Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/e2212154-4339-4293-b1a8-15f06519a708.roa
File: e2212154-4339-4293-b1a8-15f06519a708.roa (raw, json)
Hash identifier: KsSQZ2BPSjjKuxA1VarK4AzkiUWzty33otOPT6u7BgY=
Subject key identifier: 4B:69:68:2D:25:E0:BD:0B:4A:B7:B7:5C:B5:80:FE:6B:21:6C:0F:4B
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 2F99E2E3AE67A5A6636B6BFCF5808098EE033C58
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/e2212154-4339-4293-b1a8-15f06519a708.roa
Signing time: Tue 21 Oct 2025 12:30:15 +0000
ROA not before: Tue 21 Oct 2025 12:30:15 +0000
ROA not after: Tue 25 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d06f:a000::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 28 Oct 2025 21:56:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
2f:99:e2:e3:ae:67:a5:a6:63:6b:6b:fc:f5:80:80:98:ee:03:3c:58
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Oct 21 12:30:15 2025 GMT
Not After : Nov 25 23:59:59 2025 GMT
Subject: serialNumber=fd00f9c2da93fc42e947b2739419f6820ed5d8ab50184eaaf31e8db0f7849cbf, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ab:85:30:28:59:5c:c1:4e:1c:c1:f5:5c:f6:cd:
40:bf:37:1e:f2:be:ad:48:3a:f6:f5:a9:ca:77:ec:
f2:cb:88:34:2d:d8:c7:54:3d:12:1c:18:a8:22:79:
fb:07:04:18:6f:63:e9:77:1d:b9:60:b5:bf:8a:9e:
3f:37:9e:fd:b9:2d:9d:d4:18:1e:03:9f:55:17:32:
c2:76:4f:1d:f1:b0:81:10:d8:d3:71:bf:65:c1:d0:
2c:db:f6:16:7a:85:4c:c1:59:33:a7:5f:95:de:f2:
e7:e6:d4:24:76:5c:34:bc:a8:c6:2e:2f:e8:03:99:
98:6c:ae:07:85:b5:9e:08:f1:12:80:7f:9c:2b:42:
d2:b0:dd:4a:36:7a:de:2f:e7:b1:2b:d7:99:af:e3:
7f:78:89:32:23:28:d5:4f:05:76:c2:95:2f:ad:4d:
2c:cb:de:46:d6:6b:f2:9f:63:08:d6:0e:e6:45:92:
8f:e6:3d:df:f8:31:ba:86:35:8b:fa:a4:d1:d5:55:
b9:d2:8d:5b:33:98:5d:26:f3:4e:4e:63:90:c5:bc:
cd:2a:23:5f:3c:31:46:c4:10:65:7b:b6:e3:73:86:
62:ec:46:c0:9d:43:3f:f3:4b:27:92:8a:ef:d2:6e:
e9:f1:02:03:c9:2e:ad:0a:f5:2d:a5:db:4e:d6:dd:
28:d9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4B:69:68:2D:25:E0:BD:0B:4A:B7:B7:5C:B5:80:FE:6B:21:6C:0F:4B
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/e2212154-4339-4293-b1a8-15f06519a708.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d06f:a000::/40
Signature Algorithm: sha256WithRSAEncryption
6b:fc:24:3c:04:76:fc:42:8c:84:bc:6e:b1:57:05:00:62:db:
87:7d:78:de:92:a8:f8:2c:75:24:d3:c8:aa:51:bf:71:79:33:
fb:4d:21:89:9e:6e:a8:99:90:9f:68:2c:dd:6d:34:ee:f5:af:
73:4b:6e:f3:a7:e4:f7:2b:18:93:f4:2b:e5:cf:4b:ca:38:5f:
07:b8:77:a5:8f:48:70:01:43:91:fc:73:31:fe:41:ed:f7:08:
4a:c4:ba:bd:a7:68:bd:74:84:44:b8:da:bb:f7:27:3f:ef:4b:
81:18:9f:c3:e7:bd:80:ce:7b:03:72:17:88:86:9b:73:91:90:
e2:bc:b6:10:a7:b0:ab:a5:b6:ab:14:5c:77:a3:b5:85:8a:53:
00:66:40:1f:9b:10:55:a9:14:1f:4f:63:f6:7f:1f:a6:23:5e:
e1:db:c7:4e:34:7b:61:56:48:b0:fe:02:f9:78:33:73:5d:e0:
75:04:93:09:72:5d:e5:9c:5f:31:b0:41:c9:36:b6:e3:43:72:
9c:18:a9:aa:09:4b:d6:ee:e4:37:14:65:21:af:ab:8d:3d:e7:
1d:3a:49:87:9c:75:bb:47:57:11:e8:47:06:9c:84:61:0b:38:
50:59:85:e3:dd:df:83:e8:bf:6a:a2:81:ae:6a:9d:98:76:a5:
58:8e:c8:88
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUL5ni465npaZja2v89YCAmO4DPFgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMjExMjMwMTVaFw0yNTExMjUyMzU5NTlaMHoxSTBHBgNV
BAUTQGZkMDBmOWMyZGE5M2ZjNDJlOTQ3YjI3Mzk0MTlmNjgyMGVkNWQ4YWI1MDE4
NGVhYWYzMWU4ZGIwZjc4NDljYmYxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKuFMChZXMFOHMH1XPbNQL83HvK+rUg69vWpynfs8suINC3Yx1Q9EhwYqCJ5
+wcEGG9j6XcduWC1v4qePzee/bktndQYHgOfVRcywnZPHfGwgRDY03G/ZcHQLNv2
FnqFTMFZM6dfld7y5+bUJHZcNLyoxi4v6AOZmGyuB4W1ngjxEoB/nCtC0rDdSjZ6
3i/nsSvXma/jf3iJMiMo1U8FdsKVL61NLMveRtZr8p9jCNYO5kWSj+Y93/gxuoY1
i/qk0dVVudKNWzOYXSbzTk5jkMW8zSojXzwxRsQQZXu243OGYuxGwJ1DP/NLJ5KK
79Ju6fECA8kurQr1LaXbTtbdKNkCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBRLaWgt
JeC9C0q3t1y1gP5rIWwPSzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
ZTIyMTIxNTQtNDMzOS00MjkzLWIxYTgtMTVmMDY1MTlhNzA4LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0G+g
MA0GCSqGSIb3DQEBCwUAA4IBAQBr/CQ8BHb8QoyEvG6xVwUAYtuHfXjekqj4LHUk
08iqUb9xeTP7TSGJnm6omZCfaCzdbTTu9a9zS27zp+T3KxiT9Cvlz0vKOF8HuHel
j0hwAUOR/HMx/kHt9whKxLq9p2i9dIREuNq79yc/70uBGJ/D572AznsDcheIhptz
kZDivLYQp7CrpbarFFx3o7WFilMAZkAfmxBVqRQfT2P2fx+mI17h28dONHthVkiw
/gL5eDNzXeB1BJMJcl3lnF8xsEHJNrbjQ3KcGKmqCUvW7uQ3FGUhr6uNPecdOkmH
nHW7R1cR6EcGnIRhCzhQWYXj3d+D6L9qooGuap2YdqVYjsiI
-----END CERTIFICATE-----
Generated at Tue Oct 28 04:15:06 2025 by rpki-client