Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/be1170a3-5a68-4c9c-8b51-b7efde64b945.roa
File: be1170a3-5a68-4c9c-8b51-b7efde64b945.roa (raw, json)
Hash identifier: m9z1lLVqUH0UI7kB7Kl00MPEIPP8GzPnIhNQP5y0ufs=
Subject key identifier: 26:F9:0E:57:2B:65:F2:6E:48:C5:62:91:E6:64:8D:74:1D:99:8B:85
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 7E1AC68FBD639CF37EACB8BFDCD45D4134906A2A
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/be1170a3-5a68-4c9c-8b51-b7efde64b945.roa
Signing time: Tue 21 Oct 2025 13:10:41 +0000
ROA not before: Tue 21 Oct 2025 13:10:41 +0000
ROA not after: Tue 25 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d071:6000::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 28 Oct 2025 08:00:02 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
7e:1a:c6:8f:bd:63:9c:f3:7e:ac:b8:bf:dc:d4:5d:41:34:90:6a:2a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Oct 21 13:10:41 2025 GMT
Not After : Nov 25 23:59:59 2025 GMT
Subject: serialNumber=c305e77101cf79a303d668ca13d67fd7ff436cebd037913e135f08c98cfee225, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:92:ac:55:53:e4:34:ec:87:0a:ad:16:2f:31:6a:
e8:f8:e8:0d:69:f1:f5:a0:0d:2b:8c:a4:5e:5b:a2:
c6:44:c0:ad:f2:49:de:81:cb:5f:3d:5d:9a:5b:56:
f4:42:20:fb:2c:1c:b2:85:51:45:1a:a6:9e:2d:c7:
94:39:dc:3b:b9:cd:0f:69:61:56:72:ae:fc:5b:95:
ca:b9:b6:b6:3b:29:fc:7b:da:56:07:74:84:7e:9a:
aa:8e:77:1b:90:fa:ee:aa:0e:c1:f8:f0:63:78:50:
32:e2:41:d7:a9:1a:61:5e:28:f9:b6:cc:09:6c:18:
c8:ee:68:3c:ea:8b:48:f6:49:01:0e:32:21:17:a0:
52:f6:ca:2d:2b:34:fc:0a:7c:97:1e:4d:3f:e0:90:
1e:18:99:54:12:4c:88:30:f4:6e:5e:9b:b1:dc:80:
b3:ea:2e:af:c9:ed:56:e1:8c:d3:d0:ed:9d:00:76:
a7:c2:c3:89:9e:8b:66:bc:15:68:64:36:2d:77:68:
87:28:11:50:4d:a7:11:06:fb:59:3b:d8:da:a4:fd:
d8:ec:57:65:40:96:65:3e:fc:ba:f8:62:dd:86:54:
70:6c:b6:73:aa:af:47:ab:77:b9:da:bd:10:8d:ae:
83:c9:65:cd:4a:a1:69:bb:25:10:27:4e:c2:2e:1a:
44:13
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
26:F9:0E:57:2B:65:F2:6E:48:C5:62:91:E6:64:8D:74:1D:99:8B:85
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/be1170a3-5a68-4c9c-8b51-b7efde64b945.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d071:6000::/40
Signature Algorithm: sha256WithRSAEncryption
a5:08:27:14:9b:f6:25:9a:40:c4:a0:d9:31:6d:8f:b3:bb:6e:
09:a6:2e:12:61:2c:a7:76:91:c6:37:8d:08:5a:57:e4:66:8d:
23:2d:28:c8:03:35:57:8c:bf:fb:64:98:bd:4f:1d:69:ed:60:
45:2e:ef:9d:b1:9c:2a:2d:91:d6:ff:55:71:78:98:fa:7b:ea:
d2:f8:0c:b7:89:ec:8b:9f:af:89:5b:05:c4:57:4c:03:79:24:
7f:99:4c:43:e3:b0:34:34:56:42:bb:fb:ac:ae:bc:84:c7:ed:
2c:6f:ad:15:89:98:af:93:6d:59:56:e1:7d:28:bb:b4:8a:dd:
a4:1e:f4:8e:36:aa:bd:27:61:54:01:15:0c:11:87:59:f7:70:
18:d7:a4:2e:74:8a:92:6a:d9:70:7a:50:d3:0f:f8:c6:46:1c:
9c:5f:12:49:7c:62:23:04:93:ae:bd:75:e7:89:f8:6c:28:30:
65:f1:db:b5:c8:28:46:50:d7:0a:72:0d:ff:f7:58:77:71:ce:
19:f7:5a:79:d9:ca:2a:1f:d7:ab:62:ce:d5:89:e8:b3:c5:9e:
a5:7e:a0:52:50:e5:97:b3:41:44:e3:b0:eb:7e:b9:f4:22:c0:
d8:98:50:a4:20:63:10:a3:b5:07:0d:d0:32:b4:d7:89:bd:36:
67:12:df:dc
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUfhrGj71jnPN+rLi/3NRdQTSQaiowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMjExMzEwNDFaFw0yNTExMjUyMzU5NTlaMHoxSTBHBgNV
BAUTQGMzMDVlNzcxMDFjZjc5YTMwM2Q2NjhjYTEzZDY3ZmQ3ZmY0MzZjZWJkMDM3
OTEzZTEzNWYwOGM5OGNmZWUyMjUxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJKsVVPkNOyHCq0WLzFq6PjoDWnx9aANK4ykXluixkTArfJJ3oHLXz1dmltW
9EIg+ywcsoVRRRqmni3HlDncO7nND2lhVnKu/FuVyrm2tjsp/HvaVgd0hH6aqo53
G5D67qoOwfjwY3hQMuJB16kaYV4o+bbMCWwYyO5oPOqLSPZJAQ4yIRegUvbKLSs0
/Ap8lx5NP+CQHhiZVBJMiDD0bl6bsdyAs+our8ntVuGM09DtnQB2p8LDiZ6LZrwV
aGQ2LXdohygRUE2nEQb7WTvY2qT92OxXZUCWZT78uvhi3YZUcGy2c6qvR6t3udq9
EI2ug8llzUqhabslECdOwi4aRBMCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBQm+Q5X
K2XybkjFYpHmZI10HZmLhTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
YmUxMTcwYTMtNWE2OC00YzljLThiNTEtYjdlZmRlNjRiOTQ1LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0HFg
MA0GCSqGSIb3DQEBCwUAA4IBAQClCCcUm/YlmkDEoNkxbY+zu24Jpi4SYSyndpHG
N40IWlfkZo0jLSjIAzVXjL/7ZJi9Tx1p7WBFLu+dsZwqLZHW/1VxeJj6e+rS+Ay3
ieyLn6+JWwXEV0wDeSR/mUxD47A0NFZCu/usrryEx+0sb60ViZivk21ZVuF9KLu0
it2kHvSONqq9J2FUARUMEYdZ93AY16QudIqSatlwelDTD/jGRhycXxJJfGIjBJOu
vXXnifhsKDBl8du1yChGUNcKcg3/91h3cc4Z91p52coqH9erYs7VieizxZ6lfqBS
UOWXs0FE47Drfrn0IsDYmFCkIGMQo7UHDdAytNeJvTZnEt/c
-----END CERTIFICATE-----
Generated at Mon Oct 27 11:09:58 2025 by rpki-client