Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/99ffa238-9133-4fa5-ad84-49e67d34854a.roa
File: 99ffa238-9133-4fa5-ad84-49e67d34854a.roa (raw, json)
Hash identifier: Cf6jDpyzZ8Q1oIcah0lgEaZMJOaI5cRhH/cN5vlpw4o=
Subject key identifier: 9E:9A:DB:AB:53:70:B3:96:F4:F0:90:F5:07:14:4B:DC:3D:A7:0F:D9
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 4B0DC42210D17F3B2C44EDFA3385174BF1CBAC24
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/99ffa238-9133-4fa5-ad84-49e67d34854a.roa
Signing time: Tue 21 Oct 2025 12:30:11 +0000
ROA not before: Tue 21 Oct 2025 12:30:11 +0000
ROA not after: Tue 25 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d02a::/36 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 31 Oct 2025 19:55:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
4b:0d:c4:22:10:d1:7f:3b:2c:44:ed:fa:33:85:17:4b:f1:cb:ac:24
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Oct 21 12:30:11 2025 GMT
Not After : Nov 25 23:59:59 2025 GMT
Subject: serialNumber=2abb1a473fe8393db4325b339ebc364f4042956c6d0098678d3b8a3af2327d75, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b9:8f:40:4a:3d:ad:1c:f8:9c:db:32:74:10:5e:
9c:4e:b7:f4:6f:6d:42:83:68:77:ec:8e:2d:6e:af:
df:8e:20:94:ac:49:7c:54:9d:18:64:fe:c5:a3:8a:
0e:1c:d4:f9:eb:15:a9:bc:ef:92:a3:65:3c:c3:ed:
ef:67:db:ab:42:31:b5:f0:bb:65:39:4e:7f:ec:e9:
63:a2:cb:f3:cb:6f:99:d8:52:18:64:ea:a7:c9:da:
ac:5e:f8:a9:a6:fd:a4:78:5d:04:83:47:61:aa:28:
ed:c2:06:06:c2:f6:9b:80:dc:9c:e6:93:b2:63:45:
8e:d3:cb:01:b0:77:85:cc:34:de:1f:b5:ac:e3:f8:
3f:a3:b7:6b:cf:69:98:68:34:11:a7:9b:f7:01:90:
cf:1d:73:66:25:05:ed:d8:fd:ae:b1:05:f6:39:c9:
c0:b4:3b:03:59:db:98:7b:22:e4:55:df:44:7b:8f:
50:51:b4:98:1d:d7:11:62:43:7f:9c:08:f1:cd:27:
4f:4e:0e:10:ac:2a:5f:29:37:1e:06:96:e2:cd:6c:
59:47:9f:79:8a:a1:ac:62:28:29:a6:75:ef:68:53:
93:35:0a:0b:de:f0:29:e5:6b:1d:ff:19:80:04:6b:
20:e9:bc:43:bd:9b:2b:63:4b:00:4f:98:02:08:60:
8d:5b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9E:9A:DB:AB:53:70:B3:96:F4:F0:90:F5:07:14:4B:DC:3D:A7:0F:D9
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/99ffa238-9133-4fa5-ad84-49e67d34854a.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d02a::/36
Signature Algorithm: sha256WithRSAEncryption
c3:b9:af:d4:87:ed:1a:1f:20:f3:b8:b9:80:41:8b:7a:dc:5a:
67:ac:0a:54:28:9a:77:e9:83:f0:d7:54:7f:01:96:ae:4b:7b:
2f:36:f0:d3:96:c7:72:1c:f7:79:33:a4:87:33:e1:e0:f8:50:
67:0b:68:43:b4:f1:34:3f:63:47:70:c8:cc:ca:ac:62:86:35:
09:66:e3:59:a8:f7:8d:83:e1:6e:da:1b:c6:04:34:fa:b4:f4:
47:e5:a1:27:30:8e:0a:c8:c5:56:23:6d:8d:36:36:1e:d7:15:
af:71:ae:60:2d:42:01:82:0f:26:66:c3:9d:d1:3c:b3:32:d3:
c6:11:36:e6:7c:12:30:1c:50:0e:da:4b:85:6f:79:15:03:c2:
0e:ac:5a:98:22:80:44:eb:de:91:ad:7b:72:6e:12:8b:c5:83:
85:42:0c:0c:af:d9:aa:e2:34:68:c4:cb:bb:b9:fd:c3:f5:77:
15:13:db:d1:d0:67:8a:68:f9:f2:0b:b2:c0:29:0e:74:be:10:
15:d2:1c:03:e7:65:6e:62:df:78:68:6d:32:10:a9:2d:1d:b1:
4e:fc:15:59:d3:e9:26:1e:9e:66:29:5e:f8:64:b2:1d:d9:b2:
dd:e0:6c:c9:62:45:14:e6:a5:e8:91:89:87:41:de:a8:47:1c:
ff:c7:11:72
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUSw3EIhDRfzssRO36M4UXS/HLrCQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMjExMjMwMTFaFw0yNTExMjUyMzU5NTlaMHoxSTBHBgNV
BAUTQDJhYmIxYTQ3M2ZlODM5M2RiNDMyNWIzMzllYmMzNjRmNDA0Mjk1NmM2ZDAw
OTg2NzhkM2I4YTNhZjIzMjdkNzUxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALmPQEo9rRz4nNsydBBenE639G9tQoNod+yOLW6v344glKxJfFSdGGT+xaOK
DhzU+esVqbzvkqNlPMPt72fbq0IxtfC7ZTlOf+zpY6LL88tvmdhSGGTqp8narF74
qab9pHhdBINHYaoo7cIGBsL2m4DcnOaTsmNFjtPLAbB3hcw03h+1rOP4P6O3a89p
mGg0Eaeb9wGQzx1zZiUF7dj9rrEF9jnJwLQ7A1nbmHsi5FXfRHuPUFG0mB3XEWJD
f5wI8c0nT04OEKwqXyk3HgaW4s1sWUefeYqhrGIoKaZ172hTkzUKC97wKeVrHf8Z
gARrIOm8Q72bK2NLAE+YAghgjVsCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBSemtur
U3CzlvTwkPUHFEvcPacP2TAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
OTlmZmEyMzgtOTEzMy00ZmE1LWFkODQtNDllNjdkMzQ4NTRhLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGBCoF0CoA
MA0GCSqGSIb3DQEBCwUAA4IBAQDDua/Uh+0aHyDzuLmAQYt63FpnrApUKJp36YPw
11R/AZauS3svNvDTlsdyHPd5M6SHM+Hg+FBnC2hDtPE0P2NHcMjMyqxihjUJZuNZ
qPeNg+Fu2hvGBDT6tPRH5aEnMI4KyMVWI22NNjYe1xWvca5gLUIBgg8mZsOd0Tyz
MtPGETbmfBIwHFAO2kuFb3kVA8IOrFqYIoBE696RrXtybhKLxYOFQgwMr9mq4jRo
xMu7uf3D9XcVE9vR0GeKaPnyC7LAKQ50vhAV0hwD52VuYt94aG0yEKktHbFO/BVZ
0+kmHp5mKV74ZLId2bLd4GzJYkUU5qXokYmHQd6oRxz/xxFy
-----END CERTIFICATE-----
Generated at Fri Oct 31 04:40:02 2025 by rpki-client