Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/7802179a-c80f-42f1-a50b-a0af1df078c2.roa
File: 7802179a-c80f-42f1-a50b-a0af1df078c2.roa (raw, json)
Hash identifier: Oy3UHMrWfx7CiYFcuCSB8KdOZU372ZpSZJeFjGMGVyw=
Subject key identifier: 19:17:21:6E:F9:DB:A2:24:54:2D:42:89:17:0D:91:E1:EE:B8:81:98
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 5EA9C7573864C1A934C840B154F0EEB94D063AC5
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/7802179a-c80f-42f1-a50b-a0af1df078c2.roa
Signing time: Tue 21 Oct 2025 14:00:11 +0000
ROA not before: Tue 21 Oct 2025 14:00:11 +0000
ROA not after: Tue 25 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d059:4000::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 28 Oct 2025 21:56:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
5e:a9:c7:57:38:64:c1:a9:34:c8:40:b1:54:f0:ee:b9:4d:06:3a:c5
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Oct 21 14:00:11 2025 GMT
Not After : Nov 25 23:59:59 2025 GMT
Subject: serialNumber=50ad3e6bc7d536e2b02a1b0927e5a7ffb1d2a60248954e07877b3936dff1f376, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:84:3b:ac:ef:d5:dd:a4:3b:63:37:27:9a:c8:c4:
ee:2c:58:8e:29:e4:78:4d:a5:21:0b:c3:b7:cc:c5:
62:f2:29:8a:b0:0e:87:69:b4:20:f8:42:f5:ea:7f:
db:d0:f2:af:f3:9e:54:b2:fa:9b:bc:7c:8b:80:92:
7a:b7:25:30:fc:27:00:7d:b7:80:84:4f:77:cd:3a:
18:54:70:89:6f:37:2b:13:a2:be:59:d0:31:fc:12:
c9:02:da:c4:46:db:c1:b4:b5:76:f6:72:ea:13:b1:
2e:de:66:aa:42:1d:39:87:68:31:f5:5f:cc:27:94:
d0:14:ef:02:9d:9b:33:ff:32:f5:ec:95:94:42:a4:
86:ed:4c:ad:a6:21:43:21:6b:68:66:f6:3b:8e:79:
7a:3f:d0:8d:76:73:7b:70:1c:5f:1b:a4:3e:b3:4d:
85:0a:68:07:2f:a1:fd:7f:46:5a:6d:22:ca:77:06:
09:dc:b0:95:84:24:64:9a:33:26:ac:a1:b7:e6:57:
30:df:1b:54:b7:34:0d:c7:7a:cc:3e:5a:ba:ac:36:
b5:8d:13:5c:08:a8:cd:d8:76:8b:6f:a1:42:83:d3:
fd:51:0f:a4:e2:eb:95:bd:c5:d3:64:91:d5:4a:57:
0d:de:27:73:9d:91:b3:13:e6:73:ac:a3:33:c7:ae:
e6:4f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
19:17:21:6E:F9:DB:A2:24:54:2D:42:89:17:0D:91:E1:EE:B8:81:98
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/7802179a-c80f-42f1-a50b-a0af1df078c2.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d059:4000::/40
Signature Algorithm: sha256WithRSAEncryption
bb:67:45:0b:6b:58:ad:ad:b6:46:e0:4f:99:43:43:35:9c:9d:
fb:4d:08:ec:f9:7f:4b:4c:96:ba:2f:0b:be:e7:8c:2d:c2:95:
69:15:61:83:13:9d:a3:34:d6:6d:4c:86:c7:b3:da:4c:d3:6d:
90:d7:53:d8:c3:8b:9a:dc:79:e2:01:40:c2:d7:5b:40:c3:ce:
b0:a5:66:f1:43:b7:2a:cb:5c:39:b0:4a:22:8c:2b:1c:69:9b:
b1:c9:19:c3:b4:f5:f6:24:db:85:d9:02:85:fc:32:d5:b5:88:
bf:b8:15:b4:ad:03:33:0b:a4:51:37:d4:99:bd:dc:a2:91:86:
f1:3b:3d:8b:b6:33:3a:29:c9:96:68:d0:ed:ee:f6:7e:20:c0:
e2:a0:5a:8b:5b:be:86:51:ad:1b:8b:a6:98:30:99:16:ba:1a:
8c:9e:6b:ee:72:99:df:12:a3:1c:ac:47:ce:a8:ca:57:36:e3:
6c:a3:99:1a:9b:c6:9e:b2:df:f2:bd:0a:e0:81:76:bd:ac:87:
91:ac:02:e8:77:cf:37:9f:df:4f:3b:ce:3a:1d:f9:4e:83:2b:
dc:95:89:6a:e8:08:be:91:a0:b4:96:15:e2:8f:08:08:f1:ce:
bd:19:95:bc:e3:73:d2:7d:af:a1:8b:96:f6:29:64:e5:df:11:
56:67:10:73
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUXqnHVzhkwak0yECxVPDuuU0GOsUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMjExNDAwMTFaFw0yNTExMjUyMzU5NTlaMHoxSTBHBgNV
BAUTQDUwYWQzZTZiYzdkNTM2ZTJiMDJhMWIwOTI3ZTVhN2ZmYjFkMmE2MDI0ODk1
NGUwNzg3N2IzOTM2ZGZmMWYzNzYxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAIQ7rO/V3aQ7YzcnmsjE7ixYjinkeE2lIQvDt8zFYvIpirAOh2m0IPhC9ep/
29Dyr/OeVLL6m7x8i4CSerclMPwnAH23gIRPd806GFRwiW83KxOivlnQMfwSyQLa
xEbbwbS1dvZy6hOxLt5mqkIdOYdoMfVfzCeU0BTvAp2bM/8y9eyVlEKkhu1MraYh
QyFraGb2O455ej/QjXZze3AcXxukPrNNhQpoBy+h/X9GWm0iyncGCdywlYQkZJoz
Jqyht+ZXMN8bVLc0Dcd6zD5auqw2tY0TXAiozdh2i2+hQoPT/VEPpOLrlb3F02SR
1UpXDd4nc52RsxPmc6yjM8eu5k8CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBQZFyFu
+duiJFQtQokXDZHh7riBmDAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NzgwMjE3OWEtYzgwZi00MmYxLWE1MGItYTBhZjFkZjA3OGMyLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0FlA
MA0GCSqGSIb3DQEBCwUAA4IBAQC7Z0ULa1itrbZG4E+ZQ0M1nJ37TQjs+X9LTJa6
Lwu+54wtwpVpFWGDE52jNNZtTIbHs9pM022Q11PYw4ua3HniAUDC11tAw86wpWbx
Q7cqy1w5sEoijCscaZuxyRnDtPX2JNuF2QKF/DLVtYi/uBW0rQMzC6RRN9SZvdyi
kYbxOz2LtjM6KcmWaNDt7vZ+IMDioFqLW76GUa0bi6aYMJkWuhqMnmvucpnfEqMc
rEfOqMpXNuNso5kam8aest/yvQrggXa9rIeRrALod883n99PO846HflOgyvclYlq
6Ai+kaC0lhXijwgI8c69GZW843PSfa+hi5b2KWTl3xFWZxBz
-----END CERTIFICATE-----
Generated at Tue Oct 28 04:09:11 2025 by rpki-client