Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/a40e2cf2-d6e4-4813-a5aa-623eda8926e6.roa
File: a40e2cf2-d6e4-4813-a5aa-623eda8926e6.roa (raw, json)
Hash identifier: /njlSS4AtEVw75bMEAXzPxDSpfGCmiD1IFVhvZNd+PA=
Subject key identifier: D2:4A:98:CF:27:6E:95:77:EE:30:31:F8:C6:87:90:AB:22:E9:6E:3F
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 378CBFA4D094FFF1500CA9C7DA8A1BE08BCDEC7E
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/a40e2cf2-d6e4-4813-a5aa-623eda8926e6.roa
Signing time: Tue 21 Oct 2025 14:20:05 +0000
ROA not before: Tue 21 Oct 2025 14:20:05 +0000
ROA not after: Tue 25 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d031:6080::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 28 Oct 2025 21:56:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
37:8c:bf:a4:d0:94:ff:f1:50:0c:a9:c7:da:8a:1b:e0:8b:cd:ec:7e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Oct 21 14:20:05 2025 GMT
Not After : Nov 25 23:59:59 2025 GMT
Subject: serialNumber=f78f9ead5d6b4ecfb02eec5dea90512b950e8251a517f9a94a58f812868e4595, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8a:6c:3a:97:cd:1f:59:55:87:ca:0b:bf:07:b4:
4e:5f:c6:f0:23:59:23:9d:2a:9a:18:62:1d:d9:3a:
de:3b:07:68:ea:76:22:f3:b7:ec:52:1f:b8:b2:c1:
98:c8:aa:8b:68:61:05:d8:a3:9d:85:d9:4a:60:ba:
00:93:d6:c8:cc:e2:74:54:66:9f:20:e3:ec:87:e5:
f9:6c:7b:39:09:e7:d5:d6:eb:3e:26:3b:c0:f2:a9:
a8:53:28:9d:3a:21:2c:de:7e:cf:f2:23:8b:62:d4:
53:bc:6b:57:a4:f8:b7:19:e0:ca:ea:a5:53:6e:db:
1d:d9:79:98:5d:d1:33:0f:c7:20:ec:dd:ff:69:01:
b5:d7:f7:3d:b1:17:be:36:9c:89:44:dd:24:13:e9:
81:e1:d4:44:7f:4c:28:bf:e2:67:a0:44:f4:36:50:
05:f9:a3:c3:03:06:8b:59:07:4a:8b:f2:fc:49:f2:
40:aa:2e:dd:81:37:01:16:32:9b:3a:b5:32:e9:b3:
11:85:83:1c:59:f8:94:cb:f6:c2:ed:28:28:43:de:
5c:3d:1e:6b:90:82:79:28:c3:0f:7b:22:2f:83:73:
1e:14:3b:e5:de:ef:7c:e6:e3:4e:f4:9d:dc:78:27:
50:7b:3d:e3:f9:a9:1e:ea:d1:84:19:f3:0d:35:b2:
f2:65
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D2:4A:98:CF:27:6E:95:77:EE:30:31:F8:C6:87:90:AB:22:E9:6E:3F
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/a40e2cf2-d6e4-4813-a5aa-623eda8926e6.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d031:6080::/48
Signature Algorithm: sha256WithRSAEncryption
55:c4:c7:56:1b:de:5f:62:a9:b4:06:73:4f:dd:92:50:e9:93:
d8:89:71:e2:c5:a5:2b:b7:d3:e1:fa:60:1b:19:f9:59:ed:cc:
23:20:7e:cd:e9:27:f0:82:91:13:98:51:92:67:4b:93:a1:39:
dc:18:f3:52:20:7e:dd:54:50:cd:b3:91:cd:b1:3a:ef:5f:03:
ef:fb:7f:61:1c:24:ff:d2:87:17:de:65:d6:0b:95:17:84:6d:
20:6f:f1:07:d3:76:cc:1d:06:5f:4d:36:68:c6:81:90:4a:85:
86:1d:e1:af:f1:d2:b1:d2:28:a0:8f:72:c6:70:7e:43:f2:dc:
d2:27:27:48:ab:ff:f2:0b:dd:2f:83:49:7b:04:5b:84:2a:ed:
a7:89:e6:85:9e:fe:b0:9f:c7:f1:19:65:27:44:88:12:fb:7f:
42:e7:96:52:94:90:9a:24:cd:90:b0:80:66:bc:e3:cd:87:4e:
8c:65:97:c0:9f:dc:b9:25:55:6c:95:5a:9a:65:05:c5:05:dc:
60:f7:6b:7a:18:d1:e7:ce:bd:d4:61:21:74:49:4b:d6:9e:49:
c2:5a:59:e4:9b:21:3c:5c:67:41:68:95:31:75:c7:9e:37:d6:
43:32:e0:fd:a6:7b:63:e1:a2:aa:21:25:20:c6:d5:f3:ea:f2:
b2:c1:b9:00
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUN4y/pNCU//FQDKnH2oob4IvN7H4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMjExNDIwMDVaFw0yNTExMjUyMzU5NTlaMHoxSTBHBgNV
BAUTQGY3OGY5ZWFkNWQ2YjRlY2ZiMDJlZWM1ZGVhOTA1MTJiOTUwZTgyNTFhNTE3
ZjlhOTRhNThmODEyODY4ZTQ1OTUxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAIpsOpfNH1lVh8oLvwe0Tl/G8CNZI50qmhhiHdk63jsHaOp2IvO37FIfuLLB
mMiqi2hhBdijnYXZSmC6AJPWyMzidFRmnyDj7Ifl+Wx7OQnn1dbrPiY7wPKpqFMo
nTohLN5+z/Iji2LUU7xrV6T4txngyuqlU27bHdl5mF3RMw/HIOzd/2kBtdf3PbEX
vjaciUTdJBPpgeHURH9MKL/iZ6BE9DZQBfmjwwMGi1kHSovy/EnyQKou3YE3ARYy
mzq1MumzEYWDHFn4lMv2wu0oKEPeXD0ea5CCeSjDD3siL4NzHhQ75d7vfObjTvSd
3HgnUHs94/mpHurRhBnzDTWy8mUCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBTSSpjP
J26Vd+4wMfjGh5CrIuluPzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
YTQwZTJjZjItZDZlNC00ODEzLWE1YWEtNjIzZWRhODkyNmU2LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0DFg
gDANBgkqhkiG9w0BAQsFAAOCAQEAVcTHVhveX2KptAZzT92SUOmT2Ilx4sWlK7fT
4fpgGxn5We3MIyB+zekn8IKRE5hRkmdLk6E53BjzUiB+3VRQzbORzbE6718D7/t/
YRwk/9KHF95l1guVF4RtIG/xB9N2zB0GX002aMaBkEqFhh3hr/HSsdIooI9yxnB+
Q/Lc0icnSKv/8gvdL4NJewRbhCrtp4nmhZ7+sJ/H8RllJ0SIEvt/QueWUpSQmiTN
kLCAZrzjzYdOjGWXwJ/cuSVVbJVammUFxQXcYPdrehjR58691GEhdElL1p5JwlpZ
5JshPFxnQWiVMXXHnjfWQzLg/aZ7Y+GiqiElIMbV8+ryssG5AA==
-----END CERTIFICATE-----
Generated at Tue Oct 28 04:11:12 2025 by rpki-client