Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/d995c3a1-2858-4090-a096-1bf6aeccd5f2.roa
File: d995c3a1-2858-4090-a096-1bf6aeccd5f2.roa (raw, json)
Hash identifier: QbX3SfxIcBqiSXIYl82S8PYufbEvdDRQtSbpY5rccb0=
Subject key identifier: 25:E3:43:A0:3C:0A:34:A2:3A:37:32:96:2E:E1:33:ED:AF:99:0F:A9
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 18665D766EE38493DB809A87A671F2B5CE05E167
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/d995c3a1-2858-4090-a096-1bf6aeccd5f2.roa
Signing time: Wed 22 Oct 2025 00:20:05 +0000
ROA not before: Wed 22 Oct 2025 00:20:05 +0000
ROA not after: Wed 26 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d014:1800::/38 maxlen: 38
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 28 Oct 2025 21:56:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
18:66:5d:76:6e:e3:84:93:db:80:9a:87:a6:71:f2:b5:ce:05:e1:67
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Oct 22 00:20:05 2025 GMT
Not After : Nov 26 23:59:59 2025 GMT
Subject: serialNumber=e49b098b81bf8fb25b4bb1912bc7ddbe6838537a91193dd366ddffd968f70eec, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9e:dd:42:88:9b:a2:39:63:b4:b1:6e:5e:09:0f:
ff:19:57:5e:75:e9:ef:61:4e:69:e4:0c:8a:d4:d3:
a9:3d:e4:81:1c:b6:f0:83:7f:9a:e9:ab:55:21:91:
8f:37:24:be:16:d0:10:ab:f4:89:e1:f2:14:d5:8f:
3f:b7:43:58:ee:06:cf:87:ed:cd:f6:73:6a:1b:9f:
93:cf:5c:97:6d:ad:58:3d:43:73:7d:85:73:70:9d:
37:4c:c6:78:0f:da:e9:45:f7:c1:f7:42:24:f4:c1:
f1:a9:bf:6c:7c:90:17:0f:c9:36:ec:31:a7:22:9e:
8f:78:3a:fd:fe:41:85:09:a9:60:d7:03:d3:39:11:
d6:f0:45:3a:8f:6e:83:d5:e5:3a:4b:5c:6a:fa:12:
f2:06:d0:af:b2:70:52:51:af:69:69:cd:f9:45:a0:
39:27:0f:6f:78:46:79:7d:6a:27:c6:b4:23:a3:8c:
d2:af:e0:5b:09:99:64:77:b5:61:db:fe:ca:e2:5a:
19:77:f0:9d:3f:41:31:6a:75:3d:35:0f:a7:63:71:
62:cb:2d:ed:0b:6f:2a:e0:1d:71:5c:ef:c7:50:1a:
28:14:88:bc:19:6a:ea:cd:7c:04:62:65:5d:04:17:
6e:14:8f:b6:49:7a:ea:55:77:8f:7a:42:d5:55:f5:
a0:75
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
25:E3:43:A0:3C:0A:34:A2:3A:37:32:96:2E:E1:33:ED:AF:99:0F:A9
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/d995c3a1-2858-4090-a096-1bf6aeccd5f2.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d014:1800::/38
Signature Algorithm: sha256WithRSAEncryption
3b:a4:02:c9:77:45:8e:c3:48:b1:82:fe:29:ba:6e:ef:5a:b3:
5a:e5:91:33:60:e0:dc:d9:f2:71:45:1e:b4:6e:a4:eb:f5:50:
26:64:82:96:d3:b7:d9:e7:3e:a1:45:84:58:76:7d:2e:ea:50:
29:e8:02:7a:e8:68:f5:6e:c8:f0:98:1d:fd:62:ae:78:b6:b3:
0b:1a:6e:ef:b0:f5:3d:f5:0a:08:a7:c2:53:e2:ef:78:8a:2e:
86:bc:e2:a4:0c:6f:7a:56:6c:d9:7f:56:70:c3:90:dc:fe:b4:
f4:fc:05:95:ef:7a:61:49:a4:1e:2a:c9:2c:99:0c:12:07:97:
7c:d0:41:24:45:38:d9:27:ea:5b:0b:43:78:a2:f8:2d:15:ed:
12:9c:53:e6:f3:cd:b5:95:88:50:38:aa:52:07:24:60:87:2c:
22:ba:a6:8c:44:34:c6:9b:ba:38:37:8b:01:cf:78:c7:ea:b7:
fa:82:ed:fd:74:8c:a2:73:86:4d:29:f3:e5:43:c7:90:3f:ec:
38:21:88:18:0d:7c:ba:67:fa:70:16:c0:35:52:16:69:01:1d:
8a:c8:6a:d1:d0:05:31:6a:c7:85:b9:b8:ba:c8:02:af:cd:a2:
ac:48:8a:9a:17:e4:7e:e0:23:8a:19:02:c8:e0:b3:ab:3d:60:
f9:e4:a6:e9
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUGGZddm7jhJPbgJqHpnHytc4F4WcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMjIwMDIwMDVaFw0yNTExMjYyMzU5NTlaMHoxSTBHBgNV
BAUTQGU0OWIwOThiODFiZjhmYjI1YjRiYjE5MTJiYzdkZGJlNjgzODUzN2E5MTE5
M2RkMzY2ZGRmZmQ5NjhmNzBlZWMxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJ7dQoibojljtLFuXgkP/xlXXnXp72FOaeQMitTTqT3kgRy28IN/mumrVSGR
jzckvhbQEKv0ieHyFNWPP7dDWO4Gz4ftzfZzahufk89cl22tWD1Dc32Fc3CdN0zG
eA/a6UX3wfdCJPTB8am/bHyQFw/JNuwxpyKej3g6/f5BhQmpYNcD0zkR1vBFOo9u
g9XlOktcavoS8gbQr7JwUlGvaWnN+UWgOScPb3hGeX1qJ8a0I6OM0q/gWwmZZHe1
Ydv+yuJaGXfwnT9BMWp1PTUPp2NxYsst7QtvKuAdcVzvx1AaKBSIvBlq6s18BGJl
XQQXbhSPtkl66lV3j3pC1VX1oHUCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBQl40Og
PAo0ojo3MpYu4TPtr5kPqTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
ZDk5NWMzYTEtMjg1OC00MDkwLWEwOTYtMWJmNmFlY2NkNWYyLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGAioF0BQY
MA0GCSqGSIb3DQEBCwUAA4IBAQA7pALJd0WOw0ixgv4pum7vWrNa5ZEzYODc2fJx
RR60bqTr9VAmZIKW07fZ5z6hRYRYdn0u6lAp6AJ66Gj1bsjwmB39Yq54trMLGm7v
sPU99QoIp8JT4u94ii6GvOKkDG96VmzZf1Zww5Dc/rT0/AWV73phSaQeKsksmQwS
B5d80EEkRTjZJ+pbC0N4ovgtFe0SnFPm8821lYhQOKpSByRghywiuqaMRDTGm7o4
N4sBz3jH6rf6gu39dIyic4ZNKfPlQ8eQP+w4IYgYDXy6Z/pwFsA1UhZpAR2KyGrR
0AUxaseFubi6yAKvzaKsSIqaF+R+4COKGQLI4LOrPWD55Kbp
-----END CERTIFICATE-----
Generated at Tue Oct 28 04:11:53 2025 by rpki-client