Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/8a06e909-5227-47d9-a58c-be623a2a4cad.roa
File: 8a06e909-5227-47d9-a58c-be623a2a4cad.roa (raw, json)
Hash identifier: 43adCthDxmWUkX/z2+Sn12HEN26NfuFBBSIdLYpPLtA=
Subject key identifier: 23:D5:5C:8A:04:97:2B:48:48:07:04:B1:A9:0A:9C:19:98:0B:7D:E9
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 1B6CE4B3E8F831BDC709CC3FD7A8C7EDE19EFFD8
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/8a06e909-5227-47d9-a58c-be623a2a4cad.roa
Signing time: Tue 21 Oct 2025 14:10:26 +0000
ROA not before: Tue 21 Oct 2025 14:10:26 +0000
ROA not after: Tue 25 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d058:4000::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 29 Oct 2025 00:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
1b:6c:e4:b3:e8:f8:31:bd:c7:09:cc:3f:d7:a8:c7:ed:e1:9e:ff:d8
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Oct 21 14:10:26 2025 GMT
Not After : Nov 25 23:59:59 2025 GMT
Subject: serialNumber=f47651ef984fd348db22011ba030f65eaf252337b68cab66c92da21218afd1d7, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c2:fc:0e:57:96:06:42:a1:0d:00:5b:58:89:b1:
59:d0:ab:44:8d:d9:e6:bb:ae:58:77:21:57:35:48:
b5:9e:b9:eb:76:dc:ec:30:1b:f0:22:49:da:18:35:
b6:7c:ae:48:13:07:55:7b:01:a8:71:f9:89:e5:aa:
24:43:20:78:53:f3:b5:fd:e1:44:73:bc:20:b0:81:
6e:c9:2b:15:2f:73:7b:6d:fd:a9:c3:37:03:fc:a5:
02:a6:7d:df:07:06:76:c6:65:9c:9b:dd:93:fc:4f:
e5:61:37:8f:19:57:39:9d:86:1d:40:fb:49:b2:c8:
50:0a:01:ea:a5:84:4e:b5:13:66:f3:e9:e4:ff:32:
03:5d:10:42:df:03:84:9f:e2:01:be:8b:c6:27:6d:
b1:11:41:00:67:f8:d6:d0:f4:a9:79:61:c1:e3:05:
93:f5:0e:ea:19:59:b9:50:60:c8:b0:90:84:85:06:
ab:7d:7c:f5:d1:80:b2:46:46:ca:1d:45:81:ae:87:
c4:64:a1:83:94:fe:aa:76:6c:c1:61:a9:37:52:42:
25:89:af:91:b1:02:4b:4f:5d:c3:4a:a6:a2:bb:87:
3f:7a:da:ff:1f:6a:9f:01:c2:af:8a:9b:0d:7d:14:
e7:93:d2:83:5d:83:1d:0e:cc:1e:b1:2d:2d:84:51:
f4:c9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
23:D5:5C:8A:04:97:2B:48:48:07:04:B1:A9:0A:9C:19:98:0B:7D:E9
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/8a06e909-5227-47d9-a58c-be623a2a4cad.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d058:4000::/40
Signature Algorithm: sha256WithRSAEncryption
b9:a4:8f:c7:bf:b1:69:90:e0:5b:33:0e:ff:a6:8b:0c:f8:7f:
48:1e:27:b8:0d:13:7e:59:3b:7e:53:a6:b3:3a:63:e6:9c:23:
8d:6f:a2:79:49:99:62:52:ee:fa:b9:45:a2:14:ab:28:b4:d7:
3f:12:09:dc:f9:f6:6a:9d:a1:99:c9:00:b0:79:e3:ef:6c:c8:
bb:90:a9:d4:a2:51:92:5a:70:d9:29:f3:3d:f6:56:a6:9f:c0:
af:1c:f2:76:39:ac:5d:32:00:2b:80:49:c4:28:07:f9:28:bd:
4a:d5:ef:7a:48:40:50:d9:ec:68:ce:72:7f:c7:19:47:44:f0:
a1:1c:72:33:30:55:0b:0d:ce:e3:ab:39:a5:8c:fa:c4:e1:29:
3e:02:e9:ed:50:a8:e5:ce:f7:a5:f2:c1:98:92:71:b4:72:99:
4d:a0:7c:5c:ca:f9:fe:48:ce:a1:79:f1:31:78:36:23:4a:1c:
73:2a:09:b4:31:c5:b8:73:95:80:73:af:9d:7e:5f:eb:0f:07:
46:30:5d:80:26:62:d2:c6:b8:6a:26:c1:7c:63:24:8f:63:3f:
e9:3a:43:e5:68:81:eb:4b:26:44:c8:ae:07:4a:46:51:b5:a0:
3b:de:e6:dc:21:31:5c:2a:e1:00:82:28:e7:61:46:dc:66:8e:
ff:a5:1f:fc
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUG2zks+j4Mb3HCcw/16jH7eGe/9gwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMjExNDEwMjZaFw0yNTExMjUyMzU5NTlaMHoxSTBHBgNV
BAUTQGY0NzY1MWVmOTg0ZmQzNDhkYjIyMDExYmEwMzBmNjVlYWYyNTIzMzdiNjhj
YWI2NmM5MmRhMjEyMThhZmQxZDcxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAML8DleWBkKhDQBbWImxWdCrRI3Z5ruuWHchVzVItZ6563bc7DAb8CJJ2hg1
tnyuSBMHVXsBqHH5ieWqJEMgeFPztf3hRHO8ILCBbskrFS9ze239qcM3A/ylAqZ9
3wcGdsZlnJvdk/xP5WE3jxlXOZ2GHUD7SbLIUAoB6qWETrUTZvPp5P8yA10QQt8D
hJ/iAb6LxidtsRFBAGf41tD0qXlhweMFk/UO6hlZuVBgyLCQhIUGq3189dGAskZG
yh1Fga6HxGShg5T+qnZswWGpN1JCJYmvkbECS09dw0qmoruHP3ra/x9qnwHCr4qb
DX0U55PSg12DHQ7MHrEtLYRR9MkCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBQj1VyK
BJcrSEgHBLGpCpwZmAt96TAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
OGEwNmU5MDktNTIyNy00N2Q5LWE1OGMtYmU2MjNhMmE0Y2FkLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0FhA
MA0GCSqGSIb3DQEBCwUAA4IBAQC5pI/Hv7FpkOBbMw7/posM+H9IHie4DRN+WTt+
U6azOmPmnCONb6J5SZliUu76uUWiFKsotNc/Egnc+fZqnaGZyQCweePvbMi7kKnU
olGSWnDZKfM99lamn8CvHPJ2OaxdMgArgEnEKAf5KL1K1e96SEBQ2exoznJ/xxlH
RPChHHIzMFULDc7jqzmljPrE4Sk+AuntUKjlzvel8sGYknG0cplNoHxcyvn+SM6h
efExeDYjShxzKgm0McW4c5WAc6+dfl/rDwdGMF2AJmLSxrhqJsF8YySPYz/pOkPl
aIHrSyZEyK4HSkZRtaA73ubcITFcKuEAgijnYUbcZo7/pR/8
-----END CERTIFICATE-----
Generated at Tue Oct 28 04:11:19 2025 by rpki-client