Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/ab1fdc4a-fa1a-4813-8272-9601a3d755e4.roa
File: ab1fdc4a-fa1a-4813-8272-9601a3d755e4.roa (raw, json)
Hash identifier: JYWAx0/ifgXleFKy11yBX0JE+iEDz0iigQBo8mtBdxg=
Subject key identifier: B7:51:18:E0:03:81:E8:8C:97:1C:20:18:97:D0:CD:7E:65:32:B6:F8
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 1507228129B5DF11628B7943CBA387EA04F52B00
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/ab1fdc4a-fa1a-4813-8272-9601a3d755e4.roa
Signing time: Tue 21 Oct 2025 13:40:07 +0000
ROA not before: Tue 21 Oct 2025 13:40:07 +0000
ROA not after: Tue 25 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d072:10c0::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 29 Oct 2025 00:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
15:07:22:81:29:b5:df:11:62:8b:79:43:cb:a3:87:ea:04:f5:2b:00
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Oct 21 13:40:07 2025 GMT
Not After : Nov 25 23:59:59 2025 GMT
Subject: serialNumber=0546371a7ef84b34f2949c24107d987c4517bf9a0ecc69b0d9b61c2d07787643, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d0:80:58:d5:12:1c:de:08:65:28:d9:b3:8a:68:
63:d8:75:7f:a3:0d:ce:50:ab:68:20:70:ff:ab:17:
00:c6:42:3e:3f:ff:4e:5d:d6:ea:5d:01:c3:9d:8c:
94:66:b6:3e:0c:e0:e9:b9:38:86:29:87:e8:f2:96:
90:14:0f:df:e2:38:39:89:f5:b3:8b:d5:f7:ef:b1:
d6:df:69:55:41:46:db:9b:36:ab:6b:74:ae:71:2d:
50:36:14:f0:f4:3f:91:7b:89:f8:db:2c:74:89:32:
20:83:0c:65:55:b5:3b:f4:06:bd:54:6e:2d:c7:f1:
07:7f:e2:3a:dd:30:90:ab:54:e0:0d:e6:1e:db:1d:
5c:c6:e9:93:08:25:74:3c:26:78:80:87:45:cd:c1:
9d:6b:66:35:31:5e:29:a6:71:1a:17:b6:ac:20:51:
69:58:01:08:70:33:d6:4a:8b:38:d0:74:4f:d3:4f:
3f:28:11:7b:37:eb:08:12:97:b9:16:13:db:78:28:
3a:3d:78:14:7f:33:a1:2a:20:71:ad:00:3e:0b:fd:
38:41:4b:0e:6a:3f:b7:d0:ea:04:15:14:f2:e0:0a:
1e:fb:1f:9c:3e:ed:80:2a:5c:ce:6f:82:19:aa:0e:
8b:cd:e3:15:d2:3b:86:35:91:5a:38:31:a4:ea:99:
bc:f1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B7:51:18:E0:03:81:E8:8C:97:1C:20:18:97:D0:CD:7E:65:32:B6:F8
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/ab1fdc4a-fa1a-4813-8272-9601a3d755e4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d072:10c0::/48
Signature Algorithm: sha256WithRSAEncryption
69:9c:0b:67:f0:ac:07:84:89:46:6d:e4:61:14:b8:3d:a1:e7:
df:77:f8:f9:8c:db:45:ef:25:28:b5:32:93:89:ef:bd:a8:dd:
fa:9d:ba:63:a8:17:72:ee:f1:63:1c:6c:c1:82:0e:d1:fb:21:
eb:8b:a6:c3:41:d3:67:3b:bc:40:22:56:5c:2e:08:87:bb:32:
6e:06:af:89:52:d3:e1:64:d7:e2:f5:4a:a4:f8:73:ab:6b:8d:
75:cc:d7:d6:df:e8:23:bd:5e:b3:a5:31:35:1d:d7:ff:67:5e:
77:89:bd:3c:19:4a:15:0f:57:3c:1c:32:3e:79:a6:b5:32:c8:
ae:5a:68:d5:8c:63:c7:4d:ce:45:89:a9:1a:5c:a8:1c:c8:e1:
34:b7:5d:40:cc:64:71:2f:f2:c5:e5:51:5f:62:96:c8:8c:bf:
4b:05:2d:d6:f2:0e:88:a6:a1:70:04:75:91:76:bd:b7:7c:a8:
98:52:d8:fc:1c:b7:c2:d7:fc:79:61:40:4a:92:14:f5:05:ed:
9c:48:8b:4a:e1:d1:c1:d1:39:8c:5f:d2:74:15:e9:ba:70:2c:
78:33:6f:b1:7e:54:b9:d9:ae:a2:ce:b1:2c:41:2a:23:20:b6:
43:2b:d4:98:66:26:7b:0c:2a:49:37:66:c4:d4:85:ea:90:c4:
79:44:ce:dc
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUFQcigSm13xFii3lDy6OH6gT1KwAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMjExMzQwMDdaFw0yNTExMjUyMzU5NTlaMHoxSTBHBgNV
BAUTQDA1NDYzNzFhN2VmODRiMzRmMjk0OWMyNDEwN2Q5ODdjNDUxN2JmOWEwZWNj
NjliMGQ5YjYxYzJkMDc3ODc2NDMxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANCAWNUSHN4IZSjZs4poY9h1f6MNzlCraCBw/6sXAMZCPj//Tl3W6l0Bw52M
lGa2Pgzg6bk4himH6PKWkBQP3+I4OYn1s4vV9++x1t9pVUFG25s2q2t0rnEtUDYU
8PQ/kXuJ+NssdIkyIIMMZVW1O/QGvVRuLcfxB3/iOt0wkKtU4A3mHtsdXMbpkwgl
dDwmeICHRc3BnWtmNTFeKaZxGhe2rCBRaVgBCHAz1kqLONB0T9NPPygRezfrCBKX
uRYT23goOj14FH8zoSogca0APgv9OEFLDmo/t9DqBBUU8uAKHvsfnD7tgCpczm+C
GaoOi83jFdI7hjWRWjgxpOqZvPECAwEAAaOCAiQwggIgMB0GA1UdDgQWBBS3URjg
A4HojJccIBiX0M1+ZTK2+DAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
YWIxZmRjNGEtZmExYS00ODEzLTgyNzItOTYwMWEzZDc1NWU0LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0HIQ
wDANBgkqhkiG9w0BAQsFAAOCAQEAaZwLZ/CsB4SJRm3kYRS4PaHn33f4+YzbRe8l
KLUyk4nvvajd+p26Y6gXcu7xYxxswYIO0fsh64umw0HTZzu8QCJWXC4Ih7sybgav
iVLT4WTX4vVKpPhzq2uNdczX1t/oI71es6UxNR3X/2ded4m9PBlKFQ9XPBwyPnmm
tTLIrlpo1Yxjx03ORYmpGlyoHMjhNLddQMxkcS/yxeVRX2KWyIy/SwUt1vIOiKah
cAR1kXa9t3yomFLY/By3wtf8eWFASpIU9QXtnEiLSuHRwdE5jF/SdBXpunAseDNv
sX5Uudmuos6xLEEqIyC2QyvUmGYmewwqSTdmxNSF6pDEeUTO3A==
-----END CERTIFICATE-----
Generated at Tue Oct 28 04:15:18 2025 by rpki-client