Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/0f3fbd71-85b4-48a7-8479-e942c9578262.roa
File: 0f3fbd71-85b4-48a7-8479-e942c9578262.roa (raw, json)
Hash identifier: lK2j7YRj7nkqhu4sQPlmmbCa6jpERVbSifIb4NbpSIY=
Subject key identifier: C2:8F:FA:B9:7B:4C:D9:F1:2C:E2:A1:96:00:97:03:23:8E:36:56:27
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 402F7D3FFD26C4DD50D97393E6FF8495017A85EB
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/0f3fbd71-85b4-48a7-8479-e942c9578262.roa
Signing time: Fri 26 Sep 2025 19:41:10 +0000
ROA not before: Fri 26 Sep 2025 19:41:10 +0000
ROA not after: Fri 31 Oct 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d071:1000::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 21 Oct 2025 00:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
40:2f:7d:3f:fd:26:c4:dd:50:d9:73:93:e6:ff:84:95:01:7a:85:eb
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Sep 26 19:41:10 2025 GMT
Not After : Oct 31 23:59:59 2025 GMT
Subject: serialNumber=f60401e66009a4d383cfe33abc950110cdd097066751f97ded48af8a4e68780a, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ad:7e:1e:61:cf:2b:88:74:fd:0c:74:ad:d3:ff:
14:67:97:f1:4e:6b:dd:f5:65:f1:57:3f:26:7e:df:
6f:d5:45:1c:6f:e3:83:b2:51:71:f7:e5:e4:41:81:
a4:8b:0f:26:c4:dd:ad:57:d2:bb:0c:a8:a5:77:54:
5a:9b:0d:27:50:c2:e7:b9:92:88:dc:fc:8b:9a:4a:
8c:ec:80:46:9a:e5:b8:e1:75:f8:03:47:77:a1:b7:
51:b8:86:73:06:bf:8a:f3:60:71:9d:6c:3c:8f:b2:
b5:c5:a7:92:49:15:fd:94:69:6d:6b:70:16:4a:56:
41:4a:b4:0d:af:1c:32:64:e9:4c:a5:e9:36:20:ee:
f3:9a:af:f8:75:cd:b7:bd:8e:9e:c4:8a:85:14:97:
bd:93:9d:e0:eb:6c:95:03:37:7f:13:75:2e:22:69:
d0:bd:64:1e:cc:5b:12:61:50:ca:66:8a:ca:ac:4a:
a1:4e:41:c8:62:12:8b:0b:52:36:0e:40:45:5a:5b:
29:36:dc:b5:31:65:d8:21:43:90:b9:83:a3:ce:c3:
fa:d4:f7:6b:27:da:64:2c:7a:97:c2:48:70:26:86:
a5:34:d3:18:65:c9:29:49:0b:41:be:8b:27:57:89:
4b:0a:76:e2:92:d2:36:ea:d5:c0:93:bb:63:6b:ec:
f2:9f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C2:8F:FA:B9:7B:4C:D9:F1:2C:E2:A1:96:00:97:03:23:8E:36:56:27
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/0f3fbd71-85b4-48a7-8479-e942c9578262.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d071:1000::/40
Signature Algorithm: sha256WithRSAEncryption
8d:e0:8e:cb:8e:70:0d:8b:67:48:b4:17:8c:34:88:ff:51:61:
85:b6:a2:ae:6c:3b:85:85:dd:ce:5f:b7:d8:f4:de:02:c1:2f:
8a:46:61:d8:fe:23:92:79:12:fc:96:dd:d8:d2:86:10:36:6c:
4f:44:dc:7d:df:a9:de:6a:6b:2c:77:f4:ea:5a:a6:00:59:b1:
b8:9c:32:42:f2:bf:12:2e:b6:71:ff:28:b5:07:93:cb:58:0d:
9a:46:d8:ba:6e:dc:0d:36:ae:23:36:90:61:0d:52:cd:eb:d5:
67:da:21:11:ac:66:9d:5e:c7:28:ba:b3:50:25:71:12:23:ce:
8c:25:74:9d:60:95:e8:58:51:e8:25:60:89:f4:95:ad:1d:51:
89:cd:16:22:79:e0:e9:92:6c:d7:fa:d8:ba:64:dc:c8:40:52:
8f:1d:a3:8d:2d:25:08:a4:4b:f8:be:f1:9f:8b:cc:3b:d9:3f:
79:43:39:39:4d:67:17:0f:e8:a8:d5:ed:4f:f5:85:29:f4:f5:
d3:cc:82:f1:65:a3:57:3a:62:cd:6d:70:d6:1a:94:2b:f8:1f:
e4:c6:03:bb:29:4c:13:9f:33:d3:64:02:a2:89:85:85:97:3c:
f3:b0:8c:d1:c9:9e:1e:22:5d:86:1e:bc:6c:f5:62:86:6a:3d:
9f:dd:58:60
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUQC99P/0mxN1Q2XOT5v+ElQF6heswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MjYxOTQxMTBaFw0yNTEwMzEyMzU5NTlaMHoxSTBHBgNV
BAUTQGY2MDQwMWU2NjAwOWE0ZDM4M2NmZTMzYWJjOTUwMTEwY2RkMDk3MDY2NzUx
Zjk3ZGVkNDhhZjhhNGU2ODc4MGExLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAK1+HmHPK4h0/Qx0rdP/FGeX8U5r3fVl8Vc/Jn7fb9VFHG/jg7JRcffl5EGB
pIsPJsTdrVfSuwyopXdUWpsNJ1DC57mSiNz8i5pKjOyARprluOF1+ANHd6G3UbiG
cwa/ivNgcZ1sPI+ytcWnkkkV/ZRpbWtwFkpWQUq0Da8cMmTpTKXpNiDu85qv+HXN
t72OnsSKhRSXvZOd4OtslQM3fxN1LiJp0L1kHsxbEmFQymaKyqxKoU5ByGISiwtS
Ng5ARVpbKTbctTFl2CFDkLmDo87D+tT3ayfaZCx6l8JIcCaGpTTTGGXJKUkLQb6L
J1eJSwp24pLSNurVwJO7Y2vs8p8CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBTCj/q5
e0zZ8SzioZYAlwMjjjZWJzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MGYzZmJkNzEtODViNC00OGE3LTg0NzktZTk0MmM5NTc4MjYyLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0HEQ
MA0GCSqGSIb3DQEBCwUAA4IBAQCN4I7LjnANi2dItBeMNIj/UWGFtqKubDuFhd3O
X7fY9N4CwS+KRmHY/iOSeRL8lt3Y0oYQNmxPRNx936neamssd/TqWqYAWbG4nDJC
8r8SLrZx/yi1B5PLWA2aRti6btwNNq4jNpBhDVLN69Vn2iERrGadXscourNQJXES
I86MJXSdYJXoWFHoJWCJ9JWtHVGJzRYieeDpkmzX+ti6ZNzIQFKPHaONLSUIpEv4
vvGfi8w72T95Qzk5TWcXD+io1e1P9YUp9PXTzILxZaNXOmLNbXDWGpQr+B/kxgO7
KUwTnzPTZAKiiYWFlzzzsIzRyZ4eIl2GHrxs9WKGaj2f3Vhg
-----END CERTIFICATE-----
Generated at Mon Oct 20 08:53:45 2025 by rpki-client