Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/68ece0e7-075e-4bcd-873e-0c74882a8546.roa
File: 68ece0e7-075e-4bcd-873e-0c74882a8546.roa (raw, json)
Hash identifier: FKaIfqn45UA4z71Vi0hXsQpqb7cDmWWT7Fb2fkil0Dc=
Subject key identifier: 54:37:3D:12:21:67:5A:92:C6:5D:C2:06:82:DE:85:3D:F0:ED:A8:92
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 2AFD6BCE0F8C06240DCB3A9E6E654767B744D206
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/68ece0e7-075e-4bcd-873e-0c74882a8546.roa
Signing time: Tue 21 Oct 2025 14:21:02 +0000
ROA not before: Tue 21 Oct 2025 14:21:02 +0000
ROA not after: Tue 25 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d07f:8080::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 29 Oct 2025 00:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
2a:fd:6b:ce:0f:8c:06:24:0d:cb:3a:9e:6e:65:47:67:b7:44:d2:06
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Oct 21 14:21:02 2025 GMT
Not After : Nov 25 23:59:59 2025 GMT
Subject: serialNumber=2ef4c92457900550b2a96a5984cb5cf41f0013b81a0384d96357344b1f217d02, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c6:12:ca:fe:75:4f:0a:0a:27:52:bf:50:4a:64:
af:05:28:56:11:80:6e:27:ad:07:52:04:54:68:68:
81:e0:82:be:8c:96:87:9c:24:41:69:5e:30:ce:6e:
78:63:d8:57:4a:86:3f:1d:f5:18:94:33:07:7f:c3:
da:68:79:90:53:b9:3d:3a:8a:5f:c6:7a:f3:85:64:
3b:61:6f:7c:35:2a:7a:11:6d:31:cc:12:d8:9f:e9:
c9:64:f4:48:51:dd:07:81:ca:9a:42:c5:30:79:dc:
51:64:e7:53:c5:4e:8b:09:b8:d7:aa:8d:b7:6d:8f:
d3:df:2c:21:69:21:b8:ea:b5:11:3d:52:b7:12:05:
09:42:bf:f8:20:1f:2f:29:c6:3d:9f:f4:a3:4a:2c:
c0:20:72:08:99:1b:67:6f:1f:78:f9:6c:70:4e:11:
07:5a:84:72:5d:8b:04:86:cf:f9:4c:7d:9e:1f:b9:
19:9d:ce:4a:44:34:41:67:2f:0d:34:75:7e:90:96:
18:b9:a1:d2:6b:19:88:60:c3:b1:c5:92:91:e6:7c:
53:e2:2c:d3:e3:01:ec:c1:ff:f8:aa:98:58:97:31:
27:66:c4:98:b9:d2:76:2c:4c:43:58:91:c9:07:50:
69:82:3c:df:9c:7d:49:79:60:22:df:44:c6:90:4f:
7f:c7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
54:37:3D:12:21:67:5A:92:C6:5D:C2:06:82:DE:85:3D:F0:ED:A8:92
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/68ece0e7-075e-4bcd-873e-0c74882a8546.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d07f:8080::/48
Signature Algorithm: sha256WithRSAEncryption
06:12:99:62:9d:f6:50:a9:2c:7c:3e:39:69:af:32:0b:b7:1b:
6c:4e:f1:b9:c5:30:40:21:c0:6e:8f:f0:57:ae:dc:e3:53:0f:
fe:82:fd:12:b4:29:54:e1:6b:e8:9b:86:64:ed:b3:4f:db:fb:
88:4d:69:11:b5:24:3a:38:3d:73:17:f7:10:e7:78:e6:b5:fd:
d8:dc:10:f7:41:83:43:44:d4:60:9e:28:9a:bc:43:a8:0f:41:
7f:7f:d1:04:c8:c8:ff:dd:15:03:4f:5b:44:41:da:2b:d9:d3:
0f:c2:c3:22:ca:5d:a8:02:a9:66:31:ee:72:d9:13:ac:9c:ae:
28:0a:07:8d:77:a7:84:b5:37:f0:36:15:f7:c8:bb:73:00:64:
e4:08:d9:c5:48:b7:26:c7:be:a3:86:aa:03:0c:a0:33:a6:de:
41:44:f9:04:a8:34:1d:82:d8:cf:62:dd:b4:22:6d:4e:f7:7b:
e5:76:a7:72:a0:a3:23:00:e4:de:86:b1:fa:75:57:f6:2c:e3:
c8:cc:15:44:ec:8b:0e:aa:4a:7e:11:05:e7:f5:51:2b:3f:be:
af:f8:81:c0:11:15:ff:5b:16:78:f2:fb:74:de:a5:a3:53:69:
d6:a7:2b:4c:ad:62:bd:38:0d:73:5c:2d:59:ae:16:d8:cf:da:
bc:31:a4:97
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUKv1rzg+MBiQNyzqebmVHZ7dE0gYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMjExNDIxMDJaFw0yNTExMjUyMzU5NTlaMHoxSTBHBgNV
BAUTQDJlZjRjOTI0NTc5MDA1NTBiMmE5NmE1OTg0Y2I1Y2Y0MWYwMDEzYjgxYTAz
ODRkOTYzNTczNDRiMWYyMTdkMDIxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMYSyv51TwoKJ1K/UEpkrwUoVhGAbietB1IEVGhogeCCvoyWh5wkQWleMM5u
eGPYV0qGPx31GJQzB3/D2mh5kFO5PTqKX8Z684VkO2FvfDUqehFtMcwS2J/pyWT0
SFHdB4HKmkLFMHncUWTnU8VOiwm416qNt22P098sIWkhuOq1ET1StxIFCUK/+CAf
LynGPZ/0o0oswCByCJkbZ28fePlscE4RB1qEcl2LBIbP+Ux9nh+5GZ3OSkQ0QWcv
DTR1fpCWGLmh0msZiGDDscWSkeZ8U+Is0+MB7MH/+KqYWJcxJ2bEmLnSdixMQ1iR
yQdQaYI835x9SXlgIt9ExpBPf8cCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBRUNz0S
IWdaksZdwgaC3oU98O2okjAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NjhlY2UwZTctMDc1ZS00YmNkLTg3M2UtMGM3NDg4MmE4NTQ2LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0H+A
gDANBgkqhkiG9w0BAQsFAAOCAQEABhKZYp32UKksfD45aa8yC7cbbE7xucUwQCHA
bo/wV67c41MP/oL9ErQpVOFr6JuGZO2zT9v7iE1pEbUkOjg9cxf3EOd45rX92NwQ
90GDQ0TUYJ4omrxDqA9Bf3/RBMjI/90VA09bREHaK9nTD8LDIspdqAKpZjHuctkT
rJyuKAoHjXenhLU38DYV98i7cwBk5AjZxUi3Jse+o4aqAwygM6beQUT5BKg0HYLY
z2LdtCJtTvd75XancqCjIwDk3oax+nVX9izjyMwVROyLDqpKfhEF5/VRKz++r/iB
wBEV/1sWePL7dN6lo1Np1qcrTK1ivTgNc1wtWa4W2M/avDGklw==
-----END CERTIFICATE-----
Generated at Tue Oct 28 04:11:20 2025 by rpki-client