Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/90bd72ba-b30d-4433-a47e-e0543a4ea451.roa
File: 90bd72ba-b30d-4433-a47e-e0543a4ea451.roa (raw, json)
Hash identifier: +DnGkE8Ih3lvW5ZHB2XUDdXNUM/Z9fTiTAtX/upNohs=
Subject key identifier: F4:2B:1D:D9:61:0F:DA:03:A2:E7:8B:31:3F:BD:F7:04:1D:97:87:DF
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 3B96046500EED84C14BEF7CE7D923174B23A4026
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/90bd72ba-b30d-4433-a47e-e0543a4ea451.roa
Signing time: Tue 21 Oct 2025 13:40:32 +0000
ROA not before: Tue 21 Oct 2025 13:40:32 +0000
ROA not after: Tue 25 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d034:e000::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 31 Oct 2025 15:42:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
3b:96:04:65:00:ee:d8:4c:14:be:f7:ce:7d:92:31:74:b2:3a:40:26
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Oct 21 13:40:32 2025 GMT
Not After : Nov 25 23:59:59 2025 GMT
Subject: serialNumber=e7c0ef157e5cd2faf7f05084a705e1ba8fdf60b3e67ae3fa3c5fbeae48f1c8a5, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ae:17:11:be:66:cb:19:92:9c:8e:f2:36:f5:55:
ef:a7:79:1c:15:9d:e9:72:63:ff:08:6a:30:be:e9:
5c:31:66:a4:77:12:36:7a:b2:2b:78:36:63:ae:f4:
43:6d:42:c8:a0:49:9f:94:0a:c9:cc:68:fc:f9:bf:
01:cc:91:7b:b2:4e:1a:50:29:e8:de:9c:99:43:fd:
28:92:93:8d:5d:4a:fe:4e:14:14:2f:67:e8:b8:0b:
bb:a8:5d:a1:89:72:3d:c8:59:61:7a:c9:cb:91:99:
8d:25:da:15:6a:92:ec:8d:6d:98:ac:78:ba:8d:57:
12:ad:bd:9f:f9:bd:e7:68:3b:69:52:8e:7d:b8:91:
3e:51:44:a6:38:90:dd:34:9f:bb:e4:26:85:dc:55:
c0:4c:b3:a4:a3:27:bd:97:f4:a7:e7:5e:cc:08:61:
e5:d6:60:c9:9a:a0:2a:15:73:9c:b6:08:85:3d:dd:
ac:b1:19:d9:07:9e:c5:5b:fb:36:c3:90:97:95:d1:
47:19:5a:8c:ae:f0:ea:6c:35:10:f7:f6:fb:b7:01:
92:f0:25:31:3e:92:ac:ec:3d:80:26:4b:dc:a8:33:
ce:5c:2d:bd:c6:5c:da:9e:9e:99:fc:0c:13:13:2a:
ce:c8:cc:8c:7c:70:6e:bf:42:72:71:e7:07:f4:5c:
3d:67
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F4:2B:1D:D9:61:0F:DA:03:A2:E7:8B:31:3F:BD:F7:04:1D:97:87:DF
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/90bd72ba-b30d-4433-a47e-e0543a4ea451.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d034:e000::/40
Signature Algorithm: sha256WithRSAEncryption
6e:9e:a5:7b:38:89:02:4b:52:f7:33:07:bc:4c:ad:b9:be:95:
b7:79:6a:bc:6a:0f:fb:de:2a:48:65:84:93:22:69:7e:72:65:
18:e8:39:2e:4a:c1:f3:af:27:b4:c7:cf:da:d9:a3:d0:b3:d2:
f2:8c:69:a8:5f:e3:d8:d1:5b:f4:54:50:4d:78:b2:e9:87:fb:
3a:e8:a0:9c:06:ff:4c:87:2d:a1:9f:ba:5a:03:2f:c2:37:00:
66:26:f9:bc:73:ad:c3:b3:1d:1b:e4:f1:76:38:c4:08:33:97:
d0:7f:58:a6:e9:60:78:2b:a4:3a:83:3a:37:75:32:81:6a:4d:
ff:0a:d9:4b:dc:bd:01:80:da:7c:b3:f4:6c:ee:12:ee:bd:80:
a1:d4:11:0a:4a:a7:28:c2:c6:75:d8:80:c7:60:62:b3:6f:a3:
94:2a:d8:0b:00:91:41:2d:55:38:f2:d2:96:4d:e1:d1:71:3f:
8c:9b:cb:04:ab:90:98:92:12:7e:fd:08:07:fa:8a:41:fb:9b:
53:b8:15:37:b0:bb:dc:ef:87:d2:8c:51:be:fd:6e:c9:68:06:
fb:2c:c8:4b:a2:65:f1:40:fe:6b:47:e8:e0:49:61:e9:4f:6c:
b0:38:ae:04:e9:90:29:87:d2:4f:79:1a:13:43:7d:01:6c:43:
88:31:e8:c5
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUO5YEZQDu2EwUvvfOfZIxdLI6QCYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMjExMzQwMzJaFw0yNTExMjUyMzU5NTlaMHoxSTBHBgNV
BAUTQGU3YzBlZjE1N2U1Y2QyZmFmN2YwNTA4NGE3MDVlMWJhOGZkZjYwYjNlNjdh
ZTNmYTNjNWZiZWFlNDhmMWM4YTUxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAK4XEb5myxmSnI7yNvVV76d5HBWd6XJj/whqML7pXDFmpHcSNnqyK3g2Y670
Q21CyKBJn5QKycxo/Pm/AcyRe7JOGlAp6N6cmUP9KJKTjV1K/k4UFC9n6LgLu6hd
oYlyPchZYXrJy5GZjSXaFWqS7I1tmKx4uo1XEq29n/m952g7aVKOfbiRPlFEpjiQ
3TSfu+QmhdxVwEyzpKMnvZf0p+dezAhh5dZgyZqgKhVznLYIhT3drLEZ2QeexVv7
NsOQl5XRRxlajK7w6mw1EPf2+7cBkvAlMT6SrOw9gCZL3KgzzlwtvcZc2p6emfwM
ExMqzsjMjHxwbr9CcnHnB/RcPWcCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBT0Kx3Z
YQ/aA6LnizE/vfcEHZeH3zAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
OTBiZDcyYmEtYjMwZC00NDMzLWE0N2UtZTA1NDNhNGVhNDUxLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0DTg
MA0GCSqGSIb3DQEBCwUAA4IBAQBunqV7OIkCS1L3Mwe8TK25vpW3eWq8ag/73ipI
ZYSTIml+cmUY6DkuSsHzrye0x8/a2aPQs9LyjGmoX+PY0Vv0VFBNeLLph/s66KCc
Bv9Mhy2hn7paAy/CNwBmJvm8c63Dsx0b5PF2OMQIM5fQf1im6WB4K6Q6gzo3dTKB
ak3/CtlL3L0BgNp8s/Rs7hLuvYCh1BEKSqcowsZ12IDHYGKzb6OUKtgLAJFBLVU4
8tKWTeHRcT+Mm8sEq5CYkhJ+/QgH+opB+5tTuBU3sLvc74fSjFG+/W7JaAb7LMhL
omXxQP5rR+jgSWHpT2ywOK4E6ZAph9JPeRoTQ30BbEOIMejF
-----END CERTIFICATE-----
Generated at Fri Oct 31 00:36:53 2025 by rpki-client