Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/da8369e9-0146-44b6-865e-0064a4d1ed72.roa
File: da8369e9-0146-44b6-865e-0064a4d1ed72.roa (raw, json)
Hash identifier: 11EWtA4QrCNpqLpTAk9GQQ7P0SoYh9Ek7+Y2tC6eebc=
Subject key identifier: 8A:73:5B:00:9E:A1:70:73:EE:C7:A4:9E:11:56:F6:9C:21:0A:00:70
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 374B17BD10B96CEBE72A2E6AA2E628F5878FD400
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/da8369e9-0146-44b6-865e-0064a4d1ed72.roa
Signing time: Tue 21 Oct 2025 13:20:34 +0000
ROA not before: Tue 21 Oct 2025 13:20:34 +0000
ROA not after: Tue 25 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d031:6000::/40 maxlen: 40
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 28 Oct 2025 21:56:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
37:4b:17:bd:10:b9:6c:eb:e7:2a:2e:6a:a2:e6:28:f5:87:8f:d4:00
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Oct 21 13:20:34 2025 GMT
Not After : Nov 25 23:59:59 2025 GMT
Subject: serialNumber=cc3459d27d7802b36398eb6cae6cdf47058ef72a46b0b920c61ddd901b24e42a, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a3:20:2e:88:1a:82:7e:52:59:64:10:fa:28:ad:
29:41:45:55:77:87:94:b2:61:7e:c5:32:b1:a9:ec:
37:08:94:23:67:bd:92:87:ae:4a:33:30:ea:ba:ca:
a8:15:df:30:55:23:5b:c6:85:a7:bb:eb:76:a8:8c:
32:a9:f7:cc:bc:7f:51:bf:5c:9b:33:19:21:98:b1:
71:db:1a:27:a5:cd:ad:73:77:7d:77:c0:9f:37:19:
11:b4:8e:36:73:b0:fb:0e:b5:7e:78:e3:4a:e9:6f:
b4:10:ca:47:7e:1c:7a:3f:66:ba:d2:bb:73:fc:ad:
cf:af:26:30:ea:45:c3:f8:7e:d3:e1:bf:65:b9:8d:
d2:08:02:1a:eb:13:42:64:db:50:42:7a:6b:a2:73:
dc:38:aa:eb:b4:ca:6b:d1:ee:23:32:6f:46:4d:e8:
47:e8:79:ee:9a:4d:13:f7:3c:d4:0a:c1:da:64:61:
0e:4a:12:a5:48:53:3a:97:a3:70:dc:a8:1e:72:a7:
2a:9a:8a:b0:2b:96:6a:fc:1e:b2:35:fd:ce:b8:1c:
59:7a:31:22:f2:e6:c4:ee:9d:62:34:66:b9:5e:71:
f8:a6:06:ec:7c:2c:f3:4d:d1:bb:a1:15:3f:38:0e:
6a:6e:0a:f5:7b:5f:0d:69:d5:6d:aa:0a:1c:bc:1b:
f4:39
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8A:73:5B:00:9E:A1:70:73:EE:C7:A4:9E:11:56:F6:9C:21:0A:00:70
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/da8369e9-0146-44b6-865e-0064a4d1ed72.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d031:6000::/40
Signature Algorithm: sha256WithRSAEncryption
69:bc:81:51:98:f2:ca:90:62:2a:46:68:f4:65:ad:0a:f2:7c:
66:66:69:4d:7c:2e:7a:20:5d:4e:bd:3c:af:4f:52:c9:cb:e5:
71:85:f2:3e:4d:7e:02:b2:8d:1c:43:7c:37:ad:f7:fb:78:cb:
88:fb:0b:40:79:9a:80:0f:47:1e:c6:33:b8:3d:9c:96:0a:d6:
67:13:e0:4a:48:1b:56:31:84:83:29:d8:0f:b5:9b:51:18:4f:
3c:74:c2:bd:29:91:69:9c:52:75:22:29:e3:f4:f9:07:8c:31:
96:49:db:92:27:bd:a6:fc:85:e6:6b:b8:85:b7:57:3a:a7:fd:
f7:f4:85:c0:64:38:30:56:54:f8:9f:40:00:f3:f1:3e:3f:dc:
c6:14:b3:3e:0c:81:39:a4:bb:b9:bf:58:23:83:44:87:c8:98:
f3:b7:59:96:06:92:6b:14:a0:75:45:77:b4:b0:f5:c1:cf:e5:
e4:b4:ef:42:4a:04:d9:c0:5d:12:82:da:e9:5b:1d:f2:5e:d9:
b4:f6:73:95:7f:67:c5:d1:92:6f:88:69:ea:52:c0:a5:b4:e0:
c0:49:71:d5:6f:23:66:68:6b:3e:13:2b:a4:61:bd:19:3a:4d:
20:e5:1d:3d:11:50:8b:2a:e9:19:44:e9:18:7f:c8:9c:15:47:
c7:a2:f2:1b
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUN0sXvRC5bOvnKi5qouYo9YeP1AAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMjExMzIwMzRaFw0yNTExMjUyMzU5NTlaMHoxSTBHBgNV
BAUTQGNjMzQ1OWQyN2Q3ODAyYjM2Mzk4ZWI2Y2FlNmNkZjQ3MDU4ZWY3MmE0NmIw
YjkyMGM2MWRkZDkwMWIyNGU0MmExLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKMgLogagn5SWWQQ+iitKUFFVXeHlLJhfsUysansNwiUI2e9koeuSjMw6rrK
qBXfMFUjW8aFp7vrdqiMMqn3zLx/Ub9cmzMZIZixcdsaJ6XNrXN3fXfAnzcZEbSO
NnOw+w61fnjjSulvtBDKR34cej9mutK7c/ytz68mMOpFw/h+0+G/ZbmN0ggCGusT
QmTbUEJ6a6Jz3Diq67TKa9HuIzJvRk3oR+h57ppNE/c81ArB2mRhDkoSpUhTOpej
cNyoHnKnKpqKsCuWavwesjX9zrgcWXoxIvLmxO6dYjRmuV5x+KYG7Hws803Ru6EV
PzgOam4K9XtfDWnVbaoKHLwb9DkCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBSKc1sA
nqFwc+7HpJ4RVvacIQoAcDAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
ZGE4MzY5ZTktMDE0Ni00NGI2LTg2NWUtMDA2NGE0ZDFlZDcyLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0DFg
MA0GCSqGSIb3DQEBCwUAA4IBAQBpvIFRmPLKkGIqRmj0Za0K8nxmZmlNfC56IF1O
vTyvT1LJy+VxhfI+TX4Cso0cQ3w3rff7eMuI+wtAeZqAD0cexjO4PZyWCtZnE+BK
SBtWMYSDKdgPtZtRGE88dMK9KZFpnFJ1Iinj9PkHjDGWSduSJ72m/IXma7iFt1c6
p/339IXAZDgwVlT4n0AA8/E+P9zGFLM+DIE5pLu5v1gjg0SHyJjzt1mWBpJrFKB1
RXe0sPXBz+XktO9CSgTZwF0SgtrpWx3yXtm09nOVf2fF0ZJviGnqUsCltODASXHV
byNmaGs+EyukYb0ZOk0g5R09EVCLKukZROkYf8icFUfHovIb
-----END CERTIFICATE-----
Generated at Tue Oct 28 04:14:21 2025 by rpki-client