Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/d4a512a3-4257-431f-b201-8d747948cebb.roa
File: d4a512a3-4257-431f-b201-8d747948cebb.roa (raw, json)
Hash identifier: N2A0X6zbKft4+zxl94DcfuaA+rhK8vZbcL9FE5yAjLk=
Subject key identifier: DD:C1:AB:81:74:9B:FE:B2:FB:00:42:34:4B:50:B4:C7:3A:98:9C:A9
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 17BDFA7767C0B05F52EF5FCB4838B582CA1B7CFA
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/d4a512a3-4257-431f-b201-8d747948cebb.roa
Signing time: Tue 21 Oct 2025 13:50:01 +0000
ROA not before: Tue 21 Oct 2025 13:50:01 +0000
ROA not after: Tue 25 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d000:c0c0::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 28 Oct 2025 21:56:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
17:bd:fa:77:67:c0:b0:5f:52:ef:5f:cb:48:38:b5:82:ca:1b:7c:fa
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Oct 21 13:50:01 2025 GMT
Not After : Nov 25 23:59:59 2025 GMT
Subject: serialNumber=a62c2c5165f5ece3a89cef6a5defca73b15e44f94ef1c3e7aca49386ba0c34f8, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bc:17:53:3c:dc:59:54:17:49:a5:4c:b1:43:24:
9b:e8:dc:4a:9b:7a:82:cc:17:9d:69:81:3e:49:44:
9b:58:06:46:88:49:7f:f6:ae:c1:34:86:a8:6a:81:
79:13:a5:8a:66:44:92:36:7e:c6:b8:48:a3:de:22:
e7:d1:9f:c6:2e:98:e5:cf:6b:ed:91:6d:1f:5d:0d:
2c:ac:f3:3a:80:9e:a6:65:8c:33:07:5b:dd:a0:95:
3b:52:a9:fa:1e:b2:8d:3f:e5:4c:b2:3a:3b:e0:29:
a2:03:4b:b1:6b:0a:44:bb:79:2c:46:98:df:bb:bf:
72:c5:7f:df:7e:f2:a6:75:8d:fa:09:1c:c6:91:6f:
76:e3:42:2c:c5:c6:40:23:22:1b:4f:95:33:ee:05:
0e:a3:e7:d7:fe:bc:b5:7c:e8:1b:a6:08:f9:06:51:
87:8e:59:87:20:3e:3d:1a:e7:f0:a3:9b:27:d4:81:
f1:2a:99:bb:24:70:d4:f7:bd:e0:7a:fd:41:62:c4:
9c:80:3f:0b:91:dc:02:ce:d4:f2:b8:3f:26:8c:ac:
5a:33:2f:b5:79:58:17:c8:85:67:09:54:b7:15:71:
0e:9a:e3:4f:ef:1e:2f:5f:cc:35:0f:d7:53:6b:49:
e8:75:f6:b7:7a:a9:c5:69:6c:5a:ce:28:b9:b4:f4:
cb:5b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DD:C1:AB:81:74:9B:FE:B2:FB:00:42:34:4B:50:B4:C7:3A:98:9C:A9
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/d4a512a3-4257-431f-b201-8d747948cebb.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d000:c0c0::/48
Signature Algorithm: sha256WithRSAEncryption
6f:38:64:13:91:b1:cd:54:2e:70:c0:f7:bb:0c:54:2b:c7:e4:
61:25:97:1a:db:b2:77:a2:c2:9b:54:66:73:61:14:b1:dd:ea:
82:8a:8f:d5:0b:b3:ee:87:09:64:a0:65:62:c1:b4:f7:16:1f:
a6:3c:72:6d:ee:63:c8:23:b9:05:0c:dd:30:46:7c:13:fb:ee:
a0:88:84:b5:cd:21:99:fc:c9:99:ca:73:05:96:f4:ce:92:ef:
80:46:e5:d8:62:bc:af:52:14:bf:ae:0b:a3:97:6c:25:d9:cf:
1c:ca:1a:b2:30:6c:3c:46:3e:7c:54:88:5f:26:27:7c:eb:90:
23:fa:74:4b:55:d3:bf:73:55:e6:c8:ab:be:31:b1:63:0c:fc:
bf:4c:2e:d7:8d:0d:25:aa:e5:b9:06:4d:0d:7a:53:c2:b2:8e:
08:0c:c5:62:82:ff:20:f6:1e:0d:b5:40:05:d8:9e:38:23:a3:
91:8e:6c:68:6a:af:4d:c9:f8:2c:23:35:67:47:98:57:29:e0:
da:4b:bc:08:7d:91:39:1f:c4:63:0b:e8:3b:93:8b:d1:d9:13:
cc:21:e8:42:ea:12:46:05:c4:ff:d2:f3:d8:d8:03:65:e4:d9:
21:01:fb:6d:c6:9d:ac:c8:bb:f7:f5:a4:f1:ca:0d:ac:6a:2a:
84:2f:3f:2b
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUF736d2fAsF9S71/LSDi1gsobfPowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMjExMzUwMDFaFw0yNTExMjUyMzU5NTlaMHoxSTBHBgNV
BAUTQGE2MmMyYzUxNjVmNWVjZTNhODljZWY2YTVkZWZjYTczYjE1ZTQ0Zjk0ZWYx
YzNlN2FjYTQ5Mzg2YmEwYzM0ZjgxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALwXUzzcWVQXSaVMsUMkm+jcSpt6gswXnWmBPklEm1gGRohJf/auwTSGqGqB
eROlimZEkjZ+xrhIo94i59Gfxi6Y5c9r7ZFtH10NLKzzOoCepmWMMwdb3aCVO1Kp
+h6yjT/lTLI6O+ApogNLsWsKRLt5LEaY37u/csV/337ypnWN+gkcxpFvduNCLMXG
QCMiG0+VM+4FDqPn1/68tXzoG6YI+QZRh45ZhyA+PRrn8KObJ9SB8SqZuyRw1Pe9
4Hr9QWLEnIA/C5HcAs7U8rg/JoysWjMvtXlYF8iFZwlUtxVxDprjT+8eL1/MNQ/X
U2tJ6HX2t3qpxWlsWs4oubT0y1sCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBTdwauB
dJv+svsAQjRLULTHOpicqTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
ZDRhNTEyYTMtNDI1Ny00MzFmLWIyMDEtOGQ3NDc5NDhjZWJiLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0ADA
wDANBgkqhkiG9w0BAQsFAAOCAQEAbzhkE5GxzVQucMD3uwxUK8fkYSWXGtuyd6LC
m1Rmc2EUsd3qgoqP1Quz7ocJZKBlYsG09xYfpjxybe5jyCO5BQzdMEZ8E/vuoIiE
tc0hmfzJmcpzBZb0zpLvgEbl2GK8r1IUv64Lo5dsJdnPHMoasjBsPEY+fFSIXyYn
fOuQI/p0S1XTv3NV5sirvjGxYwz8v0wu140NJarluQZNDXpTwrKOCAzFYoL/IPYe
DbVABdieOCOjkY5saGqvTcn4LCM1Z0eYVyng2ku8CH2ROR/EYwvoO5OL0dkTzCHo
QuoSRgXE/9Lz2NgDZeTZIQH7bcadrMi79/Wk8coNrGoqhC8/Kw==
-----END CERTIFICATE-----
Generated at Tue Oct 28 04:14:19 2025 by rpki-client