Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/7116ef93-bff5-462e-a725-ae90147ffd39.roa
File: 7116ef93-bff5-462e-a725-ae90147ffd39.roa (raw, json)
Hash identifier: v15hMgSNPTFlpDz6jj+1n7RxwxveCOshLpCzISTc8b4=
Subject key identifier: 14:A5:20:65:16:E3:0F:10:9E:6D:1F:37:0F:15:34:E8:24:4A:1C:41
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 20D5F5AE54CF14843A3D3992C07CCBE0910DFC4F
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/7116ef93-bff5-462e-a725-ae90147ffd39.roa
Signing time: Tue 21 Oct 2025 14:00:12 +0000
ROA not before: Tue 21 Oct 2025 14:00:12 +0000
ROA not after: Tue 25 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d072:c0c0::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 29 Oct 2025 00:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
20:d5:f5:ae:54:cf:14:84:3a:3d:39:92:c0:7c:cb:e0:91:0d:fc:4f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Oct 21 14:00:12 2025 GMT
Not After : Nov 25 23:59:59 2025 GMT
Subject: serialNumber=49a0d5285df324fb4748df7c4a6c0124746fdbda5ff21f4dace568ec1f447653, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9c:d4:21:f2:a7:7b:f0:cc:4d:0b:e3:ce:54:74:
7c:43:4c:2d:17:d1:c5:c6:49:fd:c2:15:37:ae:b3:
2a:d0:ef:be:b4:3a:50:1e:b4:84:5d:29:6c:ba:e2:
83:e4:e3:71:6e:3e:65:f0:d0:55:22:9a:86:e4:1d:
52:b4:b2:d2:c5:0c:54:a2:19:7a:ab:ed:12:e1:b2:
bb:84:35:ac:13:af:7b:a2:07:bf:4c:f8:33:e5:1a:
9e:52:56:84:9f:75:d8:45:9f:a6:b8:23:a0:41:04:
4a:6a:25:33:dc:e6:33:83:fe:52:06:7b:d6:fe:79:
54:04:75:28:39:fd:4e:91:2f:a0:95:e9:5b:7a:36:
88:be:2c:fc:fc:40:8c:ee:87:c4:2e:43:cf:fd:26:
68:10:5b:e0:82:e8:66:92:21:0f:ed:52:d3:59:78:
e7:8a:59:69:b9:a8:e8:ee:0a:ea:71:1d:f6:c9:3b:
fd:6a:5c:8c:d8:d5:d8:03:d4:21:02:e5:37:2a:1e:
88:dd:66:2e:c5:74:5e:02:45:c9:e2:5e:85:5d:c9:
86:37:01:42:97:ae:be:08:9e:8f:55:24:aa:04:3c:
13:7f:90:82:22:dd:e6:b2:a8:89:81:4e:b7:03:ee:
8a:a5:72:06:0e:1d:06:9e:43:6d:48:3b:92:da:57:
b5:09
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
14:A5:20:65:16:E3:0F:10:9E:6D:1F:37:0F:15:34:E8:24:4A:1C:41
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/7116ef93-bff5-462e-a725-ae90147ffd39.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d072:c0c0::/48
Signature Algorithm: sha256WithRSAEncryption
2d:5c:8a:e9:5c:1e:e1:f3:9e:74:8f:0b:14:2f:4e:10:83:05:
cf:4c:31:97:56:82:ba:9a:fd:01:67:e8:55:96:b4:c0:f6:f7:
c1:5e:3c:f3:b7:1b:32:62:e4:74:84:4a:af:7d:33:12:dd:79:
48:07:00:5a:83:71:1a:bd:f0:c5:d4:74:30:54:86:77:f9:e3:
e8:84:4e:64:30:d8:bd:0d:23:39:10:a0:06:16:fa:25:48:12:
c1:62:e4:9d:7a:ad:04:c7:71:32:1a:5c:fe:99:50:33:7f:49:
ae:60:d7:2d:55:09:e8:26:a5:4e:e0:45:81:be:4f:99:94:f0:
6c:31:ca:b0:4e:ae:1c:48:dd:2a:a3:b9:64:4a:45:be:49:e7:
2e:57:e8:98:bb:a9:c3:88:e3:fe:ad:88:ed:eb:72:41:3c:cd:
16:f5:5a:b2:1b:db:de:fe:83:f0:48:3b:ab:df:ef:a1:76:f4:
aa:b1:88:06:7c:17:93:d5:40:02:5b:cd:98:d9:66:ff:d5:43:
1a:d3:ca:f0:77:46:a3:54:25:3c:f7:91:c8:86:f2:7c:c4:7a:
a7:cb:ce:99:57:a8:76:3f:b9:c6:e9:e8:1d:3c:2c:23:41:10:
4d:e6:87:78:0e:2d:16:23:94:14:9c:24:b2:59:53:ff:fc:17:
ab:f6:0b:00
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUINX1rlTPFIQ6PTmSwHzL4JEN/E8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMjExNDAwMTJaFw0yNTExMjUyMzU5NTlaMHoxSTBHBgNV
BAUTQDQ5YTBkNTI4NWRmMzI0ZmI0NzQ4ZGY3YzRhNmMwMTI0NzQ2ZmRiZGE1ZmYy
MWY0ZGFjZTU2OGVjMWY0NDc2NTMxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJzUIfKne/DMTQvjzlR0fENMLRfRxcZJ/cIVN66zKtDvvrQ6UB60hF0pbLri
g+TjcW4+ZfDQVSKahuQdUrSy0sUMVKIZeqvtEuGyu4Q1rBOve6IHv0z4M+UanlJW
hJ912EWfprgjoEEESmolM9zmM4P+UgZ71v55VAR1KDn9TpEvoJXpW3o2iL4s/PxA
jO6HxC5Dz/0maBBb4ILoZpIhD+1S01l454pZabmo6O4K6nEd9sk7/WpcjNjV2APU
IQLlNyoeiN1mLsV0XgJFyeJehV3JhjcBQpeuvgiej1UkqgQ8E3+QgiLd5rKoiYFO
twPuiqVyBg4dBp5DbUg7ktpXtQkCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBQUpSBl
FuMPEJ5tHzcPFTToJEocQTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NzExNmVmOTMtYmZmNS00NjJlLWE3MjUtYWU5MDE0N2ZmZDM5LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0HLA
wDANBgkqhkiG9w0BAQsFAAOCAQEALVyK6Vwe4fOedI8LFC9OEIMFz0wxl1aCupr9
AWfoVZa0wPb3wV4887cbMmLkdIRKr30zEt15SAcAWoNxGr3wxdR0MFSGd/nj6IRO
ZDDYvQ0jORCgBhb6JUgSwWLknXqtBMdxMhpc/plQM39JrmDXLVUJ6CalTuBFgb5P
mZTwbDHKsE6uHEjdKqO5ZEpFvknnLlfomLupw4jj/q2I7etyQTzNFvVashvb3v6D
8Eg7q9/voXb0qrGIBnwXk9VAAlvNmNlm/9VDGtPK8HdGo1QlPPeRyIbyfMR6p8vO
mVeodj+5xunoHTwsI0EQTeaHeA4tFiOUFJwksllT//wXq/YLAA==
-----END CERTIFICATE-----
Generated at Tue Oct 28 04:21:16 2025 by rpki-client