Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/8e4adf38-a007-4c0e-8621-1e65a160ad12.roa
File: 8e4adf38-a007-4c0e-8621-1e65a160ad12.roa (raw, json)
Hash identifier: J4QV00XZXqAvxRHyFHi5gp+BBcE/Dqq3y/Z6rAElSFA=
Subject key identifier: D5:0A:C0:27:D5:28:11:82:DC:AB:A8:24:8F:3A:42:71:90:8E:EA:9B
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 197BCA8759F68095F988DB5EAE8D9C770EA3846C
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/8e4adf38-a007-4c0e-8621-1e65a160ad12.roa
Signing time: Tue 21 Oct 2025 13:41:18 +0000
ROA not before: Tue 21 Oct 2025 13:41:18 +0000
ROA not after: Tue 25 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d07f:2000::/40 maxlen: 40
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 29 Oct 2025 00:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
19:7b:ca:87:59:f6:80:95:f9:88:db:5e:ae:8d:9c:77:0e:a3:84:6c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Oct 21 13:41:18 2025 GMT
Not After : Nov 25 23:59:59 2025 GMT
Subject: serialNumber=75e5c0b257d782dc419da3ea824c00140bb19cfe11d60d44cc4c9a76ac78efca, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b3:11:ed:cd:32:d2:7b:be:17:c2:02:01:f3:11:
ae:9c:47:70:1d:db:95:f2:33:b0:2e:25:41:5e:93:
77:4c:05:87:64:06:8e:1d:60:24:06:fa:6d:67:43:
4b:3f:06:ec:24:c5:d0:67:96:9e:7b:08:de:4a:50:
84:ae:7d:8c:5c:27:c4:51:31:a7:90:9d:4d:66:5a:
6f:48:83:f9:c0:81:d3:27:67:61:80:3c:7e:6b:fd:
fc:eb:b9:ff:08:a4:01:05:2c:bd:58:10:6a:e5:ec:
25:4e:7a:8b:02:b1:0e:f4:95:c6:aa:d9:59:c6:8f:
d0:46:de:3f:36:42:44:d2:78:df:98:20:22:18:4a:
1a:86:f4:e2:e8:76:21:6f:02:3b:e1:fe:ba:d8:ec:
f1:2c:10:df:b2:42:9c:f7:e9:c7:ef:76:d4:4c:60:
4d:19:4c:86:11:a9:b6:ec:81:db:da:6c:e3:e9:ac:
ad:64:89:0b:06:29:62:06:de:81:61:d7:e7:cf:c0:
6f:62:6a:06:82:d0:7b:db:6c:aa:c8:ee:8c:f2:40:
14:29:87:c4:ef:63:26:71:97:3d:f7:57:44:99:8a:
18:97:f3:b7:4f:67:6b:5c:c2:7b:12:2a:63:a9:e0:
ad:41:6b:f9:fa:ef:0c:c1:a6:0f:f9:51:17:74:72:
ad:41
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D5:0A:C0:27:D5:28:11:82:DC:AB:A8:24:8F:3A:42:71:90:8E:EA:9B
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/8e4adf38-a007-4c0e-8621-1e65a160ad12.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d07f:2000::/40
Signature Algorithm: sha256WithRSAEncryption
93:02:67:71:ef:ab:0d:c6:24:65:0a:69:4c:f8:cf:0f:ee:1c:
3d:da:04:f7:ed:ff:41:03:30:d5:fb:a6:d3:b8:dd:0d:0a:c3:
d1:5c:d8:73:16:c1:64:43:be:f5:bf:f1:da:08:2a:ff:02:d0:
02:ee:75:4d:53:11:a3:e4:49:3b:54:99:cf:83:83:0b:da:43:
7e:1e:b2:05:51:c7:a1:92:ff:11:3b:3e:fd:83:13:5a:9a:23:
3e:f7:7c:7a:ba:c7:7e:66:57:86:e3:26:ac:17:c2:9b:c1:33:
8b:e1:03:84:1e:b5:fb:a8:dc:5e:b4:6d:1b:cf:d5:85:c4:8e:
25:7f:2e:ce:a7:49:da:c8:e4:7a:6e:6b:dd:19:1b:3b:78:7b:
72:d7:a4:f6:59:2c:d7:f4:17:16:7a:6e:06:59:1b:93:26:0c:
b9:4a:ee:6a:0d:20:e6:56:c8:e9:c7:57:c3:0d:69:c7:30:43:
aa:f4:59:70:e9:c5:d3:3c:19:46:ca:22:cf:2c:31:35:e6:c1:
7c:a1:8e:a8:c3:22:2b:20:1b:84:74:73:13:42:1e:b5:aa:da:
52:82:6b:99:37:2e:76:01:e0:74:f4:fa:79:e4:91:03:fd:60:
13:38:1d:88:b9:1b:a0:71:d1:9a:a4:12:a0:10:af:cd:fb:9c:
6a:33:4a:b6
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUGXvKh1n2gJX5iNtero2cdw6jhGwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMjExMzQxMThaFw0yNTExMjUyMzU5NTlaMHoxSTBHBgNV
BAUTQDc1ZTVjMGIyNTdkNzgyZGM0MTlkYTNlYTgyNGMwMDE0MGJiMTljZmUxMWQ2
MGQ0NGNjNGM5YTc2YWM3OGVmY2ExLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALMR7c0y0nu+F8ICAfMRrpxHcB3blfIzsC4lQV6Td0wFh2QGjh1gJAb6bWdD
Sz8G7CTF0GeWnnsI3kpQhK59jFwnxFExp5CdTWZab0iD+cCB0ydnYYA8fmv9/Ou5
/wikAQUsvVgQauXsJU56iwKxDvSVxqrZWcaP0EbePzZCRNJ435ggIhhKGob04uh2
IW8CO+H+utjs8SwQ37JCnPfpx+921ExgTRlMhhGptuyB29ps4+msrWSJCwYpYgbe
gWHX58/Ab2JqBoLQe9tsqsjujPJAFCmHxO9jJnGXPfdXRJmKGJfzt09na1zCexIq
Y6ngrUFr+frvDMGmD/lRF3RyrUECAwEAAaOCAiMwggIfMB0GA1UdDgQWBBTVCsAn
1SgRgtyrqCSPOkJxkI7qmzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
OGU0YWRmMzgtYTAwNy00YzBlLTg2MjEtMWU2NWExNjBhZDEyLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0H8g
MA0GCSqGSIb3DQEBCwUAA4IBAQCTAmdx76sNxiRlCmlM+M8P7hw92gT37f9BAzDV
+6bTuN0NCsPRXNhzFsFkQ771v/HaCCr/AtAC7nVNUxGj5Ek7VJnPg4ML2kN+HrIF
Ucehkv8ROz79gxNamiM+93x6usd+ZleG4yasF8KbwTOL4QOEHrX7qNxetG0bz9WF
xI4lfy7Op0nayOR6bmvdGRs7eHty16T2WSzX9BcWem4GWRuTJgy5Su5qDSDmVsjp
x1fDDWnHMEOq9Flw6cXTPBlGyiLPLDE15sF8oY6owyIrIBuEdHMTQh61qtpSgmuZ
Ny52AeB09Pp55JED/WATOB2IuRugcdGapBKgEK/N+5xqM0q2
-----END CERTIFICATE-----
Generated at Tue Oct 28 04:12:02 2025 by rpki-client