Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/8b940c44-168e-4976-b17d-778e9341611b.roa
File: 8b940c44-168e-4976-b17d-778e9341611b.roa (raw, json)
Hash identifier: nNl2Phb/9fxBbY/wqxq8U5EFMZKDHU4/K11wpGQTBsQ=
Subject key identifier: 24:54:E2:D7:88:2F:98:57:F0:28:A3:55:74:7A:F8:A0:98:F2:09:F5
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 2F5A1C383F5CF2C003A0047AD75CFC7B6647995F
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/8b940c44-168e-4976-b17d-778e9341611b.roa
Signing time: Tue 21 Oct 2025 14:31:08 +0000
ROA not before: Tue 21 Oct 2025 14:31:08 +0000
ROA not after: Tue 25 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d000:1080::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 29 Oct 2025 00:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
2f:5a:1c:38:3f:5c:f2:c0:03:a0:04:7a:d7:5c:fc:7b:66:47:99:5f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Oct 21 14:31:08 2025 GMT
Not After : Nov 25 23:59:59 2025 GMT
Subject: serialNumber=c12c8b87183c1c712afc10b4e08c15764cbbb38b6d9e638af812ae3df147adc4, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bf:0a:cc:07:09:72:64:46:00:fd:e2:0a:bd:8f:
1e:50:da:af:56:3b:f4:99:7a:9e:0f:ce:41:20:40:
0b:e5:4e:88:c3:6b:f2:3e:45:a4:67:d0:a0:39:20:
0f:82:95:3f:47:c0:66:66:ab:c5:92:2e:38:32:be:
4f:a7:1c:8c:08:92:71:57:a5:d9:22:f9:c8:bc:cc:
b9:17:f0:5d:c0:dd:5c:5a:6a:e0:af:16:f1:eb:11:
2d:8d:e5:42:62:50:54:e2:04:a0:9a:3f:2d:94:ef:
5e:b8:d7:49:e4:f0:e5:99:58:91:5e:bc:7d:7d:60:
45:c5:5e:cd:8c:73:ae:e2:c9:20:df:27:82:da:8e:
55:ca:b9:9b:7d:9b:15:2a:21:9e:db:43:d5:8e:ff:
12:60:8f:da:27:9c:22:39:73:d2:9a:8f:b9:09:45:
25:01:f9:ca:f2:db:f7:17:ac:70:c1:98:98:af:d7:
7e:22:65:42:76:dd:2c:42:af:a2:99:4a:89:c8:34:
bc:b8:cc:bd:4d:a4:8d:fa:8d:b0:96:b8:44:38:a3:
3a:71:82:42:e7:7a:aa:99:0f:66:09:e6:7c:60:06:
2a:6e:21:8d:30:f2:52:eb:fd:4b:83:90:ea:19:6c:
3f:e5:c8:26:7c:22:04:54:fe:4c:8a:ed:39:ab:b8:
83:9b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
24:54:E2:D7:88:2F:98:57:F0:28:A3:55:74:7A:F8:A0:98:F2:09:F5
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/8b940c44-168e-4976-b17d-778e9341611b.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d000:1080::/48
Signature Algorithm: sha256WithRSAEncryption
00:1c:94:30:54:5b:96:36:f4:24:03:56:11:23:67:c1:06:d5:
17:08:e2:43:85:f0:0f:29:d6:7a:e3:c1:c1:f7:23:19:81:76:
72:fe:e3:c4:43:17:ac:06:0e:30:23:95:f9:75:9f:b4:83:3e:
f8:d2:43:f1:ed:21:85:13:d1:ef:92:d1:4e:f0:ac:f4:7e:e6:
83:3e:fd:3e:b5:f3:3a:9c:0e:a9:84:d6:c4:22:15:62:4e:4e:
fd:93:79:7e:09:aa:da:e6:4f:40:48:0f:94:0f:1e:06:ad:9c:
0c:88:f7:07:f2:73:63:2a:cd:ab:15:40:5a:ed:ed:a0:d2:b8:
af:ed:8d:a9:4e:a0:24:9d:e3:15:98:10:81:1e:17:8f:ef:62:
f2:a7:e8:84:5c:ef:cb:1a:48:d6:49:35:b5:57:26:d1:e5:84:
e7:92:51:95:2e:29:d9:d5:56:13:43:90:07:72:22:9c:2c:8d:
50:5b:08:ec:fd:17:47:d3:df:b4:bf:5e:1b:55:7d:95:16:75:
33:a4:47:35:5a:ff:16:da:ba:24:3d:da:ce:a5:09:84:20:04:
2f:4f:32:25:65:cf:24:9e:5b:2b:32:f9:d3:24:01:15:5b:4c:
1b:aa:70:c9:3a:dd:7a:13:27:a8:c1:78:39:5e:d9:68:d4:b3:
77:26:12:de
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUL1ocOD9c8sADoAR611z8e2ZHmV8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMjExNDMxMDhaFw0yNTExMjUyMzU5NTlaMHoxSTBHBgNV
BAUTQGMxMmM4Yjg3MTgzYzFjNzEyYWZjMTBiNGUwOGMxNTc2NGNiYmIzOGI2ZDll
NjM4YWY4MTJhZTNkZjE0N2FkYzQxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAL8KzAcJcmRGAP3iCr2PHlDar1Y79Jl6ng/OQSBAC+VOiMNr8j5FpGfQoDkg
D4KVP0fAZmarxZIuODK+T6ccjAiScVel2SL5yLzMuRfwXcDdXFpq4K8W8esRLY3l
QmJQVOIEoJo/LZTvXrjXSeTw5ZlYkV68fX1gRcVezYxzruLJIN8ngtqOVcq5m32b
FSohnttD1Y7/EmCP2iecIjlz0pqPuQlFJQH5yvLb9xescMGYmK/XfiJlQnbdLEKv
oplKicg0vLjMvU2kjfqNsJa4RDijOnGCQud6qpkPZgnmfGAGKm4hjTDyUuv9S4OQ
6hlsP+XIJnwiBFT+TIrtOau4g5sCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBQkVOLX
iC+YV/Aoo1V0evigmPIJ9TAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
OGI5NDBjNDQtMTY4ZS00OTc2LWIxN2QtNzc4ZTkzNDE2MTFiLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0AAQ
gDANBgkqhkiG9w0BAQsFAAOCAQEAAByUMFRbljb0JANWESNnwQbVFwjiQ4XwDynW
euPBwfcjGYF2cv7jxEMXrAYOMCOV+XWftIM++NJD8e0hhRPR75LRTvCs9H7mgz79
PrXzOpwOqYTWxCIVYk5O/ZN5fgmq2uZPQEgPlA8eBq2cDIj3B/JzYyrNqxVAWu3t
oNK4r+2NqU6gJJ3jFZgQgR4Xj+9i8qfohFzvyxpI1kk1tVcm0eWE55JRlS4p2dVW
E0OQB3IinCyNUFsI7P0XR9PftL9eG1V9lRZ1M6RHNVr/Ftq6JD3azqUJhCAEL08y
JWXPJJ5bKzL50yQBFVtMG6pwyTrdehMnqMF4OV7ZaNSzdyYS3g==
-----END CERTIFICATE-----
Generated at Tue Oct 28 04:19:38 2025 by rpki-client