Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/9d2ea2aa-d40a-49a7-ab00-44ff5dbf729b.roa
File: 9d2ea2aa-d40a-49a7-ab00-44ff5dbf729b.roa (raw, json)
Hash identifier: YlCggBMbhvwKLkUkMm3hQ/OhSy9GDpL+sl71QU3GBSM=
Subject key identifier: D7:1A:F7:B2:75:52:93:69:EB:CC:79:B5:CF:24:40:ED:F6:3D:F1:68
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 4BA7367386FAA7B65B18669347A0CEE6C9448283
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/9d2ea2aa-d40a-49a7-ab00-44ff5dbf729b.roa
Signing time: Tue 21 Oct 2025 13:40:33 +0000
ROA not before: Tue 21 Oct 2025 13:40:33 +0000
ROA not after: Tue 25 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d071:a000::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 28 Oct 2025 21:56:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
4b:a7:36:73:86:fa:a7:b6:5b:18:66:93:47:a0:ce:e6:c9:44:82:83
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Oct 21 13:40:33 2025 GMT
Not After : Nov 25 23:59:59 2025 GMT
Subject: serialNumber=249448ea6fade523c2a2084f8724eb19c96d6eb25bf66bfbf8e7f848c543977c, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ab:16:5f:34:87:30:98:3d:0d:2e:95:b0:cb:a5:
f1:9d:d2:e4:a3:60:1d:2e:27:2b:d5:c6:b2:7c:48:
fd:5f:1a:0e:a4:97:44:84:b1:06:e5:72:01:7b:69:
2e:2f:4c:74:bf:ff:0b:88:d8:07:46:1f:af:5b:5c:
98:74:c1:84:8a:67:0f:0d:87:54:ff:7d:16:88:14:
b0:cc:fc:21:8a:ea:6f:fa:c1:fa:12:90:f8:1b:76:
04:fc:2f:13:a0:b2:c9:ab:e7:e3:76:e8:ea:64:34:
4f:8f:fd:1b:41:f1:2c:7c:05:d6:04:2e:24:0c:e7:
79:12:fc:17:1c:c5:64:4f:9e:b6:f2:1b:35:bc:dd:
6a:eb:c3:a9:68:72:a8:34:05:96:f5:34:3a:6c:f6:
e8:69:79:1d:92:01:cc:74:e8:2b:64:a7:0d:74:01:
08:0d:46:2a:d6:f8:ec:d7:0f:ac:c0:20:fd:a0:c1:
51:21:b7:a4:7c:58:76:ad:96:00:49:80:01:77:67:
5f:1d:e7:89:bd:49:1f:64:ea:cb:cd:a4:1e:08:42:
d6:61:77:2a:dd:12:df:b5:8a:dd:22:b3:f5:bd:48:
fb:2e:dd:78:cc:3b:ff:66:78:ea:3c:ac:0f:96:02:
25:fb:3e:18:fb:36:06:fb:27:0e:e5:86:c9:9c:88:
85:9b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D7:1A:F7:B2:75:52:93:69:EB:CC:79:B5:CF:24:40:ED:F6:3D:F1:68
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/9d2ea2aa-d40a-49a7-ab00-44ff5dbf729b.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d071:a000::/40
Signature Algorithm: sha256WithRSAEncryption
71:cb:44:a1:14:d2:78:8c:bf:6f:2a:ca:08:09:c4:84:af:e6:
03:a6:12:77:61:a6:f7:a4:0e:96:e3:09:dc:b0:6b:57:7c:8f:
98:b3:47:64:08:d1:49:50:87:94:7d:cf:04:f1:48:57:2b:5c:
5a:25:43:da:4a:0f:92:ca:c2:d7:a6:1a:cf:b0:3a:8c:7a:28:
42:5e:93:a4:a4:39:db:3c:3f:5c:d1:03:33:76:7e:ef:19:b7:
7b:74:47:21:52:c9:39:5e:36:66:1b:78:2e:1f:a3:5d:cb:b8:
d5:b2:3b:45:8d:9b:b4:0a:05:51:33:3b:8d:a6:b3:22:7f:17:
8c:08:02:97:3b:3c:bc:ae:8e:92:0d:42:6d:33:a7:85:2e:c6:
8d:bb:eb:ad:18:bf:e3:fb:ac:4c:49:0c:47:5a:aa:da:87:6e:
4c:29:7a:e0:aa:30:ef:a4:c0:1a:ad:4b:d2:8f:f4:93:38:7d:
a8:a0:cc:f1:69:a6:ee:41:04:24:76:06:79:09:46:b9:1c:c6:
62:fe:02:8c:32:fe:15:6d:b1:59:7a:55:52:0d:91:0a:b4:35:
c2:1e:e5:9f:f3:76:e2:f4:fe:0e:9b:3f:39:fe:7b:94:27:08:
c1:12:ad:22:4b:8a:7c:c1:60:65:07:fd:ea:fe:12:1a:4f:5f:
3a:d5:d6:b6
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUS6c2c4b6p7ZbGGaTR6DO5slEgoMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMjExMzQwMzNaFw0yNTExMjUyMzU5NTlaMHoxSTBHBgNV
BAUTQDI0OTQ0OGVhNmZhZGU1MjNjMmEyMDg0Zjg3MjRlYjE5Yzk2ZDZlYjI1YmY2
NmJmYmY4ZTdmODQ4YzU0Mzk3N2MxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKsWXzSHMJg9DS6VsMul8Z3S5KNgHS4nK9XGsnxI/V8aDqSXRISxBuVyAXtp
Li9MdL//C4jYB0Yfr1tcmHTBhIpnDw2HVP99FogUsMz8IYrqb/rB+hKQ+Bt2BPwv
E6Cyyavn43bo6mQ0T4/9G0HxLHwF1gQuJAzneRL8FxzFZE+etvIbNbzdauvDqWhy
qDQFlvU0Omz26Gl5HZIBzHToK2SnDXQBCA1GKtb47NcPrMAg/aDBUSG3pHxYdq2W
AEmAAXdnXx3nib1JH2Tqy82kHghC1mF3Kt0S37WK3SKz9b1I+y7deMw7/2Z46jys
D5YCJfs+GPs2BvsnDuWGyZyIhZsCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBTXGvey
dVKTaevMebXPJEDt9j3xaDAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
OWQyZWEyYWEtZDQwYS00OWE3LWFiMDAtNDRmZjVkYmY3MjliLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0HGg
MA0GCSqGSIb3DQEBCwUAA4IBAQBxy0ShFNJ4jL9vKsoICcSEr+YDphJ3Yab3pA6W
4wncsGtXfI+Ys0dkCNFJUIeUfc8E8UhXK1xaJUPaSg+SysLXphrPsDqMeihCXpOk
pDnbPD9c0QMzdn7vGbd7dEchUsk5XjZmG3guH6Ndy7jVsjtFjZu0CgVRMzuNprMi
fxeMCAKXOzy8ro6SDUJtM6eFLsaNu+utGL/j+6xMSQxHWqrah25MKXrgqjDvpMAa
rUvSj/STOH2ooMzxaabuQQQkdgZ5CUa5HMZi/gKMMv4VbbFZelVSDZEKtDXCHuWf
83bi9P4Omz85/nuUJwjBEq0iS4p8wWBlB/3q/hIaT1861da2
-----END CERTIFICATE-----
Generated at Tue Oct 28 04:11:53 2025 by rpki-client