Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/fec66173-52ba-4e6f-b1ec-889563dfb748.roa
File: fec66173-52ba-4e6f-b1ec-889563dfb748.roa (raw, json)
Hash identifier: db481Xj6TA8mEzbvv2t6zVnQiB0Nqzg7XHGWstCNeQg=
Subject key identifier: 20:DE:AE:42:48:F7:A8:6A:B5:C4:60:DE:A8:E9:C9:77:2E:2C:9A:FD
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 7664ECF8D32778C23FDEC877449F797F19D80312
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/fec66173-52ba-4e6f-b1ec-889563dfb748.roa
Signing time: Fri 24 Oct 2025 00:20:11 +0000
ROA not before: Fri 24 Oct 2025 00:20:11 +0000
ROA not after: Fri 28 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d06d:6040::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 29 Oct 2025 00:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
76:64:ec:f8:d3:27:78:c2:3f:de:c8:77:44:9f:79:7f:19:d8:03:12
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Oct 24 00:20:11 2025 GMT
Not After : Nov 28 23:59:59 2025 GMT
Subject: serialNumber=eefefefd59fad05bb116a64f3ae8795e856bda1386da24b78c3760aacff76d5a, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b2:4b:0a:e8:2e:5b:ed:49:cf:b1:1a:a8:fd:3b:
85:8a:8a:f5:05:8d:50:34:c7:d7:cf:1c:c7:96:70:
67:ea:11:93:bf:2f:d6:67:46:1b:1b:b7:ab:be:ae:
9c:f6:c6:d5:13:2b:06:ce:be:33:4f:67:16:16:1d:
f6:7c:83:49:8d:e8:76:d5:34:e7:1b:13:b0:91:2d:
48:5e:99:eb:c8:00:97:0d:c9:f8:58:18:10:f5:92:
7d:ea:52:c9:4a:6b:c1:85:81:6b:1a:61:21:d1:fc:
ca:36:4c:01:c7:d3:b3:ef:64:7f:79:c4:d0:bb:05:
0e:0b:ee:35:86:8d:68:4e:3c:ca:4c:b2:1c:65:84:
c8:f2:76:43:d9:32:49:c2:c0:1d:50:6e:95:8f:bb:
62:9c:52:b0:db:04:ff:1d:37:f4:95:ca:e4:df:62:
67:7f:04:86:9a:d5:51:29:ab:93:29:c5:96:d9:d4:
17:3c:f3:7c:42:9a:98:95:99:9f:a8:d7:ad:1a:d2:
f0:bc:4b:81:1e:14:61:c5:58:eb:f9:32:f1:8a:91:
12:0f:68:f6:9a:b5:9d:e4:41:b4:6f:8d:40:12:09:
06:b6:43:7c:92:71:e1:7c:4a:00:b2:92:ec:33:05:
8e:97:07:bc:5c:71:3d:8f:75:f0:49:9f:f0:0d:e4:
99:9d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
20:DE:AE:42:48:F7:A8:6A:B5:C4:60:DE:A8:E9:C9:77:2E:2C:9A:FD
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/fec66173-52ba-4e6f-b1ec-889563dfb748.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d06d:6040::/48
Signature Algorithm: sha256WithRSAEncryption
c4:88:f9:4a:d0:23:1d:03:f4:41:aa:2d:6d:e8:53:1c:33:00:
5e:e5:dd:a9:7d:1a:46:3d:1f:27:eb:60:bf:42:2e:a1:db:d5:
85:e4:28:a2:3e:57:ee:31:b6:31:64:ff:e0:22:54:7b:39:0b:
fc:14:b6:f8:a3:04:82:db:26:83:10:21:8f:a4:f6:10:dd:cb:
ca:ed:e2:57:6e:f3:a5:8e:07:cb:98:8d:2f:fc:b2:65:e6:87:
fb:13:87:8a:07:01:c5:ac:e3:9c:cd:20:c5:43:b9:d7:59:90:
a1:7b:9b:80:cd:17:2f:20:09:e3:e9:c2:86:c9:8c:b9:4b:32:
e5:71:48:f0:77:83:3e:b6:29:40:17:ff:90:4d:b2:48:4b:0b:
7b:1c:79:88:1b:62:2b:6e:ed:e1:3c:9f:c9:c9:38:64:3a:8d:
d0:74:a4:3d:c4:23:eb:af:18:96:b0:66:8f:fd:63:28:45:ac:
cf:4b:ab:d0:9d:5e:10:96:aa:19:da:09:a6:b7:52:07:12:38:
ea:72:49:1b:92:57:df:22:52:71:3c:ed:52:4a:74:83:d7:9e:
eb:66:40:68:f5:7a:7c:e3:29:0d:d2:ff:7e:a7:62:18:1f:ef:
e3:6c:59:c7:b3:ff:b8:52:fa:89:87:d3:87:ea:fe:c9:9f:e4:
5f:86:13:f2
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUdmTs+NMneMI/3sh3RJ95fxnYAxIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMjQwMDIwMTFaFw0yNTExMjgyMzU5NTlaMHoxSTBHBgNV
BAUTQGVlZmVmZWZkNTlmYWQwNWJiMTE2YTY0ZjNhZTg3OTVlODU2YmRhMTM4NmRh
MjRiNzhjMzc2MGFhY2ZmNzZkNWExLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALJLCuguW+1Jz7EaqP07hYqK9QWNUDTH188cx5ZwZ+oRk78v1mdGGxu3q76u
nPbG1RMrBs6+M09nFhYd9nyDSY3odtU05xsTsJEtSF6Z68gAlw3J+FgYEPWSfepS
yUprwYWBaxphIdH8yjZMAcfTs+9kf3nE0LsFDgvuNYaNaE48ykyyHGWEyPJ2Q9ky
ScLAHVBulY+7YpxSsNsE/x039JXK5N9iZ38EhprVUSmrkynFltnUFzzzfEKamJWZ
n6jXrRrS8LxLgR4UYcVY6/ky8YqREg9o9pq1neRBtG+NQBIJBrZDfJJx4XxKALKS
7DMFjpcHvFxxPY918Emf8A3kmZ0CAwEAAaOCAiQwggIgMB0GA1UdDgQWBBQg3q5C
SPeoarXEYN6o6cl3Liya/TAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
ZmVjNjYxNzMtNTJiYS00ZTZmLWIxZWMtODg5NTYzZGZiNzQ4LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0G1g
QDANBgkqhkiG9w0BAQsFAAOCAQEAxIj5StAjHQP0QaotbehTHDMAXuXdqX0aRj0f
J+tgv0IuodvVheQooj5X7jG2MWT/4CJUezkL/BS2+KMEgtsmgxAhj6T2EN3Lyu3i
V27zpY4Hy5iNL/yyZeaH+xOHigcBxazjnM0gxUO511mQoXubgM0XLyAJ4+nChsmM
uUsy5XFI8HeDPrYpQBf/kE2ySEsLexx5iBtiK27t4Tyfyck4ZDqN0HSkPcQj668Y
lrBmj/1jKEWsz0ur0J1eEJaqGdoJprdSBxI46nJJG5JX3yJScTztUkp0g9ee62ZA
aPV6fOMpDdL/fqdiGB/v42xZx7P/uFL6iYfTh+r+yZ/kX4YT8g==
-----END CERTIFICATE-----
Generated at Tue Oct 28 04:15:13 2025 by rpki-client