Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/5246cdd9-6493-4560-b4c3-8d974de78b57.roa
File: 5246cdd9-6493-4560-b4c3-8d974de78b57.roa (raw, json)
Hash identifier: VsaSsxo6uHcLJxRwhZ6kAZTbCItxhPZ70jAbMKR3wF0=
Subject key identifier: 64:A9:F0:56:D0:A6:03:5E:03:93:FA:76:82:37:1F:15:D2:33:B3:5A
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 6C18B568F1C1F0BC391E64B5416DDC0362591E77
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/5246cdd9-6493-4560-b4c3-8d974de78b57.roa
Signing time: Tue 21 Oct 2025 14:40:03 +0000
ROA not before: Tue 21 Oct 2025 14:40:03 +0000
ROA not after: Tue 25 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d038:c000::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 28 Oct 2025 21:56:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
6c:18:b5:68:f1:c1:f0:bc:39:1e:64:b5:41:6d:dc:03:62:59:1e:77
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Oct 21 14:40:03 2025 GMT
Not After : Nov 25 23:59:59 2025 GMT
Subject: serialNumber=992d7dd38e18380baedcd64cbf7d9119d22cc70e514497a9098236b2ef5dd13d, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ce:13:35:ec:4a:e5:33:b0:f6:af:ae:e9:85:02:
3b:f6:e7:33:0d:c1:6a:9a:29:24:d3:cd:69:12:61:
5b:43:9d:15:ea:6f:06:04:c2:d3:59:fa:0e:f7:6e:
a7:dc:5c:a1:6e:ea:63:b0:e9:f6:29:37:5b:e4:01:
a6:7d:d7:dc:8e:76:bd:a2:40:74:8d:18:93:17:8d:
b4:f2:de:ce:3a:e0:40:78:6f:3e:35:0f:69:fb:ff:
59:1d:53:7a:72:94:b2:03:7e:34:e2:12:68:16:98:
6d:7d:0b:c3:6a:59:c3:5a:21:ba:32:56:d6:2a:fb:
f5:03:33:88:4f:55:19:89:1f:90:a7:de:5a:69:06:
bc:7b:d0:3a:9e:05:a2:fd:fb:ee:d8:2b:d8:ea:bb:
41:04:a8:2d:4f:4e:07:a1:ec:57:76:f5:77:f6:ec:
11:a6:64:4c:e9:d8:c3:3b:6e:39:31:67:ed:fe:17:
53:bb:e7:7a:69:2a:de:5c:bc:f8:a1:07:94:f7:9c:
f1:6d:03:7e:de:9f:33:26:dc:bb:9a:7f:ac:58:4a:
ce:2b:7d:72:52:87:08:e2:42:20:23:45:57:de:9a:
67:1c:79:c5:43:98:3e:7d:d3:a2:26:95:da:8e:96:
a2:a1:a1:bd:d2:75:fd:2c:47:28:19:56:57:5f:f0:
68:11
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
64:A9:F0:56:D0:A6:03:5E:03:93:FA:76:82:37:1F:15:D2:33:B3:5A
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/5246cdd9-6493-4560-b4c3-8d974de78b57.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d038:c000::/40
Signature Algorithm: sha256WithRSAEncryption
5d:aa:cd:e9:ad:cc:4b:10:c8:c0:29:76:8d:d2:fc:67:4c:5f:
58:53:af:48:32:a3:3d:d2:6f:22:20:97:08:cc:a6:cf:13:7b:
b7:e7:a9:6c:9e:88:5f:80:ba:39:5a:28:b6:22:ab:35:6d:15:
af:9c:52:76:01:c1:c5:34:e9:ca:4c:af:7f:eb:97:4a:ea:0f:
40:bb:b6:e9:4f:a4:47:ff:e1:11:ce:61:cc:e7:35:0f:26:91:
46:c7:54:91:31:dc:52:ff:d0:0b:40:c2:06:33:06:d2:60:44:
2c:1a:ce:fa:5c:6d:b1:66:22:07:90:11:77:a0:b7:ce:aa:0d:
f8:9e:57:7a:d9:3f:bf:b3:bf:9d:5f:fc:17:4f:82:c5:47:ed:
91:81:b6:fb:a2:46:8a:12:84:e9:5b:1c:a5:50:3a:f4:34:ac:
ac:f1:62:ff:59:67:32:6d:62:5c:c7:be:28:f6:25:3e:8a:5e:
fd:70:df:4d:47:86:b9:04:b7:10:eb:84:88:10:db:ec:c4:8c:
00:0c:40:3d:de:70:9e:37:9a:48:7c:b7:aa:55:c4:3f:fd:da:
22:12:2d:f9:83:27:3a:08:f4:06:47:91:d9:9f:9a:89:43:cd:
3e:df:6d:0c:72:76:7b:ee:de:66:71:74:6f:05:2d:32:e8:ad:
e5:30:f4:04
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUbBi1aPHB8Lw5HmS1QW3cA2JZHncwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMjExNDQwMDNaFw0yNTExMjUyMzU5NTlaMHoxSTBHBgNV
BAUTQDk5MmQ3ZGQzOGUxODM4MGJhZWRjZDY0Y2JmN2Q5MTE5ZDIyY2M3MGU1MTQ0
OTdhOTA5ODIzNmIyZWY1ZGQxM2QxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAM4TNexK5TOw9q+u6YUCO/bnMw3BapopJNPNaRJhW0OdFepvBgTC01n6Dvdu
p9xcoW7qY7Dp9ik3W+QBpn3X3I52vaJAdI0YkxeNtPLezjrgQHhvPjUPafv/WR1T
enKUsgN+NOISaBaYbX0Lw2pZw1ohujJW1ir79QMziE9VGYkfkKfeWmkGvHvQOp4F
ov377tgr2Oq7QQSoLU9OB6HsV3b1d/bsEaZkTOnYwztuOTFn7f4XU7vnemkq3ly8
+KEHlPec8W0Dft6fMybcu5p/rFhKzit9clKHCOJCICNFV96aZxx5xUOYPn3ToiaV
2o6WoqGhvdJ1/SxHKBlWV1/waBECAwEAAaOCAiMwggIfMB0GA1UdDgQWBBRkqfBW
0KYDXgOT+naCNx8V0jOzWjAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NTI0NmNkZDktNjQ5My00NTYwLWI0YzMtOGQ5NzRkZTc4YjU3LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0DjA
MA0GCSqGSIb3DQEBCwUAA4IBAQBdqs3prcxLEMjAKXaN0vxnTF9YU69IMqM90m8i
IJcIzKbPE3u356lsnohfgLo5Wii2Iqs1bRWvnFJ2AcHFNOnKTK9/65dK6g9Au7bp
T6RH/+ERzmHM5zUPJpFGx1SRMdxS/9ALQMIGMwbSYEQsGs76XG2xZiIHkBF3oLfO
qg34nld62T+/s7+dX/wXT4LFR+2Rgbb7okaKEoTpWxylUDr0NKys8WL/WWcybWJc
x74o9iU+il79cN9NR4a5BLcQ64SIENvsxIwADEA93nCeN5pIfLeqVcQ//doiEi35
gyc6CPQGR5HZn5qJQ80+320McnZ77t5mcXRvBS0y6K3lMPQE
-----END CERTIFICATE-----
Generated at Tue Oct 28 04:21:09 2025 by rpki-client