Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/87ec9982-c725-40e5-b829-ff0f06d939c8.roa
File: 87ec9982-c725-40e5-b829-ff0f06d939c8.roa (raw, json)
Hash identifier: auO2N4OCb/PJAc/nfZhRa+lAwLcuUzNd3F8XVyjh+ks=
Subject key identifier: F2:0C:32:A6:A1:7B:89:80:A6:12:48:74:6E:C0:3E:50:73:35:67:E8
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 3A26366702F95C70A00D7FA21ACDE9501509536A
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/87ec9982-c725-40e5-b829-ff0f06d939c8.roa
Signing time: Tue 21 Oct 2025 13:20:35 +0000
ROA not before: Tue 21 Oct 2025 13:20:35 +0000
ROA not after: Tue 25 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d058:9000::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 28 Oct 2025 21:56:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
3a:26:36:67:02:f9:5c:70:a0:0d:7f:a2:1a:cd:e9:50:15:09:53:6a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Oct 21 13:20:35 2025 GMT
Not After : Nov 25 23:59:59 2025 GMT
Subject: serialNumber=5073b1530f7a4d39c08b18be31eee6359ce5c0022f61d533d93475c1457f2545, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c3:0a:32:2c:24:00:a1:99:d0:49:43:08:99:61:
e2:c8:ff:ea:cc:7a:77:97:25:b9:80:20:23:62:75:
01:51:4d:72:45:e8:90:5a:cb:10:8c:50:b0:bc:db:
ef:26:b3:29:42:bd:5f:7d:fb:8f:dc:7c:b8:c0:a2:
2c:91:20:11:4e:42:6c:92:24:73:7b:9b:02:c4:00:
d1:73:b3:fb:a4:b0:53:5b:b3:e3:c1:d3:78:eb:36:
bb:45:ea:5c:28:84:0b:37:a1:10:a7:07:19:4e:23:
e6:72:db:c1:92:67:50:d5:78:5a:69:00:6a:be:c9:
54:89:60:ee:6c:5c:e5:16:61:26:98:5e:72:7f:1d:
56:81:dd:d3:0f:f4:07:20:51:1b:01:cb:19:2c:10:
5b:10:12:ae:90:8e:1d:67:12:69:a5:06:87:2a:24:
40:3f:54:a0:92:62:85:af:a7:53:58:40:41:a7:c3:
26:e8:a7:f0:95:ef:45:88:cf:2a:3e:a2:10:86:8d:
b3:73:4f:64:a6:1f:ce:80:76:62:0e:00:63:92:b3:
a9:92:8a:f4:f0:ab:d9:6b:78:02:98:fb:85:a1:37:
e3:35:3a:ec:19:d3:55:08:5a:e3:b4:51:d5:a9:93:
d5:60:77:11:b3:64:d8:f5:fe:67:1e:92:df:cd:33:
28:61
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F2:0C:32:A6:A1:7B:89:80:A6:12:48:74:6E:C0:3E:50:73:35:67:E8
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/87ec9982-c725-40e5-b829-ff0f06d939c8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d058:9000::/40
Signature Algorithm: sha256WithRSAEncryption
55:e8:a9:2f:e8:49:08:4c:12:ad:78:33:46:d2:04:83:e2:23:
ac:ee:87:a7:77:90:15:c8:e3:8f:f1:f9:e8:ae:3b:a6:2b:e3:
08:5e:7a:cf:9a:6d:cc:f8:69:76:bc:9f:6d:3e:fb:ae:91:be:
9c:34:e5:bd:e2:b5:35:32:42:83:00:03:0d:03:d8:19:41:54:
3b:d3:ba:cd:e2:9b:2b:76:a8:6e:24:a9:08:87:ef:33:f5:5f:
98:c4:b1:ab:95:52:cd:95:cb:41:db:1d:b8:a3:ce:3f:ff:e6:
94:91:7e:e8:ef:1c:cd:13:01:72:85:8b:59:27:8a:27:62:58:
a8:77:20:a0:60:a2:5f:2b:5e:36:56:e0:73:c0:89:03:a7:43:
f4:e1:6a:6d:14:72:b1:e0:59:e3:3c:4c:17:77:38:50:95:26:
64:a0:dc:83:33:3f:82:3b:da:bf:88:77:ed:5e:b4:bd:43:74:
27:66:ba:c6:26:b2:ae:1c:53:a4:44:de:ce:6a:c2:77:0e:67:
3c:aa:ab:9d:f4:d9:8c:20:59:63:e3:e8:62:b3:0b:a5:8b:74:
70:76:5d:6b:7c:a4:6f:cf:cd:71:92:0c:95:bd:6e:7d:9b:19:
94:8a:b9:bd:b0:2e:c7:3f:c8:39:a1:93:56:fe:05:42:89:29:
ef:7f:94:0f
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUOiY2ZwL5XHCgDX+iGs3pUBUJU2owDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMjExMzIwMzVaFw0yNTExMjUyMzU5NTlaMHoxSTBHBgNV
BAUTQDUwNzNiMTUzMGY3YTRkMzljMDhiMThiZTMxZWVlNjM1OWNlNWMwMDIyZjYx
ZDUzM2Q5MzQ3NWMxNDU3ZjI1NDUxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMMKMiwkAKGZ0ElDCJlh4sj/6sx6d5cluYAgI2J1AVFNckXokFrLEIxQsLzb
7yazKUK9X337j9x8uMCiLJEgEU5CbJIkc3ubAsQA0XOz+6SwU1uz48HTeOs2u0Xq
XCiECzehEKcHGU4j5nLbwZJnUNV4WmkAar7JVIlg7mxc5RZhJphecn8dVoHd0w/0
ByBRGwHLGSwQWxASrpCOHWcSaaUGhyokQD9UoJJiha+nU1hAQafDJuin8JXvRYjP
Kj6iEIaNs3NPZKYfzoB2Yg4AY5KzqZKK9PCr2Wt4Apj7haE34zU67BnTVQha47RR
1amT1WB3EbNk2PX+Zx6S380zKGECAwEAAaOCAiMwggIfMB0GA1UdDgQWBBTyDDKm
oXuJgKYSSHRuwD5QczVn6DAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
ODdlYzk5ODItYzcyNS00MGU1LWI4MjktZmYwZjA2ZDkzOWM4LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0FiQ
MA0GCSqGSIb3DQEBCwUAA4IBAQBV6Kkv6EkITBKteDNG0gSD4iOs7oend5AVyOOP
8fnorjumK+MIXnrPmm3M+Gl2vJ9tPvuukb6cNOW94rU1MkKDAAMNA9gZQVQ707rN
4psrdqhuJKkIh+8z9V+YxLGrlVLNlctB2x24o84//+aUkX7o7xzNEwFyhYtZJ4on
YliodyCgYKJfK142VuBzwIkDp0P04WptFHKx4FnjPEwXdzhQlSZkoNyDMz+CO9q/
iHftXrS9Q3QnZrrGJrKuHFOkRN7OasJ3Dmc8qqud9NmMIFlj4+hiswuli3Rwdl1r
fKRvz81xkgyVvW59mxmUirm9sC7HP8g5oZNW/gVCiSnvf5QP
-----END CERTIFICATE-----
Generated at Tue Oct 28 04:19:35 2025 by rpki-client