Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/f9753974-947c-42c4-885b-aa94c43c56a0.roa
File: f9753974-947c-42c4-885b-aa94c43c56a0.roa (raw, json)
Hash identifier: Q8h6R6a2qolif2vW7NQuacNucqWKPMW2qUkOs1FIU2w=
Subject key identifier: 89:0D:48:9F:C9:B3:0E:5F:AE:CB:16:69:79:F9:00:CD:C7:A5:04:8F
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 0C373DA010D9B05D208F96CC88034DAC2B114AA8
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/f9753974-947c-42c4-885b-aa94c43c56a0.roa
Signing time: Tue 21 Oct 2025 13:10:16 +0000
ROA not before: Tue 21 Oct 2025 13:10:16 +0000
ROA not after: Tue 25 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d07f:a0c0::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 28 Oct 2025 21:56:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
0c:37:3d:a0:10:d9:b0:5d:20:8f:96:cc:88:03:4d:ac:2b:11:4a:a8
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Oct 21 13:10:16 2025 GMT
Not After : Nov 25 23:59:59 2025 GMT
Subject: serialNumber=4556a64aae76a3734928f1adec6744fbd0b7fbe9c79ebb5495f8e38bac2bf1ba, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8d:67:32:fe:42:57:e1:6d:70:da:0d:ea:15:b2:
58:a5:da:05:6a:27:07:fb:94:ef:67:fb:43:e0:cb:
d6:8d:c4:12:00:e2:17:84:b2:52:84:d9:e9:1d:d0:
10:02:ca:cb:05:d7:e0:f9:23:c4:54:37:c6:b0:16:
ac:61:20:c8:b1:67:2f:1b:1f:ae:4f:72:e1:ec:0f:
44:87:bd:cc:09:f6:45:af:84:f8:65:2a:e9:84:4d:
7a:a8:d8:7c:7a:6a:85:32:bd:cb:45:d8:4a:4e:84:
26:fb:74:cc:93:05:db:9a:d5:0c:21:00:05:1a:b5:
8b:ce:ea:d3:45:14:12:ed:cc:47:72:12:c2:3f:59:
5d:d5:31:ef:b7:c0:b6:11:9a:8c:bc:8e:3e:fc:a1:
da:d5:e8:94:f8:71:a7:d4:b7:3c:91:64:68:ad:b1:
36:a5:de:9c:1a:ae:70:e2:e5:24:7f:ab:87:20:7d:
77:3c:43:9c:72:06:89:b5:90:63:bd:3c:68:0c:87:
ba:86:9e:22:3a:cb:bd:a7:b5:da:27:be:d0:c0:b0:
07:f5:bf:c9:e3:22:e2:dc:5a:1e:a1:39:23:91:ef:
d2:e7:79:69:d6:b6:a1:95:43:d6:0a:b7:ed:c6:38:
5f:fc:75:e1:ca:73:c4:f6:12:4b:35:d0:3d:07:77:
5e:ef
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
89:0D:48:9F:C9:B3:0E:5F:AE:CB:16:69:79:F9:00:CD:C7:A5:04:8F
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/f9753974-947c-42c4-885b-aa94c43c56a0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d07f:a0c0::/48
Signature Algorithm: sha256WithRSAEncryption
9f:d4:7c:bc:58:ce:00:71:da:ed:e8:69:b8:d5:73:3e:3f:64:
23:7f:99:4a:29:48:87:29:c0:e8:a7:7d:85:e7:d4:3d:84:f3:
cc:2f:a1:4a:4a:5a:bc:63:06:75:e0:b9:cc:d1:70:69:5a:82:
cb:2a:b7:eb:11:af:d9:c9:38:a9:5f:e5:ba:75:fc:54:4f:e2:
b3:96:a8:26:a6:09:5e:3c:dd:f4:34:c5:bf:21:bd:e5:26:73:
da:3e:ce:34:29:38:f3:d6:b1:f4:c2:21:30:49:65:dd:5b:a6:
f5:e8:2a:a1:ba:83:34:67:89:78:e4:40:48:ef:7b:94:8b:f1:
ec:12:b2:00:e9:ef:5c:a6:de:e6:62:65:d6:7b:87:cf:56:fc:
4d:c3:1f:55:bd:28:9d:06:52:d8:9d:2e:89:98:1d:a0:f5:19:
07:1c:5f:27:79:10:12:8c:02:9c:e8:44:36:d1:8c:1b:74:33:
53:91:d1:c9:9d:e0:87:e3:9d:50:b6:b8:8c:e5:b9:19:48:5a:
88:43:3d:71:29:a3:36:12:3b:c7:09:07:2f:2c:b1:de:32:cb:
c2:51:e6:d5:0b:3a:e4:66:4c:3e:d0:b9:8c:77:9c:aa:c9:27:
17:e2:f9:59:d7:25:01:5f:5c:d3:eb:5e:c1:60:4b:a1:4e:3f:
66:2c:82:32
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUDDc9oBDZsF0gj5bMiANNrCsRSqgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMjExMzEwMTZaFw0yNTExMjUyMzU5NTlaMHoxSTBHBgNV
BAUTQDQ1NTZhNjRhYWU3NmEzNzM0OTI4ZjFhZGVjNjc0NGZiZDBiN2ZiZTljNzll
YmI1NDk1ZjhlMzhiYWMyYmYxYmExLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAI1nMv5CV+FtcNoN6hWyWKXaBWonB/uU72f7Q+DL1o3EEgDiF4SyUoTZ6R3Q
EALKywXX4PkjxFQ3xrAWrGEgyLFnLxsfrk9y4ewPRIe9zAn2Ra+E+GUq6YRNeqjY
fHpqhTK9y0XYSk6EJvt0zJMF25rVDCEABRq1i87q00UUEu3MR3ISwj9ZXdUx77fA
thGajLyOPvyh2tXolPhxp9S3PJFkaK2xNqXenBqucOLlJH+rhyB9dzxDnHIGibWQ
Y708aAyHuoaeIjrLvae12ie+0MCwB/W/yeMi4txaHqE5I5Hv0ud5ada2oZVD1gq3
7cY4X/x14cpzxPYSSzXQPQd3Xu8CAwEAAaOCAiQwggIgMB0GA1UdDgQWBBSJDUif
ybMOX67LFml5+QDNx6UEjzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
Zjk3NTM5NzQtOTQ3Yy00MmM0LTg4NWItYWE5NGM0M2M1NmEwLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0H+g
wDANBgkqhkiG9w0BAQsFAAOCAQEAn9R8vFjOAHHa7ehpuNVzPj9kI3+ZSilIhynA
6Kd9hefUPYTzzC+hSkpavGMGdeC5zNFwaVqCyyq36xGv2ck4qV/lunX8VE/is5ao
JqYJXjzd9DTFvyG95SZz2j7ONCk489ax9MIhMEll3Vum9egqobqDNGeJeORASO97
lIvx7BKyAOnvXKbe5mJl1nuHz1b8TcMfVb0onQZS2J0uiZgdoPUZBxxfJ3kQEowC
nOhENtGMG3QzU5HRyZ3gh+OdULa4jOW5GUhaiEM9cSmjNhI7xwkHLyyx3jLLwlHm
1Qs65GZMPtC5jHecqsknF+L5WdclAV9c0+tewWBLoU4/ZiyCMg==
-----END CERTIFICATE-----
Generated at Tue Oct 28 04:09:07 2025 by rpki-client