Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/9a732efb-e23f-49a4-ad51-1a43431e07c9.roa
File: 9a732efb-e23f-49a4-ad51-1a43431e07c9.roa (raw, json)
Hash identifier: 9M0hZlGsk6iFCEJ/cwT7FbAAG5L/fLHsacLRMCiqJFI=
Subject key identifier: 7B:39:D5:D4:A3:49:8E:25:C5:67:1E:49:81:04:46:F9:D4:0C:EE:6C
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 13B1B34DC8A3899DE817AC005403D96612E7F24F
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/9a732efb-e23f-49a4-ad51-1a43431e07c9.roa
Signing time: Tue 21 Oct 2025 14:30:32 +0000
ROA not before: Tue 21 Oct 2025 14:30:32 +0000
ROA not after: Tue 25 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d034:9000::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 02 Nov 2025 12:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
13:b1:b3:4d:c8:a3:89:9d:e8:17:ac:00:54:03:d9:66:12:e7:f2:4f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Oct 21 14:30:32 2025 GMT
Not After : Nov 25 23:59:59 2025 GMT
Subject: serialNumber=5e16207cbf10f8125af9ac75501f1b8b2b30139b3ebb5a62a883bdba2bf413e4, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ba:42:8a:08:f2:21:86:5c:6c:dd:55:65:07:4b:
03:db:54:0d:cc:fb:44:ed:69:0d:46:ec:41:89:3c:
78:30:c7:f7:c3:41:2e:ea:e1:0b:c9:27:2c:e5:73:
a0:88:e9:c5:20:98:e8:37:f2:5e:ac:f9:46:73:51:
20:9a:09:f4:29:f5:6e:7b:1a:ef:d4:99:0b:3c:00:
20:3d:a7:22:f4:83:a8:50:2d:40:23:22:48:70:6d:
8a:de:98:11:70:ea:1f:7f:62:2a:09:68:82:0e:d7:
22:3b:c6:e5:34:8f:c7:03:f5:36:af:1c:de:cc:73:
03:2e:11:e6:c6:4d:f4:ef:a8:b9:7e:f0:0e:1f:bb:
d9:d4:8b:0e:04:2c:b4:db:ba:68:10:f6:b6:a4:f9:
d9:d9:9a:80:ec:86:c7:54:3e:29:1c:8c:02:df:2f:
26:3a:d2:78:ec:8a:08:2b:d8:2f:b8:48:e6:24:aa:
69:31:9e:a0:cd:ab:fe:cf:19:be:f3:62:98:a0:c7:
b9:ad:85:12:2e:e9:5d:e2:04:8a:a8:ad:0a:0a:71:
99:33:c0:d6:3f:6a:20:2a:ec:5b:f4:0b:a5:98:ef:
10:8d:bb:e4:49:39:e3:a2:c5:3a:06:f1:f0:f4:fd:
8b:25:19:c7:32:8d:e4:fb:1a:c9:e1:0f:96:46:46:
31:cd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7B:39:D5:D4:A3:49:8E:25:C5:67:1E:49:81:04:46:F9:D4:0C:EE:6C
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/9a732efb-e23f-49a4-ad51-1a43431e07c9.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d034:9000::/40
Signature Algorithm: sha256WithRSAEncryption
9e:96:20:e6:06:02:4a:a3:76:b3:1e:d8:cc:f5:f8:80:16:ec:
58:d4:63:40:e3:ef:98:f8:71:e1:3d:7c:35:1e:82:36:a8:5d:
34:52:4d:93:3d:e4:ab:73:a8:e2:ab:6d:d9:47:b1:18:af:ad:
4c:37:df:73:41:46:68:f4:4b:a2:37:b3:1e:87:e5:ad:3d:b2:
fa:e7:6f:04:8e:91:a4:62:f3:e5:fc:63:44:7d:82:d1:4e:f1:
c9:f6:c9:69:ad:ab:e0:2d:9a:ed:f1:6e:d7:87:39:2a:c1:7c:
87:7c:0b:b8:87:bf:c9:e9:4f:c9:fe:a7:ff:6e:61:8a:ab:0c:
e2:92:4d:5e:3f:a0:86:27:bd:bd:e7:1d:bf:ee:dc:0e:68:1a:
0c:d3:66:c7:84:e5:8f:86:e6:fe:11:d0:ec:e9:7f:0f:3a:3e:
d5:ed:b5:56:72:d3:33:97:c8:82:26:2a:4a:fe:fd:ec:58:80:
78:24:d5:8e:69:f4:9d:e8:b2:e2:24:c4:d5:6c:87:f0:20:54:
5d:dc:5b:cb:05:95:f3:29:12:6b:31:f8:72:e5:da:cf:6c:92:
18:2c:05:da:a1:b8:33:09:ef:9c:93:7c:e2:1c:64:fd:66:9e:
7c:93:8b:fa:36:08:83:94:0d:ff:63:85:ce:17:29:aa:12:cb:
dc:27:88:63
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUE7GzTcijiZ3oF6wAVAPZZhLn8k8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMjExNDMwMzJaFw0yNTExMjUyMzU5NTlaMHoxSTBHBgNV
BAUTQDVlMTYyMDdjYmYxMGY4MTI1YWY5YWM3NTUwMWYxYjhiMmIzMDEzOWIzZWJi
NWE2MmE4ODNiZGJhMmJmNDEzZTQxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALpCigjyIYZcbN1VZQdLA9tUDcz7RO1pDUbsQYk8eDDH98NBLurhC8knLOVz
oIjpxSCY6DfyXqz5RnNRIJoJ9Cn1bnsa79SZCzwAID2nIvSDqFAtQCMiSHBtit6Y
EXDqH39iKglogg7XIjvG5TSPxwP1Nq8c3sxzAy4R5sZN9O+ouX7wDh+72dSLDgQs
tNu6aBD2tqT52dmagOyGx1Q+KRyMAt8vJjrSeOyKCCvYL7hI5iSqaTGeoM2r/s8Z
vvNimKDHua2FEi7pXeIEiqitCgpxmTPA1j9qICrsW/QLpZjvEI275Ek546LFOgbx
8PT9iyUZxzKN5PsayeEPlkZGMc0CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBR7OdXU
o0mOJcVnHkmBBEb51AzubDAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
OWE3MzJlZmItZTIzZi00OWE0LWFkNTEtMWE0MzQzMWUwN2M5LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0DSQ
MA0GCSqGSIb3DQEBCwUAA4IBAQCeliDmBgJKo3azHtjM9fiAFuxY1GNA4++Y+HHh
PXw1HoI2qF00Uk2TPeSrc6jiq23ZR7EYr61MN99zQUZo9EuiN7Meh+WtPbL6528E
jpGkYvPl/GNEfYLRTvHJ9slpravgLZrt8W7XhzkqwXyHfAu4h7/J6U/J/qf/bmGK
qwzikk1eP6CGJ7295x2/7twOaBoM02bHhOWPhub+EdDs6X8POj7V7bVWctMzl8iC
JipK/v3sWIB4JNWOafSd6LLiJMTVbIfwIFRd3FvLBZXzKRJrMfhy5drPbJIYLAXa
obgzCe+ck3ziHGT9Zp58k4v6NgiDlA3/Y4XOFymqEsvcJ4hj
-----END CERTIFICATE-----
Generated at Sat Nov 1 19:48:59 2025 by rpki-client