Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/4aa6172c-f263-4645-8d7a-40a15aee233f.roa
File: 4aa6172c-f263-4645-8d7a-40a15aee233f.roa (raw, json)
Hash identifier: J69KBzrYonF2O6LH2r82iGVx+DNP3VFelLKThkGGlY8=
Subject key identifier: BA:60:A6:74:B6:F7:CD:DC:1C:52:58:6E:46:60:47:B4:BC:79:87:88
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 4CF6F09C607EB2F014A91F134ABE07E4D670D3DF
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/4aa6172c-f263-4645-8d7a-40a15aee233f.roa
Signing time: Tue 21 Oct 2025 13:41:17 +0000
ROA not before: Tue 21 Oct 2025 13:41:17 +0000
ROA not after: Tue 25 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d071:8000::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 29 Oct 2025 00:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
4c:f6:f0:9c:60:7e:b2:f0:14:a9:1f:13:4a:be:07:e4:d6:70:d3:df
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Oct 21 13:41:17 2025 GMT
Not After : Nov 25 23:59:59 2025 GMT
Subject: serialNumber=812ae3306c948a6958d45c18b55f16f6a51bef271c8d87afbd7992dd408732ef, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a4:89:f7:19:f8:09:cd:e6:f6:52:ff:0b:28:00:
98:66:88:f0:eb:dc:47:f2:bf:ad:c2:b8:0e:d2:eb:
78:0e:01:21:20:e4:07:8d:8b:66:20:cf:72:94:b7:
da:4e:d2:47:8f:e4:f6:d7:ac:34:93:70:75:b9:31:
39:60:b4:a3:31:d4:3f:65:b9:ab:df:ec:f0:07:cf:
72:90:4e:14:b6:b4:29:f4:48:bb:98:d3:e7:4e:82:
91:9f:8d:56:09:92:32:3c:c9:b8:22:94:ce:98:a1:
49:b5:dd:c9:bb:09:e6:c4:c3:b5:33:fc:b7:a1:b5:
92:64:ef:ef:bf:78:ec:a2:1b:e5:89:94:90:9e:1c:
83:32:51:53:b0:74:08:5c:75:bc:89:ee:46:42:eb:
80:cb:c3:21:e1:a5:84:6b:33:2b:ba:86:d8:2e:c3:
db:6d:57:90:cd:4b:e0:85:07:7c:be:05:5c:70:0f:
69:7a:7b:04:b4:9f:a0:01:a8:51:8e:92:86:ba:c3:
26:74:40:85:2b:6b:60:65:44:71:23:5c:de:b4:42:
5f:35:3e:79:99:9c:43:53:bf:9b:6c:dc:00:7f:6b:
20:8f:de:84:f2:29:ff:75:24:12:68:3a:58:01:08:
d6:76:5d:32:9b:7e:c8:7d:99:a5:0a:09:47:5c:40:
13:0f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BA:60:A6:74:B6:F7:CD:DC:1C:52:58:6E:46:60:47:B4:BC:79:87:88
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/4aa6172c-f263-4645-8d7a-40a15aee233f.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d071:8000::/40
Signature Algorithm: sha256WithRSAEncryption
57:98:1d:91:3f:db:2b:ca:3a:78:66:b8:99:39:97:fe:91:3c:
88:00:8d:c8:17:a5:28:bb:87:82:43:f2:63:23:f5:eb:a8:12:
8d:9f:6c:3d:6e:27:d9:bf:eb:88:86:a2:30:17:47:f7:16:75:
89:4b:a3:ae:b2:50:25:08:74:b3:74:c8:7f:d3:b5:23:d3:02:
db:cc:70:07:fa:46:eb:6b:ca:5a:1a:64:25:65:8b:c6:82:ba:
85:1c:49:83:51:56:7d:9e:aa:4e:15:ec:1e:bf:91:d2:82:ea:
fb:43:bc:0d:11:86:bc:8c:71:c3:16:ee:18:f9:6a:a0:ab:21:
1b:67:c9:18:ab:6c:54:78:06:0d:84:84:1a:0d:1e:10:0d:6e:
8f:ce:da:5e:62:e1:88:a7:e1:af:fd:12:a3:fe:39:7c:49:2a:
cb:90:a6:86:9e:20:a2:8e:b5:8a:92:51:84:b3:76:b5:28:6e:
9d:44:83:6f:08:ca:58:20:58:03:ea:20:ec:8e:52:3a:84:fd:
9f:09:16:1c:af:52:01:67:b4:22:a5:a5:f3:16:76:53:c5:f8:
1d:71:e8:c0:15:6c:6b:1f:17:dd:1a:a1:83:69:a4:e7:9e:13:
42:28:6b:87:3a:7a:37:75:55:a7:b0:fe:74:0a:27:ac:ae:d3:
8d:3e:7f:3f
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUTPbwnGB+svAUqR8TSr4H5NZw098wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMjExMzQxMTdaFw0yNTExMjUyMzU5NTlaMHoxSTBHBgNV
BAUTQDgxMmFlMzMwNmM5NDhhNjk1OGQ0NWMxOGI1NWYxNmY2YTUxYmVmMjcxYzhk
ODdhZmJkNzk5MmRkNDA4NzMyZWYxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKSJ9xn4Cc3m9lL/CygAmGaI8OvcR/K/rcK4DtLreA4BISDkB42LZiDPcpS3
2k7SR4/k9tesNJNwdbkxOWC0ozHUP2W5q9/s8AfPcpBOFLa0KfRIu5jT506CkZ+N
VgmSMjzJuCKUzpihSbXdybsJ5sTDtTP8t6G1kmTv77947KIb5YmUkJ4cgzJRU7B0
CFx1vInuRkLrgMvDIeGlhGszK7qG2C7D221XkM1L4IUHfL4FXHAPaXp7BLSfoAGo
UY6ShrrDJnRAhStrYGVEcSNc3rRCXzU+eZmcQ1O/m2zcAH9rII/ehPIp/3UkEmg6
WAEI1nZdMpt+yH2ZpQoJR1xAEw8CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBS6YKZ0
tvfN3BxSWG5GYEe0vHmHiDAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NGFhNjE3MmMtZjI2My00NjQ1LThkN2EtNDBhMTVhZWUyMzNmLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0HGA
MA0GCSqGSIb3DQEBCwUAA4IBAQBXmB2RP9sryjp4ZriZOZf+kTyIAI3IF6Uou4eC
Q/JjI/XrqBKNn2w9bifZv+uIhqIwF0f3FnWJS6OuslAlCHSzdMh/07Uj0wLbzHAH
+kbra8paGmQlZYvGgrqFHEmDUVZ9nqpOFewev5HSgur7Q7wNEYa8jHHDFu4Y+Wqg
qyEbZ8kYq2xUeAYNhIQaDR4QDW6PztpeYuGIp+Gv/RKj/jl8SSrLkKaGniCijrWK
klGEs3a1KG6dRINvCMpYIFgD6iDsjlI6hP2fCRYcr1IBZ7QipaXzFnZTxfgdcejA
FWxrHxfdGqGDaaTnnhNCKGuHOno3dVWnsP50CiesrtONPn8/
-----END CERTIFICATE-----
Generated at Tue Oct 28 04:11:58 2025 by rpki-client