Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/fc40321f-72c2-43a4-8c42-0e935f8f1943.roa
File: fc40321f-72c2-43a4-8c42-0e935f8f1943.roa (raw, json)
Hash identifier: 8NNxJWB3JhY7P4VIXyuhab9p15KeVJYJD/rprHN+Bt0=
Subject key identifier: FC:1B:6C:25:3D:90:67:99:7F:B2:72:09:85:87:8F:FB:A3:46:E4:FB
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 544BAF36AB83CD96711D676055B197C5D5051E97
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/fc40321f-72c2-43a4-8c42-0e935f8f1943.roa
Signing time: Tue 21 Oct 2025 13:50:57 +0000
ROA not before: Tue 21 Oct 2025 13:50:57 +0000
ROA not after: Tue 25 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d000:20c0::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 29 Oct 2025 00:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
54:4b:af:36:ab:83:cd:96:71:1d:67:60:55:b1:97:c5:d5:05:1e:97
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Oct 21 13:50:57 2025 GMT
Not After : Nov 25 23:59:59 2025 GMT
Subject: serialNumber=e6f2808e3c2234760191139959d0970ad04456de1680d135bc3ef53c7ee62f5b, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9f:c0:95:fd:0b:ef:4a:da:d6:54:34:81:32:22:
6b:47:12:1c:2f:a4:c1:f3:09:08:ad:52:3e:4d:02:
ff:24:e2:c4:ec:b5:89:0f:a3:19:2f:03:4d:c6:f9:
24:fc:d6:9f:62:ad:90:0e:ec:e7:ca:cf:7f:6a:f3:
18:85:75:77:f5:aa:b5:72:dc:e5:a8:77:6b:c7:ef:
11:4c:66:e8:cd:db:73:23:34:61:6c:ee:7c:6e:95:
c1:e8:16:36:92:80:fa:7e:25:cb:8f:dd:d3:bf:e6:
fc:bb:0a:03:1b:84:a6:0f:04:f2:56:d1:04:66:92:
b0:fc:f7:9a:ee:40:db:a7:04:6d:69:02:37:7d:cd:
8d:d3:5b:22:fe:9a:42:f0:60:0d:5a:29:97:07:a1:
5f:f5:da:6f:23:35:5c:c4:df:75:1b:f9:b5:3a:a7:
9d:d3:2c:b8:e1:d3:e5:62:33:e5:2c:2a:73:b6:da:
81:f2:67:35:29:8c:a1:00:b9:90:fe:b5:c2:9c:c0:
aa:fc:f1:b5:8a:9b:9f:2c:1e:dd:c1:6b:df:7a:37:
12:41:ee:fb:61:24:0f:da:fd:fd:ca:28:38:f4:23:
88:ce:0f:ec:0b:4f:af:27:b3:be:e9:7a:7c:9b:5b:
b2:7a:10:d3:ba:ab:48:55:6a:58:0e:71:e8:b4:b9:
40:81
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FC:1B:6C:25:3D:90:67:99:7F:B2:72:09:85:87:8F:FB:A3:46:E4:FB
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/fc40321f-72c2-43a4-8c42-0e935f8f1943.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d000:20c0::/48
Signature Algorithm: sha256WithRSAEncryption
5a:51:5a:aa:76:47:01:2b:78:41:03:fd:3f:0c:b8:f8:9f:bc:
7e:20:b8:7b:0f:00:5e:f4:67:8a:50:78:8a:27:78:8e:d3:d5:
0c:19:cf:e8:07:bf:f7:73:c8:29:a8:3c:25:3b:b6:95:a9:ca:
fb:fc:c8:3d:fb:ab:2b:c8:1f:cb:f7:86:b6:94:a2:27:75:d9:
fa:ef:41:19:90:cc:65:5c:14:47:6e:ef:42:d1:d5:d6:85:42:
95:b9:94:72:63:40:16:0a:7a:fd:b3:20:b4:cb:54:c1:5a:d2:
51:d8:37:ad:60:29:4a:56:75:60:4a:59:72:f8:f2:35:54:1b:
63:50:66:d6:cf:12:1c:aa:40:28:a7:74:6c:3d:5b:da:3b:34:
c9:79:a1:78:52:73:f9:e5:2f:c6:c5:be:2c:94:aa:c6:93:f8:
5d:5f:71:43:77:ad:d9:5a:b1:81:89:9e:31:91:29:96:42:ec:
a1:0d:60:30:b3:40:98:79:46:d8:28:4d:7c:1b:12:41:eb:f0:
5d:74:98:5e:d7:38:fa:04:f1:2a:63:6b:f7:be:79:19:22:9b:
01:4e:a6:c1:d4:df:4e:e1:b4:d5:25:68:11:f6:05:c9:f3:d7:
e4:f7:ce:94:de:84:10:d5:4b:29:69:6e:fc:b0:73:45:89:32:
57:39:69:e9
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUVEuvNquDzZZxHWdgVbGXxdUFHpcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMjExMzUwNTdaFw0yNTExMjUyMzU5NTlaMHoxSTBHBgNV
BAUTQGU2ZjI4MDhlM2MyMjM0NzYwMTkxMTM5OTU5ZDA5NzBhZDA0NDU2ZGUxNjgw
ZDEzNWJjM2VmNTNjN2VlNjJmNWIxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJ/Alf0L70ra1lQ0gTIia0cSHC+kwfMJCK1SPk0C/yTixOy1iQ+jGS8DTcb5
JPzWn2KtkA7s58rPf2rzGIV1d/WqtXLc5ah3a8fvEUxm6M3bcyM0YWzufG6VwegW
NpKA+n4ly4/d07/m/LsKAxuEpg8E8lbRBGaSsPz3mu5A26cEbWkCN33NjdNbIv6a
QvBgDVoplwehX/XabyM1XMTfdRv5tTqnndMsuOHT5WIz5Swqc7bagfJnNSmMoQC5
kP61wpzAqvzxtYqbnywe3cFr33o3EkHu+2EkD9r9/cooOPQjiM4P7AtPryezvul6
fJtbsnoQ07qrSFVqWA5x6LS5QIECAwEAAaOCAiQwggIgMB0GA1UdDgQWBBT8G2wl
PZBnmX+ycgmFh4/7o0bk+zAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
ZmM0MDMyMWYtNzJjMi00M2E0LThjNDItMGU5MzVmOGYxOTQzLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0AAg
wDANBgkqhkiG9w0BAQsFAAOCAQEAWlFaqnZHASt4QQP9Pwy4+J+8fiC4ew8AXvRn
ilB4iid4jtPVDBnP6Ae/93PIKag8JTu2lanK+/zIPfurK8gfy/eGtpSiJ3XZ+u9B
GZDMZVwUR27vQtHV1oVClbmUcmNAFgp6/bMgtMtUwVrSUdg3rWApSlZ1YEpZcvjy
NVQbY1Bm1s8SHKpAKKd0bD1b2js0yXmheFJz+eUvxsW+LJSqxpP4XV9xQ3et2Vqx
gYmeMZEplkLsoQ1gMLNAmHlG2ChNfBsSQevwXXSYXtc4+gTxKmNr9755GSKbAU6m
wdTfTuG01SVoEfYFyfPX5PfOlN6EENVLKWlu/LBzRYkyVzlp6Q==
-----END CERTIFICATE-----
Generated at Tue Oct 28 04:11:58 2025 by rpki-client