Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/bad6d47b-d932-44b6-8939-bd8993b444d2.roa
File: bad6d47b-d932-44b6-8939-bd8993b444d2.roa (raw, json)
Hash identifier: NDhpcnkRaAYYzWXcxC8MkISfk9u3sTHLYuThABVUFLo=
Subject key identifier: 4D:1B:9A:75:D6:EE:44:31:0D:22:64:5B:89:02:4A:A0:1C:5B:27:87
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 6E89804A6BC87D9FF8454D7768BE725B48805519
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/bad6d47b-d932-44b6-8939-bd8993b444d2.roa
Signing time: Fri 24 Oct 2025 00:20:09 +0000
ROA not before: Fri 24 Oct 2025 00:20:09 +0000
ROA not after: Fri 28 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d034:80c0::/46 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 28 Oct 2025 21:56:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
6e:89:80:4a:6b:c8:7d:9f:f8:45:4d:77:68:be:72:5b:48:80:55:19
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Oct 24 00:20:09 2025 GMT
Not After : Nov 28 23:59:59 2025 GMT
Subject: serialNumber=8ba4ba37dcc177edb0ca830415862991a43674120ed184a8038dc94cc1c0eab3, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a8:0e:86:a4:cb:b0:df:7a:59:5c:36:c0:a4:03:
f7:8b:8d:54:7f:ca:08:0a:ba:36:4e:ce:20:34:eb:
e7:6d:8f:66:86:55:7e:28:6f:5f:f6:52:8d:c1:2d:
a0:c1:6e:92:57:9f:70:b9:23:0e:26:13:ad:7d:cb:
d8:30:82:f6:80:88:af:a6:af:17:e1:91:7e:3d:cc:
94:4a:f6:1c:37:27:dc:39:f6:9e:b0:d4:8f:01:ed:
5c:fb:d2:06:3d:43:5b:f9:a9:bf:60:6d:32:f1:c4:
52:23:a5:aa:17:60:c2:87:ad:c7:12:97:ca:07:99:
b7:a1:74:26:a6:e8:8b:ac:ea:da:3f:fc:3f:de:af:
87:f3:ea:36:29:76:75:88:bf:c3:ed:3a:13:fb:56:
5e:ed:9b:01:48:f3:3a:5c:9b:15:88:07:d4:bd:37:
c6:95:5a:32:97:fc:69:93:17:95:93:30:66:75:94:
b1:d6:95:97:d3:7e:43:b0:c7:bc:48:c3:c9:33:6b:
80:e9:14:c1:50:32:02:a7:b0:49:cb:40:1d:73:71:
04:51:5f:58:33:99:29:9e:b8:0f:e3:bb:7f:59:a9:
ed:93:a1:17:fd:67:43:0f:e3:59:c1:f9:4d:6b:85:
8d:36:43:24:41:cb:81:fa:60:2f:de:46:f4:7a:55:
b7:cb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4D:1B:9A:75:D6:EE:44:31:0D:22:64:5B:89:02:4A:A0:1C:5B:27:87
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/bad6d47b-d932-44b6-8939-bd8993b444d2.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d034:80c0::/46
Signature Algorithm: sha256WithRSAEncryption
6e:f8:96:1c:51:ba:fa:77:50:ef:25:3d:cd:58:30:0c:a6:b8:
b0:5c:37:a8:0f:ed:94:9b:3d:da:11:cc:82:d6:31:46:96:81:
7c:9e:b5:bd:cf:e3:3e:35:a2:e5:80:5a:ac:d1:69:36:c9:9b:
e1:76:ce:f8:90:be:d2:0e:9e:b1:c6:1d:07:05:ff:5e:c6:47:
22:8c:b5:e0:cc:13:3b:5f:48:1f:8a:a2:7c:0c:59:a7:0e:44:
be:52:17:88:72:58:c5:7f:a3:b8:1c:18:60:97:8f:dc:d0:1c:
79:44:fe:64:21:c4:59:c1:81:ab:08:c4:24:98:84:3c:40:75:
05:5b:3e:95:c3:68:5a:b7:1a:d5:21:b9:8d:4d:14:52:d9:7f:
b7:bf:8c:c0:90:d8:9b:02:b2:bd:ed:bf:24:ed:25:8b:d6:30:
08:f7:61:14:9d:46:c4:51:66:d4:ca:34:48:81:c0:cc:b6:b5:
ac:5f:3d:75:a3:51:c1:0e:cc:96:c0:b8:19:2e:59:95:4a:4e:
0d:18:ad:ba:5b:8e:75:69:12:a7:b5:a8:5e:62:4d:f0:cc:2b:
c5:1a:be:ca:9d:4d:7c:87:7a:bd:87:d6:57:78:00:f8:b3:7e:
cb:7b:1e:aa:a9:67:1a:04:b1:ac:c8:63:18:e8:65:fb:6f:fc:
14:b9:e6:44
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUbomASmvIfZ/4RU13aL5yW0iAVRkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMjQwMDIwMDlaFw0yNTExMjgyMzU5NTlaMHoxSTBHBgNV
BAUTQDhiYTRiYTM3ZGNjMTc3ZWRiMGNhODMwNDE1ODYyOTkxYTQzNjc0MTIwZWQx
ODRhODAzOGRjOTRjYzFjMGVhYjMxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKgOhqTLsN96WVw2wKQD94uNVH/KCAq6Nk7OIDTr522PZoZVfihvX/ZSjcEt
oMFuklefcLkjDiYTrX3L2DCC9oCIr6avF+GRfj3MlEr2HDcn3Dn2nrDUjwHtXPvS
Bj1DW/mpv2BtMvHEUiOlqhdgwoetxxKXygeZt6F0Jqboi6zq2j/8P96vh/PqNil2
dYi/w+06E/tWXu2bAUjzOlybFYgH1L03xpVaMpf8aZMXlZMwZnWUsdaVl9N+Q7DH
vEjDyTNrgOkUwVAyAqewSctAHXNxBFFfWDOZKZ64D+O7f1mp7ZOhF/1nQw/jWcH5
TWuFjTZDJEHLgfpgL95G9HpVt8sCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBRNG5p1
1u5EMQ0iZFuJAkqgHFsnhzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
YmFkNmQ0N2ItZDkzMi00NGI2LTg5MzktYmQ4OTkzYjQ0NGQyLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHAioF0DSA
wDANBgkqhkiG9w0BAQsFAAOCAQEAbviWHFG6+ndQ7yU9zVgwDKa4sFw3qA/tlJs9
2hHMgtYxRpaBfJ61vc/jPjWi5YBarNFpNsmb4XbO+JC+0g6escYdBwX/XsZHIoy1
4MwTO19IH4qifAxZpw5EvlIXiHJYxX+juBwYYJeP3NAceUT+ZCHEWcGBqwjEJJiE
PEB1BVs+lcNoWrca1SG5jU0UUtl/t7+MwJDYmwKyve2/JO0li9YwCPdhFJ1GxFFm
1Mo0SIHAzLa1rF89daNRwQ7MlsC4GS5ZlUpODRituluOdWkSp7WoXmJN8MwrxRq+
yp1NfId6vYfWV3gA+LN+y3seqqlnGgSxrMhjGOhl+2/8FLnmRA==
-----END CERTIFICATE-----
Generated at Tue Oct 28 04:19:31 2025 by rpki-client