Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/08e9f311-ee3f-4a72-94cd-4b4eeae736f4.roa
File: 08e9f311-ee3f-4a72-94cd-4b4eeae736f4.roa (raw, json)
Hash identifier: HvBxktfT68QTAtOuCLNXxZ1BRF5QvVOpu1kmD2btJhU=
Subject key identifier: 48:27:58:DA:9B:18:B1:3B:D4:25:82:53:4A:97:C9:D4:07:0A:29:05
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 1FBE84F499A89865CB0639C1E019161A629B2CE3
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/08e9f311-ee3f-4a72-94cd-4b4eeae736f4.roa
Signing time: Sat 18 Oct 2025 04:30:20 +0000
ROA not before: Sat 18 Oct 2025 04:30:20 +0000
ROA not after: Sat 22 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d035:b000::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 21 Oct 2025 09:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
1f:be:84:f4:99:a8:98:65:cb:06:39:c1:e0:19:16:1a:62:9b:2c:e3
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Oct 18 04:30:20 2025 GMT
Not After : Nov 22 23:59:59 2025 GMT
Subject: serialNumber=400f47e62adc96768415e94df92df9f5ef59f836e2b097d71c6314ae89143ccb, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d7:7d:47:f7:82:72:1b:f4:47:95:f4:61:0a:9d:
9e:48:a7:25:42:20:1b:45:6e:af:ad:50:62:51:c7:
98:42:ec:6e:f0:29:59:f0:cd:11:33:a3:04:d4:aa:
4a:55:55:84:ca:cf:2c:17:6f:98:e9:b5:fd:7a:9a:
f1:47:ca:fd:20:59:cd:d5:11:eb:26:01:70:39:75:
ae:0a:a2:1a:a6:a5:40:05:e9:23:62:20:6d:68:64:
db:00:42:a3:19:cd:20:73:97:45:f6:78:ba:af:9f:
b4:aa:6a:a4:98:df:44:e7:0d:44:be:d7:c8:fb:66:
d4:62:48:c7:c6:4a:41:df:b9:40:55:d5:3d:00:98:
eb:93:7c:ed:fb:3d:c5:cd:64:97:c5:bb:02:e6:5a:
a8:7e:cd:ce:ef:26:31:21:d3:05:07:db:78:77:27:
62:35:e1:09:03:97:10:c1:3c:31:1f:26:be:c2:ff:
ee:ae:7e:5f:79:12:b6:70:a0:cc:b2:63:36:15:0b:
8e:52:04:00:21:ea:6b:62:56:85:54:98:31:a5:71:
b3:45:8c:21:d7:74:34:bb:89:cd:d9:40:b1:d0:1d:
d1:9c:fb:94:23:c8:2f:35:7f:df:33:56:d7:b0:99:
22:9b:7f:2d:1b:92:5c:44:2a:de:93:d0:2c:bd:65:
28:4b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
48:27:58:DA:9B:18:B1:3B:D4:25:82:53:4A:97:C9:D4:07:0A:29:05
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/08e9f311-ee3f-4a72-94cd-4b4eeae736f4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d035:b000::/40
Signature Algorithm: sha256WithRSAEncryption
59:8a:f3:6e:3e:11:71:e4:85:be:ba:d9:6e:90:68:92:ef:80:
9c:9d:7b:30:eb:e5:ff:de:87:8f:7b:e1:4f:98:3f:92:08:d5:
fe:61:02:3a:9c:d0:74:7a:dc:00:9a:ac:db:0a:cd:ca:d7:a8:
44:83:a6:80:81:10:8f:9c:e7:40:47:7a:99:c5:a1:05:c9:a0:
df:a8:6b:6c:42:79:ae:e0:73:d7:e6:7f:7d:9d:1b:78:67:97:
90:55:e1:57:7d:e2:89:5f:97:80:dc:99:bb:66:2e:50:c1:8a:
99:b6:54:df:3b:1a:47:24:33:3b:b4:fa:59:32:f7:fe:8b:4e:
e6:e9:65:9a:33:7e:59:59:af:13:e2:5e:58:e6:99:dd:1c:8c:
fc:35:5f:f3:93:15:17:cc:dd:ad:50:78:41:ed:b3:f0:19:b2:
d9:f9:c0:a3:70:a6:eb:89:08:7c:4f:4b:fc:cb:ca:ce:28:7b:
33:39:cd:f9:08:2d:bc:26:fa:12:8d:84:9d:64:4c:3c:42:ff:
a1:c2:dc:ac:03:18:07:af:04:bc:a3:c2:0e:56:84:0d:9a:18:
54:3f:e5:54:72:e1:c2:d7:ac:7f:f7:cd:6c:e2:22:22:40:e6:
d8:38:1f:44:9b:94:45:01:f6:40:86:37:ed:29:c9:f2:25:ed:
1b:66:46:be
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUH76E9JmomGXLBjnB4BkWGmKbLOMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMTgwNDMwMjBaFw0yNTExMjIyMzU5NTlaMHoxSTBHBgNV
BAUTQDQwMGY0N2U2MmFkYzk2NzY4NDE1ZTk0ZGY5MmRmOWY1ZWY1OWY4MzZlMmIw
OTdkNzFjNjMxNGFlODkxNDNjY2IxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANd9R/eCchv0R5X0YQqdnkinJUIgG0Vur61QYlHHmELsbvApWfDNETOjBNSq
SlVVhMrPLBdvmOm1/Xqa8UfK/SBZzdUR6yYBcDl1rgqiGqalQAXpI2IgbWhk2wBC
oxnNIHOXRfZ4uq+ftKpqpJjfROcNRL7XyPtm1GJIx8ZKQd+5QFXVPQCY65N87fs9
xc1kl8W7AuZaqH7Nzu8mMSHTBQfbeHcnYjXhCQOXEME8MR8mvsL/7q5+X3kStnCg
zLJjNhULjlIEACHqa2JWhVSYMaVxs0WMIdd0NLuJzdlAsdAd0Zz7lCPILzV/3zNW
17CZIpt/LRuSXEQq3pPQLL1lKEsCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBRIJ1ja
mxixO9QlglNKl8nUBwopBTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MDhlOWYzMTEtZWUzZi00YTcyLTk0Y2QtNGI0ZWVhZTczNmY0LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0DWw
MA0GCSqGSIb3DQEBCwUAA4IBAQBZivNuPhFx5IW+utlukGiS74CcnXsw6+X/3oeP
e+FPmD+SCNX+YQI6nNB0etwAmqzbCs3K16hEg6aAgRCPnOdAR3qZxaEFyaDfqGts
Qnmu4HPX5n99nRt4Z5eQVeFXfeKJX5eA3Jm7Zi5QwYqZtlTfOxpHJDM7tPpZMvf+
i07m6WWaM35ZWa8T4l5Y5pndHIz8NV/zkxUXzN2tUHhB7bPwGbLZ+cCjcKbriQh8
T0v8y8rOKHszOc35CC28JvoSjYSdZEw8Qv+hwtysAxgHrwS8o8IOVoQNmhhUP+VU
cuHC16x/981s4iIiQObYOB9Em5RFAfZAhjftKcnyJe0bZka+
-----END CERTIFICATE-----
Generated at Mon Oct 20 12:52:58 2025 by rpki-client