Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/d7bd85bf-2af2-46a0-91d6-f945e7063231.roa
File: d7bd85bf-2af2-46a0-91d6-f945e7063231.roa (raw, json)
Hash identifier: gVHuXTNnn959oehUFyeji34rwOegv4B0IWoB46q0oz0=
Subject key identifier: 55:A7:86:1E:0E:11:43:A1:1A:61:6E:F9:62:47:F9:8F:EF:DD:3B:EE
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 106C6080A6BEC0C69411052E2B118DC18752DB
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/d7bd85bf-2af2-46a0-91d6-f945e7063231.roa
Signing time: Tue 21 Oct 2025 14:21:04 +0000
ROA not before: Tue 21 Oct 2025 14:21:04 +0000
ROA not after: Tue 25 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d07f:c080::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 28 Oct 2025 21:56:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
10:6c:60:80:a6:be:c0:c6:94:11:05:2e:2b:11:8d:c1:87:52:db
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Oct 21 14:21:04 2025 GMT
Not After : Nov 25 23:59:59 2025 GMT
Subject: serialNumber=63cd0655bdd1fc22d9f37a09b1eae7d47d2b24671cff80e75500fc457ba7b80b, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c0:1f:77:30:67:a4:e1:6b:3e:b5:e1:d4:85:8d:
ad:22:48:09:88:96:0d:75:c3:85:b4:0d:80:b6:20:
4f:15:59:b1:40:39:5b:f7:33:e5:99:9f:45:36:84:
2a:5c:c7:d9:0b:70:09:6a:ff:22:1e:db:f8:f8:d3:
9d:13:cb:16:1a:48:3d:5f:bb:6e:cf:f5:f6:79:dd:
6b:ab:e1:a0:2e:96:28:43:c8:b2:ad:57:bb:be:41:
1c:72:47:ef:51:12:ff:85:ca:39:6b:87:f9:1c:4c:
5d:a7:53:c0:3c:b3:33:f6:ff:d8:fe:97:85:6e:48:
87:c9:11:bf:bb:07:1c:75:bf:0c:8f:0e:43:b4:4e:
7a:ff:0b:50:c4:12:ad:04:17:da:13:bb:f8:b4:2d:
30:25:17:ea:dd:83:19:c5:71:7f:f0:d5:e3:f3:e2:
a7:46:36:3f:a2:68:e0:ae:e0:68:3a:cd:10:0d:9d:
6d:3c:f9:a5:fe:17:8f:eb:e1:34:91:01:45:9b:4e:
86:98:11:39:37:6a:81:06:6e:af:3e:13:48:ba:7b:
0e:63:eb:94:ea:b1:04:2c:a7:eb:6e:0e:b0:63:b6:
06:0e:28:15:0d:42:4f:49:e9:92:57:68:6f:ef:ce:
d9:82:10:a6:2b:c2:09:e5:3d:ab:98:f6:69:d0:a4:
af:b7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
55:A7:86:1E:0E:11:43:A1:1A:61:6E:F9:62:47:F9:8F:EF:DD:3B:EE
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/d7bd85bf-2af2-46a0-91d6-f945e7063231.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d07f:c080::/48
Signature Algorithm: sha256WithRSAEncryption
32:24:c2:60:73:cc:fb:ba:5d:d0:b4:63:c2:78:b7:b2:92:da:
b6:69:fa:99:31:6d:3e:d5:93:5b:6d:0e:f1:b2:ad:13:90:e1:
55:90:28:df:08:d6:3e:2f:f4:74:76:ec:f4:4c:27:57:e9:c4:
48:7e:dd:c3:f4:de:45:41:06:24:b2:08:35:36:c4:a2:37:55:
56:97:9d:f5:1b:26:07:cf:54:f6:0c:e6:c9:c6:b4:d5:d5:52:
