Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/68d5d934-fed6-49a5-ae03-a28a586e9c2e.roa
File: 68d5d934-fed6-49a5-ae03-a28a586e9c2e.roa (raw, json)
Hash identifier: dnu++IF3rrg02Yw0AMUDdSyBVlsrS47ldQtL449UXzU=
Subject key identifier: D0:1D:49:78:38:39:48:C5:08:62:98:5C:30:02:80:7B:61:73:7D:CB
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 7F7C174956352311307C1233878EF10E3D322144
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/68d5d934-fed6-49a5-ae03-a28a586e9c2e.roa
Signing time: Tue 21 Oct 2025 13:50:58 +0000
ROA not before: Tue 21 Oct 2025 13:50:58 +0000
ROA not after: Tue 25 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d058:a000::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 29 Oct 2025 00:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
7f:7c:17:49:56:35:23:11:30:7c:12:33:87:8e:f1:0e:3d:32:21:44
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Oct 21 13:50:58 2025 GMT
Not After : Nov 25 23:59:59 2025 GMT
Subject: serialNumber=d75e8e83cdb4c2c73c62dc1f356fbe7ce1c08570cf037a2414b1b5339efdcff4, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9c:e7:17:19:36:09:b6:b3:15:d6:d6:e1:2a:4e:
2d:c2:c4:74:8a:38:45:39:a7:66:60:7f:72:e1:df:
46:c9:54:77:51:7c:aa:8b:c7:10:dd:35:7b:c9:9e:
f3:41:e3:15:35:2c:d9:bf:15:60:94:57:f1:16:ee:
90:11:c3:40:e9:33:a9:bc:4c:1e:37:7e:2e:45:dc:
b9:1a:ea:78:af:af:dc:2d:4d:d2:6a:77:2f:f0:e1:
72:d0:85:3c:a1:89:24:25:a9:27:4e:48:b4:af:d9:
31:8e:57:8d:f3:2c:c5:f9:49:71:9a:6b:15:4f:51:
89:53:12:2d:d2:0d:4d:f7:99:15:9a:c7:11:af:55:
e5:7e:30:aa:ae:4e:96:fe:79:82:5d:5e:e8:27:c9:
46:51:a0:3c:a1:42:d6:ad:64:7b:b3:6e:b9:2c:84:
39:0c:48:15:65:fe:aa:48:c8:7f:27:40:72:c6:58:
b2:88:cc:2f:36:8a:c2:3c:69:92:ac:03:23:03:6c:
2c:0e:e0:a2:9d:c8:9a:f4:1f:56:0e:29:e8:bd:b6:
a4:e8:95:ed:9a:02:ca:97:79:11:83:39:f0:fb:38:
83:dd:a9:ae:38:57:d1:26:ca:dc:8c:99:76:6a:17:
11:95:17:bb:49:9b:91:d0:d3:af:76:a1:8e:55:c2:
5e:55
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D0:1D:49:78:38:39:48:C5:08:62:98:5C:30:02:80:7B:61:73:7D:CB
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/68d5d934-fed6-49a5-ae03-a28a586e9c2e.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d058:a000::/40
Signature Algorithm: sha256WithRSAEncryption
27:35:25:3a:5f:0a:92:e9:02:ee:65:ad:e7:32:99:ca:d6:63:
fe:4c:00:cf:aa:50:08:8b:c4:91:ca:d7:34:e3:ae:3c:6d:45:
8f:3c:54:7a:88:49:59:dd:ad:ac:9f:a3:98:ba:86:8d:90:df:
fa:f6:de:df:3d:a1:9d:82:a3:ed:88:bb:50:99:09:09:0f:6f:
40:5a:30:54:13:6c:bf:76:ea:6f:7b:10:f9:2d:03:e8:ff:f0:
29:b1:a5:d0:dc:ff:78:aa:4b:c8:fe:0a:04:32:3a:4c:33:60:
e4:b1:0e:2f:9d:0a:f0:c8:1d:90:c3:5e:22:5e:9b:58:d4:5f:
20:6a:7f:f5:9d:10:88:ae:0c:6a:a1:66:fa:77:07:e7:ef:67:
6a:20:69:37:df:df:cc:a3:a0:b2:98:b5:28:f1:e4:63:73:28:
ac:54:07:57:89:73:96:85:da:0b:6a:94:a0:ba:8e:c1:bc:7a:
ce:0d:32:cb:32:c9:5d:1b:65:d3:a6:45:e6:85:09:a0:45:37:
b4:92:08:f9:47:7f:86:5e:da:86:74:44:2a:a9:49:8e:96:42:
fe:e4:f6:4c:58:98:31:e5:bf:69:cc:26:c1:72:5f:9d:e1:7b:
19:de:06:fe:0a:c2:bc:57:6a:ed:fd:d4:2d:69:d9:52:45:9e:
63:0f:06:b4
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUf3wXSVY1IxEwfBIzh47xDj0yIUQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMjExMzUwNThaFw0yNTExMjUyMzU5NTlaMHoxSTBHBgNV
BAUTQGQ3NWU4ZTgzY2RiNGMyYzczYzYyZGMxZjM1NmZiZTdjZTFjMDg1NzBjZjAz
N2EyNDE0YjFiNTMzOWVmZGNmZjQxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJznFxk2CbazFdbW4SpOLcLEdIo4RTmnZmB/cuHfRslUd1F8qovHEN01e8me
80HjFTUs2b8VYJRX8RbukBHDQOkzqbxMHjd+LkXcuRrqeK+v3C1N0mp3L/DhctCF
PKGJJCWpJ05ItK/ZMY5XjfMsxflJcZprFU9RiVMSLdINTfeZFZrHEa9V5X4wqq5O
lv55gl1e6CfJRlGgPKFC1q1ke7NuuSyEOQxIFWX+qkjIfydAcsZYsojMLzaKwjxp
kqwDIwNsLA7gop3ImvQfVg4p6L22pOiV7ZoCypd5EYM58Ps4g92prjhX0SbK3IyZ
dmoXEZUXu0mbkdDTr3ahjlXCXlUCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBTQHUl4
ODlIxQhimFwwAoB7YXN9yzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NjhkNWQ5MzQtZmVkNi00OWE1LWFlMDMtYTI4YTU4NmU5YzJlLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0Fig
MA0GCSqGSIb3DQEBCwUAA4IBAQAnNSU6XwqS6QLuZa3nMpnK1mP+TADPqlAIi8SR
ytc04648bUWPPFR6iElZ3a2sn6OYuoaNkN/69t7fPaGdgqPtiLtQmQkJD29AWjBU
E2y/dupvexD5LQPo//ApsaXQ3P94qkvI/goEMjpMM2DksQ4vnQrwyB2Qw14iXptY
1F8gan/1nRCIrgxqoWb6dwfn72dqIGk339/Mo6CymLUo8eRjcyisVAdXiXOWhdoL
apSguo7BvHrODTLLMsldG2XTpkXmhQmgRTe0kgj5R3+GXtqGdEQqqUmOlkL+5PZM
WJgx5b9pzCbBcl+d4XsZ3gb+CsK8V2rt/dQtadlSRZ5jDwa0
-----END CERTIFICATE-----
Generated at Tue Oct 28 04:12:02 2025 by rpki-client