Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/cac850f8-5aa9-4a56-aea2-e22d3afd4e38.roa
File: cac850f8-5aa9-4a56-aea2-e22d3afd4e38.roa (raw, json)
Hash identifier: XwcONOZsJpJX/5T/kczmwE8cyaUtcFZ3+vcj6TWbtrs=
Subject key identifier: 03:E9:AA:ED:F7:2C:9E:7B:69:5C:44:12:01:8C:F5:4D:49:1C:23:45
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 64DA7513FD5C8F4713873D31CF59A4F0D31531A0
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/cac850f8-5aa9-4a56-aea2-e22d3afd4e38.roa
Signing time: Tue 21 Oct 2025 14:40:01 +0000
ROA not before: Tue 21 Oct 2025 14:40:01 +0000
ROA not after: Tue 25 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d000:1040::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 28 Oct 2025 21:56:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
64:da:75:13:fd:5c:8f:47:13:87:3d:31:cf:59:a4:f0:d3:15:31:a0
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Oct 21 14:40:01 2025 GMT
Not After : Nov 25 23:59:59 2025 GMT
Subject: serialNumber=8117670e34a6a416f9436d6fece7828bb6331a06d385c293b2ac19de45beb8ac, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ce:9b:24:30:cb:28:2f:53:8e:d8:ee:25:58:c4:
cd:71:51:7b:34:47:be:9e:3f:18:71:d2:72:1f:33:
bb:52:dd:cb:90:0f:9c:e9:42:04:16:ea:43:76:e3:
80:dd:88:2d:4b:38:dd:91:44:bb:16:2a:e3:e3:17:
bd:25:b4:22:2c:0a:c9:f8:4d:bf:99:46:ef:c7:08:
8a:b2:93:b0:92:c2:68:4a:0f:96:2b:15:3c:c7:94:
08:97:00:22:65:f8:64:e8:32:0c:eb:d4:cc:80:b5:
e4:c1:f0:9e:10:4a:57:6e:7f:fa:a5:8e:8c:e6:44:
f6:ac:d6:75:d8:d2:02:a0:1c:05:0e:5e:61:d6:4d:
c4:5b:2d:b9:4c:bc:71:d5:bc:a0:99:63:a5:7c:db:
0d:b6:fe:5f:15:4b:f9:1a:4a:b6:d4:70:98:56:85:
59:f1:d1:04:5a:b8:64:b1:0c:5f:de:4b:69:3a:ca:
51:1a:5b:c2:4b:08:49:24:ef:d2:44:d0:9c:97:63:
ef:d1:43:ae:84:bf:aa:47:93:a2:2d:79:6e:2b:97:
bf:6c:75:2f:59:a7:c1:91:e0:2e:cc:fe:0f:ad:fe:
df:ce:a3:3e:c0:07:5b:95:21:b9:15:8f:e1:65:06:
85:fe:76:86:7e:5f:f0:8d:e3:1e:01:cc:dd:3d:a4:
91:67
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
03:E9:AA:ED:F7:2C:9E:7B:69:5C:44:12:01:8C:F5:4D:49:1C:23:45
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/cac850f8-5aa9-4a56-aea2-e22d3afd4e38.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d000:1040::/48
Signature Algorithm: sha256WithRSAEncryption
a4:45:2f:ee:7f:41:2d:f7:91:17:a5:f3:b8:73:54:41:71:2a:
61:62:94:da:dc:7e:dd:44:70:be:59:80:35:02:8a:2d:07:41:
90:12:ad:27:da:1b:1b:16:ec:2b:f1:ee:17:83:22:80:4b:f8:
09:c6:60:84:b3:67:f0:09:27:9f:06:f0:fd:81:3d:84:6f:9d:
c6:93:3f:59:91:cd:90:0e:be:43:f2:f8:16:d0:32:6e:5d:39:
b2:45:5b:61:1f:70:6c:53:62:f7:e6:e7:2f:6e:b5:e6:2f:7b:
c7:a5:16:55:db:86:a3:02:f4:00:5d:37:86:29:87:37:62:a1:
b6:1c:0c:0b:cc:9a:2f:f9:47:68:44:61:54:64:f6:04:d6:d1:
5a:45:e6:10:a5:d3:c0:18:40:2f:c2:0b:76:b5:6f:da:70:f8:
4b:fb:a7:bd:cf:57:a0:1f:7d:37:85:7a:ad:ad:19:16:ff:1e:
3d:b9:b8:11:19:a5:ea:26:66:f7:5b:ab:0a:84:fe:49:0a:cd:
e1:ba:f5:5d:41:00:f1:c8:99:ec:35:b7:be:49:14:80:f3:34:
dd:74:f2:94:4b:65:44:2b:de:75:46:0e:35:f3:8b:dc:3a:3d:
e8:6f:6b:73:89:c6:ab:e4:38:24:15:89:01:6d:28:db:dc:69:
6c:5e:79:65
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUZNp1E/1cj0cThz0xz1mk8NMVMaAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMjExNDQwMDFaFw0yNTExMjUyMzU5NTlaMHoxSTBHBgNV
BAUTQDgxMTc2NzBlMzRhNmE0MTZmOTQzNmQ2ZmVjZTc4MjhiYjYzMzFhMDZkMzg1
YzI5M2IyYWMxOWRlNDViZWI4YWMxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAM6bJDDLKC9TjtjuJVjEzXFRezRHvp4/GHHSch8zu1Ldy5APnOlCBBbqQ3bj
gN2ILUs43ZFEuxYq4+MXvSW0IiwKyfhNv5lG78cIirKTsJLCaEoPlisVPMeUCJcA
ImX4ZOgyDOvUzIC15MHwnhBKV25/+qWOjOZE9qzWddjSAqAcBQ5eYdZNxFstuUy8
cdW8oJljpXzbDbb+XxVL+RpKttRwmFaFWfHRBFq4ZLEMX95LaTrKURpbwksISSTv
0kTQnJdj79FDroS/qkeToi15biuXv2x1L1mnwZHgLsz+D63+386jPsAHW5UhuRWP
4WUGhf52hn5f8I3jHgHM3T2kkWcCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBQD6art
9yyee2lcRBIBjPVNSRwjRTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
Y2FjODUwZjgtNWFhOS00YTU2LWFlYTItZTIyZDNhZmQ0ZTM4LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0AAQ
QDANBgkqhkiG9w0BAQsFAAOCAQEApEUv7n9BLfeRF6XzuHNUQXEqYWKU2tx+3URw
vlmANQKKLQdBkBKtJ9obGxbsK/HuF4MigEv4CcZghLNn8Aknnwbw/YE9hG+dxpM/
WZHNkA6+Q/L4FtAybl05skVbYR9wbFNi9+bnL2615i97x6UWVduGowL0AF03himH
N2KhthwMC8yaL/lHaERhVGT2BNbRWkXmEKXTwBhAL8ILdrVv2nD4S/unvc9XoB99
N4V6ra0ZFv8ePbm4ERml6iZm91urCoT+SQrN4br1XUEA8ciZ7DW3vkkUgPM03XTy
lEtlRCvedUYONfOL3Do96G9rc4nGq+Q4JBWJAW0o29xpbF55ZQ==
-----END CERTIFICATE-----
Generated at Tue Oct 28 04:11:57 2025 by rpki-client