Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/94b69c02-a117-42df-89a0-b463fa809f2d.roa
File: 94b69c02-a117-42df-89a0-b463fa809f2d.roa (raw, json)
Hash identifier: DZr4jS0cGYR7N/krH4mbTqyA8n/ARotYCbb2MkE7R44=
Subject key identifier: 98:39:05:2E:D1:5A:4B:7A:05:B0:48:0C:C2:80:91:87:92:93:C1:34
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 3418F6D1671648361F457E343F2E01FE371FC8F0
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/94b69c02-a117-42df-89a0-b463fa809f2d.roa
Signing time: Tue 21 Oct 2025 14:10:25 +0000
ROA not before: Tue 21 Oct 2025 14:10:25 +0000
ROA not after: Tue 25 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d036:2000::/40 maxlen: 40
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 29 Oct 2025 00:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
34:18:f6:d1:67:16:48:36:1f:45:7e:34:3f:2e:01:fe:37:1f:c8:f0
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Oct 21 14:10:25 2025 GMT
Not After : Nov 25 23:59:59 2025 GMT
Subject: serialNumber=5a6db3a13beb2292b3dfa03b0e5f8060490c2e7fcc70125fd94668d32b5b9106, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e3:13:b9:fc:1f:36:92:d9:0d:8d:e3:a7:3b:6f:
12:c0:c9:df:2d:be:3d:ca:6d:49:e3:34:15:cd:d7:
5a:03:06:19:59:8d:85:41:79:73:7c:fa:a6:ef:d8:
51:e6:e2:96:f7:dc:43:04:1e:ec:71:3f:02:5d:6d:
32:bb:12:a0:79:b7:61:b2:15:2f:e8:56:cd:96:c9:
4c:d6:b4:a2:2d:80:45:82:d4:7d:f1:06:0d:94:a4:
55:12:fa:4d:4a:94:52:f6:5d:80:40:43:e6:84:a4:
5f:7e:2f:75:28:12:f7:b4:04:a0:19:dc:62:d1:75:
7e:fb:50:b7:3e:70:f5:5d:4e:81:21:45:50:48:9e:
9e:af:bf:a6:0a:f6:df:ab:50:ff:3b:37:6a:28:b3:
53:94:63:9c:03:ab:8a:ad:28:1c:40:32:9d:c6:34:
96:5d:b7:85:4d:c2:b2:31:e8:fe:f4:bc:83:2e:7d:
ac:1c:82:32:e5:e7:bb:3a:5f:2c:32:1f:ba:80:c4:
dd:58:d1:54:f4:18:10:cc:d9:bf:81:93:cd:c8:b6:
6b:5c:12:eb:30:0d:75:15:33:81:1d:61:42:b9:c6:
58:ab:d3:f1:bd:6d:36:a2:78:68:b2:d0:58:b0:33:
22:ab:e3:ed:57:90:61:7b:f3:35:9d:b0:8d:f5:91:
15:b3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
98:39:05:2E:D1:5A:4B:7A:05:B0:48:0C:C2:80:91:87:92:93:C1:34
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/94b69c02-a117-42df-89a0-b463fa809f2d.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d036:2000::/40
Signature Algorithm: sha256WithRSAEncryption
2a:ba:51:17:6e:5b:d1:e3:96:de:df:74:c7:aa:39:a2:6a:c7:
1e:2b:97:d1:9e:4f:cf:24:5c:96:b2:37:8e:66:9b:99:4d:6d:
b0:3c:6b:dc:c5:76:a2:e4:03:0d:13:20:06:a0:e1:c6:92:6f:
1a:a1:9b:44:22:ec:bc:11:f4:fb:43:46:a2:c2:62:ab:34:0c:
b8:e3:2f:af:3a:39:b4:a9:40:41:06:c8:c3:2e:86:09:2a:8e:
aa:7b:90:55:8b:d7:f0:ea:99:f0:6d:0f:0b:93:3c:0f:62:31:
a6:74:b7:0b:23:f0:fa:e5:82:ed:c7:4a:65:9c:89:84:d3:26:
4b:af:0e:e6:c3:a8:31:26:8d:d5:29:c7:b2:ad:cc:87:19:bb:
d3:a8:55:94:a0:76:92:45:ed:62:a8:68:0c:53:d4:ca:fc:85:
40:be:bc:cc:6b:28:94:5c:76:1e:1b:40:62:b6:92:9e:cf:49:
f9:d3:66:45:7e:c2:ed:3e:4d:f7:4a:6f:55:52:3d:8f:68:33:
1f:2a:08:3a:89:4e:56:1e:52:cb:7d:1e:31:30:a4:91:6e:1d:
23:99:0d:ab:43:a0:62:55:ac:12:21:ab:15:9e:74:58:c6:f2:
67:87:93:15:6a:b2:4e:d5:fc:47:8a:9f:cd:5f:5c:a0:f6:eb:
03:ee:59:49
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUNBj20WcWSDYfRX40Py4B/jcfyPAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMjExNDEwMjVaFw0yNTExMjUyMzU5NTlaMHoxSTBHBgNV
BAUTQDVhNmRiM2ExM2JlYjIyOTJiM2RmYTAzYjBlNWY4MDYwNDkwYzJlN2ZjYzcw
MTI1ZmQ5NDY2OGQzMmI1YjkxMDYxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAOMTufwfNpLZDY3jpztvEsDJ3y2+PcptSeM0Fc3XWgMGGVmNhUF5c3z6pu/Y
UebilvfcQwQe7HE/Al1tMrsSoHm3YbIVL+hWzZbJTNa0oi2ARYLUffEGDZSkVRL6
TUqUUvZdgEBD5oSkX34vdSgS97QEoBncYtF1fvtQtz5w9V1OgSFFUEienq+/pgr2
36tQ/zs3aiizU5RjnAOriq0oHEAyncY0ll23hU3CsjHo/vS8gy59rByCMuXnuzpf
LDIfuoDE3VjRVPQYEMzZv4GTzci2a1wS6zANdRUzgR1hQrnGWKvT8b1tNqJ4aLLQ
WLAzIqvj7VeQYXvzNZ2wjfWRFbMCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBSYOQUu
0VpLegWwSAzCgJGHkpPBNDAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
OTRiNjljMDItYTExNy00MmRmLTg5YTAtYjQ2M2ZhODA5ZjJkLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0DYg
MA0GCSqGSIb3DQEBCwUAA4IBAQAqulEXblvR45be33THqjmiasceK5fRnk/PJFyW
sjeOZpuZTW2wPGvcxXai5AMNEyAGoOHGkm8aoZtEIuy8EfT7Q0aiwmKrNAy44y+v
Ojm0qUBBBsjDLoYJKo6qe5BVi9fw6pnwbQ8LkzwPYjGmdLcLI/D65YLtx0plnImE
0yZLrw7mw6gxJo3VKceyrcyHGbvTqFWUoHaSRe1iqGgMU9TK/IVAvrzMayiUXHYe
G0BitpKez0n502ZFfsLtPk33Sm9VUj2PaDMfKgg6iU5WHlLLfR4xMKSRbh0jmQ2r
Q6BiVawSIasVnnRYxvJnh5MVarJO1fxHip/NX1yg9usD7llJ
-----END CERTIFICATE-----
Generated at Tue Oct 28 04:09:09 2025 by rpki-client