Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/4c2cf7b6-3fbb-4d74-886d-21c58b347f58.roa
File: 4c2cf7b6-3fbb-4d74-886d-21c58b347f58.roa (raw, json)
Hash identifier: I3rHVTleDFYOW7jjUdaUiPovUcakw81km+QJLVRNo5I=
Subject key identifier: 39:8B:E3:81:5F:BC:C5:64:98:DB:D9:47:8F:92:94:6C:BB:25:E7:FF
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 3854D43E5E44228BCEA9CDEC69051D970CC163B3
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/4c2cf7b6-3fbb-4d74-886d-21c58b347f58.roa
Signing time: Tue 21 Oct 2025 13:20:37 +0000
ROA not before: Tue 21 Oct 2025 13:20:37 +0000
ROA not after: Tue 25 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d07e:8000::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 29 Oct 2025 00:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
38:54:d4:3e:5e:44:22:8b:ce:a9:cd:ec:69:05:1d:97:0c:c1:63:b3
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Oct 21 13:20:37 2025 GMT
Not After : Nov 25 23:59:59 2025 GMT
Subject: serialNumber=75cb1515c256c2fcbf0a6ca0c3d1d06baa6366a3f0e983c0701706e1540dc5a6, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e5:1f:35:fd:00:1e:4f:0f:4b:84:3f:77:6c:a2:
c0:04:b1:4a:1d:55:d6:f5:fa:e9:6c:14:a5:43:dc:
5d:32:35:a2:30:7e:50:aa:f4:59:da:7e:52:54:28:
9f:fb:3e:bb:3e:cf:4d:de:01:f4:f8:2c:4f:a3:78:
75:0e:28:48:c0:cd:4e:2a:b2:28:01:17:f9:ee:78:
1e:a2:ed:7c:93:d4:d3:bc:ec:19:2b:aa:e3:35:df:
6a:58:b7:14:e1:cc:30:ba:fb:0b:97:65:20:3e:2d:
36:89:1e:d1:69:0c:4a:ca:58:cd:fa:c2:38:ce:17:
93:d1:2a:2f:93:65:86:d0:83:a8:6f:8c:74:e8:56:
a2:92:fb:cf:9b:31:28:90:ea:41:76:5c:a9:d6:05:
1d:f4:e3:9b:c5:80:1c:45:a5:0e:49:46:00:bc:ff:
27:87:07:2b:cd:55:d8:e3:f2:34:a3:0c:5c:76:e8:
7c:05:fb:c1:ea:ad:ae:e4:d6:b4:b0:c6:98:3f:62:
85:93:fb:97:00:49:40:5d:e2:a3:bd:04:bd:92:40:
22:4c:6b:bb:2e:d0:81:4a:91:25:bd:d5:88:b0:77:
39:64:5d:df:4d:16:47:f8:a1:2c:41:43:cc:6f:da:
61:ba:4f:57:34:74:51:c1:35:a7:bb:62:3e:42:9e:
01:af
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
39:8B:E3:81:5F:BC:C5:64:98:DB:D9:47:8F:92:94:6C:BB:25:E7:FF
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/4c2cf7b6-3fbb-4d74-886d-21c58b347f58.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d07e:8000::/40
Signature Algorithm: sha256WithRSAEncryption
8d:52:df:91:4c:8b:69:13:07:24:b7:f0:9a:01:c9:58:f6:2f:
8e:99:d2:12:28:60:35:0b:59:07:f6:ad:13:31:0d:53:79:eb:
f3:db:49:07:25:2d:db:41:69:2d:81:f4:bb:48:3b:63:69:86:
25:c1:97:c2:e1:e4:de:16:c5:1b:4d:65:87:6e:24:55:b3:ab:
76:fa:52:5d:5b:cf:d5:c1:1a:03:5c:07:24:05:e6:6a:7d:4c:
4d:cd:d2:dd:64:d3:fd:ca:d4:f2:40:b2:fe:b9:79:76:07:50:
73:05:58:16:48:86:f1:11:70:8f:0d:d9:fa:4d:22:80:3b:3f:
b4:a9:56:5c:76:51:de:0d:3e:6f:92:ac:71:13:95:7c:1e:b6:
d5:68:67:94:46:60:a0:d5:76:60:2b:47:2e:b9:99:e5:ff:fb:
95:3c:bc:1a:d2:e6:90:7f:c5:57:82:96:97:1a:79:c5:be:76:
78:d6:37:50:50:6b:48:0a:1c:11:b2:1a:45:e9:20:26:7c:e5:
d1:a4:f8:e5:31:70:bb:de:f3:af:b5:38:2f:2c:3b:c9:34:0c:
8f:5f:80:70:05:9a:dc:c0:43:a4:0f:31:ab:24:3a:79:ff:a1:
00:fb:a8:6f:dd:55:aa:e0:09:19:5d:3a:67:06:8b:0c:06:93:
84:98:99:8c
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUOFTUPl5EIovOqc3saQUdlwzBY7MwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMjExMzIwMzdaFw0yNTExMjUyMzU5NTlaMHoxSTBHBgNV
BAUTQDc1Y2IxNTE1YzI1NmMyZmNiZjBhNmNhMGMzZDFkMDZiYWE2MzY2YTNmMGU5
ODNjMDcwMTcwNmUxNTQwZGM1YTYxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAOUfNf0AHk8PS4Q/d2yiwASxSh1V1vX66WwUpUPcXTI1ojB+UKr0Wdp+UlQo
n/s+uz7PTd4B9PgsT6N4dQ4oSMDNTiqyKAEX+e54HqLtfJPU07zsGSuq4zXfali3
FOHMMLr7C5dlID4tNoke0WkMSspYzfrCOM4Xk9EqL5NlhtCDqG+MdOhWopL7z5sx
KJDqQXZcqdYFHfTjm8WAHEWlDklGALz/J4cHK81V2OPyNKMMXHbofAX7weqtruTW
tLDGmD9ihZP7lwBJQF3io70EvZJAIkxruy7QgUqRJb3ViLB3OWRd300WR/ihLEFD
zG/aYbpPVzR0UcE1p7tiPkKeAa8CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBQ5i+OB
X7zFZJjb2UePkpRsuyXn/zAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NGMyY2Y3YjYtM2ZiYi00ZDc0LTg4NmQtMjFjNThiMzQ3ZjU4LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0H6A
MA0GCSqGSIb3DQEBCwUAA4IBAQCNUt+RTItpEwckt/CaAclY9i+OmdISKGA1C1kH
9q0TMQ1Teevz20kHJS3bQWktgfS7SDtjaYYlwZfC4eTeFsUbTWWHbiRVs6t2+lJd
W8/VwRoDXAckBeZqfUxNzdLdZNP9ytTyQLL+uXl2B1BzBVgWSIbxEXCPDdn6TSKA
Oz+0qVZcdlHeDT5vkqxxE5V8HrbVaGeURmCg1XZgK0cuuZnl//uVPLwa0uaQf8VX
gpaXGnnFvnZ41jdQUGtIChwRshpF6SAmfOXRpPjlMXC73vOvtTgvLDvJNAyPX4Bw
BZrcwEOkDzGrJDp5/6EA+6hv3VWq4AkZXTpnBosMBpOEmJmM
-----END CERTIFICATE-----
Generated at Tue Oct 28 04:19:37 2025 by rpki-client