Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/8dc7d5ba-b1e9-4c1c-a190-214731b71b49.roa
File: 8dc7d5ba-b1e9-4c1c-a190-214731b71b49.roa (raw, json)
Hash identifier: cU/obe98qV33bR1i3rGbqbpslUV3wboGFlFW11WYOfY=
Subject key identifier: C3:CB:70:23:0E:59:CE:3C:83:6C:2E:BF:70:56:41:BB:5C:27:67:23
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 0980553A0A08BCB01FCCEA12C750A2B3AD3826B7
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/8dc7d5ba-b1e9-4c1c-a190-214731b71b49.roa
Signing time: Tue 21 Oct 2025 14:00:55 +0000
ROA not before: Tue 21 Oct 2025 14:00:55 +0000
ROA not after: Tue 25 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d036:e000::/40 maxlen: 40
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 28 Oct 2025 21:56:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
09:80:55:3a:0a:08:bc:b0:1f:cc:ea:12:c7:50:a2:b3:ad:38:26:b7
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Oct 21 14:00:55 2025 GMT
Not After : Nov 25 23:59:59 2025 GMT
Subject: serialNumber=d438c4453d0c3a06481677c18086dfe2e13b3660995554e8c4d06ae89484289e, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d6:0f:94:b0:51:7b:fd:bf:07:bf:d5:ef:00:c2:
8e:df:4e:03:ea:24:eb:f9:7b:98:40:de:3e:bb:dc:
10:c1:cf:b1:ce:c1:69:73:d9:0f:2e:74:78:a5:e8:
73:2d:68:e2:ba:0a:59:fe:6a:42:02:99:5d:19:61:
eb:b7:d9:b2:d9:fa:8a:ac:77:2c:27:73:9c:3e:16:
f5:c7:ff:8e:9a:a6:fb:a7:e1:68:9c:72:cd:1d:95:
ca:df:f4:15:dc:c6:ae:8d:7b:40:85:79:e2:27:ce:
1c:df:73:e7:d5:8a:9c:61:cd:9b:fe:24:6a:83:d7:
2a:98:97:6a:00:50:e7:18:ef:ae:b4:d1:19:b3:fd:
c0:3c:f3:47:ed:e7:6b:8f:8c:22:2f:ed:14:b9:bb:
e8:ed:06:ca:2c:f8:9f:4e:e8:9a:d9:72:5a:8a:eb:
8a:fa:cc:00:41:d3:ea:70:0c:74:09:43:a9:9b:d0:
49:98:b6:95:20:3e:23:e0:b3:4c:86:a1:40:ff:1a:
7e:25:dc:36:f8:37:70:4b:90:04:78:ca:38:7b:52:
a8:b8:76:7c:8d:7d:6d:b6:90:b0:e2:89:08:31:f5:
72:19:9b:a5:3f:8c:96:79:08:56:f0:2f:25:9d:e9:
ab:ae:6a:a5:fe:f0:dd:f0:61:5e:77:b5:a9:ff:ef:
a6:d1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C3:CB:70:23:0E:59:CE:3C:83:6C:2E:BF:70:56:41:BB:5C:27:67:23
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/8dc7d5ba-b1e9-4c1c-a190-214731b71b49.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d036:e000::/40
Signature Algorithm: sha256WithRSAEncryption
0b:15:b2:04:54:1e:fa:16:b2:dc:42:05:58:54:85:31:cd:95:
64:24:15:f0:c3:a7:bf:0d:1e:67:f5:38:d0:a9:65:a0:49:57:
07:d7:ed:ff:f7:be:b6:80:03:e1:e1:9a:e3:27:b5:95:0a:1c:
df:37:3c:d4:89:e1:3f:7b:27:b5:0b:3e:16:f4:f8:1d:c5:ac:
fc:9e:d5:55:8e:64:9d:58:05:3d:42:89:e4:0a:03:87:f0:b1:
d3:fb:1c:9d:5b:9f:66:9d:5b:71:df:89:b7:8e:c4:79:f3:9a:
32:fe:83:10:2a:d3:9f:70:a6:5d:5f:c7:c8:57:df:b1:66:da:
72:1a:72:aa:a9:25:3e:8a:c5:34:90:0d:22:e7:91:06:2a:7e:
f8:dc:fd:2f:9e:b1:33:5f:b6:a2:2c:ec:75:e7:ff:86:93:69:
6c:5d:16:b4:86:ab:64:cb:35:cb:3f:da:53:9c:3d:c3:26:6d:
e9:b2:14:17:f5:70:8f:9c:0a:5d:15:25:25:f2:77:e6:86:00:
da:03:ab:fe:91:a5:70:9f:5d:6f:76:aa:52:b9:6f:41:89:1d:
fc:3a:f6:26:64:d1:cc:03:ab:54:e2:da:c7:8b:7a:d8:50:1d:
96:35:64:7a:f4:bd:9d:39:22:b6:6f:ad:f8:e4:a8:73:ff:48:
e3:2f:96:df
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUCYBVOgoIvLAfzOoSx1Cis604JrcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMjExNDAwNTVaFw0yNTExMjUyMzU5NTlaMHoxSTBHBgNV
BAUTQGQ0MzhjNDQ1M2QwYzNhMDY0ODE2NzdjMTgwODZkZmUyZTEzYjM2NjA5OTU1
NTRlOGM0ZDA2YWU4OTQ4NDI4OWUxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANYPlLBRe/2/B7/V7wDCjt9OA+ok6/l7mEDePrvcEMHPsc7BaXPZDy50eKXo
cy1o4roKWf5qQgKZXRlh67fZstn6iqx3LCdznD4W9cf/jpqm+6fhaJxyzR2Vyt/0
FdzGro17QIV54ifOHN9z59WKnGHNm/4kaoPXKpiXagBQ5xjvrrTRGbP9wDzzR+3n
a4+MIi/tFLm76O0Gyiz4n07omtlyWorrivrMAEHT6nAMdAlDqZvQSZi2lSA+I+Cz
TIahQP8afiXcNvg3cEuQBHjKOHtSqLh2fI19bbaQsOKJCDH1chmbpT+MlnkIVvAv
JZ3pq65qpf7w3fBhXne1qf/vptECAwEAAaOCAiMwggIfMB0GA1UdDgQWBBTDy3Aj
DlnOPINsLr9wVkG7XCdnIzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
OGRjN2Q1YmEtYjFlOS00YzFjLWExOTAtMjE0NzMxYjcxYjQ5LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0Dbg
MA0GCSqGSIb3DQEBCwUAA4IBAQALFbIEVB76FrLcQgVYVIUxzZVkJBXww6e/DR5n
9TjQqWWgSVcH1+3/9762gAPh4ZrjJ7WVChzfNzzUieE/eye1Cz4W9Pgdxaz8ntVV
jmSdWAU9QonkCgOH8LHT+xydW59mnVtx34m3jsR585oy/oMQKtOfcKZdX8fIV9+x
ZtpyGnKqqSU+isU0kA0i55EGKn743P0vnrEzX7aiLOx15/+Gk2lsXRa0hqtkyzXL
P9pTnD3DJm3pshQX9XCPnApdFSUl8nfmhgDaA6v+kaVwn11vdqpSuW9BiR38OvYm
ZNHMA6tU4trHi3rYUB2WNWR69L2dOSK2b6345Khz/0jjL5bf
-----END CERTIFICATE-----
Generated at Tue Oct 28 04:11:10 2025 by rpki-client