Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/6ddb8169-a0ba-4989-b488-a344085c56c9.roa
File: 6ddb8169-a0ba-4989-b488-a344085c56c9.roa (raw, json)
Hash identifier: +s59wCPe62siT4phNzu3rZ3Xc3pxjcpehCys7ewlJGI=
Subject key identifier: FF:3A:05:15:96:A3:DC:3A:20:9C:ED:48:42:0A:34:6B:5D:8C:D8:D7
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 41F2CFF9AEB6BA2FBE8AAD6AB89B8339F0E858B6
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/6ddb8169-a0ba-4989-b488-a344085c56c9.roa
Signing time: Sat 15 Nov 2025 06:01:11 +0000
ROA not before: Sat 15 Nov 2025 06:01:11 +0000
ROA not after: Sat 20 Dec 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d071:c000::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 18 Nov 2025 21:55:37 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
41:f2:cf:f9:ae:b6:ba:2f:be:8a:ad:6a:b8:9b:83:39:f0:e8:58:b6
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Nov 15 06:01:11 2025 GMT
Not After : Dec 20 23:59:59 2025 GMT
Subject: serialNumber=4637ed006778f56eb4d87d92ec0227dde96658fa1763bdd75368fd57f5c6dda5, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:df:92:ca:bf:28:1d:cf:3f:7b:47:21:12:e2:8b:
a8:26:dc:af:94:68:2c:93:a8:4e:24:5f:e2:b4:8f:
70:83:d6:8e:42:91:13:6a:6b:30:0c:c7:bd:5b:e0:
ba:fb:b5:32:e3:11:16:1f:e2:f9:30:49:1f:06:0d:
ac:21:9b:ba:bc:40:b9:96:f1:e2:4b:f1:24:1d:0b:
c6:c8:f2:10:ee:42:ca:9b:29:6d:a0:e7:33:86:3c:
0c:67:d1:32:b5:b2:30:44:a9:25:26:db:ab:2d:01:
ea:f8:da:08:ac:55:41:4d:1b:90:58:0a:b1:15:d2:
5e:b6:4d:0c:66:3a:7b:9a:b8:7d:59:75:92:88:b9:
bd:92:64:ed:8c:40:a1:f6:65:36:48:c0:94:9f:89:
22:51:44:51:04:da:f5:f9:5e:c3:64:81:e5:05:8d:
27:12:66:81:06:55:45:9a:f0:bf:9e:f1:db:93:b4:
5d:0b:c3:8d:70:87:7e:68:be:c6:e1:de:2e:20:53:
32:cb:0b:e7:7a:2d:f9:2b:95:72:ac:37:e9:b8:05:
10:84:e1:f9:0f:35:8b:49:c7:0f:72:ec:84:b1:98:
bd:4f:2b:3c:ad:44:63:4c:e7:bc:82:b6:2a:52:67:
57:25:88:b8:f9:2a:b7:97:80:6a:e9:99:eb:2c:13:
64:8f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FF:3A:05:15:96:A3:DC:3A:20:9C:ED:48:42:0A:34:6B:5D:8C:D8:D7
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/6ddb8169-a0ba-4989-b488-a344085c56c9.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d071:c000::/40
Signature Algorithm: sha256WithRSAEncryption
bf:21:36:6a:22:8d:a5:80:21:34:2c:f1:f1:35:6b:c4:3b:c0:
46:88:c7:bf:0c:93:33:b5:b1:ad:8d:41:3a:2a:fa:29:f4:61:
bb:f0:7d:c5:3c:7a:b7:f1:1c:9c:dd:34:92:2f:79:5c:2d:8a:
00:52:8e:c2:14:2e:f6:29:4c:37:e8:de:42:bc:ff:ba:91:1f:
52:11:17:97:0a:8f:36:fd:1c:6e:96:a0:dd:56:5e:2e:a2:0a:
aa:0f:72:e2:a1:0c:13:c9:00:ed:2f:b1:62:1f:61:3d:05:e3:
6e:3e:ac:b0:e0:d6:d5:4a:b8:e8:d2:cf:4b:91:db:e8:08:82:
e8:9f:52:b6:b2:88:84:38:a4:87:45:52:34:4c:99:cb:3b:54:
6d:1c:f2:5b:a1:36:0c:aa:c6:53:bf:18:ec:35:88:09:2b:70:
16:1e:72:2e:d8:fa:7a:d8:1e:d0:df:c1:f3:24:94:c8:77:69:
73:2c:48:47:d2:fa:0b:b0:7b:3b:62:ba:53:be:84:91:f1:57:
8d:47:cb:78:8e:c2:3a:11:ee:81:cd:e4:92:a0:47:12:da:2a:
cb:2b:e0:12:58:ef:b7:75:2e:e3:21:69:6a:cf:84:77:12:cb:
2f:bc:44:fd:04:05:0d:ef:03:e9:39:2a:f3:27:e0:d2:c8:dc:
df:a0:dc:2c
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUQfLP+a62ui++iq1quJuDOfDoWLYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTExMTUwNjAxMTFaFw0yNTEyMjAyMzU5NTlaMHoxSTBHBgNV
BAUTQDQ2MzdlZDAwNjc3OGY1NmViNGQ4N2Q5MmVjMDIyN2RkZTk2NjU4ZmExNzYz
YmRkNzUzNjhmZDU3ZjVjNmRkYTUxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAN+Syr8oHc8/e0chEuKLqCbcr5RoLJOoTiRf4rSPcIPWjkKRE2prMAzHvVvg
uvu1MuMRFh/i+TBJHwYNrCGburxAuZbx4kvxJB0LxsjyEO5CypspbaDnM4Y8DGfR
MrWyMESpJSbbqy0B6vjaCKxVQU0bkFgKsRXSXrZNDGY6e5q4fVl1koi5vZJk7YxA
ofZlNkjAlJ+JIlFEUQTa9flew2SB5QWNJxJmgQZVRZrwv57x25O0XQvDjXCHfmi+
xuHeLiBTMssL53ot+SuVcqw36bgFEITh+Q81i0nHD3LshLGYvU8rPK1EY0znvIK2
KlJnVyWIuPkqt5eAaumZ6ywTZI8CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBT/OgUV
lqPcOiCc7UhCCjRrXYzY1zAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NmRkYjgxNjktYTBiYS00OTg5LWI0ODgtYTM0NDA4NWM1NmM5LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0HHA
MA0GCSqGSIb3DQEBCwUAA4IBAQC/ITZqIo2lgCE0LPHxNWvEO8BGiMe/DJMztbGt
jUE6Kvop9GG78H3FPHq38Ryc3TSSL3lcLYoAUo7CFC72KUw36N5CvP+6kR9SEReX
Co82/RxulqDdVl4uogqqD3LioQwTyQDtL7FiH2E9BeNuPqyw4NbVSrjo0s9Lkdvo
CILon1K2soiEOKSHRVI0TJnLO1RtHPJboTYMqsZTvxjsNYgJK3AWHnIu2Pp62B7Q
38HzJJTId2lzLEhH0voLsHs7YrpTvoSR8VeNR8t4jsI6Ee6BzeSSoEcS2irLK+AS
WO+3dS7jIWlqz4R3EssvvET9BAUN7wPpOSrzJ+DSyNzfoNws
-----END CERTIFICATE-----
Generated at Tue Nov 18 04:36:05 2025 by rpki-client