Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/ab7811c0-f548-43b8-897d-fac68de3433a.roa
File: ab7811c0-f548-43b8-897d-fac68de3433a.roa (raw, json)
Hash identifier: BIP9IndCM3GXncPNC8bb9wqiWHpOnuusFV8bwJmEDWI=
Subject key identifier: BB:C8:A7:E6:C0:C5:AA:36:FD:E8:5A:BD:21:3F:E9:C0:A1:A9:91:89
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 4B620D418885AC9A58F0BA3AAEC2EAD013D2C5D3
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/ab7811c0-f548-43b8-897d-fac68de3433a.roa
Signing time: Tue 21 Oct 2025 14:10:07 +0000
ROA not before: Tue 21 Oct 2025 14:10:07 +0000
ROA not after: Tue 25 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d01c::/36 maxlen: 36
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 29 Oct 2025 00:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
4b:62:0d:41:88:85:ac:9a:58:f0:ba:3a:ae:c2:ea:d0:13:d2:c5:d3
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Oct 21 14:10:07 2025 GMT
Not After : Nov 25 23:59:59 2025 GMT
Subject: serialNumber=1b7957a3bf532dcd1bd86080460d8f2cf70539f0b596dc4e9ea6b0cb86bcc9b4, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ba:48:01:4f:5b:4c:8e:8d:eb:3c:e3:c6:f5:9b:
6a:43:67:da:4e:41:9e:8b:e4:2d:87:78:c7:cc:92:
5c:ee:e5:ab:e6:fa:d6:31:bd:fd:1f:ae:a7:21:38:
f4:ce:0c:6b:46:af:1f:d1:b1:0c:2d:90:5c:41:a6:
8a:b4:86:2f:38:d1:dc:95:cd:85:00:43:02:fa:eb:
07:d4:b8:4d:b4:aa:c1:4b:47:62:61:5f:7e:4f:e3:
ec:37:b8:f3:dc:72:a3:ac:69:19:fd:1d:e2:b3:8d:
d4:fc:1d:07:ed:9a:8b:17:01:9c:d6:d9:d7:f0:79:
69:06:0a:3b:78:da:5c:bf:31:19:11:a5:66:94:49:
dd:dd:d9:ed:7f:b2:83:08:cb:2a:cd:92:2d:cb:8c:
b8:c9:30:22:85:fb:80:2a:4c:92:24:3d:88:2a:b1:
28:11:eb:d3:f0:7e:ca:97:99:99:e7:6c:6f:db:15:
02:8f:03:86:5c:bc:36:a7:cb:56:f2:13:b8:2f:7b:
46:bb:ae:c6:fe:70:76:e5:f0:84:38:4c:a2:0c:06:
17:dc:e3:60:48:19:77:b9:53:90:9a:6b:6d:77:03:
d2:df:03:a8:ba:99:86:60:b4:ec:59:d0:07:f0:48:
0c:fb:38:bd:01:b9:70:d3:ff:82:1f:c0:2d:76:23:
18:57
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BB:C8:A7:E6:C0:C5:AA:36:FD:E8:5A:BD:21:3F:E9:C0:A1:A9:91:89
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/ab7811c0-f548-43b8-897d-fac68de3433a.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d01c::/36
Signature Algorithm: sha256WithRSAEncryption
3c:02:be:07:08:9e:3c:24:59:20:dc:7b:c8:2e:87:20:9f:a4:
a9:b4:b2:fd:0c:78:81:e8:cc:72:94:e1:58:39:b8:5f:d4:c6:
02:21:f2:d8:d2:eb:f5:f8:29:e2:b3:a9:30:71:e0:c1:50:57:
da:32:9c:c8:b9:41:f4:a5:08:60:f0:ac:b9:e8:be:dc:9a:9c:
65:5a:2c:50:55:84:8b:8d:bb:65:b0:3d:11:50:2d:c8:9b:84:
84:ea:11:f3:47:02:32:04:c4:c0:6b:a0:d5:c2:2b:c8:29:48:
6d:10:b8:c8:d9:89:2a:3b:d8:c6:6a:4f:45:a6:8e:72:40:e8:
ee:75:35:a0:04:5b:7c:7e:4a:8e:17:4e:05:46:84:29:3f:7e:
78:a6:75:19:0e:0b:02:01:6c:28:1a:c5:76:86:d1:c9:e2:7e:
65:5d:04:26:90:f2:dc:cc:1c:43:85:27:a2:d6:21:e6:3b:31:
62:41:1e:d3:37:1a:e3:15:3f:48:1c:ec:4d:e1:62:09:d4:49:
f7:72:fa:b3:88:75:e0:66:92:5f:07:3a:ed:20:40:f3:c0:39:
3f:0f:d0:57:84:25:c4:cc:3f:67:c9:66:36:61:1b:74:a7:23:
84:84:9f:67:4a:84:b2:db:44:b2:01:77:e2:ed:0c:3c:0c:14:
d2:74:e2:e8
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUS2INQYiFrJpY8Lo6rsLq0BPSxdMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMjExNDEwMDdaFw0yNTExMjUyMzU5NTlaMHoxSTBHBgNV
BAUTQDFiNzk1N2EzYmY1MzJkY2QxYmQ4NjA4MDQ2MGQ4ZjJjZjcwNTM5ZjBiNTk2
ZGM0ZTllYTZiMGNiODZiY2M5YjQxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALpIAU9bTI6N6zzjxvWbakNn2k5BnovkLYd4x8ySXO7lq+b61jG9/R+upyE4
9M4Ma0avH9GxDC2QXEGmirSGLzjR3JXNhQBDAvrrB9S4TbSqwUtHYmFffk/j7De4
89xyo6xpGf0d4rON1PwdB+2aixcBnNbZ1/B5aQYKO3jaXL8xGRGlZpRJ3d3Z7X+y
gwjLKs2SLcuMuMkwIoX7gCpMkiQ9iCqxKBHr0/B+ypeZmedsb9sVAo8Dhly8NqfL
VvITuC97Rruuxv5wduXwhDhMogwGF9zjYEgZd7lTkJprbXcD0t8DqLqZhmC07FnQ
B/BIDPs4vQG5cNP/gh/ALXYjGFcCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBS7yKfm
wMWqNv3oWr0hP+nAoamRiTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
YWI3ODExYzAtZjU0OC00M2I4LTg5N2QtZmFjNjhkZTM0MzNhLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGBCoF0BwA
MA0GCSqGSIb3DQEBCwUAA4IBAQA8Ar4HCJ48JFkg3HvILocgn6SptLL9DHiB6Mxy
lOFYObhf1MYCIfLY0uv1+Cnis6kwceDBUFfaMpzIuUH0pQhg8Ky56L7cmpxlWixQ
VYSLjbtlsD0RUC3Im4SE6hHzRwIyBMTAa6DVwivIKUhtELjI2YkqO9jGak9Fpo5y
QOjudTWgBFt8fkqOF04FRoQpP354pnUZDgsCAWwoGsV2htHJ4n5lXQQmkPLczBxD
hSei1iHmOzFiQR7TNxrjFT9IHOxN4WIJ1En3cvqziHXgZpJfBzrtIEDzwDk/D9BX
hCXEzD9nyWY2YRt0pyOEhJ9nSoSy20SyAXfi7Qw8DBTSdOLo
-----END CERTIFICATE-----
Generated at Tue Oct 28 04:14:29 2025 by rpki-client