ed:68:f2:0b:90:dd:54:c0:8e:c0:35:be:fc:f9:4c:62:3f:1d:
24:2d:31:60:da:4b:eb:97:b6:6f:bd:a9:62:e5:34:95:0c:61:
5c:ea:94:25:2e:56:53:bf:d1:85:11:ac:f2:f4:7d:cb:65:ed:
8d:23:f5:05:89:40:34:dd:7d:50:c3:46:7b:bc:60:47:36:b6:
15:4b:c4:fd:8a:d3:6f:4a:f7:34:fe:36:ee:93:e5:5c:c7:23:
88:49:da:38:5a:02:36:0a:8b:35:55:72:82:ec:ce:e3:0b:8e:
cd:d8:67:24:5e:a2:8e:89:26:b5:11:86:62:86:b2:32:bc:46:
d0:9b:96:3a:fb:86:7f:df:8c:fe:1a:49:cf:15:9d:db:dc:32:
45:d2:15:33:36:4c:43:73:a6:86:da:03:da:13:e4:26:c6:c0:
63:c7:f8:88
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgITEGxggKa+wMaUEQUuKxGNwYdS2zANBgkqhkiG9w0BAQsF
ADAzMTEwLwYDVQQDEyg4YjYyNjNkYmU5Nzk5ZGQ2NzkzZTBlODgyYWQyMWNiNDg0
OTk3MGJjMB4XDTI1MTAyMTE0MjEwNFoXDTI1MTEyNTIzNTk1OVowejFJMEcGA1UE
BRNANjNjZDA2NTViZGQxZmMyMmQ5ZjM3YTA5YjFlYWU3ZDQ3ZDJiMjQ2NzFjZmY4
MGU3NTUwMGZjNDU3YmE3YjgwYjEtMCsGA1UEAxMkNjYxNWEzOGItM2FkNy00N2I3
LThmYjItNjg1YzM4ZDAwOTE0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAwB93MGek4Ws+teHUhY2tIkgJiJYNdcOFtA2AtiBPFVmxQDlb9zPlmZ9FNoQq
XMfZC3AJav8iHtv4+NOdE8sWGkg9X7tuz/X2ed1rq+GgLpYoQ8iyrVe7vkEcckfv
URL/hco5a4f5HExdp1PAPLMz9v/Y/peFbkiHyRG/uwccdb8Mjw5DtE56/wtQxBKt
BBfaE7v4tC0wJRfq3YMZxXF/8NXj8+KnRjY/omjgruBoOs0QDZ1tPPml/heP6+E0
kQFFm06GmBE5N2qBBm6vPhNIunsOY+uU6rEELKfrbg6wY7YGDigVDUJPSemSV2hv
787ZghCmK8IJ5T2rmPZp0KSvtwIDAQABo4ICJDCCAiAwHQYDVR0OBBYEFFWnhh4O
EUOhGmFu+WJH+Y/v3TvuMB8GA1UdIwQYMBaAFItiY9vpeZ3WeT4OiCrSHLSEmXC8
MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEFBQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvaTJKajItbDVu
ZFo1UGc2SUt0SWN0SVNaY0x3LmNlcjCBngYIKwYBBQUHAQsEgZEwgY4wgYsGCCsG
AQUFBzALhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFzdC0yLmFtYXpvbmF3cy5j
b20vdm9sdW1lL2RiYThmMDFjLTk2NjktNDRhMy1hYzZlLWRiMmVkYjA5OWI4NC9k
N2JkODViZi0yYWYyLTQ2YTAtOTFkNi1mOTQ1ZTcwNjMyMzEucm9hMIGIBgNVHR8E
gYAwfjB8oHqgeIZ2cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25h
d3MuY29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTli
ODQvdU9EYXRkdFljMUhyaHRVUVZReXJESzA4R2VJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgXQf8CA
MA0GCSqGSIb3DQEBCwUAA4IBAQAyJMJgc8z7ul3QtGPCeLeyktq2afqZMW0+1ZNb
bQ7xsq0TkOFVkCjfCNY+L/R0duz0TCdX6cRIft3D9N5FQQYksgg1NsSiN1VWl531
GyYHz1T2DObJxrTV1VLtaPILkN1UwI7ANb78+UxiPx0kLTFg2kvrl7Zvvali5TSV
DGFc6pQlLlZTv9GFEazy9H3LZe2NI/UFiUA03X1Qw0Z7vGBHNrYVS8T9itNvSvc0
/jbuk+VcxyOISdo4WgI2Cos1VXKC7M7jC47N2GckXqKOiSa1EYZihrIyvEbQm5Y6
+4Z/34z+GknPFZ3b3DJF0hUzNkxDc6aG2gPaE+QmxsBjx/iI
-----END CERTIFICATE-----
Generated at Tue Oct 28 04:14:23 2025 by rpki-client