Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/a37b3e49-cec5-4def-b3ef-5356277d82ab.roa
File: a37b3e49-cec5-4def-b3ef-5356277d82ab.roa (raw, json)
Hash identifier: nBp4p3Sxzd99NYUbIWBmHPQ0KuZUFltXKVSEiT/6bDg=
Subject key identifier: ED:18:A8:95:CB:B1:B3:A4:55:75:A6:17:13:06:BE:3F:F1:1F:C0:2F
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 3900D454433DF55BCA68C73283DB5FEADE1DDB0D
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/a37b3e49-cec5-4def-b3ef-5356277d82ab.roa
Signing time: Tue 21 Oct 2025 14:30:57 +0000
ROA not before: Tue 21 Oct 2025 14:30:57 +0000
ROA not after: Tue 25 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d038:1000::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 28 Oct 2025 21:56:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
39:00:d4:54:43:3d:f5:5b:ca:68:c7:32:83:db:5f:ea:de:1d:db:0d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Oct 21 14:30:57 2025 GMT
Not After : Nov 25 23:59:59 2025 GMT
Subject: serialNumber=8058715254bd0f2d249bc7a7c6fe1437e03a852900cda30d3a2f3516e1b74f97, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a5:03:55:25:a8:87:a0:a3:30:ee:11:73:d1:ca:
c4:33:89:22:ca:9f:9e:83:64:6f:dd:1f:dc:5a:24:
dd:63:4b:26:8b:c5:91:ec:79:c8:1c:25:b8:69:43:
b4:4e:73:80:fc:19:9c:ae:27:fc:04:eb:ce:ba:37:
15:72:85:45:88:f7:93:2b:49:74:69:6b:88:0e:97:
46:a7:24:35:e7:73:91:ba:1e:59:c8:02:52:61:20:
bf:1e:38:30:15:af:6d:c9:43:31:1a:73:d2:87:51:
ce:c6:16:cc:39:88:f7:77:57:6b:21:b3:d9:75:f2:
c9:eb:26:32:c0:02:65:26:81:5c:38:8f:30:0b:08:
1e:eb:22:b5:f4:74:50:6b:d8:35:c1:8d:b1:eb:7d:
f6:7b:67:d3:0a:7a:47:85:8d:53:5f:e4:22:2e:66:
ca:51:48:47:b3:79:d5:c0:20:f3:23:d1:c3:d6:f5:
b9:65:25:2a:9b:3e:c5:f1:5d:94:7c:55:77:8d:9e:
ef:f7:f0:e5:57:d8:d1:24:f3:ee:3c:b0:db:72:f0:
82:9e:fa:54:93:d0:ca:09:59:e8:6f:48:47:19:29:
7c:06:0c:99:f5:e4:4e:a0:17:32:8d:2f:1e:fd:7f:
8f:82:ac:12:ec:2f:1e:35:20:7d:0b:bc:3a:44:a9:
6d:79
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
ED:18:A8:95:CB:B1:B3:A4:55:75:A6:17:13:06:BE:3F:F1:1F:C0:2F
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/a37b3e49-cec5-4def-b3ef-5356277d82ab.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d038:1000::/40
Signature Algorithm: sha256WithRSAEncryption
6f:52:d8:21:ec:10:16:49:2f:d6:53:58:7e:f6:fa:67:f7:13:
dd:28:7f:da:49:6c:59:9d:ae:66:6c:63:ac:61:26:50:62:d9:
41:67:3a:b1:b3:fc:d4:5b:bd:16:2d:23:47:6b:21:cc:9a:bb:
13:09:98:59:54:a1:5b:09:2f:83:39:9e:21:55:d9:4c:da:16:
5f:33:01:ff:f1:10:17:d2:3e:9c:99:d2:e8:b9:af:53:1a:5c:
a1:7d:47:cc:15:06:e5:d3:83:14:67:a6:fc:84:9d:14:0a:1a:
6a:ae:fe:ac:6f:b8:d3:cb:24:2b:ba:33:98:94:af:65:c7:97:
5b:e8:f4:97:c4:fb:17:13:bd:de:f2:9b:75:0d:9e:ac:92:14:
29:ab:7a:66:4a:05:9a:d3:80:0b:17:29:2a:69:b1:c1:ca:61:
84:aa:62:a5:72:6c:69:84:fc:b9:ee:c9:26:2a:1b:b2:4a:df:
3e:9f:ed:ac:15:db:21:78:eb:39:f1:04:72:29:45:e9:3b:0b:
4e:86:c0:3a:f8:b2:b6:11:41:c4:2d:d9:9d:06:a7:f4:bf:e9:
5b:f7:70:5c:d3:39:ff:08:57:b6:17:c6:fd:91:11:96:95:15:
3e:93:7f:b2:28:e9:d2:9f:2c:2a:db:dc:f9:1f:77:2b:b3:03:
2a:c2:e4:95
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUOQDUVEM99VvKaMcyg9tf6t4d2w0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMjExNDMwNTdaFw0yNTExMjUyMzU5NTlaMHoxSTBHBgNV
BAUTQDgwNTg3MTUyNTRiZDBmMmQyNDliYzdhN2M2ZmUxNDM3ZTAzYTg1MjkwMGNk
YTMwZDNhMmYzNTE2ZTFiNzRmOTcxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKUDVSWoh6CjMO4Rc9HKxDOJIsqfnoNkb90f3Fok3WNLJovFkex5yBwluGlD
tE5zgPwZnK4n/ATrzro3FXKFRYj3kytJdGlriA6XRqckNedzkboeWcgCUmEgvx44
MBWvbclDMRpz0odRzsYWzDmI93dXayGz2XXyyesmMsACZSaBXDiPMAsIHusitfR0
UGvYNcGNset99ntn0wp6R4WNU1/kIi5mylFIR7N51cAg8yPRw9b1uWUlKps+xfFd
lHxVd42e7/fw5VfY0STz7jyw23Lwgp76VJPQyglZ6G9IRxkpfAYMmfXkTqAXMo0v
Hv1/j4KsEuwvHjUgfQu8OkSpbXkCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBTtGKiV
y7GzpFV1phcTBr4/8R/ALzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
YTM3YjNlNDktY2VjNS00ZGVmLWIzZWYtNTM1NjI3N2Q4MmFiLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0DgQ
MA0GCSqGSIb3DQEBCwUAA4IBAQBvUtgh7BAWSS/WU1h+9vpn9xPdKH/aSWxZna5m
bGOsYSZQYtlBZzqxs/zUW70WLSNHayHMmrsTCZhZVKFbCS+DOZ4hVdlM2hZfMwH/
8RAX0j6cmdLoua9TGlyhfUfMFQbl04MUZ6b8hJ0UChpqrv6sb7jTyyQrujOYlK9l
x5db6PSXxPsXE73e8pt1DZ6skhQpq3pmSgWa04ALFykqabHBymGEqmKlcmxphPy5
7skmKhuySt8+n+2sFdsheOs58QRyKUXpOwtOhsA6+LK2EUHELdmdBqf0v+lb93Bc
0zn/CFe2F8b9kRGWlRU+k3+yKOnSnywq29z5H3crswMqwuSV
-----END CERTIFICATE-----
Generated at Tue Oct 28 04:11:55 2025 by rpki-client