Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/868cbba8-4804-4fbd-b9b8-7e9402c44956.roa
File: 868cbba8-4804-4fbd-b9b8-7e9402c44956.roa (raw, json)
Hash identifier: 5BkCH8T41VtvTDp0s2IM0cZ43at1R9xYsQxkAJKuGAQ=
Subject key identifier: A8:68:9E:BF:CC:8D:F7:59:25:9A:E9:32:AB:81:4E:07:9D:0E:83:87
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 56672F0EEAD67C0B1EBAFE08A3D81422B78C4667
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/868cbba8-4804-4fbd-b9b8-7e9402c44956.roa
Signing time: Tue 21 Oct 2025 13:50:42 +0000
ROA not before: Tue 21 Oct 2025 13:50:42 +0000
ROA not after: Tue 25 Nov 2025 23:59:59 +0000
asID: 14618
IP address blocks: 2a05:d06f:9000::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 29 Oct 2025 00:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
56:67:2f:0e:ea:d6:7c:0b:1e:ba:fe:08:a3:d8:14:22:b7:8c:46:67
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Oct 21 13:50:42 2025 GMT
Not After : Nov 25 23:59:59 2025 GMT
Subject: serialNumber=b63ec6c70314c0908d9e3426afbe651f32ccb4032db26dd30a14b48f2c4e00be, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:be:05:ef:7c:87:2b:cb:6b:84:94:bb:42:ad:81:
1a:2a:31:a6:ce:e0:cc:1a:8c:73:06:2f:60:3a:9d:
9d:dc:2c:40:37:29:9a:c6:7a:53:41:11:27:e1:dc:
cd:f5:07:f0:8f:6b:2a:f9:16:ee:60:0b:1f:12:22:
5d:47:e6:94:75:68:29:45:50:37:49:fe:e9:68:79:
0b:15:c6:68:8b:ea:51:38:06:eb:10:94:f3:62:48:
cf:d2:4e:5c:01:d1:d1:ae:77:c9:c6:3b:bb:af:a9:
90:5b:44:2b:74:3e:ca:3b:93:df:49:2b:42:ad:2f:
73:26:b0:10:97:3c:a1:32:b3:a4:e1:d9:aa:c1:95:
ee:b1:8d:33:78:5e:6f:5a:23:53:12:46:c7:20:17:
b9:87:b9:f6:02:e5:8a:28:b4:68:f3:92:e9:65:8a:
4d:a7:8e:f4:8e:3e:c5:7e:5d:04:89:27:72:de:bb:
13:0b:b6:33:89:a6:0d:a4:c6:66:ea:0f:6a:6a:2e:
7e:c5:c8:e7:bd:ca:0d:65:c5:02:c2:e1:cc:d8:8b:
ec:4b:69:a3:d2:0e:f4:37:d2:c5:ae:be:a0:ff:3b:
d9:7a:fc:8d:d6:03:bf:aa:63:75:67:65:4b:7b:3a:
4d:74:ea:35:92:df:6e:bb:79:39:e7:07:1f:9b:b3:
53:49
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A8:68:9E:BF:CC:8D:F7:59:25:9A:E9:32:AB:81:4E:07:9D:0E:83:87
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/868cbba8-4804-4fbd-b9b8-7e9402c44956.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d06f:9000::/40
Signature Algorithm: sha256WithRSAEncryption
ac:b4:00:ea:47:e0:12:c8:a0:d5:3f:2d:ea:4e:ab:14:6c:31:
c0:df:f3:49:19:20:83:1b:59:cc:7e:04:16:4c:a7:3d:69:db:
07:d3:44:08:f2:51:24:6c:f6:e9:8a:68:d8:d0:75:96:62:3c:
10:e8:5b:b3:48:7e:f3:96:4c:c6:e0:16:40:b4:99:d9:08:3a:
49:b2:da:ee:d0:89:00:c4:ba:48:51:0c:f3:79:f7:d0:5f:9a:
e4:3c:6b:1a:6e:49:e3:f9:aa:41:ad:d6:8b:e6:26:71:f0:41:
2f:59:51:f7:d0:e0:4b:e3:65:89:65:10:e9:5b:91:ae:f7:18:
1b:d1:34:a9:d4:b5:e0:2b:08:4a:7e:4d:2b:5b:61:6b:d9:00:
ce:69:2c:f8:05:44:77:97:d4:63:9c:ce:21:ae:fc:77:6c:6e:
d4:da:07:1e:39:24:da:3e:98:cf:d1:8a:1d:2e:e7:c6:35:72:
33:10:e0:a8:b4:3a:af:5d:fc:c2:ee:2a:52:cf:2b:e3:b9:07:
bd:bc:a4:59:90:f0:77:1e:a9:48:ec:58:dc:c6:53:59:70:00:
cb:e1:7d:83:e3:65:95:7f:3e:0b:46:ab:c5:f7:3a:b2:ea:f1:
ba:b1:96:f3:73:62:8c:68:24:24:8b:16:7e:e7:03:68:41:bf:
5c:a3:2a:f3
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUVmcvDurWfAseuv4Io9gUIreMRmcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMjExMzUwNDJaFw0yNTExMjUyMzU5NTlaMHoxSTBHBgNV
BAUTQGI2M2VjNmM3MDMxNGMwOTA4ZDllMzQyNmFmYmU2NTFmMzJjY2I0MDMyZGIy
NmRkMzBhMTRiNDhmMmM0ZTAwYmUxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAL4F73yHK8trhJS7Qq2BGioxps7gzBqMcwYvYDqdndwsQDcpmsZ6U0ERJ+Hc
zfUH8I9rKvkW7mALHxIiXUfmlHVoKUVQN0n+6Wh5CxXGaIvqUTgG6xCU82JIz9JO
XAHR0a53ycY7u6+pkFtEK3Q+yjuT30krQq0vcyawEJc8oTKzpOHZqsGV7rGNM3he
b1ojUxJGxyAXuYe59gLliii0aPOS6WWKTaeO9I4+xX5dBIknct67Ewu2M4mmDaTG
ZuoPamoufsXI573KDWXFAsLhzNiL7Etpo9IO9DfSxa6+oP872Xr8jdYDv6pjdWdl
S3s6TXTqNZLfbrt5OecHH5uzU0kCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBSoaJ6/
zI33WSWa6TKrgU4HnQ6DhzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
ODY4Y2JiYTgtNDgwNC00ZmJkLWI5YjgtN2U5NDAyYzQ0OTU2LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0G+Q
MA0GCSqGSIb3DQEBCwUAA4IBAQCstADqR+ASyKDVPy3qTqsUbDHA3/NJGSCDG1nM
fgQWTKc9adsH00QI8lEkbPbpimjY0HWWYjwQ6FuzSH7zlkzG4BZAtJnZCDpJstru
0IkAxLpIUQzzeffQX5rkPGsabknj+apBrdaL5iZx8EEvWVH30OBL42WJZRDpW5Gu
9xgb0TSp1LXgKwhKfk0rW2Fr2QDOaSz4BUR3l9RjnM4hrvx3bG7U2gceOSTaPpjP
0YodLufGNXIzEOCotDqvXfzC7ipSzyvjuQe9vKRZkPB3HqlI7FjcxlNZcADL4X2D
42WVfz4LRqvF9zqy6vG6sZbzc2KMaCQkixZ+5wNoQb9coyrz
-----END CERTIFICATE-----
Generated at Tue Oct 28 04:15:17 2025 by rpki-client