Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/4dc2c958-c749-4f2f-a83c-b419f7f45487.roa
File: 4dc2c958-c749-4f2f-a83c-b419f7f45487.roa (raw, json)
Hash identifier: kH3DjMRJKMIGJWxTyHuF1OIXvtuY1ZDUfEbDOpzeLUs=
Subject key identifier: 52:95:1A:EC:ED:B1:EC:C2:DE:FC:DD:6B:C8:AB:23:B2:46:58:98:93
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 4ABED94FEFDD1B420ACB65E0372FBB3EDC83857D
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/4dc2c958-c749-4f2f-a83c-b419f7f45487.roa
Signing time: Tue 21 Oct 2025 14:10:44 +0000
ROA not before: Tue 21 Oct 2025 14:10:44 +0000
ROA not after: Tue 25 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d07a:e000::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 28 Oct 2025 21:56:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
4a:be:d9:4f:ef:dd:1b:42:0a:cb:65:e0:37:2f:bb:3e:dc:83:85:7d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Oct 21 14:10:44 2025 GMT
Not After : Nov 25 23:59:59 2025 GMT
Subject: serialNumber=94abbda547a304410ef47ae4b2a0052073a3587e30d0bff35d708752350aeb5c, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b3:ab:7e:91:ac:e1:15:e2:b3:81:3e:a3:e3:15:
a0:5c:b2:2e:13:e8:f9:e1:d3:8a:af:69:23:55:ca:
44:39:31:f3:33:cf:56:db:50:19:dd:01:15:22:12:
06:e7:de:ef:a8:73:96:54:4e:53:ba:e0:ea:5d:9a:
1d:fe:0f:e7:6e:17:4c:b6:97:7e:fe:57:7d:99:b1:
93:77:a4:93:3e:e0:01:1f:8c:e8:d0:fa:90:67:e4:
26:c4:12:3c:79:41:42:27:e1:e3:23:fc:02:d6:6a:
2c:9e:da:3e:c8:56:71:98:51:b2:6a:08:f1:70:5a:
8e:32:12:ee:a9:f2:2c:ac:b8:73:04:49:bf:5b:5a:
19:a4:6f:b9:56:ec:ca:04:9d:ab:13:06:d3:2c:d5:
d2:1f:1d:9b:46:26:1e:ea:86:6a:58:0e:fb:11:2a:
ab:74:19:36:8d:22:6d:ec:55:79:07:5a:bb:2d:62:
f6:80:02:95:0a:53:c2:39:15:d9:79:7a:88:f2:17:
80:dc:27:37:8f:d6:0b:59:05:4b:3a:db:5a:2b:25:
57:16:72:50:07:ce:68:6f:00:0e:2a:e6:6c:1d:e3:
9a:12:f7:48:7f:cd:7c:b7:12:8f:6c:d6:a8:ee:29:
58:f8:47:be:03:9d:11:c1:09:91:20:e1:66:49:90:
ba:bd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
52:95:1A:EC:ED:B1:EC:C2:DE:FC:DD:6B:C8:AB:23:B2:46:58:98:93
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/4dc2c958-c749-4f2f-a83c-b419f7f45487.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d07a:e000::/40
Signature Algorithm: sha256WithRSAEncryption
5b:9f:3e:50:b4:dd:00:53:01:b0:d2:15:61:31:a4:96:4d:66:
c3:1a:b8:0f:2e:84:e6:15:1a:fc:86:fd:8d:b5:08:f6:a8:ec:
31:03:85:c2:db:42:43:00:39:cf:52:b7:93:97:f6:27:ba:80:
0f:af:9a:ff:b0:2e:31:06:ac:4b:46:d7:47:3a:93:02:a9:d9:
11:f6:65:de:ed:c1:f5:2b:8a:f1:a5:f6:10:75:0a:c6:44:63:
7e:0b:0b:87:d9:eb:2b:7b:1c:06:03:46:2a:c4:c1:36:07:05:
23:35:11:63:7a:44:d7:69:bd:dc:4e:9e:fa:aa:82:62:26:57:
b4:9f:f5:ab:fb:da:fe:1f:00:56:5f:3e:3c:da:e5:1f:c8:30:
0b:9e:95:ed:23:86:6e:8e:6d:6d:0c:c8:91:e3:1d:3a:87:7b:
fa:73:f8:3d:b4:42:39:bf:9e:86:b2:f7:42:08:0a:80:4c:e9:
a8:71:1c:0e:44:9a:20:45:9f:f7:3b:d3:dd:fd:e6:13:08:1e:
71:fa:ba:e7:16:25:2c:66:48:6e:52:47:a1:c9:22:3b:83:00:
f0:ab:e8:b6:f2:95:65:2d:5b:00:30:0e:de:67:8a:b0:ff:c2:
6c:0a:d5:c2:25:bd:1d:8e:36:d9:dc:26:32:d5:04:9e:b7:0c:
a6:eb:ff:0a
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUSr7ZT+/dG0IKy2XgNy+7PtyDhX0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMjExNDEwNDRaFw0yNTExMjUyMzU5NTlaMHoxSTBHBgNV
BAUTQDk0YWJiZGE1NDdhMzA0NDEwZWY0N2FlNGIyYTAwNTIwNzNhMzU4N2UzMGQw
YmZmMzVkNzA4NzUyMzUwYWViNWMxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALOrfpGs4RXis4E+o+MVoFyyLhPo+eHTiq9pI1XKRDkx8zPPVttQGd0BFSIS
Bufe76hzllROU7rg6l2aHf4P524XTLaXfv5XfZmxk3ekkz7gAR+M6ND6kGfkJsQS
PHlBQifh4yP8AtZqLJ7aPshWcZhRsmoI8XBajjIS7qnyLKy4cwRJv1taGaRvuVbs
ygSdqxMG0yzV0h8dm0YmHuqGalgO+xEqq3QZNo0ibexVeQdauy1i9oAClQpTwjkV
2Xl6iPIXgNwnN4/WC1kFSzrbWislVxZyUAfOaG8ADirmbB3jmhL3SH/NfLcSj2zW
qO4pWPhHvgOdEcEJkSDhZkmQur0CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBRSlRrs
7bHswt783WvIqyOyRliYkzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NGRjMmM5NTgtYzc0OS00ZjJmLWE4M2MtYjQxOWY3ZjQ1NDg3LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0Hrg
MA0GCSqGSIb3DQEBCwUAA4IBAQBbnz5QtN0AUwGw0hVhMaSWTWbDGrgPLoTmFRr8
hv2NtQj2qOwxA4XC20JDADnPUreTl/YnuoAPr5r/sC4xBqxLRtdHOpMCqdkR9mXe
7cH1K4rxpfYQdQrGRGN+CwuH2esrexwGA0YqxME2BwUjNRFjekTXab3cTp76qoJi
Jle0n/Wr+9r+HwBWXz482uUfyDALnpXtI4Zujm1tDMiR4x06h3v6c/g9tEI5v56G
svdCCAqATOmocRwORJogRZ/3O9Pd/eYTCB5x+rrnFiUsZkhuUkehySI7gwDwq+i2
8pVlLVsAMA7eZ4qw/8JsCtXCJb0djjbZ3CYy1QSetwym6/8K
-----END CERTIFICATE-----
Generated at Tue Oct 28 04:09:09 2025 by rpki-client