Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/c8af18fc-ae06-42ae-9533-a5516ea722d4.roa
File: c8af18fc-ae06-42ae-9533-a5516ea722d4.roa (raw, json)
Hash identifier: tebEY7D8eUZfL/gVJGEpEDmmVhIFfuK7TK1dbSZgDC4=
Subject key identifier: F6:29:BB:C9:FC:17:19:2F:AA:55:B5:76:FD:2D:43:8C:99:06:6C:FE
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 4C738912286B167432253467DFC01551D5DF2A6F
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/c8af18fc-ae06-42ae-9533-a5516ea722d4.roa
Signing time: Tue 21 Oct 2025 14:00:53 +0000
ROA not before: Tue 21 Oct 2025 14:00:53 +0000
ROA not after: Tue 25 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d000:9080::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 29 Oct 2025 00:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
4c:73:89:12:28:6b:16:74:32:25:34:67:df:c0:15:51:d5:df:2a:6f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Oct 21 14:00:53 2025 GMT
Not After : Nov 25 23:59:59 2025 GMT
Subject: serialNumber=d7e652a4807e157efd181077d4ed9c76906f58d8997522a44f525844eec78d58, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d6:d8:a5:2b:c3:5b:b8:c5:ff:51:d4:11:cb:96:
99:18:51:86:f0:34:53:96:48:9a:6f:b2:d2:47:2c:
b7:ea:19:40:08:1e:65:63:6a:d2:49:04:8d:c3:62:
e1:37:b8:5d:72:b9:eb:54:68:a6:4e:3b:dd:42:13:
fb:d3:02:7e:7c:70:42:1c:7d:54:cd:88:f2:a3:73:
3a:9f:45:58:2b:f6:ca:4b:b9:bc:58:b9:d2:e6:ef:
f6:34:27:2c:b7:5a:31:5a:ea:20:1a:59:25:dd:4c:
62:a6:50:bd:46:ac:b2:26:34:93:4f:91:7c:7e:37:
83:ef:34:65:eb:ee:4c:dc:1e:17:0f:59:1b:85:82:
67:12:61:a1:b9:d2:42:7f:13:a7:50:c8:44:62:e4:
9e:43:74:94:f3:32:cf:9e:0a:76:44:33:49:94:cd:
72:58:fa:68:99:55:dc:74:a5:86:cc:b4:22:69:70:
3e:d0:bb:df:65:8b:6a:2e:06:ed:6e:f6:fc:98:cf:
a5:89:d6:36:51:3d:6e:b6:83:75:d3:f0:1f:d9:2d:
36:06:33:de:11:c9:90:74:ae:15:10:7d:e3:24:22:
de:41:21:a3:9c:c9:4b:96:35:6d:06:33:fa:e8:2f:
ae:c6:13:54:fe:8e:f1:b4:29:7e:ab:a1:b5:61:75:
ec:91
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F6:29:BB:C9:FC:17:19:2F:AA:55:B5:76:FD:2D:43:8C:99:06:6C:FE
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/c8af18fc-ae06-42ae-9533-a5516ea722d4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d000:9080::/48
Signature Algorithm: sha256WithRSAEncryption
3f:83:ce:c4:f6:08:23:7c:56:88:de:ac:d0:ac:5c:22:4b:d2:
8a:85:99:ce:2d:02:de:57:82:ea:7f:fa:cc:68:70:b8:d1:2e:
c3:f6:b1:1c:2e:36:09:cb:58:0b:14:d3:31:97:6a:25:fb:58:
92:7f:69:8c:9d:1c:99:89:52:5c:89:5f:46:b7:92:fa:42:e7:
e6:ec:08:b0:38:4a:f9:68:2b:0a:97:6c:4d:85:17:a0:d6:bd:
29:1c:d8:85:9d:b6:f1:09:ab:9b:e0:44:0c:a8:2e:e8:bd:90:
94:74:b8:54:83:79:49:57:81:33:fb:84:fd:7f:aa:ed:33:90:
92:c2:6b:87:d8:30:83:50:8a:2e:e0:e3:24:28:b9:17:e0:80:
3b:2f:9a:2e:d3:a7:7e:f0:e3:2c:22:1b:0f:d4:15:a0:a4:df:
48:a3:bc:3b:c7:b9:24:68:17:4c:88:ba:09:f3:e6:18:55:2c:
d0:93:a7:9d:d7:30:92:f0:0c:a4:00:2c:5c:d8:12:9f:c8:ce:
07:89:2c:0d:c4:f9:5a:0f:53:66:30:03:37:6d:14:a8:a0:31:
44:77:0a:50:39:bb:91:f8:1f:99:24:5b:5c:5b:36:b1:52:7b:
ce:86:37:2f:fe:cf:13:6d:cb:e7:88:3f:6b:ff:6f:a9:8d:33:
a4:1b:f7:79
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUTHOJEihrFnQyJTRn38AVUdXfKm8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMjExNDAwNTNaFw0yNTExMjUyMzU5NTlaMHoxSTBHBgNV
BAUTQGQ3ZTY1MmE0ODA3ZTE1N2VmZDE4MTA3N2Q0ZWQ5Yzc2OTA2ZjU4ZDg5OTc1
MjJhNDRmNTI1ODQ0ZWVjNzhkNTgxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANbYpSvDW7jF/1HUEcuWmRhRhvA0U5ZImm+y0kcst+oZQAgeZWNq0kkEjcNi
4Te4XXK561Ropk473UIT+9MCfnxwQhx9VM2I8qNzOp9FWCv2yku5vFi50ubv9jQn
LLdaMVrqIBpZJd1MYqZQvUassiY0k0+RfH43g+80ZevuTNweFw9ZG4WCZxJhobnS
Qn8Tp1DIRGLknkN0lPMyz54KdkQzSZTNclj6aJlV3HSlhsy0ImlwPtC732WLai4G
7W72/JjPpYnWNlE9braDddPwH9ktNgYz3hHJkHSuFRB94yQi3kEho5zJS5Y1bQYz
+ugvrsYTVP6O8bQpfquhtWF17JECAwEAAaOCAiQwggIgMB0GA1UdDgQWBBT2KbvJ
/BcZL6pVtXb9LUOMmQZs/jAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
YzhhZjE4ZmMtYWUwNi00MmFlLTk1MzMtYTU1MTZlYTcyMmQ0LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0ACQ
gDANBgkqhkiG9w0BAQsFAAOCAQEAP4POxPYII3xWiN6s0KxcIkvSioWZzi0C3leC
6n/6zGhwuNEuw/axHC42CctYCxTTMZdqJftYkn9pjJ0cmYlSXIlfRreS+kLn5uwI
sDhK+WgrCpdsTYUXoNa9KRzYhZ228Qmrm+BEDKgu6L2QlHS4VIN5SVeBM/uE/X+q
7TOQksJrh9gwg1CKLuDjJCi5F+CAOy+aLtOnfvDjLCIbD9QVoKTfSKO8O8e5JGgX
TIi6CfPmGFUs0JOnndcwkvAMpAAsXNgSn8jOB4ksDcT5Wg9TZjADN20UqKAxRHcK
UDm7kfgfmSRbXFs2sVJ7zoY3L/7PE23L54g/a/9vqY0zpBv3eQ==
-----END CERTIFICATE-----
Generated at Tue Oct 28 04:19:33 2025 by rpki-client