Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/04c34ea1-cddb-45aa-979f-bfe1fa0995af.roa
File: 04c34ea1-cddb-45aa-979f-bfe1fa0995af.roa (raw, json)
Hash identifier: PJnOJSjkvd1rmqJrrMOm2Kq4RZzcKd2fPlEPm7qDmRQ=
Subject key identifier: D5:AB:6A:4F:16:43:0B:68:B6:E8:11:B5:84:F2:6B:8F:93:78:BD:FC
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 439A51E15B4C0468473623BEA13EDA66DA616F28
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/04c34ea1-cddb-45aa-979f-bfe1fa0995af.roa
Signing time: Mon 06 Oct 2025 17:40:08 +0000
ROA not before: Mon 06 Oct 2025 17:40:08 +0000
ROA not after: Mon 10 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d031:c000::/40 maxlen: 40
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 21 Oct 2025 09:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
43:9a:51:e1:5b:4c:04:68:47:36:23:be:a1:3e:da:66:da:61:6f:28
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Oct 6 17:40:08 2025 GMT
Not After : Nov 10 23:59:59 2025 GMT
Subject: serialNumber=230e6d9e1dfa9c286a8a75197dfbc5f345e4888847d7ffc7333a585fdd90f913, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ac:18:69:57:a6:14:fc:42:83:35:5c:c6:20:87:
3b:0d:9f:82:0d:8e:09:db:23:42:60:fb:40:f9:65:
e5:a4:7a:53:27:87:02:84:e8:1f:86:ab:5d:52:db:
7e:66:7a:e4:74:ac:a7:7f:84:b2:48:90:63:c8:16:
ca:f7:98:66:d3:a0:71:a2:96:f3:6c:4c:57:f0:3b:
3e:e2:60:77:74:d2:58:f5:c7:f3:bc:a5:58:0d:e2:
9b:94:41:9e:a6:54:36:d2:19:fd:0a:dc:9f:93:25:
88:cb:4f:1f:4a:e3:fc:09:84:c6:f4:b9:7e:39:07:
13:11:fb:22:5d:df:56:be:0c:c1:c8:55:19:d9:b2:
e7:09:d7:ec:e2:15:9f:c0:78:04:40:b4:18:13:4e:
77:e2:48:10:6c:50:d6:5e:95:15:c4:88:28:c5:0c:
35:80:5d:9e:12:b6:9c:c7:a1:0c:71:76:0b:dc:8e:
5c:53:6e:45:6c:7b:71:78:81:88:34:00:1d:35:dd:
93:3f:89:92:c3:54:d4:cb:6c:2a:59:74:7d:b1:2d:
c8:4e:2e:00:40:b6:49:f9:dc:6b:79:15:b8:fb:da:
30:f1:24:19:75:eb:c0:4b:9b:c3:14:e5:c2:6c:05:
20:de:49:f1:b1:a0:dd:da:e6:7e:55:d9:fc:c8:06:
85:65
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D5:AB:6A:4F:16:43:0B:68:B6:E8:11:B5:84:F2:6B:8F:93:78:BD:FC
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/04c34ea1-cddb-45aa-979f-bfe1fa0995af.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d031:c000::/40
Signature Algorithm: sha256WithRSAEncryption
73:ac:db:9b:21:7f:67:b5:1c:98:83:85:6a:f1:1e:c8:ad:a1:
6e:6e:a0:34:ca:6c:eb:d0:87:3d:45:df:f3:10:2a:43:4c:1a:
09:b5:ec:a2:43:60:05:84:3c:e3:63:f7:b8:ff:5d:52:bb:e7:
29:7d:7c:7f:39:b6:fd:f9:54:b4:e5:7e:3f:2d:0c:dd:c9:76:
dc:09:31:b0:b7:49:6c:54:ea:40:11:b5:62:c3:e7:85:c1:9b:
55:64:12:40:7e:26:60:3c:ac:f0:55:8d:8e:61:80:03:b1:2a:
b9:55:5b:d0:13:3e:63:4c:a7:49:ed:e6:3d:37:41:30:4c:54:
e8:e3:41:41:a6:66:9a:47:40:c1:53:9a:bc:c4:b1:d0:68:2c:
f7:fd:e6:49:a2:aa:68:16:ab:a4:f7:f7:51:e3:df:c4:0e:67:
4b:ed:49:3d:55:56:2c:85:df:05:57:0b:2f:23:8e:77:84:aa:
24:01:3b:a0:38:11:04:a0:e2:fe:30:f8:bd:8f:40:3c:1b:93:
38:75:1e:c3:70:ef:d8:90:3a:e5:bd:05:41:e3:18:69:28:85:
a2:1b:18:14:2f:65:13:19:e1:9a:f4:e2:d0:4c:ea:92:fc:a1:
7f:fb:6b:08:7c:56:d7:bb:75:bf:2e:f5:17:e0:a8:b8:01:00:
b0:7a:60:59
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUQ5pR4VtMBGhHNiO+oT7aZtphbygwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMDYxNzQwMDhaFw0yNTExMTAyMzU5NTlaMHoxSTBHBgNV
BAUTQDIzMGU2ZDllMWRmYTljMjg2YThhNzUxOTdkZmJjNWYzNDVlNDg4ODg0N2Q3
ZmZjNzMzM2E1ODVmZGQ5MGY5MTMxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKwYaVemFPxCgzVcxiCHOw2fgg2OCdsjQmD7QPll5aR6UyeHAoToH4arXVLb
fmZ65HSsp3+EskiQY8gWyveYZtOgcaKW82xMV/A7PuJgd3TSWPXH87ylWA3im5RB
nqZUNtIZ/Qrcn5MliMtPH0rj/AmExvS5fjkHExH7Il3fVr4MwchVGdmy5wnX7OIV
n8B4BEC0GBNOd+JIEGxQ1l6VFcSIKMUMNYBdnhK2nMehDHF2C9yOXFNuRWx7cXiB
iDQAHTXdkz+JksNU1MtsKll0fbEtyE4uAEC2Sfnca3kVuPvaMPEkGXXrwEubwxTl
wmwFIN5J8bGg3drmflXZ/MgGhWUCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBTVq2pP
FkMLaLboEbWE8muPk3i9/DAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MDRjMzRlYTEtY2RkYi00NWFhLTk3OWYtYmZlMWZhMDk5NWFmLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0DHA
MA0GCSqGSIb3DQEBCwUAA4IBAQBzrNubIX9ntRyYg4Vq8R7IraFubqA0ymzr0Ic9
Rd/zECpDTBoJteyiQ2AFhDzjY/e4/11Su+cpfXx/Obb9+VS05X4/LQzdyXbcCTGw
t0lsVOpAEbViw+eFwZtVZBJAfiZgPKzwVY2OYYADsSq5VVvQEz5jTKdJ7eY9N0Ew
TFTo40FBpmaaR0DBU5q8xLHQaCz3/eZJoqpoFquk9/dR49/EDmdL7Uk9VVYshd8F
VwsvI453hKokATugOBEEoOL+MPi9j0A8G5M4dR7DcO/YkDrlvQVB4xhpKIWiGxgU
L2UTGeGa9OLQTOqS/KF/+2sIfFbXu3W/LvUX4Ki4AQCwemBZ
-----END CERTIFICATE-----
Generated at Mon Oct 20 13:47:38 2025 by rpki-client