Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/8b578938-3dca-4d72-8385-f8a93e508377.roa
File: 8b578938-3dca-4d72-8385-f8a93e508377.roa (raw, json)
Hash identifier: +uIwwSVKVlngY3+89DBAcI+XP9YZG8DFS+yazsIkuWk=
Subject key identifier: 60:87:01:9B:28:22:D1:1E:3E:43:DA:C7:DE:8E:A1:7B:0A:8F:6D:C0
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 54B113E891B38D1A7A5EF4130B5BC727055EA4D0
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/8b578938-3dca-4d72-8385-f8a93e508377.roa
Signing time: Tue 21 Oct 2025 14:10:06 +0000
ROA not before: Tue 21 Oct 2025 14:10:06 +0000
ROA not after: Tue 25 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d019:400::/38 maxlen: 38
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 29 Oct 2025 00:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
54:b1:13:e8:91:b3:8d:1a:7a:5e:f4:13:0b:5b:c7:27:05:5e:a4:d0
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Oct 21 14:10:06 2025 GMT
Not After : Nov 25 23:59:59 2025 GMT
Subject: serialNumber=74c351ae0531c4f3c9909fbe7ae57e9c34b6b5cc41da3f455576da4eba5527f4, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:92:22:51:6f:12:74:e1:c2:41:98:ca:4d:91:8f:
0d:d7:8e:f9:2a:fe:2e:3c:4d:03:ce:f8:39:62:ea:
82:1b:b5:03:1a:dc:34:48:2f:41:70:bc:d3:41:89:
b5:de:bf:35:53:da:de:e7:6d:34:93:eb:cc:95:39:
a5:5c:82:ae:9d:66:7f:fc:34:73:16:8a:ea:dd:76:
67:89:d1:8c:12:b0:40:61:53:aa:c1:bd:30:59:f1:
0e:4f:7c:f5:b9:83:30:58:29:f9:17:3d:2a:70:58:
62:da:ec:40:b8:4b:69:5a:0b:a1:29:df:a1:c1:cc:
1b:03:c3:88:a4:30:6f:4e:63:7e:fc:f4:0a:23:ce:
4d:50:25:b4:be:42:6c:d5:81:c6:4e:66:9e:23:a4:
a3:2a:09:1d:6a:e1:3b:6d:e3:e9:8f:dc:19:17:9c:
1b:a3:67:1f:a7:58:d4:72:54:c6:e6:7c:a8:2b:4c:
9a:9c:c0:0e:6d:6b:29:63:ed:d0:91:c1:cd:54:ba:
d6:89:7d:53:e7:47:bd:1d:4f:1a:68:04:5c:11:6c:
d5:eb:fe:6b:aa:ae:bb:76:55:b8:9c:00:82:ca:76:
c3:c7:a1:39:a6:cb:d8:fb:21:01:78:94:53:d5:f3:
27:89:fe:bd:1f:9b:07:d3:82:4c:ab:3e:8c:23:de:
2a:2d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
60:87:01:9B:28:22:D1:1E:3E:43:DA:C7:DE:8E:A1:7B:0A:8F:6D:C0
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/8b578938-3dca-4d72-8385-f8a93e508377.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d019:400::/38
Signature Algorithm: sha256WithRSAEncryption
02:c6:72:9e:e5:de:0e:35:1c:17:c8:25:48:b8:7a:28:68:8a:
aa:8d:b0:dc:16:16:47:ca:e7:08:7a:20:96:21:01:4c:95:aa:
cb:1a:05:27:27:42:d9:48:76:bb:30:83:96:16:34:10:c2:69:
60:03:c4:50:50:ca:37:28:18:02:8a:02:b0:13:93:a2:78:84:
b1:8f:21:cb:e2:10:53:b3:a9:39:37:8d:06:a0:5c:cc:ef:25:
6b:d4:9b:44:97:ea:de:8a:1c:73:22:2a:b3:e1:9d:73:44:09:
17:68:fe:82:2d:84:14:9b:af:ce:4f:6a:7a:2b:1d:9d:b5:ae:
fa:a3:36:c5:a9:e7:f0:50:a2:8c:27:04:bc:89:68:a3:d0:b1:
d0:f2:9e:9f:47:35:eb:45:6c:81:1f:90:d4:20:32:e7:91:2f:
2a:51:c7:5f:f6:39:b4:99:8d:d1:fa:6b:87:11:dc:77:48:d7:
9e:9d:12:e1:b2:c9:99:65:fe:49:11:96:0f:1b:bf:63:3c:ea:
7f:5c:1b:ae:3f:d4:2e:54:62:f5:72:cd:76:6c:0c:35:7f:4c:
63:b2:5a:50:6a:1a:f4:20:13:3c:1a:71:e7:42:5c:10:d4:2c:
01:69:86:83:5a:43:7a:47:19:cb:e4:3a:8c:d1:c9:7b:3f:e0:
c6:69:06:2e
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUVLET6JGzjRp6XvQTC1vHJwVepNAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMjExNDEwMDZaFw0yNTExMjUyMzU5NTlaMHoxSTBHBgNV
BAUTQDc0YzM1MWFlMDUzMWM0ZjNjOTkwOWZiZTdhZTU3ZTljMzRiNmI1Y2M0MWRh
M2Y0NTU1NzZkYTRlYmE1NTI3ZjQxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJIiUW8SdOHCQZjKTZGPDdeO+Sr+LjxNA874OWLqghu1AxrcNEgvQXC800GJ
td6/NVPa3udtNJPrzJU5pVyCrp1mf/w0cxaK6t12Z4nRjBKwQGFTqsG9MFnxDk98
9bmDMFgp+Rc9KnBYYtrsQLhLaVoLoSnfocHMGwPDiKQwb05jfvz0CiPOTVAltL5C
bNWBxk5mniOkoyoJHWrhO23j6Y/cGRecG6NnH6dY1HJUxuZ8qCtMmpzADm1rKWPt
0JHBzVS61ol9U+dHvR1PGmgEXBFs1ev+a6quu3ZVuJwAgsp2w8ehOabL2PshAXiU
U9XzJ4n+vR+bB9OCTKs+jCPeKi0CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBRghwGb
KCLRHj5D2sfejqF7Co9twDAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
OGI1Nzg5MzgtM2RjYS00ZDcyLTgzODUtZjhhOTNlNTA4Mzc3LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGAioF0BkE
MA0GCSqGSIb3DQEBCwUAA4IBAQACxnKe5d4ONRwXyCVIuHooaIqqjbDcFhZHyucI
eiCWIQFMlarLGgUnJ0LZSHa7MIOWFjQQwmlgA8RQUMo3KBgCigKwE5OieISxjyHL
4hBTs6k5N40GoFzM7yVr1JtEl+reihxzIiqz4Z1zRAkXaP6CLYQUm6/OT2p6Kx2d
ta76ozbFqefwUKKMJwS8iWij0LHQ8p6fRzXrRWyBH5DUIDLnkS8qUcdf9jm0mY3R
+muHEdx3SNeenRLhssmZZf5JEZYPG79jPOp/XBuuP9QuVGL1cs12bAw1f0xjslpQ
ahr0IBM8GnHnQlwQ1CwBaYaDWkN6RxnL5DqM0cl7P+DGaQYu
-----END CERTIFICATE-----
Generated at Tue Oct 28 04:21:12 2025 by rpki-client