Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/5836d090-8999-43ab-a38c-f63a0e829c0b.roa
File: 5836d090-8999-43ab-a38c-f63a0e829c0b.roa (raw, json)
Hash identifier: g8oA9aAA8eNx3F/j5JAm0xtNGPHuM5qIr5N4jbTFtnw=
Subject key identifier: 59:34:38:F8:4B:CC:95:A2:C6:EE:1E:DD:E1:05:5E:E1:09:EB:81:88
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 688DD78CF1CA65D391A51847663E5222AF08E3A1
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/5836d090-8999-43ab-a38c-f63a0e829c0b.roa
Signing time: Tue 21 Oct 2025 13:40:53 +0000
ROA not before: Tue 21 Oct 2025 13:40:53 +0000
ROA not after: Tue 25 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d07f:5000::/40 maxlen: 40
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 28 Oct 2025 21:56:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
68:8d:d7:8c:f1:ca:65:d3:91:a5:18:47:66:3e:52:22:af:08:e3:a1
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Oct 21 13:40:53 2025 GMT
Not After : Nov 25 23:59:59 2025 GMT
Subject: serialNumber=e99032061157bc7394908bf705ce6b7aaf8e86508dcb6a6a0eb4129db916ee4c, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ac:25:e0:ac:9e:c1:36:72:ca:ee:df:09:91:1f:
46:06:a8:21:b5:68:af:5d:55:ff:d9:b2:e2:c0:df:
bd:09:f8:72:17:12:e4:e9:ab:a8:22:33:c9:09:29:
80:b9:64:d1:8f:b1:61:d3:dc:ab:67:a8:a5:a2:a3:
9f:6f:0e:08:b8:b7:f7:af:9c:ef:39:26:b5:f1:08:
a9:22:f1:1b:6a:19:72:2e:2c:36:cf:68:3c:bb:3f:
c9:73:e4:6a:df:dc:e8:90:54:94:d5:f9:73:08:80:
0a:14:e2:a4:1f:98:a9:e3:02:9f:86:cc:4d:fd:d2:
e9:bd:5e:5f:ce:c0:d1:6d:65:b5:84:eb:e9:eb:20:
75:e1:a0:a3:9f:bd:0c:53:e0:73:35:f4:84:b9:b5:
49:97:38:33:ff:5a:45:ab:5f:e9:02:71:13:4a:8c:
32:8c:d7:7d:4a:8e:a6:5b:8f:f2:c7:16:64:4c:99:
ad:67:6f:a8:99:06:86:37:bd:ab:a0:e1:68:28:77:
7e:e7:67:1e:32:40:c2:9b:7b:94:72:f4:89:04:db:
54:c6:56:57:97:35:9d:ad:ad:c4:60:20:8f:c6:c5:
39:5c:29:4f:b7:e3:fb:16:19:9b:3d:d1:d1:c7:74:
82:87:6d:66:28:e1:7d:5a:45:8c:ef:b9:c1:92:cb:
c3:d7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
59:34:38:F8:4B:CC:95:A2:C6:EE:1E:DD:E1:05:5E:E1:09:EB:81:88
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/5836d090-8999-43ab-a38c-f63a0e829c0b.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d07f:5000::/40
Signature Algorithm: sha256WithRSAEncryption
4f:47:b2:74:eb:5a:1f:c9:cc:5b:7e:a1:c9:a9:80:92:c8:f3:
c5:7b:c6:63:25:fc:e3:53:15:86:3c:c6:6f:25:1f:62:7f:b7:
97:f5:a6:a5:63:b8:97:8a:45:63:c7:b2:80:3c:06:19:d3:cc:
d4:0d:48:68:0e:88:48:9f:8b:81:a0:7b:f7:15:ab:0f:7d:a6:
63:8a:39:ca:32:d2:8f:bf:99:cb:9f:13:86:5b:6a:c1:ee:b2:
eb:70:9c:bb:79:6f:92:c7:34:92:c3:92:a7:72:bb:39:b8:1d:
78:34:ab:24:3e:37:af:be:8d:dd:87:73:3d:b1:cf:98:ce:4f:
7c:f5:6b:86:7c:e4:55:21:7e:c3:37:3a:fa:3b:08:dc:01:4b:
84:f2:06:16:45:26:2b:ef:86:1a:c4:38:fc:46:8f:4d:26:fe:
3b:5e:2a:e6:0f:5f:c6:e3:1e:79:7a:36:a2:63:35:32:dc:88:
35:b5:71:ef:72:68:67:7b:48:73:45:1b:68:03:3e:b2:ec:e8:
4d:12:f2:9c:12:38:c9:ae:93:a1:fe:4f:05:18:57:2e:78:4b:
e8:48:6a:c6:9f:e8:d9:b3:08:11:79:8f:0f:5a:40:8e:d7:47:
05:c5:13:93:2c:a8:f4:a8:96:d2:83:43:34:37:c5:91:e3:9e:
11:0b:2e:00
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUaI3XjPHKZdORpRhHZj5SIq8I46EwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMjExMzQwNTNaFw0yNTExMjUyMzU5NTlaMHoxSTBHBgNV
BAUTQGU5OTAzMjA2MTE1N2JjNzM5NDkwOGJmNzA1Y2U2YjdhYWY4ZTg2NTA4ZGNi
NmE2YTBlYjQxMjlkYjkxNmVlNGMxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKwl4KyewTZyyu7fCZEfRgaoIbVor11V/9my4sDfvQn4chcS5OmrqCIzyQkp
gLlk0Y+xYdPcq2eopaKjn28OCLi396+c7zkmtfEIqSLxG2oZci4sNs9oPLs/yXPk
at/c6JBUlNX5cwiAChTipB+YqeMCn4bMTf3S6b1eX87A0W1ltYTr6esgdeGgo5+9
DFPgczX0hLm1SZc4M/9aRatf6QJxE0qMMozXfUqOpluP8scWZEyZrWdvqJkGhje9
q6DhaCh3fudnHjJAwpt7lHL0iQTbVMZWV5c1na2txGAgj8bFOVwpT7fj+xYZmz3R
0cd0godtZijhfVpFjO+5wZLLw9cCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBRZNDj4
S8yVosbuHt3hBV7hCeuBiDAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NTgzNmQwOTAtODk5OS00M2FiLWEzOGMtZjYzYTBlODI5YzBiLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0H9Q
MA0GCSqGSIb3DQEBCwUAA4IBAQBPR7J061ofycxbfqHJqYCSyPPFe8ZjJfzjUxWG
PMZvJR9if7eX9aalY7iXikVjx7KAPAYZ08zUDUhoDohIn4uBoHv3FasPfaZjijnK
MtKPv5nLnxOGW2rB7rLrcJy7eW+SxzSSw5Kncrs5uB14NKskPjevvo3dh3M9sc+Y
zk989WuGfORVIX7DNzr6OwjcAUuE8gYWRSYr74YaxDj8Ro9NJv47XirmD1/G4x55
ejaiYzUy3Ig1tXHvcmhne0hzRRtoAz6y7OhNEvKcEjjJrpOh/k8FGFcueEvoSGrG
n+jZswgReY8PWkCO10cFxROTLKj0qJbSg0M0N8WR454RCy4A
-----END CERTIFICATE-----
Generated at Tue Oct 28 04:19:37 2025 by rpki-client