Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/caf40866-a0b4-4882-b28e-32602ae3e0df.roa
File: caf40866-a0b4-4882-b28e-32602ae3e0df.roa (raw, json)
Hash identifier: YKKl7Yaf/iUhl708poHZxFODT5iFSNyGobTDnDlGw7k=
Subject key identifier: 95:D6:38:43:F5:6A:B4:3D:23:EF:04:D9:66:2F:D0:DE:19:08:C2:33
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 10598550299B68C80ED351352873C72998956D96
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/caf40866-a0b4-4882-b28e-32602ae3e0df.roa
Signing time: Tue 21 Oct 2025 13:41:17 +0000
ROA not before: Tue 21 Oct 2025 13:41:17 +0000
ROA not after: Tue 25 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d050:a000::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 28 Oct 2025 21:56:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
10:59:85:50:29:9b:68:c8:0e:d3:51:35:28:73:c7:29:98:95:6d:96
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Oct 21 13:41:17 2025 GMT
Not After : Nov 25 23:59:59 2025 GMT
Subject: serialNumber=af6665e02f6350197cc6ae2bcc3b912e221ea6db46669d8f096bd70aa0bc3203, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a2:45:d0:8a:e2:da:c1:56:84:78:42:19:7f:36:
9d:47:1d:b9:12:99:17:d7:77:56:89:91:64:f0:d2:
33:0b:fd:7d:51:54:9b:07:04:19:78:26:37:10:5f:
a2:53:83:04:cf:f7:4b:4e:7c:70:7b:83:12:a6:30:
74:46:0c:31:0d:a0:c2:34:ca:c5:fe:11:93:82:d7:
91:0a:ae:0f:1a:6c:a3:18:53:cd:f3:67:5a:7f:84:
cc:f3:5d:8c:20:f3:ff:93:d5:0b:5d:5e:27:d2:69:
ed:38:2d:02:25:dd:bf:03:83:8b:4a:34:80:ac:1e:
5f:38:39:0e:39:1a:a9:ba:35:db:18:c3:32:e4:10:
35:4d:c6:34:17:42:b0:49:89:9c:da:7d:6a:64:be:
d4:ed:9a:70:14:7d:93:b4:53:9b:9c:58:2c:0e:34:
4f:ad:d9:0e:cf:32:2c:a3:18:1c:69:d9:f1:a4:ad:
b1:db:39:87:01:e1:41:68:20:50:c6:4c:84:ea:7e:
b1:8b:36:9e:ed:98:32:fa:2a:16:d6:22:60:8e:a9:
7d:d8:08:fc:71:e1:d1:44:22:c5:1c:3a:a2:d5:8a:
4d:90:00:1c:9b:ba:e2:3a:c3:4c:29:ea:1d:55:19:
8d:08:57:13:97:86:91:f8:a8:4a:20:2e:8b:33:49:
84:fb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
95:D6:38:43:F5:6A:B4:3D:23:EF:04:D9:66:2F:D0:DE:19:08:C2:33
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/caf40866-a0b4-4882-b28e-32602ae3e0df.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d050:a000::/40
Signature Algorithm: sha256WithRSAEncryption
70:5c:9d:18:0a:cd:b0:e0:0f:eb:76:49:d1:07:3f:7e:76:a0:
2b:c5:96:57:37:23:81:ca:50:34:36:01:6b:33:6f:b2:21:5e:
9f:37:68:f3:0a:a8:04:8a:4b:78:02:c8:5b:61:c9:3a:f5:77:
b8:8e:33:e3:d8:5c:7e:05:94:43:be:68:ea:c5:dc:ed:47:73:
da:33:ad:2c:fd:d7:e8:08:26:8b:bd:38:5d:cb:57:85:bf:f8:
b6:88:2e:9c:c3:0a:30:f8:a1:29:f9:77:6d:f2:4e:a7:82:43:
5a:09:4c:bd:e3:11:a8:51:3f:27:36:d6:d0:4e:d2:aa:10:1c:
af:2d:ed:9b:68:75:3e:43:07:95:c1:f5:1a:96:93:b1:2c:49:
42:06:7f:18:0f:6e:75:f4:2a:9e:a8:d8:a3:7a:a3:4a:89:8a:
5a:ae:4f:11:f6:5e:ac:3c:ce:cc:60:34:ae:b8:b7:9e:f0:87:
af:60:0f:e8:b0:b7:c2:b6:4b:87:f1:8f:35:9d:3b:40:e8:ea:
af:d4:87:4d:7b:09:65:ba:80:db:5b:9b:bb:0b:b6:17:7c:7a:
71:9f:dd:d9:93:f1:aa:6b:46:b1:67:0d:03:d7:84:73:d0:70:
b3:e6:97:d4:a7:0f:84:c5:c6:41:ae:92:ff:9d:13:d1:5c:b1:
e6:fc:28:09
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUEFmFUCmbaMgO01E1KHPHKZiVbZYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMjExMzQxMTdaFw0yNTExMjUyMzU5NTlaMHoxSTBHBgNV
BAUTQGFmNjY2NWUwMmY2MzUwMTk3Y2M2YWUyYmNjM2I5MTJlMjIxZWE2ZGI0NjY2
OWQ4ZjA5NmJkNzBhYTBiYzMyMDMxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKJF0Iri2sFWhHhCGX82nUcduRKZF9d3VomRZPDSMwv9fVFUmwcEGXgmNxBf
olODBM/3S058cHuDEqYwdEYMMQ2gwjTKxf4Rk4LXkQquDxpsoxhTzfNnWn+EzPNd
jCDz/5PVC11eJ9Jp7TgtAiXdvwODi0o0gKweXzg5Djkaqbo12xjDMuQQNU3GNBdC
sEmJnNp9amS+1O2acBR9k7RTm5xYLA40T63ZDs8yLKMYHGnZ8aStsds5hwHhQWgg
UMZMhOp+sYs2nu2YMvoqFtYiYI6pfdgI/HHh0UQixRw6otWKTZAAHJu64jrDTCnq
HVUZjQhXE5eGkfioSiAuizNJhPsCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBSV1jhD
9Wq0PSPvBNlmL9DeGQjCMzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
Y2FmNDA4NjYtYTBiNC00ODgyLWIyOGUtMzI2MDJhZTNlMGRmLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0FCg
MA0GCSqGSIb3DQEBCwUAA4IBAQBwXJ0YCs2w4A/rdknRBz9+dqArxZZXNyOBylA0
NgFrM2+yIV6fN2jzCqgEikt4AshbYck69Xe4jjPj2Fx+BZRDvmjqxdztR3PaM60s
/dfoCCaLvThdy1eFv/i2iC6cwwow+KEp+Xdt8k6ngkNaCUy94xGoUT8nNtbQTtKq
EByvLe2baHU+QweVwfUalpOxLElCBn8YD2519CqeqNijeqNKiYpark8R9l6sPM7M
YDSuuLee8IevYA/osLfCtkuH8Y81nTtA6Oqv1IdNewlluoDbW5u7C7YXfHpxn93Z
k/Gqa0axZw0D14Rz0HCz5pfUpw+ExcZBrpL/nRPRXLHm/CgJ
-----END CERTIFICATE-----
Generated at Tue Oct 28 04:14:25 2025 by rpki-client