Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/a6bd87d5-c11e-4508-ada5-ef58a495d3f6.roa
File: a6bd87d5-c11e-4508-ada5-ef58a495d3f6.roa (raw, json)
Hash identifier: FMfpZZw3FmjlFee3rhKe9rqAQQyaDYGQC0EHUOx0W2c=
Subject key identifier: CC:D0:F9:BD:9D:27:15:EB:38:6E:5D:BE:FF:2F:29:24:82:73:4D:45
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 2B3BAEB3EA5141E2A89E13D3ACBDE357E326443C
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/a6bd87d5-c11e-4508-ada5-ef58a495d3f6.roa
Signing time: Tue 21 Oct 2025 13:40:32 +0000
ROA not before: Tue 21 Oct 2025 13:40:32 +0000
ROA not after: Tue 25 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d032:9000::/40 maxlen: 40
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 29 Oct 2025 00:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
2b:3b:ae:b3:ea:51:41:e2:a8:9e:13:d3:ac:bd:e3:57:e3:26:44:3c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Oct 21 13:40:32 2025 GMT
Not After : Nov 25 23:59:59 2025 GMT
Subject: serialNumber=4d3a043284411c65b5e426938fa2c09944b153e1aaf10c1ba0184bb77a1ba95c, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a4:65:35:6e:b6:05:ae:42:3e:a7:7e:88:9b:c4:
94:7f:d0:67:71:3d:50:fc:d6:cd:b1:99:38:16:9d:
a1:c9:e8:a7:f3:1c:d1:ac:a5:f8:e2:2d:24:3a:6a:
08:ad:64:8b:3f:d9:35:fb:e2:5e:f3:c5:4e:58:fd:
5f:6c:63:de:f4:7a:22:dc:1e:d9:e5:49:7c:e2:3b:
6d:0c:6d:e8:1b:69:b3:e5:c3:e5:27:53:52:ce:b0:
9a:94:c6:09:05:54:0d:79:9c:d9:a4:44:c7:34:1f:
1d:86:1e:e9:03:26:57:a6:1b:fa:74:9e:6c:31:d3:
8b:63:72:e3:ce:47:a8:9f:cb:47:bf:0c:1e:37:9f:
43:3d:d9:9e:55:ea:1e:a6:ad:2b:cd:d3:20:c9:de:
c0:aa:f2:5c:6f:f3:96:18:0e:8e:72:41:88:e5:93:
84:bc:73:e4:1d:d9:d3:b7:52:49:d1:69:3b:53:03:
96:cf:09:78:47:ee:a4:5d:fb:73:4e:b3:33:71:5b:
4f:f7:cc:da:5b:52:d7:a1:4a:90:20:34:ae:c5:f2:
ca:8e:98:98:81:80:63:0b:56:fe:39:5d:e2:37:46:
c7:11:9d:e3:3b:3b:6c:63:f8:df:8b:7c:b2:25:e2:
32:84:d7:8b:29:90:03:63:a3:0f:10:1f:4e:6e:f2:
a9:69
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CC:D0:F9:BD:9D:27:15:EB:38:6E:5D:BE:FF:2F:29:24:82:73:4D:45
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/a6bd87d5-c11e-4508-ada5-ef58a495d3f6.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d032:9000::/40
Signature Algorithm: sha256WithRSAEncryption
95:70:c2:b0:93:1e:f3:d3:8d:74:19:d4:a8:a4:7c:2e:74:cc:
af:9d:3b:bd:e4:60:74:31:29:22:a3:41:3a:75:e5:de:70:55:
dd:31:9c:40:57:6b:08:d8:95:fa:c7:25:33:0f:b7:6c:f3:7b:
9f:bf:f2:06:d1:4b:e7:37:4f:de:f0:07:02:b9:d7:a1:05:bc:
00:8b:0a:46:d0:c4:c0:12:01:98:9c:47:d9:97:af:40:93:3f:
1e:32:cb:79:6f:a4:29:f3:ef:00:f3:0b:f9:c6:3d:3e:08:3e:
33:88:c9:ef:3a:77:31:78:d5:ae:5b:3f:45:dd:d7:21:61:54:
3b:4b:8e:d5:2e:5d:d6:81:c2:c8:1e:6c:24:97:6f:43:10:4e:
e7:5e:bd:06:22:9b:b3:64:e4:0c:c6:2d:e9:0e:ff:aa:d1:1d:
89:f7:0e:50:af:1b:ed:f4:64:fd:e4:63:ce:a5:a9:aa:6b:79:
db:4b:41:26:71:3d:9d:88:9a:4f:50:e2:0c:b2:47:7c:d6:c5:
f1:28:3b:5a:7c:22:d1:0f:df:96:01:30:e4:cb:ac:cb:68:26:
3a:9f:81:bb:32:39:b7:7b:78:d2:39:76:8f:b4:dc:e1:e9:d1:
ac:78:cc:ae:31:12:7d:09:7d:36:63:21:1c:a5:16:f8:98:a4:
36:e4:1e:1c
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUKzuus+pRQeKonhPTrL3jV+MmRDwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMjExMzQwMzJaFw0yNTExMjUyMzU5NTlaMHoxSTBHBgNV
BAUTQDRkM2EwNDMyODQ0MTFjNjViNWU0MjY5MzhmYTJjMDk5NDRiMTUzZTFhYWYx
MGMxYmEwMTg0YmI3N2ExYmE5NWMxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKRlNW62Ba5CPqd+iJvElH/QZ3E9UPzWzbGZOBadocnop/Mc0ayl+OItJDpq
CK1kiz/ZNfviXvPFTlj9X2xj3vR6Itwe2eVJfOI7bQxt6Btps+XD5SdTUs6wmpTG
CQVUDXmc2aRExzQfHYYe6QMmV6Yb+nSebDHTi2Ny485HqJ/LR78MHjefQz3ZnlXq
HqatK83TIMnewKryXG/zlhgOjnJBiOWThLxz5B3Z07dSSdFpO1MDls8JeEfupF37
c06zM3FbT/fM2ltS16FKkCA0rsXyyo6YmIGAYwtW/jld4jdGxxGd4zs7bGP434t8
siXiMoTXiymQA2OjDxAfTm7yqWkCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBTM0Pm9
nScV6zhuXb7/LykkgnNNRTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
YTZiZDg3ZDUtYzExZS00NTA4LWFkYTUtZWY1OGE0OTVkM2Y2LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0DKQ
MA0GCSqGSIb3DQEBCwUAA4IBAQCVcMKwkx7z0410GdSopHwudMyvnTu95GB0MSki
o0E6deXecFXdMZxAV2sI2JX6xyUzD7ds83ufv/IG0UvnN0/e8AcCudehBbwAiwpG
0MTAEgGYnEfZl69Akz8eMst5b6Qp8+8A8wv5xj0+CD4ziMnvOncxeNWuWz9F3dch
YVQ7S47VLl3WgcLIHmwkl29DEE7nXr0GIpuzZOQMxi3pDv+q0R2J9w5Qrxvt9GT9
5GPOpamqa3nbS0EmcT2diJpPUOIMskd81sXxKDtafCLRD9+WATDky6zLaCY6n4G7
Mjm3e3jSOXaPtNzh6dGseMyuMRJ9CX02YyEcpRb4mKQ25B4c
-----END CERTIFICATE-----
Generated at Tue Oct 28 04:11:12 2025 by rpki-client