Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/67233a4e-590e-4497-a72c-fe940d42b798.roa
File: 67233a4e-590e-4497-a72c-fe940d42b798.roa (raw, json)
Hash identifier: Il5fqE/FupQucjXmZQNih9JxCk3FGgglw18QgV8C/5s=
Subject key identifier: 55:C0:8B:B9:DA:88:17:0D:44:16:07:D8:96:E8:47:EB:CF:31:7D:D2
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 20A93755381D34CABD2E686F5B9BBB34D2748AA3
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/67233a4e-590e-4497-a72c-fe940d42b798.roa
Signing time: Tue 21 Oct 2025 14:30:35 +0000
ROA not before: Tue 21 Oct 2025 14:30:35 +0000
ROA not after: Tue 25 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d07c::/32 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 28 Oct 2025 21:56:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
20:a9:37:55:38:1d:34:ca:bd:2e:68:6f:5b:9b:bb:34:d2:74:8a:a3
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Oct 21 14:30:35 2025 GMT
Not After : Nov 25 23:59:59 2025 GMT
Subject: serialNumber=7cd0979c23f6ab908aef376b924a06eaf30089db18de485ebdeb14ea58a0caa5, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:99:9f:b7:12:bb:a7:3e:5a:90:f3:63:05:dd:b5:
3b:a9:35:4c:a9:b2:44:c0:31:59:94:11:71:36:0e:
ad:49:c4:05:01:c8:f3:54:b7:94:86:d3:2b:02:fb:
ba:cf:5f:7b:fc:04:1b:d4:75:91:fb:3e:24:a8:dd:
81:be:07:52:47:06:ea:0c:ff:9d:fe:88:b2:d4:c7:
8d:ca:42:d5:13:db:d6:ac:bf:78:22:a1:4d:d4:f0:
1c:70:66:c1:de:fa:fe:41:6a:14:c7:ea:2f:a5:9e:
8c:4e:79:0c:47:5d:e5:57:6d:f0:64:fd:b5:52:12:
fc:11:6a:4d:67:f1:39:f7:83:5d:f6:1b:5e:19:57:
1d:70:0d:8f:d5:0d:ca:25:ce:75:4c:16:ae:a3:cb:
5d:1b:69:93:c3:08:00:04:03:14:1b:91:4e:1d:20:
f1:89:1d:bc:ab:83:9e:2c:57:0a:2e:37:7b:e9:fb:
b9:67:29:61:84:b3:83:c2:00:8c:85:d5:f8:ff:12:
27:b5:53:bc:3c:39:09:c5:c1:92:89:a1:f4:d5:fd:
fa:62:6d:cb:83:3c:b8:ef:b7:4a:b4:5c:cd:59:02:
e0:c1:d8:b9:2b:e6:1b:c9:38:57:8b:87:bc:b1:9b:
f2:a2:cc:53:ea:eb:54:4d:44:69:e1:ce:16:53:13:
f6:bd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
55:C0:8B:B9:DA:88:17:0D:44:16:07:D8:96:E8:47:EB:CF:31:7D:D2
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/67233a4e-590e-4497-a72c-fe940d42b798.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d07c::/32
Signature Algorithm: sha256WithRSAEncryption
24:bf:33:30:c9:68:9d:f1:b7:d4:1a:a6:8f:c3:1b:9d:91:76:
57:f4:31:90:3c:c8:ff:b4:12:5d:78:b9:93:28:19:7b:87:ee:
df:ec:05:68:2a:3a:8e:19:1d:de:c0:94:67:92:d7:22:5e:4d:
96:e0:f0:10:d4:9f:07:9c:ad:8f:86:08:79:c1:bd:9f:1d:8f:
88:ad:e8:54:7a:e8:f2:2a:4d:7d:e1:aa:e6:65:fd:bd:72:e5:
ed:38:5d:e5:4f:ab:b4:77:c0:c7:8a:a8:a7:af:6a:24:1e:f1:
22:b5:4b:7c:a8:ed:f4:44:94:e1:04:f6:0e:32:18:fe:08:64:
a0:26:7c:b0:cc:3f:40:15:c2:8a:04:c2:dc:54:3d:c3:06:a2:
8c:2e:21:dc:a8:59:c2:c8:7b:91:fa:43:88:29:a6:16:55:44:
ca:fb:4d:5a:10:79:b9:64:32:85:38:59:fb:40:99:28:1c:68:
11:31:28:c9:0f:49:e7:6c:17:04:d8:cd:ab:cb:0a:41:64:14:
cb:ea:9f:03:33:16:9f:76:f6:9a:5e:a2:bf:2b:d3:a3:af:aa:
01:ab:e8:af:d3:7b:ea:75:3d:15:4f:22:8f:c3:9f:09:a2:7e:
11:d9:be:e9:1a:b1:51:c3:f4:8c:95:1e:6b:a1:90:d6:b9:b2:
31:c0:e3:37
-----BEGIN CERTIFICATE-----
MIIFXzCCBEegAwIBAgIUIKk3VTgdNMq9LmhvW5u7NNJ0iqMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMjExNDMwMzVaFw0yNTExMjUyMzU5NTlaMHoxSTBHBgNV
BAUTQDdjZDA5NzljMjNmNmFiOTA4YWVmMzc2YjkyNGEwNmVhZjMwMDg5ZGIxOGRl
NDg1ZWJkZWIxNGVhNThhMGNhYTUxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJmftxK7pz5akPNjBd21O6k1TKmyRMAxWZQRcTYOrUnEBQHI81S3lIbTKwL7
us9fe/wEG9R1kfs+JKjdgb4HUkcG6gz/nf6IstTHjcpC1RPb1qy/eCKhTdTwHHBm
wd76/kFqFMfqL6WejE55DEdd5Vdt8GT9tVIS/BFqTWfxOfeDXfYbXhlXHXANj9UN
yiXOdUwWrqPLXRtpk8MIAAQDFBuRTh0g8YkdvKuDnixXCi43e+n7uWcpYYSzg8IA
jIXV+P8SJ7VTvDw5CcXBkomh9NX9+mJty4M8uO+3SrRczVkC4MHYuSvmG8k4V4uH
vLGb8qLMU+rrVE1EaeHOFlMT9r0CAwEAAaOCAiIwggIeMB0GA1UdDgQWBBRVwIu5
2ogXDUQWB9iW6EfrzzF90jAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NjcyMzNhNGUtNTkwZS00NDk3LWE3MmMtZmU5NDBkNDJiNzk4LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACoF0Hww
DQYJKoZIhvcNAQELBQADggEBACS/MzDJaJ3xt9Qapo/DG52Rdlf0MZA8yP+0El14
uZMoGXuH7t/sBWgqOo4ZHd7AlGeS1yJeTZbg8BDUnwecrY+GCHnBvZ8dj4it6FR6
6PIqTX3hquZl/b1y5e04XeVPq7R3wMeKqKevaiQe8SK1S3yo7fRElOEE9g4yGP4I
ZKAmfLDMP0AVwooEwtxUPcMGoowuIdyoWcLIe5H6Q4gpphZVRMr7TVoQeblkMoU4
WftAmSgcaBExKMkPSedsFwTYzavLCkFkFMvqnwMzFp929ppeor8r06OvqgGr6K/T
e+p1PRVPIo/DnwmifhHZvukasVHD9IyVHmuhkNa5sjHA4zc=
-----END CERTIFICATE-----
Generated at Tue Oct 28 04:15:18 2025 by rpki-client