Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/9963ca7c-f411-4aae-ac61-2c650f8269e0.roa
File: 9963ca7c-f411-4aae-ac61-2c650f8269e0.roa (raw, json)
Hash identifier: 9XiIGzhcMQUX5JxC6cf1aJCZkHAVceCxdgGtBHGceVc=
Subject key identifier: 26:15:33:02:02:65:03:C8:6A:0B:CC:6B:65:A0:24:99:34:EC:38:56
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 53985B204854382698820F81EB594B0EB4A46820
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/9963ca7c-f411-4aae-ac61-2c650f8269e0.roa
Signing time: Tue 21 Oct 2025 13:20:05 +0000
ROA not before: Tue 21 Oct 2025 13:20:05 +0000
ROA not after: Tue 25 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d011:400::/38 maxlen: 38
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 29 Oct 2025 00:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
53:98:5b:20:48:54:38:26:98:82:0f:81:eb:59:4b:0e:b4:a4:68:20
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Oct 21 13:20:05 2025 GMT
Not After : Nov 25 23:59:59 2025 GMT
Subject: serialNumber=6b4d24eada57a29de6724a9f1734440ea066299c3fee9814d4838afe4a885590, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e7:f8:ae:1c:87:89:f6:4f:c4:e8:6f:55:97:ed:
f2:e1:a3:4d:a7:5d:34:1b:32:5b:c7:18:1c:3b:6a:
45:93:b3:e8:38:54:ac:70:fd:64:67:46:b8:7d:18:
64:e9:d8:1d:d7:4b:1e:da:29:23:73:3f:c9:f7:91:
b4:8e:a9:86:11:9e:c8:9a:2e:ec:7c:28:47:3c:77:
2d:93:f1:3e:34:bf:e7:05:49:f7:89:25:24:39:46:
47:c4:41:c7:21:a7:75:6e:74:9e:d7:61:33:f1:f4:
9d:91:0f:75:b9:13:8d:72:53:78:09:59:37:75:27:
63:06:3e:84:4f:d5:7a:41:d5:1a:16:76:81:ba:96:
99:8b:c0:51:fc:fe:4e:dd:58:4b:56:9b:01:c4:d3:
7e:0a:d2:52:99:fe:34:3a:75:cb:57:0d:35:62:16:
2d:d9:37:c9:11:ca:83:b5:7a:db:20:e2:10:8c:ac:
6d:b7:08:e8:b1:bd:c1:d5:9c:99:6a:d7:62:c9:6a:
98:4f:3a:98:61:df:3a:ca:10:93:da:0d:3c:ae:83:
56:e4:3c:74:83:55:14:19:c5:ab:7a:54:d5:ca:fc:
40:ca:16:4a:d4:07:96:3c:a3:80:ac:b7:bb:bc:a1:
65:86:4c:88:67:d3:6b:33:60:55:ee:d4:82:b5:20:
ff:4b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
26:15:33:02:02:65:03:C8:6A:0B:CC:6B:65:A0:24:99:34:EC:38:56
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/9963ca7c-f411-4aae-ac61-2c650f8269e0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d011:400::/38
Signature Algorithm: sha256WithRSAEncryption
74:8f:8f:11:0c:f0:be:c3:d6:35:8e:f2:bf:55:97:89:4e:31:
85:f0:5c:82:8d:01:30:5b:2c:87:7c:9e:40:55:eb:84:ad:5b:
8b:74:aa:51:ec:2c:d1:52:be:fa:8a:43:45:a3:0a:c0:4c:4f:
44:f6:c9:7c:54:26:dd:85:1e:d4:f5:72:d8:71:6e:d1:92:79:
c8:8b:b3:7f:d7:8e:91:2f:29:b5:11:ef:d3:49:fa:7a:90:d7:
96:f4:50:f1:9e:83:2e:cb:9f:5f:d9:ee:5d:e7:ab:8a:1a:8b:
d8:ad:e4:83:cd:88:6f:60:27:df:70:1b:69:4b:cb:2b:5b:1c:
a8:25:b5:be:d1:21:69:36:16:27:c8:a6:16:3b:5a:8d:5a:a3:
2d:6c:4d:fa:ae:68:82:d0:89:be:c7:64:f7:55:6f:06:c2:ab:
52:8d:7e:53:e0:ec:be:07:7f:dc:f6:a7:65:be:93:bb:98:f3:
f0:e9:43:71:2c:b5:c5:27:4d:ac:8f:f9:df:dd:66:c1:89:83:
28:ee:36:62:d0:0a:2b:8a:3a:aa:e2:ff:3a:8a:f2:35:af:04:
2e:cc:23:43:81:e0:3e:0e:56:ca:71:c4:47:46:33:c9:9e:56:
ed:9d:ed:45:6a:a5:4b:3f:02:3b:f0:58:3e:fa:54:c3:65:46:
d2:f8:5c:12
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUU5hbIEhUOCaYgg+B61lLDrSkaCAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMjExMzIwMDVaFw0yNTExMjUyMzU5NTlaMHoxSTBHBgNV
BAUTQDZiNGQyNGVhZGE1N2EyOWRlNjcyNGE5ZjE3MzQ0NDBlYTA2NjI5OWMzZmVl
OTgxNGQ0ODM4YWZlNGE4ODU1OTAxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAOf4rhyHifZPxOhvVZft8uGjTaddNBsyW8cYHDtqRZOz6DhUrHD9ZGdGuH0Y
ZOnYHddLHtopI3M/yfeRtI6phhGeyJou7HwoRzx3LZPxPjS/5wVJ94klJDlGR8RB
xyGndW50ntdhM/H0nZEPdbkTjXJTeAlZN3UnYwY+hE/VekHVGhZ2gbqWmYvAUfz+
Tt1YS1abAcTTfgrSUpn+NDp1y1cNNWIWLdk3yRHKg7V62yDiEIysbbcI6LG9wdWc
mWrXYslqmE86mGHfOsoQk9oNPK6DVuQ8dINVFBnFq3pU1cr8QMoWStQHljyjgKy3
u7yhZYZMiGfTazNgVe7UgrUg/0sCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBQmFTMC
AmUDyGoLzGtloCSZNOw4VjAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
OTk2M2NhN2MtZjQxMS00YWFlLWFjNjEtMmM2NTBmODI2OWUwLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGAioF0BEE
MA0GCSqGSIb3DQEBCwUAA4IBAQB0j48RDPC+w9Y1jvK/VZeJTjGF8FyCjQEwWyyH
fJ5AVeuErVuLdKpR7CzRUr76ikNFowrATE9E9sl8VCbdhR7U9XLYcW7RknnIi7N/
146RLym1Ee/TSfp6kNeW9FDxnoMuy59f2e5d56uKGovYreSDzYhvYCffcBtpS8sr
WxyoJbW+0SFpNhYnyKYWO1qNWqMtbE36rmiC0Im+x2T3VW8GwqtSjX5T4Oy+B3/c
9qdlvpO7mPPw6UNxLLXFJ02sj/nf3WbBiYMo7jZi0Aorijqq4v86ivI1rwQuzCND
geA+DlbKccRHRjPJnlbtne1FaqVLPwI78Fg++lTDZUbS+FwS
-----END CERTIFICATE-----
Generated at Tue Oct 28 04:15:15 2025 by rpki-client