fc04ebfe7c7, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:dc:9e:39:b6:49:1d:59:c9:61:36:22:6a:f4:0f:
e3:d1:bb:2d:7d:24:fc:cb:7a:6f:c1:b6:b2:13:8c:
2e:80:42:3c:fd:a6:66:7e:06:36:db:9c:39:44:0c:
8c:92:d5:62:f3:64:e1:ec:0d:9a:dd:39:a5:c6:bc:
18:c4:35:32:79:cb:1d:04:87:f4:2c:be:2f:bf:e6:
a9:3e:db:e0:c2:2a:96:74:68:de:b0:97:7a:21:6f:
7b:60:14:41:7f:af:c8:cd:6c:3d:39:ff:05:7a:c9:
63:3d:df:c2:c9:9a:38:19:0c:4d:de:62:bd:db:e8:
5d:a0:76:b3:30:8e:6b:92:6b:63:a2:8b:e2:1c:87:
fd:40:7c:99:b4:a4:4a:12:4d:a4:1f:67:68:93:17:
a2:7d:a2:8c:5f:e3:2a:e1:8b:f0:c9:60:0d:f3:be:
bd:a5:50:e0:4c:8a:b7:b5:42:b7:25:e5:32:55:3b:
ac:49:dc:1f:67:82:82:78:e6:a9:12:d4:d5:a9:cb:
cb:3a:a8:5c:fd:07:34:e7:b3:0f:f6:97:4f:7e:9f:
a1:c5:0f:c6:99:93:22:9a:0a:16:c9:27:bb:3c:c4:
34:8c:03:68:f8:4d:d1:a6:a4:f1:de:bf:71:d6:48:
2b:5b:c9:34:0a:e0:f7:69:ee:02:7c:d4:16:84:53:
a1:f3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
22:1D:79:9D:B1:36:3D:89:8C:95:4C:DA:7F:CF:F9:A9:A1:C0:99:A3
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/4a3909fa-da3d-4cd8-918f-7755304d49d1.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d06f:a000::/40
Signature Algorithm: sha256WithRSAEncryption
b9:56:0d:2c:03:2f:f2:c9:70:b1:62:70:06:9d:92:66:0d:e6:
b7:6c:1f:27:a0:26:f6:44:10:a5:08:c9:dc:62:2f:67:06:6d:
3a:9c:0f:78:ff:3c:9e:23:8f:60:5a:02:aa:01:a6:16:85:52:
46:42:d3:2e:36:8c:9a:ef:82:51:94:b8:9b:6d:d7:06:07:d2:
f0:b6:0d:d6:03:c1:3e:9d:48:c7:d9:55:38:a2:74:25:06:46:
a5:c1:a4:ae:5f:cc:e2:8c:b3:dd:1e:e5:44:0c:83:b9:a0:57:
d0:20:1d:22:76:5e:b4:7d:4c:70:e9:d4:e3:ab:d6:91:bb:4a:
06:16:c9:50:c3:61:0a:2b:48:8a:39:6c:bb:97:75:2e:8a:f6:
52:7f:39:b8:00:dc:d6:f3:07:11:4d:36:1e:7b:e6:96:46:62:
48:fa:24:b7:f2:87:b4:e0:60:e0:02:3d:8f:0b:26:a4:a4:b8:
d6:3a:fb:be:08:c4:30:70:5e:7a:01:96:f7:69:be:f8:8a:08:
bb:df:de:ed:64:9e:6c:04:88:ad:10:13:e5:46:b9:f1:44:57:
4c:f8:00:7c:22:0e:aa:ab:04:7f:6f:69:8b:2e:1c:72:13:04:
11:f3:7d:e4:8d:0b:b9:9b:47:79:cd:43:33:01:45:b4:1d:ea:
50:46:17:3e
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUdHNxCveWswniPFOFzseDWWOAWCswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMjExMjMwMTRaFw0yNTExMjUyMzU5NTlaMHoxSTBHBgNV
BAUTQDUyYjA4Y2Q2M2FjNzdkNGYyMmM5MGM3N2ZhODRiMDFkYzFmNDM0MWY3YmFh
NTRlNGZiZWM5ZmMwNGViZmU3YzcxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANyeObZJHVnJYTYiavQP49G7LX0k/Mt6b8G2shOMLoBCPP2mZn4GNtucOUQM
jJLVYvNk4ewNmt05pca8GMQ1MnnLHQSH9Cy+L7/mqT7b4MIqlnRo3rCXeiFve2AU
QX+vyM1sPTn/BXrJYz3fwsmaOBkMTd5ivdvoXaB2szCOa5JrY6KL4hyH/UB8mbSk
ShJNpB9naJMXon2ijF/jKuGL8MlgDfO+vaVQ4EyKt7VCtyXlMlU7rEncH2eCgnjm
qRLU1anLyzqoXP0HNOezD/aXT36focUPxpmTIpoKFsknuzzENIwDaPhN0aak8d6/
cdZIK1vJNArg92nuAnzUFoRTofMCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBQiHXmd
sTY9iYyVTNp/z/mpocCZozAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NGEzOTA5ZmEtZGEzZC00Y2Q4LTkxOGYtNzc1NTMwNGQ0OWQxLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0G+g
MA0GCSqGSIb3DQEBCwUAA4IBAQC5Vg0sAy/yyXCxYnAGnZJmDea3bB8noCb2RBCl
CMncYi9nBm06nA94/zyeI49gWgKqAaYWhVJGQtMuNoya74JRlLibbdcGB9Lwtg3W
A8E+nUjH2VU4onQlBkalwaSuX8zijLPdHuVEDIO5oFfQIB0idl60fUxw6dTjq9aR
u0oGFslQw2EKK0iKOWy7l3UuivZSfzm4ANzW8wcRTTYee+aWRmJI+iS38oe04GDg
Aj2PCyakpLjWOvu+CMQwcF56AZb3ab74igi7397tZJ5sBIitEBPlRrnxRFdM+AB8
Ig6qqwR/b2mLLhxyEwQR833kjQu5m0d5zUMzAUW0HepQRhc+
-----END CERTIFICATE-----
Generated at Tue Oct 28 04:14:27 2025 by rpki-client