Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/7d5bbe6e-da67-4af0-af12-c86f93a16721.roa
File: 7d5bbe6e-da67-4af0-af12-c86f93a16721.roa (raw, json)
Hash identifier: YrkvtZajc58NHdQcD3Ra3nyeVk+Nv26As/UlonocoHA=
Subject key identifier: D2:D2:FD:4C:B5:47:E3:D4:D6:BD:DE:DE:A1:AE:E0:FD:D8:74:AB:F7
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 7607F9F13A92A8EC045876BE788648929A9D19B9
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/7d5bbe6e-da67-4af0-af12-c86f93a16721.roa
Signing time: Tue 21 Oct 2025 13:10:11 +0000
ROA not before: Tue 21 Oct 2025 13:10:11 +0000
ROA not after: Tue 25 Nov 2025 23:59:59 +0000
asID: 14618
IP address blocks: 2a05:d06f:6000::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 29 Oct 2025 00:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
76:07:f9:f1:3a:92:a8:ec:04:58:76:be:78:86:48:92:9a:9d:19:b9
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Oct 21 13:10:11 2025 GMT
Not After : Nov 25 23:59:59 2025 GMT
Subject: serialNumber=c317ef5dc56c911ce3ec027c0581a1680b82d6db39e597c7a997cc7a6f814de6, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d0:e4:98:a6:71:e1:26:d3:64:00:7e:8d:3f:88:
f4:e6:3c:2a:7e:72:16:36:54:f0:be:0a:19:41:ce:
55:b0:7d:52:f8:3b:43:bf:7d:25:44:ed:dd:d9:6c:
2b:6f:48:43:2a:38:83:ac:f8:0e:06:71:30:5e:29:
53:cc:78:af:f0:5f:62:85:0c:16:2e:b8:06:5d:5a:
8d:8b:50:de:9e:01:94:72:88:c4:24:7f:5e:e7:5d:
29:b5:34:5d:19:f5:cc:a8:84:10:2d:96:51:ae:bc:
51:51:cd:24:af:30:ac:09:59:a5:89:68:ad:73:10:
d7:55:be:46:9a:3e:a6:94:b6:7b:3a:36:3c:c0:9a:
eb:41:87:c1:fd:31:7c:e0:95:6e:a9:e0:73:49:ab:
1b:ab:a3:e6:2c:43:1f:1f:1b:32:f6:6e:c9:ea:00:
0f:41:f4:72:99:f5:b0:45:e6:5d:41:89:f1:a0:8c:
4e:ce:87:3e:f8:73:3b:1b:fb:17:1e:b3:b4:e4:54:
0b:9c:a8:0b:af:42:6d:65:32:8e:60:14:44:8d:03:
c7:c7:57:c9:20:2e:8f:08:1b:0b:cb:bb:90:3d:b8:
7c:b4:8c:83:c2:0e:8e:71:e0:53:fe:b2:d4:81:52:
77:31:32:1d:8c:59:14:04:de:5a:38:5b:15:c9:1d:
69:53
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D2:D2:FD:4C:B5:47:E3:D4:D6:BD:DE:DE:A1:AE:E0:FD:D8:74:AB:F7
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/7d5bbe6e-da67-4af0-af12-c86f93a16721.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d06f:6000::/40
Signature Algorithm: sha256WithRSAEncryption
09:f8:af:90:2b:b6:9d:0d:7a:0a:68:68:d3:0d:34:4f:75:57:
66:d2:2a:1c:2c:94:87:cd:7b:e1:23:b5:d5:54:b9:d7:63:2a:
d2:cd:08:10:0c:09:57:d1:9d:ef:04:5f:28:2f:74:22:8b:d5:
26:1e:a4:8c:ba:95:94:71:cb:f6:36:d6:61:a2:1b:f4:d8:18:
46:97:eb:1e:07:48:c3:22:89:7c:67:5c:72:34:3c:5c:09:97:
7b:c7:8c:18:e3:36:34:54:5c:4a:0f:eb:51:8b:7c:a6:70:81:
88:bc:27:8e:f3:fc:94:45:2b:1e:b7:75:7d:af:86:af:8f:0c:
4d:09:19:c5:b0:a5:8f:f2:45:d7:5b:3d:1a:b4:fd:c2:c6:e6:
aa:ca:ff:5c:53:06:32:f6:b1:21:d3:d9:b0:e7:21:9f:da:bb:
17:1d:36:c2:35:13:b8:ec:5b:1c:9d:8e:a2:0a:b0:78:68:d6:
b3:18:95:8a:ef:a9:de:ce:87:bb:f4:1d:4d:4f:12:36:6a:3f:
f7:34:cb:ed:bc:f6:28:3e:33:22:59:e8:60:2e:62:b5:90:9d:
1a:a4:2f:a8:92:f6:27:08:d3:c1:98:79:4a:2f:19:c9:c1:e8:
5f:44:0b:48:66:8a:b6:72:d4:52:01:6b:c4:a0:a0:e7:26:89:
dc:55:d0:b4
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUdgf58TqSqOwEWHa+eIZIkpqdGbkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMjExMzEwMTFaFw0yNTExMjUyMzU5NTlaMHoxSTBHBgNV
BAUTQGMzMTdlZjVkYzU2YzkxMWNlM2VjMDI3YzA1ODFhMTY4MGI4MmQ2ZGIzOWU1
OTdjN2E5OTdjYzdhNmY4MTRkZTYxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANDkmKZx4SbTZAB+jT+I9OY8Kn5yFjZU8L4KGUHOVbB9Uvg7Q799JUTt3dls
K29IQyo4g6z4DgZxMF4pU8x4r/BfYoUMFi64Bl1ajYtQ3p4BlHKIxCR/XuddKbU0
XRn1zKiEEC2WUa68UVHNJK8wrAlZpYlorXMQ11W+Rpo+ppS2ezo2PMCa60GHwf0x
fOCVbqngc0mrG6uj5ixDHx8bMvZuyeoAD0H0cpn1sEXmXUGJ8aCMTs6HPvhzOxv7
Fx6ztORUC5yoC69CbWUyjmAURI0Dx8dXySAujwgbC8u7kD24fLSMg8IOjnHgU/6y
1IFSdzEyHYxZFATeWjhbFckdaVMCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBTS0v1M
tUfj1Na93t6hruD92HSr9zAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
N2Q1YmJlNmUtZGE2Ny00YWYwLWFmMTItYzg2ZjkzYTE2NzIxLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0G9g
MA0GCSqGSIb3DQEBCwUAA4IBAQAJ+K+QK7adDXoKaGjTDTRPdVdm0iocLJSHzXvh
I7XVVLnXYyrSzQgQDAlX0Z3vBF8oL3Qii9UmHqSMupWUccv2NtZhohv02BhGl+se
B0jDIol8Z1xyNDxcCZd7x4wY4zY0VFxKD+tRi3ymcIGIvCeO8/yURSset3V9r4av
jwxNCRnFsKWP8kXXWz0atP3Cxuaqyv9cUwYy9rEh09mw5yGf2rsXHTbCNRO47Fsc
nY6iCrB4aNazGJWK76nezoe79B1NTxI2aj/3NMvtvPYoPjMiWehgLmK1kJ0apC+o
kvYnCNPBmHlKLxnJwehfRAtIZoq2ctRSAWvEoKDnJoncVdC0
-----END CERTIFICATE-----
Generated at Tue Oct 28 04:11:55 2025 by rpki-client