Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/cfca2455-b58e-43e0-a15f-276f8a5b527f.roa
File: cfca2455-b58e-43e0-a15f-276f8a5b527f.roa (raw, json)
Hash identifier: qB4yKgmitdR1ZpjpNev25FQps6GIS9PGv2w09+4fUPc=
Subject key identifier: 61:7E:32:3B:80:62:54:4A:DD:53:6F:17:31:1D:FC:9B:14:2A:E4:17
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 28627F9304FD0030AE1711745D964535C19C5D12
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/cfca2455-b58e-43e0-a15f-276f8a5b527f.roa
Signing time: Tue 21 Oct 2025 13:50:08 +0000
ROA not before: Tue 21 Oct 2025 13:50:08 +0000
ROA not after: Tue 25 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d07f:e040::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 29 Oct 2025 00:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
28:62:7f:93:04:fd:00:30:ae:17:11:74:5d:96:45:35:c1:9c:5d:12
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Oct 21 13:50:08 2025 GMT
Not After : Nov 25 23:59:59 2025 GMT
Subject: serialNumber=5150c1a363809d80bcd0b4b0e660aa2eb1bc5009bd27dc29eb34b325f8498dc7, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ab:38:9f:1a:5a:b8:17:a4:ad:58:78:77:6e:6d:
b4:dd:20:cd:77:9c:1a:60:8a:f1:2c:0c:21:d8:85:
d2:9c:ec:16:13:25:0a:1e:36:28:8c:4f:62:ab:e1:
15:27:ac:83:5e:c7:db:43:71:07:59:29:b9:37:85:
14:b0:1f:9b:22:06:de:2d:4f:fd:83:e6:62:b2:3b:
5f:da:bf:f8:f0:49:6c:d5:81:c4:c1:dc:fe:90:4a:
b1:b4:d5:ba:4f:51:77:90:35:23:9e:1e:64:73:6f:
a6:2d:cb:b4:b8:ad:5d:67:b2:65:9a:78:1f:bb:de:
e3:f1:47:37:d3:85:a7:f9:da:5e:6f:d3:93:02:82:
c5:4d:3a:ff:63:36:c8:ac:ff:8c:79:82:56:30:ff:
54:ef:6d:de:1e:83:b8:48:0a:92:13:48:db:d4:70:
db:05:f2:41:ae:d3:11:5f:a2:7a:96:12:2f:d6:c6:
9c:0e:e5:e2:5c:0b:81:d0:d5:bb:9f:8e:40:14:2f:
bd:b4:e1:42:87:3f:61:d1:ec:8f:d3:23:06:15:5a:
3c:7c:f7:3b:cb:da:f1:b9:17:4d:13:c7:ed:41:17:
da:61:5c:91:89:ef:2f:12:8e:59:a2:09:81:b3:98:
b3:b4:e6:60:bb:60:f0:55:5f:76:dd:15:8c:6b:e5:
6f:f5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
61:7E:32:3B:80:62:54:4A:DD:53:6F:17:31:1D:FC:9B:14:2A:E4:17
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/cfca2455-b58e-43e0-a15f-276f8a5b527f.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d07f:e040::/48
Signature Algorithm: sha256WithRSAEncryption
8b:dd:43:47:aa:fb:1d:cb:4b:f4:76:16:4f:f0:cf:35:43:11:
b4:15:2c:10:04:e6:4b:75:8f:ed:25:d6:2c:30:08:b9:00:5f:
ac:fb:fc:ff:1c:55:b9:5a:07:3b:b7:7d:20:fc:47:92:d8:b9:
cc:c2:40:e8:57:12:f3:c1:86:97:51:6b:fe:6b:8f:ba:02:42:
44:88:a0:01:5b:da:1f:e9:9d:f2:a7:aa:96:8f:e1:5d:8f:8e:
2b:cb:00:92:53:29:63:10:39:f7:91:71:34:ec:56:c2:8b:9d:
72:e8:35:6e:10:c6:f1:c1:ab:d3:f8:cb:71:7b:5c:bf:41:f7:
bc:2e:c9:d7:70:0a:0b:13:ca:02:78:86:57:4a:94:84:f6:8e:
26:34:06:d4:a9:9b:7e:fe:34:4e:f7:72:e2:cd:d8:df:ea:70:
df:4c:03:c4:83:81:d2:b7:b0:f9:d2:70:1b:5e:f1:ef:b3:fe:
b5:60:88:a8:a4:2a:89:10:6f:64:d4:44:83:6f:65:4a:bb:17:
a0:00:93:72:85:ce:12:17:de:0b:00:91:1d:92:9c:6d:9b:98:
b1:47:0d:f8:99:3f:1f:ee:0b:c2:e9:26:e2:68:6f:34:1a:2c:
b3:d3:72:e8:eb:2a:c3:9b:ca:f8:80:54:c2:48:0a:1f:cc:ab:
2a:c9:a9:71
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUKGJ/kwT9ADCuFxF0XZZFNcGcXRIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMjExMzUwMDhaFw0yNTExMjUyMzU5NTlaMHoxSTBHBgNV
BAUTQDUxNTBjMWEzNjM4MDlkODBiY2QwYjRiMGU2NjBhYTJlYjFiYzUwMDliZDI3
ZGMyOWViMzRiMzI1Zjg0OThkYzcxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKs4nxpauBekrVh4d25ttN0gzXecGmCK8SwMIdiF0pzsFhMlCh42KIxPYqvh
FSesg17H20NxB1kpuTeFFLAfmyIG3i1P/YPmYrI7X9q/+PBJbNWBxMHc/pBKsbTV
uk9Rd5A1I54eZHNvpi3LtLitXWeyZZp4H7ve4/FHN9OFp/naXm/TkwKCxU06/2M2
yKz/jHmCVjD/VO9t3h6DuEgKkhNI29Rw2wXyQa7TEV+iepYSL9bGnA7l4lwLgdDV
u5+OQBQvvbThQoc/YdHsj9MjBhVaPHz3O8va8bkXTRPH7UEX2mFckYnvLxKOWaIJ
gbOYs7TmYLtg8FVfdt0VjGvlb/UCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBRhfjI7
gGJUSt1TbxcxHfybFCrkFzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
Y2ZjYTI0NTUtYjU4ZS00M2UwLWExNWYtMjc2ZjhhNWI1MjdmLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0H/g
QDANBgkqhkiG9w0BAQsFAAOCAQEAi91DR6r7HctL9HYWT/DPNUMRtBUsEATmS3WP
7SXWLDAIuQBfrPv8/xxVuVoHO7d9IPxHkti5zMJA6FcS88GGl1Fr/muPugJCRIig
AVvaH+md8qeqlo/hXY+OK8sAklMpYxA595FxNOxWwoudcug1bhDG8cGr0/jLcXtc
v0H3vC7J13AKCxPKAniGV0qUhPaOJjQG1Kmbfv40Tvdy4s3Y3+pw30wDxIOB0rew
+dJwG17x77P+tWCIqKQqiRBvZNREg29lSrsXoACTcoXOEhfeCwCRHZKcbZuYsUcN
+Jk/H+4Lwukm4mhvNBoss9Ny6Osqw5vK+IBUwkgKH8yrKsmpcQ==
-----END CERTIFICATE-----
Generated at Tue Oct 28 04:11:20 2025 by rpki-client