Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/68f2af14-43e2-4447-a8a7-f8fe713e249e.roa
File: 68f2af14-43e2-4447-a8a7-f8fe713e249e.roa (raw, json)
Hash identifier: kCdsnBhpXetPHLvc9vshYjuax1qBhQyZ8t5P/yRLyTE=
Subject key identifier: 1A:E9:BE:3B:18:75:22:08:C9:57:7A:78:B6:87:88:CF:9F:35:4D:60
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 68909A648CB0176F80A2C22D5EADAF04E16AC162
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/68f2af14-43e2-4447-a8a7-f8fe713e249e.roa
Signing time: Fri 24 Oct 2025 00:20:31 +0000
ROA not before: Fri 24 Oct 2025 00:20:31 +0000
ROA not after: Fri 28 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d01f:800::/37 maxlen: 37
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 28 Oct 2025 21:56:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
68:90:9a:64:8c:b0:17:6f:80:a2:c2:2d:5e:ad:af:04:e1:6a:c1:62
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Oct 24 00:20:31 2025 GMT
Not After : Nov 28 23:59:59 2025 GMT
Subject: serialNumber=1571ce076c2ad03bfa14a631aceb76d91eda4fbdd07dc2e42251e6565d41520a, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:af:e9:25:c5:c5:a0:06:b3:dd:7c:e7:b2:3b:b1:
58:a0:a5:e0:9b:5b:76:30:ef:fb:cd:6c:67:cb:d4:
2a:0d:c3:04:4c:26:d2:65:ac:be:d0:98:62:39:35:
92:b1:74:82:22:58:6d:a3:62:35:8e:d2:73:b7:a3:
c9:15:97:9c:33:9d:6f:a2:a4:ea:76:6d:f2:c7:a5:
da:c7:c8:d7:c6:5c:03:ae:41:b0:13:fb:71:7d:f8:
54:04:39:73:67:9d:a6:b9:6d:e3:c0:94:d6:6d:81:
5a:5b:9e:7f:d2:76:70:8e:d5:2b:f6:82:72:d7:bc:
3f:aa:a8:86:56:71:4f:45:e9:60:4d:8d:c7:ec:d6:
fb:0b:e8:65:10:e9:ef:cf:0d:b4:fc:b4:78:99:44:
33:db:f3:62:16:6f:ba:39:fb:c1:c7:dc:e1:eb:a6:
a6:84:ec:26:93:63:96:5f:eb:05:20:8b:1f:96:d6:
9d:d7:07:7d:27:f3:49:a5:35:c3:7f:a9:63:f4:0e:
1d:12:e1:fc:d5:dc:0b:6b:eb:94:57:59:f8:5e:6d:
ab:7e:be:66:8d:ce:df:32:c6:97:08:07:57:d2:d2:
fc:0a:e4:13:48:69:f0:be:ad:ec:cd:3d:ab:f9:19:
e1:18:14:e6:23:c9:8f:82:0d:8e:a2:92:3d:5e:6c:
42:2d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1A:E9:BE:3B:18:75:22:08:C9:57:7A:78:B6:87:88:CF:9F:35:4D:60
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/68f2af14-43e2-4447-a8a7-f8fe713e249e.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d01f:800::/37
Signature Algorithm: sha256WithRSAEncryption
c3:bf:85:a0:d5:ca:38:59:8d:2f:a8:72:90:ed:5a:1f:8f:89:
76:b0:0d:70:10:1c:da:58:2a:ff:b3:5e:4a:7f:3b:4f:78:77:
aa:78:51:c0:52:44:06:b9:98:f7:4c:90:2a:b6:52:c6:53:4a:
21:e0:25:65:44:16:4b:4b:aa:fd:fd:6e:de:6c:d9:25:db:3b:
54:f0:0f:8e:b0:2a:6c:96:41:81:06:27:7e:43:3f:08:a9:9a:
7d:5f:7b:9f:71:be:7c:f0:ed:63:b8:34:7c:99:69:69:90:09:
7d:fd:e5:9b:45:a0:d9:c1:ee:95:92:10:1e:2f:a7:35:d3:8c:
45:4a:b9:53:92:bb:3a:a8:78:40:16:42:6b:21:1e:8d:ff:c2:
64:a3:70:76:80:1e:1f:a5:78:5a:15:0e:cd:b8:d5:3a:74:06:
b7:22:11:ee:d7:8d:1a:a4:19:ff:2d:99:99:88:75:e3:2e:c2:
39:bf:b6:d6:e1:99:ad:24:56:9b:2f:b7:3e:0b:70:f3:cd:c0:
1d:08:c5:f0:81:79:e1:79:b0:fa:76:15:d9:78:81:db:6e:18:
e0:a2:61:18:1a:cc:07:59:4d:73:34:9c:2c:22:ab:de:6a:51:
79:9c:f2:a7:ea:d2:31:4c:f8:89:be:9e:a9:03:f5:40:43:3c:
fd:43:da:0a
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUaJCaZIywF2+AosItXq2vBOFqwWIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMjQwMDIwMzFaFw0yNTExMjgyMzU5NTlaMHoxSTBHBgNV
BAUTQDE1NzFjZTA3NmMyYWQwM2JmYTE0YTYzMWFjZWI3NmQ5MWVkYTRmYmRkMDdk
YzJlNDIyNTFlNjU2NWQ0MTUyMGExLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAK/pJcXFoAaz3XznsjuxWKCl4JtbdjDv+81sZ8vUKg3DBEwm0mWsvtCYYjk1
krF0giJYbaNiNY7Sc7ejyRWXnDOdb6Kk6nZt8sel2sfI18ZcA65BsBP7cX34VAQ5
c2edprlt48CU1m2BWluef9J2cI7VK/aCcte8P6qohlZxT0XpYE2Nx+zW+wvoZRDp
788NtPy0eJlEM9vzYhZvujn7wcfc4eumpoTsJpNjll/rBSCLH5bWndcHfSfzSaU1
w3+pY/QOHRLh/NXcC2vrlFdZ+F5tq36+Zo3O3zLGlwgHV9LS/ArkE0hp8L6t7M09
q/kZ4RgU5iPJj4INjqKSPV5sQi0CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBQa6b47
GHUiCMlXeni2h4jPnzVNYDAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NjhmMmFmMTQtNDNlMi00NDQ3LWE4YTctZjhmZTcxM2UyNDllLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGAyoF0B8I
MA0GCSqGSIb3DQEBCwUAA4IBAQDDv4Wg1co4WY0vqHKQ7Vofj4l2sA1wEBzaWCr/
s15KfztPeHeqeFHAUkQGuZj3TJAqtlLGU0oh4CVlRBZLS6r9/W7ebNkl2ztU8A+O
sCpslkGBBid+Qz8IqZp9X3ufcb588O1juDR8mWlpkAl9/eWbRaDZwe6VkhAeL6c1
04xFSrlTkrs6qHhAFkJrIR6N/8Jko3B2gB4fpXhaFQ7NuNU6dAa3IhHu140apBn/
LZmZiHXjLsI5v7bW4ZmtJFabL7c+C3DzzcAdCMXwgXnhebD6dhXZeIHbbhjgomEY
GswHWU1zNJwsIqvealF5nPKn6tIxTPiJvp6pA/VAQzz9Q9oK
-----END CERTIFICATE-----
Generated at Tue Oct 28 04:11:56 2025 by rpki-client