Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/f97778b4-85b1-4580-ac38-a4872d19261b.roa
File: f97778b4-85b1-4580-ac38-a4872d19261b.roa (raw, json)
Hash identifier: hAAdQnGpJliD40jOUt5Ruc0tAWPGSYJwpWMxxQIaJiA=
Subject key identifier: BE:7C:B5:4C:DB:BA:D0:1C:AA:0E:28:5F:B2:CD:79:94:BF:C5:BE:2B
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 0226C9616CE7361591BAF18340579F4C3171CB7C
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/f97778b4-85b1-4580-ac38-a4872d19261b.roa
Signing time: Tue 21 Oct 2025 14:30:32 +0000
ROA not before: Tue 21 Oct 2025 14:30:32 +0000
ROA not after: Tue 25 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d034:5000::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 08 Nov 2025 17:00:37 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
02:26:c9:61:6c:e7:36:15:91:ba:f1:83:40:57:9f:4c:31:71:cb:7c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Oct 21 14:30:32 2025 GMT
Not After : Nov 25 23:59:59 2025 GMT
Subject: serialNumber=5b4bc7874c65aa94419e6bf43c37aa2bf1a4eefe10b5c269bb5e00fd913bab98, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:98:c6:3e:cb:0a:55:dd:ff:c2:17:d1:13:f8:e1:
53:3c:31:d5:39:21:4b:aa:ad:72:69:a7:b2:c4:8b:
1f:73:e2:3e:f6:7a:71:70:c8:19:45:f3:c7:b2:cf:
10:db:9d:10:8a:c7:e6:19:59:1d:38:3c:64:5a:4c:
99:fe:74:c0:25:0e:75:05:68:1f:05:42:b6:af:dd:
b1:4b:c1:db:2e:10:3d:20:68:08:35:57:0c:24:c5:
ba:70:e4:94:a1:81:5a:7f:ed:46:65:eb:d8:ea:f9:
9c:9f:54:47:f1:62:b9:44:c6:71:d3:9e:de:e5:1a:
b5:cb:f5:9e:cf:dc:a7:b7:bd:dc:61:da:28:10:d5:
aa:6a:d9:5f:8d:2c:78:3d:84:6f:27:26:19:31:d6:
48:d4:9b:a0:b8:03:fc:d2:a7:79:0f:d7:4b:0d:21:
b5:ab:43:67:9d:d7:53:b1:a6:12:67:32:b2:46:1e:
ed:1f:55:02:eb:d0:31:52:18:68:bd:c4:55:35:0f:
e4:4f:5b:a1:01:7b:43:c7:a8:34:a4:df:c3:04:62:
e4:86:63:75:00:f9:db:f7:cf:23:0b:9b:13:b9:8d:
64:30:b5:94:6f:bc:88:e2:09:21:92:fe:58:1a:4f:
1f:f3:2b:72:0d:83:00:14:9e:e5:71:b1:3a:b6:dc:
56:67
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BE:7C:B5:4C:DB:BA:D0:1C:AA:0E:28:5F:B2:CD:79:94:BF:C5:BE:2B
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/f97778b4-85b1-4580-ac38-a4872d19261b.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d034:5000::/40
Signature Algorithm: sha256WithRSAEncryption
65:c0:13:f7:74:55:4e:d0:6f:c8:3e:c9:f6:83:78:c7:7b:87:
96:b1:af:18:c0:20:b2:db:11:50:51:1b:19:74:42:25:7f:bb:
e4:37:b6:e9:2d:5c:f7:58:85:ed:25:97:cb:b7:ad:1b:9d:2a:
6a:bf:4f:5b:17:17:ee:e4:93:c3:09:ec:f6:e2:a7:1f:aa:1c:
37:c2:df:2a:f0:79:70:86:0c:c6:08:d7:21:74:69:bf:60:8c:
01:ea:9e:0e:0e:65:ab:cb:4e:c4:c1:3a:16:89:cd:70:db:58:
4f:08:1b:01:c5:87:77:1c:1c:6b:0b:fa:f6:02:e6:d2:5d:ab:
7b:ec:98:21:ce:f1:12:93:09:5a:40:e7:be:c0:b1:9b:73:2c:
a7:30:c5:9d:58:a1:53:de:2e:ae:24:34:80:c2:b8:e7:db:0b:
73:a4:a3:3b:4a:9a:77:f8:67:1a:bf:33:eb:4e:ff:f5:30:78:
21:8b:7e:a8:10:b9:50:f4:f6:bd:3c:b9:3e:d3:1d:e2:38:36:
6f:d4:a7:ad:78:b7:59:b1:0e:3b:df:d5:e0:f6:f2:8b:1c:c5:
eb:d9:39:80:9a:3e:00:70:50:c1:3e:cd:07:8c:70:d6:78:5f:
97:fd:a6:f9:f8:4f:e3:b3:01:40:08:a7:54:d3:5a:2e:fc:b6:
c1:5f:17:83
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUAibJYWznNhWRuvGDQFefTDFxy3wwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMjExNDMwMzJaFw0yNTExMjUyMzU5NTlaMHoxSTBHBgNV
BAUTQDViNGJjNzg3NGM2NWFhOTQ0MTllNmJmNDNjMzdhYTJiZjFhNGVlZmUxMGI1
YzI2OWJiNWUwMGZkOTEzYmFiOTgxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJjGPssKVd3/whfRE/jhUzwx1TkhS6qtcmmnssSLH3PiPvZ6cXDIGUXzx7LP
ENudEIrH5hlZHTg8ZFpMmf50wCUOdQVoHwVCtq/dsUvB2y4QPSBoCDVXDCTFunDk
lKGBWn/tRmXr2Or5nJ9UR/FiuUTGcdOe3uUatcv1ns/cp7e93GHaKBDVqmrZX40s
eD2EbycmGTHWSNSboLgD/NKneQ/XSw0htatDZ53XU7GmEmcyskYe7R9VAuvQMVIY
aL3EVTUP5E9boQF7Q8eoNKTfwwRi5IZjdQD52/fPIwubE7mNZDC1lG+8iOIJIZL+
WBpPH/Mrcg2DABSe5XGxOrbcVmcCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBS+fLVM
27rQHKoOKF+yzXmUv8W+KzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
Zjk3Nzc4YjQtODViMS00NTgwLWFjMzgtYTQ4NzJkMTkyNjFiLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0DRQ
MA0GCSqGSIb3DQEBCwUAA4IBAQBlwBP3dFVO0G/IPsn2g3jHe4eWsa8YwCCy2xFQ
URsZdEIlf7vkN7bpLVz3WIXtJZfLt60bnSpqv09bFxfu5JPDCez24qcfqhw3wt8q
8HlwhgzGCNchdGm/YIwB6p4ODmWry07EwToWic1w21hPCBsBxYd3HBxrC/r2AubS
Xat77JghzvESkwlaQOe+wLGbcyynMMWdWKFT3i6uJDSAwrjn2wtzpKM7Spp3+Gca
vzPrTv/1MHghi36oELlQ9Pa9PLk+0x3iODZv1KeteLdZsQ4739Xg9vKLHMXr2TmA
mj4AcFDBPs0HjHDWeF+X/ab5+E/jswFACKdU01ou/LbBXxeD
-----END CERTIFICATE-----
Generated at Fri Nov 7 19:15:34 2025 by rpki-client