Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/599e0695-4b67-4a37-994a-8c71d61260b3.roa
File: 599e0695-4b67-4a37-994a-8c71d61260b3.roa (raw, json)
Hash identifier: baL4tQX9ErZkXipZHrN8kTgR7Ti2bEOUwzSh6rmWeaw=
Subject key identifier: A7:3C:C3:6E:0E:07:51:6B:4C:01:59:42:C8:5E:3F:7D:D1:05:7C:28
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 123CB75146CC56F4E1110BB6763BF9942BECC3B2
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/599e0695-4b67-4a37-994a-8c71d61260b3.roa
Signing time: Tue 21 Oct 2025 14:10:04 +0000
ROA not before: Tue 21 Oct 2025 14:10:04 +0000
ROA not after: Tue 25 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d000:a0c0::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 28 Oct 2025 21:56:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
12:3c:b7:51:46:cc:56:f4:e1:11:0b:b6:76:3b:f9:94:2b:ec:c3:b2
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Oct 21 14:10:04 2025 GMT
Not After : Nov 25 23:59:59 2025 GMT
Subject: serialNumber=2dd9bdc2bd4bc9ab224b7ef6bba3cd0a9689c90c38e6922399f95c924aeab80e, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b4:9a:53:dc:d8:b3:9f:2f:5b:38:90:77:31:61:
2a:05:ea:9c:9a:e7:1e:33:04:f7:5e:a3:a9:27:e2:
11:dd:db:3b:6b:8e:f0:86:7d:98:74:5d:13:39:d8:
e8:f2:3e:28:44:6c:c3:ce:43:0a:1a:c3:9d:0f:e9:
bd:bd:74:7a:37:ca:53:39:5e:62:5b:f0:53:72:aa:
27:17:cf:aa:9c:79:3d:1b:8a:b8:e9:a5:4e:b6:8b:
1c:8b:e5:ea:70:7b:69:80:98:6d:f6:f4:bd:27:8f:
37:4b:3e:67:fa:81:c3:1b:84:d3:7d:7a:3d:50:de:
26:ee:40:26:c5:ba:f2:15:72:f6:6b:6a:f3:19:c2:
e2:22:9a:2e:31:ee:94:27:38:15:6d:b4:9d:6c:ed:
1c:0e:49:51:86:60:7c:8b:48:21:c2:38:2e:80:b3:
c5:5a:00:25:72:28:66:fe:c1:25:94:82:db:86:ef:
5c:55:8a:c5:0f:74:6a:6a:21:34:62:f1:3c:35:93:
2a:eb:84:5e:9c:9f:83:84:3b:6d:9e:b5:c9:04:b6:
bc:d2:02:9d:11:89:00:59:51:b0:70:5a:7b:e7:cc:
2c:d5:99:ea:95:b6:3e:10:56:51:bb:06:32:6a:86:
79:71:77:37:39:dc:eb:c9:9a:95:ff:d6:f6:f2:1f:
d7:65
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A7:3C:C3:6E:0E:07:51:6B:4C:01:59:42:C8:5E:3F:7D:D1:05:7C:28
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/599e0695-4b67-4a37-994a-8c71d61260b3.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d000:a0c0::/48
Signature Algorithm: sha256WithRSAEncryption
b0:ba:b0:75:bb:e3:5e:4b:af:d0:60:d2:1f:7a:61:e8:03:2b:
de:93:b5:92:d6:10:ca:8d:86:98:85:fd:f2:17:88:ff:d4:26:
09:7e:83:07:56:4e:9e:f7:ef:86:a4:68:0c:36:a8:90:d6:f9:
3e:da:7e:9c:5a:5d:d2:b1:c7:d0:0c:73:97:99:7a:2b:23:99:
b1:4b:c9:41:33:a2:a1:a2:6f:59:f4:67:dc:77:68:4f:75:11:
f8:4d:cd:e7:ab:be:e1:fa:4e:e4:e3:d1:18:ca:9a:c3:d1:74:
b1:9e:a9:30:cc:30:79:e8:f7:c1:f1:e6:2c:9f:f0:ae:58:e0:
b0:e2:59:37:46:46:87:8e:4a:a8:ce:2a:65:29:51:4b:24:a6:
f6:b3:12:31:a5:59:87:ab:de:d3:3e:5f:75:1c:c7:29:98:8b:
1c:ed:3f:0c:df:6f:bd:09:b7:f0:55:06:76:b6:bc:56:3a:e1:
ef:b1:f9:c3:05:85:42:e0:80:35:e0:e8:8c:0f:f5:5e:13:21:
e7:d2:23:38:3d:15:66:ad:02:8e:02:5c:3b:d7:24:a7:73:d4:
3d:69:9e:fe:ea:d0:c1:5b:ca:c3:dd:35:19:cf:b5:6b:f0:e9:
7f:0c:14:f5:3e:78:98:7f:77:fe:d7:29:8f:7e:67:35:9d:42:
fb:2e:3b:c2
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUEjy3UUbMVvThEQu2djv5lCvsw7IwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMjExNDEwMDRaFw0yNTExMjUyMzU5NTlaMHoxSTBHBgNV
BAUTQDJkZDliZGMyYmQ0YmM5YWIyMjRiN2VmNmJiYTNjZDBhOTY4OWM5MGMzOGU2
OTIyMzk5Zjk1YzkyNGFlYWI4MGUxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALSaU9zYs58vWziQdzFhKgXqnJrnHjME916jqSfiEd3bO2uO8IZ9mHRdEznY
6PI+KERsw85DChrDnQ/pvb10ejfKUzleYlvwU3KqJxfPqpx5PRuKuOmlTraLHIvl
6nB7aYCYbfb0vSePN0s+Z/qBwxuE0316PVDeJu5AJsW68hVy9mtq8xnC4iKaLjHu
lCc4FW20nWztHA5JUYZgfItIIcI4LoCzxVoAJXIoZv7BJZSC24bvXFWKxQ90amoh
NGLxPDWTKuuEXpyfg4Q7bZ61yQS2vNICnRGJAFlRsHBae+fMLNWZ6pW2PhBWUbsG
MmqGeXF3Nznc68malf/W9vIf12UCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBSnPMNu
DgdRa0wBWULIXj990QV8KDAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NTk5ZTA2OTUtNGI2Ny00YTM3LTk5NGEtOGM3MWQ2MTI2MGIzLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0ACg
wDANBgkqhkiG9w0BAQsFAAOCAQEAsLqwdbvjXkuv0GDSH3ph6AMr3pO1ktYQyo2G
mIX98heI/9QmCX6DB1ZOnvfvhqRoDDaokNb5Ptp+nFpd0rHH0Axzl5l6KyOZsUvJ
QTOioaJvWfRn3HdoT3UR+E3N56u+4fpO5OPRGMqaw9F0sZ6pMMwweej3wfHmLJ/w
rljgsOJZN0ZGh45KqM4qZSlRSySm9rMSMaVZh6ve0z5fdRzHKZiLHO0/DN9vvQm3
8FUGdra8Vjrh77H5wwWFQuCANeDojA/1XhMh59IjOD0VZq0CjgJcO9ckp3PUPWme
/urQwVvKw901Gc+1a/DpfwwU9T54mH93/tcpj35nNZ1C+y47wg==
-----END CERTIFICATE-----
Generated at Tue Oct 28 04:15:15 2025 by rpki-client