Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/74c7eb62-ad02-4aa2-9be5-024692c6239f.roa
File: 74c7eb62-ad02-4aa2-9be5-024692c6239f.roa (raw, json)
Hash identifier: azLLOSEG+BSjUlKlrPwYbBoRD66vR85upxHRq4vg5GE=
Subject key identifier: 61:8A:9E:25:37:95:B7:6B:F2:A6:61:D5:E3:86:8A:7A:F0:0A:6E:F5
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 10DD0F06C693AE03BB729659BDE3A3D64E7DF2A3
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/74c7eb62-ad02-4aa2-9be5-024692c6239f.roa
Signing time: Tue 21 Oct 2025 13:30:13 +0000
ROA not before: Tue 21 Oct 2025 13:30:13 +0000
ROA not after: Tue 25 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d000:2000::/40 maxlen: 40
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 29 Oct 2025 00:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
10:dd:0f:06:c6:93:ae:03:bb:72:96:59:bd:e3:a3:d6:4e:7d:f2:a3
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Oct 21 13:30:13 2025 GMT
Not After : Nov 25 23:59:59 2025 GMT
Subject: serialNumber=371502320acae2bb5bc7d965963a93d248bcda284052df4f4341ba1a23a41977, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ce:7d:4d:7f:76:20:44:0a:e7:e6:88:fe:2e:83:
48:05:e6:72:e1:a2:9b:51:bb:36:78:56:3d:11:5c:
1a:a8:10:85:41:7a:0b:60:2b:56:30:46:32:0c:f0:
70:40:17:80:55:de:a8:d3:a0:12:d0:69:32:34:2b:
a6:a0:3c:65:28:59:e9:5d:29:07:cc:e2:3c:f5:47:
96:5f:76:a2:e2:ae:dd:8b:2a:8c:c2:ad:91:97:7c:
81:ed:4a:89:cc:70:9f:fe:cc:21:19:7d:17:a1:3d:
30:b6:05:93:18:80:3e:82:b8:ca:bb:07:5a:9c:3a:
ac:e2:8b:de:57:4e:55:7c:31:8b:23:f5:7e:b2:b8:
93:fb:7d:d7:50:c4:67:04:15:e4:3a:10:51:5b:bd:
35:05:83:f0:92:ed:f6:d0:f9:55:cc:b2:ba:f2:3d:
95:15:d4:db:2b:ee:ee:f1:c7:07:9c:ce:eb:4a:17:
33:fe:bc:d0:f3:a5:80:d8:c0:e2:0a:15:2b:c9:41:
77:cd:49:98:90:6c:0c:88:69:75:d9:fc:9f:54:fe:
3b:de:5a:51:e6:a1:35:96:6a:0b:95:71:8d:29:dd:
c6:e0:9b:ac:5c:b0:2a:1d:5d:6a:8d:e1:cc:eb:58:
c7:83:a4:6c:20:60:9a:fa:ad:97:1b:6e:2c:c4:0c:
df:5f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
61:8A:9E:25:37:95:B7:6B:F2:A6:61:D5:E3:86:8A:7A:F0:0A:6E:F5
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/74c7eb62-ad02-4aa2-9be5-024692c6239f.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d000:2000::/40
Signature Algorithm: sha256WithRSAEncryption
7b:26:a4:04:44:7f:50:10:19:57:17:46:7a:61:33:78:2b:62:
5b:f0:fd:19:59:f0:8d:7f:35:30:dc:dc:51:11:cd:a8:51:33:
08:97:35:cd:7a:37:bf:f0:db:36:f8:8a:e9:f3:a4:9f:35:d1:
42:03:e1:72:69:a1:44:a1:51:d0:23:e8:d1:5e:af:8b:92:3d:
55:d7:c2:0a:71:30:ad:06:ed:c0:69:0a:cc:29:9e:8f:8c:84:
fa:ca:2e:a8:32:91:a5:bf:bf:cd:88:03:2d:41:2a:ef:88:01:
76:1b:36:8a:32:ab:2c:5f:2c:dd:00:78:fb:d0:b7:60:9d:06:
cf:87:9e:e7:d5:9f:2b:bd:9c:f7:14:12:f4:a5:22:16:f7:8f:
c9:0f:f1:23:34:01:cd:14:82:ad:31:7f:e3:42:7b:b8:56:bd:
63:35:4d:de:8f:b2:4a:85:c1:4d:00:2b:b8:fa:be:63:e2:a2:
7f:f8:b7:4d:26:b7:45:d5:c5:53:1b:cb:d5:8a:b7:49:a2:cf:
5d:04:a3:7a:af:40:7d:62:28:8e:db:e7:a5:75:af:0b:cb:c4:
4a:7f:24:e7:ce:b4:e8:c3:22:4b:5e:ec:0c:3a:54:61:1a:36:
78:1b:a2:2c:a6:74:65:34:92:e9:67:fa:51:4c:31:c9:af:aa:
f7:ea:50:a3
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUEN0PBsaTrgO7cpZZveOj1k598qMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMjExMzMwMTNaFw0yNTExMjUyMzU5NTlaMHoxSTBHBgNV
BAUTQDM3MTUwMjMyMGFjYWUyYmI1YmM3ZDk2NTk2M2E5M2QyNDhiY2RhMjg0MDUy
ZGY0ZjQzNDFiYTFhMjNhNDE5NzcxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAM59TX92IEQK5+aI/i6DSAXmcuGim1G7NnhWPRFcGqgQhUF6C2ArVjBGMgzw
cEAXgFXeqNOgEtBpMjQrpqA8ZShZ6V0pB8ziPPVHll92ouKu3YsqjMKtkZd8ge1K
icxwn/7MIRl9F6E9MLYFkxiAPoK4yrsHWpw6rOKL3ldOVXwxiyP1frK4k/t911DE
ZwQV5DoQUVu9NQWD8JLt9tD5VcyyuvI9lRXU2yvu7vHHB5zO60oXM/680POlgNjA
4goVK8lBd81JmJBsDIhpddn8n1T+O95aUeahNZZqC5VxjSndxuCbrFywKh1dao3h
zOtYx4OkbCBgmvqtlxtuLMQM318CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBRhip4l
N5W3a/KmYdXjhop68Apu9TAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NzRjN2ViNjItYWQwMi00YWEyLTliZTUtMDI0NjkyYzYyMzlmLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0AAg
MA0GCSqGSIb3DQEBCwUAA4IBAQB7JqQERH9QEBlXF0Z6YTN4K2Jb8P0ZWfCNfzUw
3NxREc2oUTMIlzXNeje/8Ns2+Irp86SfNdFCA+FyaaFEoVHQI+jRXq+Lkj1V18IK
cTCtBu3AaQrMKZ6PjIT6yi6oMpGlv7/NiAMtQSrviAF2GzaKMqssXyzdAHj70Ldg
nQbPh57n1Z8rvZz3FBL0pSIW94/JD/EjNAHNFIKtMX/jQnu4Vr1jNU3ej7JKhcFN
ACu4+r5j4qJ/+LdNJrdF1cVTG8vVirdJos9dBKN6r0B9YiiO2+elda8Ly8RKfyTn
zrTowyJLXuwMOlRhGjZ4G6IspnRlNJLpZ/pRTDHJr6r36lCj
-----END CERTIFICATE-----
Generated at Tue Oct 28 04:11:56 2025 by rpki-client