Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/c3f4b0e0-df6d-481a-8d75-7709e545d1e8.roa
File: c3f4b0e0-df6d-481a-8d75-7709e545d1e8.roa (raw, json)
Hash identifier: 4n7ch8VGXJzQZ6RRVR0HGVP+5TztzNsNptfQSK3k0gY=
Subject key identifier: A3:C8:20:62:4C:F4:05:50:74:41:32:2E:9D:BF:0D:C3:BD:53:29:C6
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 17CB8D81AD10E84757175CE76D627DBB48B62615
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/c3f4b0e0-df6d-481a-8d75-7709e545d1e8.roa
Signing time: Tue 21 Oct 2025 14:10:42 +0000
ROA not before: Tue 21 Oct 2025 14:10:42 +0000
ROA not after: Tue 25 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d072:2000::/40 maxlen: 40
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 28 Oct 2025 21:56:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
17:cb:8d:81:ad:10:e8:47:57:17:5c:e7:6d:62:7d:bb:48:b6:26:15
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Oct 21 14:10:42 2025 GMT
Not After : Nov 25 23:59:59 2025 GMT
Subject: serialNumber=4af3a1d51319016d6a86dbc85e8c002b40bdf640a96b804d8aa5cfdb241f78d2, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c7:a1:97:f7:aa:5c:3e:3d:d6:ce:1d:eb:13:ec:
55:d7:5d:db:ce:27:d0:82:a1:8d:61:05:a6:ee:90:
75:fd:da:c9:fa:10:9a:14:2d:e1:b0:62:9c:7d:4b:
4a:b4:b5:a9:2b:f0:6b:bb:e2:b3:d2:65:4b:97:e8:
48:fc:6d:c1:8b:e8:27:58:08:c4:f5:80:7f:09:3d:
d2:a4:e1:0c:e5:9f:96:56:68:68:b4:8d:d8:18:d6:
ea:0d:15:49:4f:a2:e0:a9:79:03:28:41:1c:e6:f1:
a5:be:83:a0:6a:d1:76:ea:4a:ae:0f:61:ed:9f:3d:
d9:0e:89:2a:5a:7a:8c:b3:3b:4f:02:6e:82:dd:6f:
34:a6:49:66:13:47:c0:3d:03:ae:31:04:20:7d:0a:
6d:c3:be:33:52:3f:2c:49:91:5d:9a:9e:f4:fc:9f:
80:f6:35:58:ed:8e:d1:b7:40:90:ac:f7:e7:1c:92:
27:dc:46:a4:21:db:8a:23:27:41:cc:eb:8b:4a:42:
7e:8f:21:3b:08:ef:75:a4:36:99:a0:e1:96:f7:89:
fd:46:0e:87:dd:6a:fc:77:1e:34:10:4b:67:49:e7:
0d:97:5a:04:a6:0f:c3:6e:4d:ba:56:8c:0b:06:f7:
43:4c:c1:74:a8:93:93:79:11:4a:7f:ad:ca:7d:fc:
35:f1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A3:C8:20:62:4C:F4:05:50:74:41:32:2E:9D:BF:0D:C3:BD:53:29:C6
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/c3f4b0e0-df6d-481a-8d75-7709e545d1e8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d072:2000::/40
Signature Algorithm: sha256WithRSAEncryption
07:4b:ff:3d:91:25:0c:35:85:d8:c4:2a:06:2f:89:73:4e:6b:
d7:81:6b:a2:1c:08:89:d4:3a:ad:7a:69:ce:07:37:12:05:60:
d3:39:27:cc:db:4a:44:9d:b6:2f:88:04:bb:91:4a:f4:c3:27:
b6:71:bf:4a:36:55:8d:20:2a:4c:10:0f:36:71:77:b1:ac:a6:
92:c9:88:9a:ac:1b:94:58:ae:d2:d0:e3:e7:f6:9c:2e:0c:e2:
e8:93:78:cf:45:fd:2b:03:42:8f:70:9d:a4:15:7f:7a:d4:33:
5e:29:57:8a:f6:c6:24:31:17:6f:ec:7a:f4:8a:a3:da:a3:29:
45:2c:2c:82:1b:51:c3:0a:81:c3:c8:67:21:cf:08:55:92:8c:
61:b3:37:8d:b4:39:58:4e:73:14:af:77:31:31:9a:70:0c:fa:
7d:89:20:79:a8:d3:de:14:d8:e5:77:49:bd:51:75:c0:54:3f:
6a:8e:b4:46:e4:1e:0d:e3:51:f3:85:f8:6c:3a:18:bc:4e:78:
7d:a8:44:8a:7e:99:f3:84:83:a8:24:6d:00:3e:25:54:36:f7:
70:06:cc:d9:a1:f7:2f:f4:2d:39:fd:8b:18:81:b4:ef:52:e2:
05:05:9b:4d:a2:da:41:3b:a2:89:ef:2e:03:a9:4d:18:de:07:
39:6d:7c:51
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUF8uNga0Q6EdXF1znbWJ9u0i2JhUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMjExNDEwNDJaFw0yNTExMjUyMzU5NTlaMHoxSTBHBgNV
BAUTQDRhZjNhMWQ1MTMxOTAxNmQ2YTg2ZGJjODVlOGMwMDJiNDBiZGY2NDBhOTZi
ODA0ZDhhYTVjZmRiMjQxZjc4ZDIxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMehl/eqXD491s4d6xPsVddd284n0IKhjWEFpu6Qdf3ayfoQmhQt4bBinH1L
SrS1qSvwa7vis9JlS5foSPxtwYvoJ1gIxPWAfwk90qThDOWfllZoaLSN2BjW6g0V
SU+i4Kl5AyhBHObxpb6DoGrRdupKrg9h7Z892Q6JKlp6jLM7TwJugt1vNKZJZhNH
wD0DrjEEIH0KbcO+M1I/LEmRXZqe9PyfgPY1WO2O0bdAkKz35xySJ9xGpCHbiiMn
Qczri0pCfo8hOwjvdaQ2maDhlveJ/UYOh91q/HceNBBLZ0nnDZdaBKYPw25NulaM
Cwb3Q0zBdKiTk3kRSn+tyn38NfECAwEAAaOCAiMwggIfMB0GA1UdDgQWBBSjyCBi
TPQFUHRBMi6dvw3DvVMpxjAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
YzNmNGIwZTAtZGY2ZC00ODFhLThkNzUtNzcwOWU1NDVkMWU4LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0HIg
MA0GCSqGSIb3DQEBCwUAA4IBAQAHS/89kSUMNYXYxCoGL4lzTmvXgWuiHAiJ1Dqt
emnOBzcSBWDTOSfM20pEnbYviAS7kUr0wye2cb9KNlWNICpMEA82cXexrKaSyYia
rBuUWK7S0OPn9pwuDOLok3jPRf0rA0KPcJ2kFX961DNeKVeK9sYkMRdv7Hr0iqPa
oylFLCyCG1HDCoHDyGchzwhVkoxhszeNtDlYTnMUr3cxMZpwDPp9iSB5qNPeFNjl
d0m9UXXAVD9qjrRG5B4N41HzhfhsOhi8Tnh9qESKfpnzhIOoJG0APiVUNvdwBszZ
ofcv9C05/YsYgbTvUuIFBZtNotpBO6KJ7y4DqU0Y3gc5bXxR
-----END CERTIFICATE-----
Generated at Tue Oct 28 04:11:10 2025 by rpki-client