Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/543bc67d-08f9-4a99-bf5e-68100e034395.roa
File: 543bc67d-08f9-4a99-bf5e-68100e034395.roa (raw, json)
Hash identifier: Nei40BoUjaTXqm6HctiiVIiSKxMnjUHrNrEPKsHQwyA=
Subject key identifier: 61:CD:44:79:61:F5:C7:06:BA:F4:24:C8:CD:0C:FB:22:26:21:E5:2D
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 676480A52C66C6632667321EB205F61DFD4CC9B3
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/543bc67d-08f9-4a99-bf5e-68100e034395.roa
Signing time: Tue 21 Oct 2025 14:00:57 +0000
ROA not before: Tue 21 Oct 2025 14:00:57 +0000
ROA not after: Tue 25 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d072:4080::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 28 Oct 2025 21:56:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
67:64:80:a5:2c:66:c6:63:26:67:32:1e:b2:05:f6:1d:fd:4c:c9:b3
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Oct 21 14:00:57 2025 GMT
Not After : Nov 25 23:59:59 2025 GMT
Subject: serialNumber=f8d1e09a3c04dd6b693d60dc4df6e61acbe72c86e0fe9b18147d396e4a8d70ac, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bd:b1:b0:85:5d:65:46:11:d9:f5:81:5e:21:4b:
e1:61:d7:b7:e3:dd:2d:0e:f8:e4:a1:60:9e:2d:c2:
dd:f1:f3:89:3b:d8:f9:22:6a:19:ed:9c:03:3d:a7:
0f:a3:36:e8:9f:d6:7a:dd:83:ce:bb:3a:91:da:06:
05:ed:76:fc:22:6e:c2:5c:be:23:4f:1d:5b:3b:49:
fd:bd:fd:c4:3d:bb:33:dc:b3:0d:c6:98:10:06:e8:
a2:5d:10:36:0f:4e:6e:a0:0d:00:56:49:5a:59:33:
90:71:dc:c3:7c:e7:96:02:07:86:0d:f1:85:3f:3b:
db:c1:f7:62:a6:cc:db:62:54:f2:9a:6a:e8:1a:a8:
90:9a:8d:f4:16:49:15:9c:0c:81:b4:28:71:66:57:
d8:b9:05:dc:5a:60:8a:d7:87:e6:6e:ee:f7:ce:4f:
da:ae:7e:27:28:7a:14:65:58:72:b2:9b:ff:e2:8d:
47:53:2c:3a:4f:4a:24:cb:92:00:eb:c9:c6:73:e7:
13:3b:58:ed:2b:67:24:35:b9:0d:b5:d2:a0:88:47:
fc:1e:9b:d4:5d:49:8f:da:5b:39:66:46:41:55:e4:
ce:5c:22:ef:98:05:9a:52:6a:6f:4f:b0:c3:c1:94:
db:35:6b:46:e1:21:50:d9:35:0a:ae:4d:cf:dd:bf:
9e:bb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
61:CD:44:79:61:F5:C7:06:BA:F4:24:C8:CD:0C:FB:22:26:21:E5:2D
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/543bc67d-08f9-4a99-bf5e-68100e034395.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d072:4080::/48
Signature Algorithm: sha256WithRSAEncryption
10:39:5a:ec:f1:e0:47:bf:0e:ed:27:29:4c:65:a3:d7:df:76:
35:4a:fe:23:78:5a:5d:26:63:ba:e8:30:51:fc:31:7b:cf:a8:
ed:85:12:e1:3d:4f:fb:b3:4a:0f:8b:c9:bb:b0:0f:ae:ac:52:
ec:b3:d2:17:e7:2a:6e:18:d1:71:45:f0:d1:5c:10:ad:d4:1b:
bc:86:43:03:5a:29:c7:4b:f0:a7:21:05:93:39:27:e0:97:32:
22:39:70:20:3a:50:f9:60:cf:d7:a7:20:cf:4a:53:f1:86:30:
54:3f:1c:c9:d0:5e:95:5b:1b:c3:92:32:d3:b8:d3:f0:99:27:
c0:e8:48:22:a6:36:5c:00:55:10:e3:8f:7a:a8:0d:ed:2e:d1:
46:5d:c6:21:42:23:81:e6:fa:89:89:f7:17:7c:6d:39:8a:53:
d3:8c:2e:33:09:9e:fe:4a:9f:5a:1b:a4:42:88:a4:eb:09:72:
7a:ad:d3:da:ad:04:ea:3d:6f:a7:52:e1:62:b5:5e:f2:70:23:
64:ac:ef:08:49:c2:e0:53:86:3c:d1:e6:6a:19:9c:81:b1:a4:
a6:54:e3:c9:ea:8c:9c:8a:4b:7f:b2:f1:9b:4a:29:59:06:45:
1f:e7:b9:91:e5:4f:b2:f5:c7:00:dc:21:05:98:72:cb:8a:97:
a3:cd:5a:83
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUZ2SApSxmxmMmZzIesgX2Hf1MybMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMjExNDAwNTdaFw0yNTExMjUyMzU5NTlaMHoxSTBHBgNV
BAUTQGY4ZDFlMDlhM2MwNGRkNmI2OTNkNjBkYzRkZjZlNjFhY2JlNzJjODZlMGZl
OWIxODE0N2QzOTZlNGE4ZDcwYWMxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAL2xsIVdZUYR2fWBXiFL4WHXt+PdLQ745KFgni3C3fHziTvY+SJqGe2cAz2n
D6M26J/Wet2Dzrs6kdoGBe12/CJuwly+I08dWztJ/b39xD27M9yzDcaYEAbool0Q
Ng9ObqANAFZJWlkzkHHcw3znlgIHhg3xhT8728H3YqbM22JU8ppq6BqokJqN9BZJ
FZwMgbQocWZX2LkF3FpgiteH5m7u985P2q5+Jyh6FGVYcrKb/+KNR1MsOk9KJMuS
AOvJxnPnEztY7StnJDW5DbXSoIhH/B6b1F1Jj9pbOWZGQVXkzlwi75gFmlJqb0+w
w8GU2zVrRuEhUNk1Cq5Nz92/nrsCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBRhzUR5
YfXHBrr0JMjNDPsiJiHlLTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NTQzYmM2N2QtMDhmOS00YTk5LWJmNWUtNjgxMDBlMDM0Mzk1LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0HJA
gDANBgkqhkiG9w0BAQsFAAOCAQEAEDla7PHgR78O7ScpTGWj1992NUr+I3haXSZj
uugwUfwxe8+o7YUS4T1P+7NKD4vJu7APrqxS7LPSF+cqbhjRcUXw0VwQrdQbvIZD
A1opx0vwpyEFkzkn4JcyIjlwIDpQ+WDP16cgz0pT8YYwVD8cydBelVsbw5Iy07jT
8JknwOhIIqY2XABVEOOPeqgN7S7RRl3GIUIjgeb6iYn3F3xtOYpT04wuMwme/kqf
WhukQoik6wlyeq3T2q0E6j1vp1LhYrVe8nAjZKzvCEnC4FOGPNHmahmcgbGkplTj
yeqMnIpLf7Lxm0opWQZFH+e5keVPsvXHANwhBZhyy4qXo81agw==
-----END CERTIFICATE-----
Generated at Tue Oct 28 04:11:10 2025 by rpki-client