Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/9d5fdc3a-1bfd-4677-9e52-a12c872852f2.roa
File: 9d5fdc3a-1bfd-4677-9e52-a12c872852f2.roa (raw, json)
Hash identifier: Ox58+xt/qGaChv1vYWSSJMBIIk7gL0aR0akOe5YSMZs=
Subject key identifier: F1:C6:C5:32:82:EA:C9:27:C3:B7:FE:83:57:96:B3:02:C2:88:C2:76
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 4B6AED94F8A5F1F484D04E9F39F8ADD7641629CB
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/9d5fdc3a-1bfd-4677-9e52-a12c872852f2.roa
Signing time: Tue 21 Oct 2025 14:30:28 +0000
ROA not before: Tue 21 Oct 2025 14:30:28 +0000
ROA not after: Tue 25 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d011::/36 maxlen: 36
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 29 Oct 2025 00:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
4b:6a:ed:94:f8:a5:f1:f4:84:d0:4e:9f:39:f8:ad:d7:64:16:29:cb
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Oct 21 14:30:28 2025 GMT
Not After : Nov 25 23:59:59 2025 GMT
Subject: serialNumber=4b332627d231626ba78d262777ed11c0e96d3706a6ae052ee836fe13d1155196, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ce:be:fe:7a:21:36:f8:63:a5:51:bf:bd:c8:95:
54:f1:9c:f0:47:c1:b6:10:bc:30:dc:64:6b:72:a1:
6d:52:cf:87:12:23:40:bb:6a:7d:ae:87:b9:4e:9e:
1b:01:61:b0:97:ee:42:06:b0:b5:74:4f:8d:69:bc:
4c:71:9a:a3:bf:24:e8:6c:7a:90:6b:b5:4c:ee:15:
37:8a:5e:fd:a2:19:c5:ac:02:86:39:2c:b1:5a:09:
df:fb:0d:db:5c:fa:d9:5c:0c:c3:82:20:52:4c:9c:
c6:d3:29:10:d5:eb:74:ba:56:9d:88:35:61:86:dd:
f8:a4:9a:27:f6:66:e2:4d:44:28:ea:ed:b1:c8:c6:
26:1d:97:6e:34:94:08:db:2e:4a:ff:a1:30:dd:37:
8c:73:74:83:79:ce:64:58:42:b3:6b:29:e7:71:e5:
33:af:04:4f:df:53:95:b8:e4:cf:11:30:6b:3f:4c:
e1:e0:ab:db:0c:76:e2:e1:d3:97:b4:82:7c:09:ed:
36:c4:0a:9b:12:b2:7f:83:61:86:f8:50:7c:9c:e4:
e0:ac:b1:2a:15:f4:ff:85:e5:66:e9:3f:ef:42:19:
ae:a6:ab:dc:46:27:2f:d1:ed:69:c1:10:9f:fc:00:
ef:a8:59:a2:92:84:74:3b:36:bd:10:65:93:5f:1c:
5f:9f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F1:C6:C5:32:82:EA:C9:27:C3:B7:FE:83:57:96:B3:02:C2:88:C2:76
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/9d5fdc3a-1bfd-4677-9e52-a12c872852f2.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d011::/36
Signature Algorithm: sha256WithRSAEncryption
76:82:15:b5:13:16:d9:d9:37:56:09:4f:84:cd:08:ee:83:ec:
e4:1d:a6:7e:d4:1d:98:88:c0:f7:c9:97:75:d3:da:07:72:f8:
3e:b1:09:58:0c:57:7f:4d:e2:67:4f:1e:63:b7:a0:ea:6a:ed:
37:e4:a7:73:82:99:c8:1e:58:f4:07:1e:36:8b:f3:61:4d:00:
85:5b:14:26:71:8b:20:09:7b:f6:a0:f1:eb:24:83:c5:47:6e:
df:45:6d:58:d6:0b:43:83:dc:12:aa:ac:b2:d3:ad:27:d4:08:
4b:3f:99:26:f8:d6:c5:af:e1:27:58:a9:ad:8a:39:63:dc:e0:
a8:43:52:5b:e2:5f:e9:1f:71:a0:6a:31:81:f7:95:80:62:36:
1c:2a:cc:34:22:16:0b:5c:2c:6a:ff:b7:88:64:a8:e9:ee:1c:
96:96:c5:3e:47:1a:bb:04:ad:3f:6f:8f:c1:e8:59:b2:19:97:
85:be:bf:08:2a:d9:77:ba:e1:5d:06:81:3a:67:b5:4c:85:a2:
73:e9:90:95:be:a8:84:95:d7:61:8a:65:f5:eb:b9:fb:3c:8a:
8c:ee:7b:e8:8b:46:6a:9e:38:79:7c:76:8e:b2:fa:79:3d:ba:
2e:d2:bd:f0:7b:c8:42:7a:20:5e:57:2c:a5:b8:d6:e8:ef:73:
41:2e:a1:24
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUS2rtlPil8fSE0E6fOfit12QWKcswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMjExNDMwMjhaFw0yNTExMjUyMzU5NTlaMHoxSTBHBgNV
BAUTQDRiMzMyNjI3ZDIzMTYyNmJhNzhkMjYyNzc3ZWQxMWMwZTk2ZDM3MDZhNmFl
MDUyZWU4MzZmZTEzZDExNTUxOTYxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAM6+/nohNvhjpVG/vciVVPGc8EfBthC8MNxka3KhbVLPhxIjQLtqfa6HuU6e
GwFhsJfuQgawtXRPjWm8THGao78k6Gx6kGu1TO4VN4pe/aIZxawChjkssVoJ3/sN
21z62VwMw4IgUkycxtMpENXrdLpWnYg1YYbd+KSaJ/Zm4k1EKOrtscjGJh2XbjSU
CNsuSv+hMN03jHN0g3nOZFhCs2sp53HlM68ET99TlbjkzxEwaz9M4eCr2wx24uHT
l7SCfAntNsQKmxKyf4NhhvhQfJzk4KyxKhX0/4XlZuk/70IZrqar3EYnL9HtacEQ
n/wA76hZopKEdDs2vRBlk18cX58CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBTxxsUy
gurJJ8O3/oNXlrMCwojCdjAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
OWQ1ZmRjM2EtMWJmZC00Njc3LTllNTItYTEyYzg3Mjg1MmYyLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGBCoF0BEA
MA0GCSqGSIb3DQEBCwUAA4IBAQB2ghW1ExbZ2TdWCU+EzQjug+zkHaZ+1B2YiMD3
yZd109oHcvg+sQlYDFd/TeJnTx5jt6Dqau035KdzgpnIHlj0Bx42i/NhTQCFWxQm
cYsgCXv2oPHrJIPFR27fRW1Y1gtDg9wSqqyy060n1AhLP5km+NbFr+EnWKmtijlj
3OCoQ1Jb4l/pH3GgajGB95WAYjYcKsw0IhYLXCxq/7eIZKjp7hyWlsU+Rxq7BK0/
b4/B6FmyGZeFvr8IKtl3uuFdBoE6Z7VMhaJz6ZCVvqiElddhimX167n7PIqM7nvo
i0Zqnjh5fHaOsvp5Pbou0r3we8hCeiBeVyyluNbo73NBLqEk
-----END CERTIFICATE-----
Generated at Tue Oct 28 04:14:26 2025 by rpki-client