Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/cb4a73e1-be6b-4cba-b130-a22bb39cf671.roa
File: cb4a73e1-be6b-4cba-b130-a22bb39cf671.roa (raw, json)
Hash identifier: rA0EDT3ixnih52fXVYyfNdq1/yYWP9/bk6VGppUdAbY=
Subject key identifier: 22:B2:90:01:C0:59:0E:B3:3B:8E:D3:BF:B8:39:06:40:23:C5:24:77
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 16DD7D2924BBD56A9571A90066242F498C8C6E22
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/cb4a73e1-be6b-4cba-b130-a22bb39cf671.roa
Signing time: Tue 21 Oct 2025 14:40:03 +0000
ROA not before: Tue 21 Oct 2025 14:40:03 +0000
ROA not after: Tue 25 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d032:a000::/40 maxlen: 40
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 29 Oct 2025 00:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
16:dd:7d:29:24:bb:d5:6a:95:71:a9:00:66:24:2f:49:8c:8c:6e:22
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Oct 21 14:40:03 2025 GMT
Not After : Nov 25 23:59:59 2025 GMT
Subject: serialNumber=3fa934802cf9d5f3137b0e35501d3f8e65a585d5e80405759d3a57cfdb651cdd, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:aa:50:d4:ee:cc:2d:ce:79:5d:47:56:03:87:8d:
56:2b:c1:59:70:8a:71:a8:9b:88:f6:fa:35:93:ef:
9d:6f:17:62:91:da:a3:64:d7:8b:ee:70:74:9e:0e:
fa:0a:dd:74:e9:54:7d:55:01:b5:9e:8d:c4:2f:87:
e8:d4:43:79:f0:ce:fc:35:36:c3:85:56:ec:22:5c:
d9:b7:67:c6:1a:5b:ae:ff:58:7b:19:44:51:d8:8a:
d2:80:ef:30:3d:03:ec:5e:de:63:03:66:9c:5d:11:
d7:82:b4:ae:34:cc:83:ce:e0:a5:eb:10:2a:7e:c9:
94:79:e2:a0:cd:86:6b:fd:f1:e5:e6:8e:47:c2:e4:
e5:1c:ac:1f:e0:88:b5:53:3a:7a:fe:a6:02:f6:34:
fe:61:6d:13:0e:61:04:f9:d6:aa:5c:04:3d:e5:93:
9a:be:bb:71:9d:bc:db:30:4a:a5:1e:4a:ea:f8:99:
eb:a5:78:45:43:d5:c8:02:8d:c5:b9:4d:c2:ab:7f:
84:23:83:81:4b:1d:5c:97:3e:7d:3c:af:34:7d:b7:
cb:c2:51:ab:bb:b5:c2:4b:46:4e:09:1d:24:cc:81:
6e:75:90:f3:a3:c2:40:81:2f:46:82:01:f6:17:7b:
9c:0c:22:98:9f:aa:31:de:ec:42:6e:c2:94:5e:e6:
01:b3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
22:B2:90:01:C0:59:0E:B3:3B:8E:D3:BF:B8:39:06:40:23:C5:24:77
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/cb4a73e1-be6b-4cba-b130-a22bb39cf671.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d032:a000::/40
Signature Algorithm: sha256WithRSAEncryption
b5:b7:93:88:f0:fd:43:ad:e5:0b:02:bc:de:67:db:3e:b4:5f:
86:c0:81:3a:48:a0:cd:5e:4f:83:6d:33:7e:e6:5c:40:fa:21:
21:7f:75:a7:5f:e0:42:4e:f2:b9:ed:2e:e8:7c:39:2d:1c:cf:
6c:ca:5b:76:02:d3:fc:3b:42:79:12:00:bd:a3:70:fe:3c:56:
ef:20:3d:20:c3:5a:56:bb:55:53:c2:23:51:aa:84:6f:59:09:
02:1d:55:82:8b:51:8d:03:ab:c0:fa:41:30:67:18:e9:f4:1d:
09:a4:9e:f7:45:80:76:62:21:f1:78:d2:33:97:0b:b3:73:d1:
ae:e3:72:91:f4:c5:18:50:be:ff:08:ba:84:5e:e3:f5:0a:1a:
c4:f5:7c:37:47:fc:ea:87:66:59:73:58:3f:df:dd:0e:c9:1e:
19:d4:d8:f2:7d:f1:5e:8f:cb:0d:93:ba:39:21:d8:2f:84:d1:
bf:d2:0a:55:25:5a:52:91:f2:fd:b6:d0:38:cd:60:fd:6e:8f:
d1:64:2e:10:3b:32:63:3a:d8:8e:92:2e:7d:e6:a7:23:a4:b7:
b1:3a:a1:4c:87:69:56:4b:62:0f:ca:d1:da:0e:98:7e:35:f7:
8d:c5:68:f1:f4:05:74:45:15:d7:24:5f:9e:3c:bd:2d:87:60:
55:ff:b9:5c
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUFt19KSS71WqVcakAZiQvSYyMbiIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMjExNDQwMDNaFw0yNTExMjUyMzU5NTlaMHoxSTBHBgNV
BAUTQDNmYTkzNDgwMmNmOWQ1ZjMxMzdiMGUzNTUwMWQzZjhlNjVhNTg1ZDVlODA0
MDU3NTlkM2E1N2NmZGI2NTFjZGQxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKpQ1O7MLc55XUdWA4eNVivBWXCKcaibiPb6NZPvnW8XYpHao2TXi+5wdJ4O
+grddOlUfVUBtZ6NxC+H6NRDefDO/DU2w4VW7CJc2bdnxhpbrv9YexlEUdiK0oDv
MD0D7F7eYwNmnF0R14K0rjTMg87gpesQKn7JlHnioM2Ga/3x5eaOR8Lk5RysH+CI
tVM6ev6mAvY0/mFtEw5hBPnWqlwEPeWTmr67cZ282zBKpR5K6viZ66V4RUPVyAKN
xblNwqt/hCODgUsdXJc+fTyvNH23y8JRq7u1wktGTgkdJMyBbnWQ86PCQIEvRoIB
9hd7nAwimJ+qMd7sQm7ClF7mAbMCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBQispAB
wFkOszuO07+4OQZAI8UkdzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
Y2I0YTczZTEtYmU2Yi00Y2JhLWIxMzAtYTIyYmIzOWNmNjcxLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0DKg
MA0GCSqGSIb3DQEBCwUAA4IBAQC1t5OI8P1DreULArzeZ9s+tF+GwIE6SKDNXk+D
bTN+5lxA+iEhf3WnX+BCTvK57S7ofDktHM9sylt2AtP8O0J5EgC9o3D+PFbvID0g
w1pWu1VTwiNRqoRvWQkCHVWCi1GNA6vA+kEwZxjp9B0JpJ73RYB2YiHxeNIzlwuz
c9Gu43KR9MUYUL7/CLqEXuP1ChrE9Xw3R/zqh2ZZc1g/390OyR4Z1NjyffFej8sN
k7o5IdgvhNG/0gpVJVpSkfL9ttA4zWD9bo/RZC4QOzJjOtiOki595qcjpLexOqFM
h2lWS2IPytHaDph+NfeNxWjx9AV0RRXXJF+ePL0th2BV/7lc
-----END CERTIFICATE-----
Generated at Tue Oct 28 04:19:37 2025 by rpki-client