Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/8ca5077b-0987-4a65-b8ff-a1e27f76cd1a.roa
File: 8ca5077b-0987-4a65-b8ff-a1e27f76cd1a.roa (raw, json)
Hash identifier: Qo0zyqfQgx8gyvMot3To46Zhp6oZUPjb+1a101x4w0A=
Subject key identifier: 85:40:3D:4B:76:29:87:96:92:CB:8A:69:04:AD:4A:02:FC:89:52:EE
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 6DC9A75046F871FC6E6E09E72C8CFF99EB90E253
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/8ca5077b-0987-4a65-b8ff-a1e27f76cd1a.roa
Signing time: Tue 21 Oct 2025 13:40:47 +0000
ROA not before: Tue 21 Oct 2025 13:40:47 +0000
ROA not after: Tue 25 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d01a:800::/38 maxlen: 38
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 29 Oct 2025 00:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
6d:c9:a7:50:46:f8:71:fc:6e:6e:09:e7:2c:8c:ff:99:eb:90:e2:53
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Oct 21 13:40:47 2025 GMT
Not After : Nov 25 23:59:59 2025 GMT
Subject: serialNumber=c36ff118c4cea82859713fdce9f0d748445426c0dfb64fe7d882c298e8730400, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:dc:a7:04:55:60:b4:f3:57:bd:d5:f2:8f:04:82:
32:f1:c8:51:32:be:2d:63:79:30:f3:a5:5d:31:ac:
85:27:b6:7e:7c:81:8c:b0:f4:0a:2e:13:60:14:7b:
91:90:5a:52:83:a4:c2:1d:ae:cb:3a:c1:61:3c:25:
88:09:01:a8:81:7d:1d:fe:36:c6:93:f5:43:6a:06:
6a:26:93:33:60:b8:e2:46:63:f4:8c:c7:f5:79:e1:
08:41:ba:a1:85:2e:c3:20:72:34:e1:bf:45:f4:5d:
88:fb:e6:96:d4:43:af:72:70:fb:c1:65:b2:a6:2f:
9b:93:34:b4:f1:df:1e:87:41:d1:90:a2:62:07:be:
1d:1a:56:9c:ed:f4:63:b9:93:4d:f3:3b:d7:67:04:
a3:0b:7a:52:ef:25:ba:66:2c:a9:e7:a2:c6:21:94:
79:04:ba:bc:ab:b4:1b:04:2d:53:ed:05:dd:9a:b1:
15:5c:93:fe:04:3d:c0:b1:af:33:66:2a:f9:81:6c:
a1:0e:61:34:a9:54:25:55:b7:6a:b7:ee:c7:1d:67:
6a:8a:a0:c8:bc:cd:93:82:de:e0:eb:f6:2e:ad:3b:
26:f0:43:9a:c4:48:e8:56:51:2e:d6:c8:94:25:16:
df:80:e8:27:95:16:9e:66:4d:2f:4d:94:89:1a:3d:
e5:4d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
85:40:3D:4B:76:29:87:96:92:CB:8A:69:04:AD:4A:02:FC:89:52:EE
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/8ca5077b-0987-4a65-b8ff-a1e27f76cd1a.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d01a:800::/38
Signature Algorithm: sha256WithRSAEncryption
69:b8:6d:8d:10:2a:6d:8c:5d:03:df:bc:22:66:d7:ed:a2:90:
76:77:8e:dd:76:33:16:e0:0e:62:84:bb:63:0f:d8:dc:e9:0b:
17:75:27:3a:fa:dd:a4:8c:00:95:a3:60:f6:e4:49:8e:d1:5e:
2a:7f:00:13:b3:16:39:d0:60:64:c7:a1:24:da:f9:97:2d:be:
0d:35:37:03:f2:4e:e3:d9:a6:d7:c3:19:44:5b:0a:d4:1a:4b:
cf:99:47:dd:fc:fd:1b:49:18:03:76:17:91:07:db:53:09:ac:
e9:2b:15:74:97:4f:f9:44:18:3a:c9:21:7c:b9:b2:de:1c:3b:
bd:fe:83:cf:40:5d:4f:a7:b4:c0:fd:55:b6:bc:0b:a3:88:fd:
46:68:56:47:32:a7:c7:2c:eb:0d:8c:a3:72:e6:f3:d9:b8:18:
48:c3:3a:80:84:5b:9b:6e:03:69:09:5a:02:7f:da:ba:d1:07:
16:f1:bf:ee:6f:fc:ef:09:4e:95:2f:db:15:ad:1d:ca:ad:fc:
55:1d:bc:a5:31:1d:bf:73:24:fe:fd:0f:ab:38:b9:68:d4:51:
53:46:f5:21:4f:09:92:9c:8f:b7:e8:46:c7:2f:34:f2:8a:8f:
29:32:de:a0:69:c0:cc:f5:1d:cb:23:ca:71:32:93:33:1b:ea:
37:5f:05:63
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUbcmnUEb4cfxubgnnLIz/meuQ4lMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMjExMzQwNDdaFw0yNTExMjUyMzU5NTlaMHoxSTBHBgNV
BAUTQGMzNmZmMTE4YzRjZWE4Mjg1OTcxM2ZkY2U5ZjBkNzQ4NDQ1NDI2YzBkZmI2
NGZlN2Q4ODJjMjk4ZTg3MzA0MDAxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANynBFVgtPNXvdXyjwSCMvHIUTK+LWN5MPOlXTGshSe2fnyBjLD0Ci4TYBR7
kZBaUoOkwh2uyzrBYTwliAkBqIF9Hf42xpP1Q2oGaiaTM2C44kZj9IzH9XnhCEG6
oYUuwyByNOG/RfRdiPvmltRDr3Jw+8FlsqYvm5M0tPHfHodB0ZCiYge+HRpWnO30
Y7mTTfM712cEowt6Uu8lumYsqeeixiGUeQS6vKu0GwQtU+0F3ZqxFVyT/gQ9wLGv
M2Yq+YFsoQ5hNKlUJVW3arfuxx1naoqgyLzNk4Le4Ov2Lq07JvBDmsRI6FZRLtbI
lCUW34DoJ5UWnmZNL02UiRo95U0CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBSFQD1L
dimHlpLLimkErUoC/IlS7jAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
OGNhNTA3N2ItMDk4Ny00YTY1LWI4ZmYtYTFlMjdmNzZjZDFhLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGAioF0BoI
MA0GCSqGSIb3DQEBCwUAA4IBAQBpuG2NECptjF0D37wiZtftopB2d47ddjMW4A5i
hLtjD9jc6QsXdSc6+t2kjACVo2D25EmO0V4qfwATsxY50GBkx6Ek2vmXLb4NNTcD
8k7j2abXwxlEWwrUGkvPmUfd/P0bSRgDdheRB9tTCazpKxV0l0/5RBg6ySF8ubLe
HDu9/oPPQF1Pp7TA/VW2vAujiP1GaFZHMqfHLOsNjKNy5vPZuBhIwzqAhFubbgNp
CVoCf9q60QcW8b/ub/zvCU6VL9sVrR3KrfxVHbylMR2/cyT+/Q+rOLlo1FFTRvUh
TwmSnI+36EbHLzTyio8pMt6gacDM9R3LI8pxMpMzG+o3XwVj
-----END CERTIFICATE-----
Generated at Tue Oct 28 04:19:37 2025 by rpki-client