Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/904a13d7-baa1-4bc7-b805-601d0b998680.roa
File: 904a13d7-baa1-4bc7-b805-601d0b998680.roa (raw, json)
Hash identifier: o+hcKaCPIzJr3lv9RMY6OHvQlMIO4+5NO8UpgsBOllo=
Subject key identifier: 79:EA:29:28:B3:44:76:7B:FF:39:E4:2E:1E:19:A2:E8:83:93:36:1D
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 2A17235CAC02B2B88F87BC1A10B4B8E25656ABA5
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/904a13d7-baa1-4bc7-b805-601d0b998680.roa
Signing time: Tue 21 Oct 2025 13:50:58 +0000
ROA not before: Tue 21 Oct 2025 13:50:58 +0000
ROA not after: Tue 25 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d050:8000::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 29 Oct 2025 00:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
2a:17:23:5c:ac:02:b2:b8:8f:87:bc:1a:10:b4:b8:e2:56:56:ab:a5
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Oct 21 13:50:58 2025 GMT
Not After : Nov 25 23:59:59 2025 GMT
Subject: serialNumber=3cc5c0b6973e24461946ec0a02d1085578773440bf836fece6e083e3232b6481, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:92:be:6f:44:f5:f7:1a:11:49:bd:ad:76:fc:e5:
e4:f3:a2:48:12:58:97:13:28:7b:d0:c9:d2:03:9e:
a3:25:55:08:3b:3d:66:b0:c5:2f:8b:63:c7:81:74:
81:6a:40:eb:ad:f2:35:4f:f6:a1:b2:e5:0e:24:b9:
21:c0:58:15:08:bf:6a:63:1e:e1:7a:41:3f:6d:8f:
0f:90:48:e9:fe:d5:d7:27:8f:06:a6:08:ca:24:0f:
fa:df:27:4f:e6:1a:e7:a9:ea:49:85:4b:26:8c:85:
ed:e3:b5:b2:4e:71:3b:5f:9c:4a:c9:11:a1:33:37:
a4:1c:2c:52:b4:6b:7a:2a:4f:a1:6e:2d:47:f2:09:
87:f4:2b:f3:23:91:86:80:21:31:d5:f2:51:51:23:
e4:ea:e3:bd:4e:ef:d9:19:39:dd:38:fc:22:c1:ba:
b4:7b:37:c2:86:69:fc:65:b7:5e:d4:26:76:1b:05:
c8:97:6a:ff:84:26:38:a8:7a:5a:71:63:6f:f1:99:
56:55:af:5d:db:04:2a:8f:94:96:d9:1d:5f:8e:9e:
72:ca:fa:6f:02:43:33:6a:03:fd:82:52:d1:c2:c5:
51:40:2a:7c:14:0c:ab:70:07:38:a4:6c:d8:3b:5c:
2f:35:67:84:0d:e3:45:4a:d0:fc:49:f1:4a:e1:c2:
e6:b1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
79:EA:29:28:B3:44:76:7B:FF:39:E4:2E:1E:19:A2:E8:83:93:36:1D
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/904a13d7-baa1-4bc7-b805-601d0b998680.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d050:8000::/40
Signature Algorithm: sha256WithRSAEncryption
27:a6:d2:0f:3f:69:a8:19:af:31:07:4d:be:01:f3:82:99:49:
a4:99:e7:d9:79:8f:f4:f7:a9:b3:f1:05:9b:5d:8d:4d:8c:84:
92:fd:d7:60:5f:e0:eb:a9:33:44:ee:80:49:5e:56:de:fb:e1:
cd:ea:1c:ca:c4:0d:6a:b3:be:7d:70:65:cd:1d:f8:14:c5:e6:
20:68:f8:70:d3:31:53:1f:2a:00:a9:b4:e0:98:81:63:76:78:
65:57:9a:91:05:ee:cf:40:c6:87:0a:13:f2:e7:2a:6f:82:e0:
e9:e6:63:05:ab:dc:d8:86:e0:48:b9:7f:82:40:7f:a1:5d:3f:
8a:6c:a7:18:f6:87:10:ae:44:99:13:5d:ff:10:7a:3b:8f:11:
18:1b:e5:2b:3e:68:f0:fb:32:4e:1b:67:a2:a2:16:62:f0:9b:
64:eb:35:1f:9b:95:b4:e1:d7:bb:8d:72:bb:4b:f4:ba:6f:f5:
e4:26:93:39:9a:00:d3:4b:c2:d5:35:f6:95:7b:63:0b:41:6b:
af:9c:4c:c2:b9:d8:53:88:9c:07:7e:28:7e:4b:a4:43:9c:14:
1c:34:57:b9:ca:da:5b:4b:7c:f2:cc:cf:08:09:2b:a1:3d:e9:
56:46:1e:63:85:f3:83:be:3b:ca:95:2c:b7:59:9a:ca:6c:9c:
e9:fc:f4:25
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUKhcjXKwCsriPh7waELS44lZWq6UwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMjExMzUwNThaFw0yNTExMjUyMzU5NTlaMHoxSTBHBgNV
BAUTQDNjYzVjMGI2OTczZTI0NDYxOTQ2ZWMwYTAyZDEwODU1Nzg3NzM0NDBiZjgz
NmZlY2U2ZTA4M2UzMjMyYjY0ODExLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJK+b0T19xoRSb2tdvzl5POiSBJYlxMoe9DJ0gOeoyVVCDs9ZrDFL4tjx4F0
gWpA663yNU/2obLlDiS5IcBYFQi/amMe4XpBP22PD5BI6f7V1yePBqYIyiQP+t8n
T+Ya56nqSYVLJoyF7eO1sk5xO1+cSskRoTM3pBwsUrRreipPoW4tR/IJh/Qr8yOR
hoAhMdXyUVEj5OrjvU7v2Rk53Tj8IsG6tHs3woZp/GW3XtQmdhsFyJdq/4QmOKh6
WnFjb/GZVlWvXdsEKo+UltkdX46ecsr6bwJDM2oD/YJS0cLFUUAqfBQMq3AHOKRs
2DtcLzVnhA3jRUrQ/EnxSuHC5rECAwEAAaOCAiMwggIfMB0GA1UdDgQWBBR56iko
s0R2e/855C4eGaLog5M2HTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
OTA0YTEzZDctYmFhMS00YmM3LWI4MDUtNjAxZDBiOTk4NjgwLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0FCA
MA0GCSqGSIb3DQEBCwUAA4IBAQAnptIPP2moGa8xB02+AfOCmUmkmefZeY/096mz
8QWbXY1NjISS/ddgX+DrqTNE7oBJXlbe++HN6hzKxA1qs759cGXNHfgUxeYgaPhw
0zFTHyoAqbTgmIFjdnhlV5qRBe7PQMaHChPy5ypvguDp5mMFq9zYhuBIuX+CQH+h
XT+KbKcY9ocQrkSZE13/EHo7jxEYG+UrPmjw+zJOG2eiohZi8Jtk6zUfm5W04de7
jXK7S/S6b/XkJpM5mgDTS8LVNfaVe2MLQWuvnEzCudhTiJwHfih+S6RDnBQcNFe5
ytpbS3zyzM8ICSuhPelWRh5jhfODvjvKlSy3WZrKbJzp/PQl
-----END CERTIFICATE-----
Generated at Tue Oct 28 04:15:14 2025 by rpki-client