Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/cf6ac3ef-82f5-4abc-a36e-405b863f884b.roa
File: cf6ac3ef-82f5-4abc-a36e-405b863f884b.roa (raw, json)
Hash identifier: tVFcdApVkSDo51zY0EhDGAaMw5YDgpjXRzx0dEHAvPM=
Subject key identifier: 8D:EB:9C:76:9B:5E:EB:E3:20:F2:27:64:0D:57:1C:AE:1C:AE:49:21
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 29F05CD912910EE893E376460C3DD6E546C305F8
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/cf6ac3ef-82f5-4abc-a36e-405b863f884b.roa
Signing time: Tue 21 Oct 2025 13:40:02 +0000
ROA not before: Tue 21 Oct 2025 13:40:02 +0000
ROA not after: Tue 25 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d000:80a0::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 28 Oct 2025 21:56:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
29:f0:5c:d9:12:91:0e:e8:93:e3:76:46:0c:3d:d6:e5:46:c3:05:f8
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Oct 21 13:40:02 2025 GMT
Not After : Nov 25 23:59:59 2025 GMT
Subject: serialNumber=4fee40746ca7aa3b40d4a7d1615e22ec5f3bad40d55c46f84f01841fa0b7e08d, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:da:52:15:3c:7e:6e:50:ce:49:e7:25:bf:4b:bc:
82:c1:6a:80:b9:e2:1a:66:bf:a7:e3:98:20:87:58:
47:7c:e5:34:93:7b:e9:a9:e0:c8:f5:7d:4d:39:19:
ad:fe:1c:9d:ad:e8:83:29:57:6a:20:d8:4f:37:43:
d4:92:7c:af:98:80:60:b3:10:f8:50:a0:fe:71:66:
d9:ab:81:42:c4:1d:ad:bf:c3:e1:91:a4:fe:94:9e:
b4:c3:70:e7:7f:54:6e:01:32:53:51:3e:84:88:1b:
82:a6:cc:c5:90:31:cd:31:82:81:35:2b:64:f4:d1:
63:62:9d:03:6b:8e:4e:e6:f2:06:25:f8:f9:73:ad:
60:cf:65:cf:9e:7e:0e:dd:18:a8:1b:11:c3:ec:2d:
0e:f5:62:08:1d:70:28:11:fa:98:bc:9e:d1:43:da:
05:ad:23:2e:7c:0a:66:01:ec:c0:08:70:27:8c:13:
c4:ec:df:90:ea:82:01:35:86:86:96:9c:1e:3e:32:
b2:61:2e:a8:60:27:9a:6b:ea:4c:7d:d1:b3:0f:e5:
ac:98:78:e2:9e:00:ff:01:44:cd:fd:33:ef:f0:03:
be:16:b1:94:b6:a4:cf:72:6e:e6:1f:aa:e3:51:ab:
c1:61:96:2c:99:ea:9c:1d:84:92:05:f5:ea:d4:7a:
35:af
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8D:EB:9C:76:9B:5E:EB:E3:20:F2:27:64:0D:57:1C:AE:1C:AE:49:21
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/cf6ac3ef-82f5-4abc-a36e-405b863f884b.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d000:80a0::/48
Signature Algorithm: sha256WithRSAEncryption
6f:2c:fd:5f:ec:17:70:ea:89:61:d2:7c:b5:6e:de:45:09:c9:
b6:f3:4d:a7:a3:f7:8d:e2:38:85:43:33:33:61:65:09:20:72:
36:9e:95:33:c6:71:d5:1b:fb:5c:07:87:22:cd:dd:4f:eb:a9:
f5:67:c3:4f:cb:94:b0:78:5d:82:95:22:4c:cb:83:9f:77:73:
40:30:eb:c1:89:21:1f:54:f6:d2:38:e7:7c:40:0a:3f:37:d8:
84:f9:9f:fa:36:49:51:5f:bd:43:03:94:40:88:27:78:e1:17:
66:eb:a0:e4:5d:84:e8:09:7e:de:08:8d:ca:e0:b6:5d:ba:81:
aa:90:dd:a2:48:1c:d5:ab:15:dd:60:58:46:96:92:63:48:9c:
0d:19:1e:9b:78:6a:ef:b7:9f:b7:3a:6c:26:c2:f6:14:3d:24:
c2:65:41:ac:62:71:1c:e7:c2:ad:29:ce:53:98:42:98:55:30:
66:f9:69:96:75:25:1e:77:57:9e:1e:d7:d0:a8:3d:28:98:25:
58:cf:c4:05:f3:46:38:90:f9:e5:f4:85:24:83:17:0b:bf:6c:
1c:36:54:56:03:e0:74:b9:7a:10:f4:5a:03:9d:e9:0c:c5:ee:
28:d6:33:b2:ef:af:62:3c:84:f6:fb:b9:5c:7a:b6:2f:f8:a5:
12:1c:f9:0a
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUKfBc2RKRDuiT43ZGDD3W5UbDBfgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMjExMzQwMDJaFw0yNTExMjUyMzU5NTlaMHoxSTBHBgNV
BAUTQDRmZWU0MDc0NmNhN2FhM2I0MGQ0YTdkMTYxNWUyMmVjNWYzYmFkNDBkNTVj
NDZmODRmMDE4NDFmYTBiN2UwOGQxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANpSFTx+blDOSeclv0u8gsFqgLniGma/p+OYIIdYR3zlNJN76angyPV9TTkZ
rf4cna3ogylXaiDYTzdD1JJ8r5iAYLMQ+FCg/nFm2auBQsQdrb/D4ZGk/pSetMNw
539UbgEyU1E+hIgbgqbMxZAxzTGCgTUrZPTRY2KdA2uOTubyBiX4+XOtYM9lz55+
Dt0YqBsRw+wtDvViCB1wKBH6mLye0UPaBa0jLnwKZgHswAhwJ4wTxOzfkOqCATWG
hpacHj4ysmEuqGAnmmvqTH3Rsw/lrJh44p4A/wFEzf0z7/ADvhaxlLakz3Ju5h+q
41GrwWGWLJnqnB2EkgX16tR6Na8CAwEAAaOCAiQwggIgMB0GA1UdDgQWBBSN65x2
m17r4yDyJ2QNVxyuHK5JITAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
Y2Y2YWMzZWYtODJmNS00YWJjLWEzNmUtNDA1Yjg2M2Y4ODRiLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0ACA
oDANBgkqhkiG9w0BAQsFAAOCAQEAbyz9X+wXcOqJYdJ8tW7eRQnJtvNNp6P3jeI4
hUMzM2FlCSByNp6VM8Zx1Rv7XAeHIs3dT+up9WfDT8uUsHhdgpUiTMuDn3dzQDDr
wYkhH1T20jjnfEAKPzfYhPmf+jZJUV+9QwOUQIgneOEXZuug5F2E6Al+3giNyuC2
XbqBqpDdokgc1asV3WBYRpaSY0icDRkem3hq77eftzpsJsL2FD0kwmVBrGJxHOfC
rSnOU5hCmFUwZvlplnUlHndXnh7X0Kg9KJglWM/EBfNGOJD55fSFJIMXC79sHDZU
VgPgdLl6EPRaA53pDMXuKNYzsu+vYjyE9vu5XHq2L/ilEhz5Cg==
-----END CERTIFICATE-----
Generated at Tue Oct 28 04:11:16 2025 by rpki-client