Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/0ffa6bfd-cc78-4a05-ad58-fd42ec48307e.roa
File: 0ffa6bfd-cc78-4a05-ad58-fd42ec48307e.roa (raw, json)
Hash identifier: tHn8nZp/U5Gv760qUfKcY/RCre/dQjkHm/rdu3EP2pk=
Subject key identifier: A3:12:7A:93:BC:A5:2B:98:69:1F:B4:49:CE:47:FB:93:08:34:67:21
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 0C1942A60D6394CD1B58A1097A2D7FFE66C013CB
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/0ffa6bfd-cc78-4a05-ad58-fd42ec48307e.roa
Signing time: Mon 06 Oct 2025 18:00:41 +0000
ROA not before: Mon 06 Oct 2025 18:00:41 +0000
ROA not after: Mon 10 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d073:9080::/46 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 21 Oct 2025 22:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
0c:19:42:a6:0d:63:94:cd:1b:58:a1:09:7a:2d:7f:fe:66:c0:13:cb
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Oct 6 18:00:41 2025 GMT
Not After : Nov 10 23:59:59 2025 GMT
Subject: serialNumber=ccb2992d51cbbae9ce531505359be460bc34543635c5b71e982a97e0fd209485, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ac:a4:c8:04:58:07:c6:51:93:47:f2:e9:60:68:
80:36:a2:09:6e:63:22:2a:90:b0:db:28:0c:d0:ca:
47:a4:cd:d0:e4:32:53:4f:9a:28:eb:0e:82:6f:8e:
01:2d:7d:37:d9:2c:7b:4d:6c:ef:87:59:1a:ac:a8:
d6:53:1a:71:64:a5:72:bc:63:c4:9f:c1:8c:6c:de:
7c:db:4c:36:cc:24:f4:3e:b3:eb:b1:af:13:e7:ef:
5e:4b:f3:22:61:f0:46:e9:da:9f:88:d2:62:dc:49:
88:7b:c5:3d:40:b6:14:68:cf:2c:95:b3:22:81:5f:
9f:bd:6d:5f:12:5f:56:56:78:20:25:f5:ab:80:ed:
b7:03:3a:39:0c:a8:e5:ec:ea:ac:fc:b5:5d:cd:4c:
05:de:dd:e9:8d:cc:0e:3c:e3:b9:39:db:43:0a:77:
70:b5:e2:a8:a2:da:01:9c:b6:00:74:1a:f5:59:2b:
82:bc:4c:07:57:26:a1:73:76:dd:b0:fb:f0:d2:bb:
22:3a:34:78:0d:ae:6d:0f:ad:69:be:6b:f8:b8:ff:
cd:4e:25:4f:a5:da:49:fa:0c:b7:4c:1b:35:32:5b:
cd:25:ef:df:10:a3:f0:80:99:1d:9c:1a:2e:f7:be:
0e:12:13:4e:c4:bb:09:c4:62:2a:9a:9d:d1:dc:09:
df:ab
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A3:12:7A:93:BC:A5:2B:98:69:1F:B4:49:CE:47:FB:93:08:34:67:21
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/0ffa6bfd-cc78-4a05-ad58-fd42ec48307e.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d073:9080::/46
Signature Algorithm: sha256WithRSAEncryption
81:58:4c:11:8f:55:75:c2:62:e3:e8:35:14:17:97:03:66:fb:
a3:de:4e:5e:62:01:ea:1e:02:73:7d:18:97:1c:ff:af:e7:49:
15:c0:c7:d9:fa:16:ad:81:6c:dd:d7:af:0a:4a:a3:d5:40:b1:
8a:c7:59:b2:23:1a:74:2b:1d:e4:dc:c3:39:b9:e6:76:cb:1a:
20:99:e8:ce:f8:42:69:0c:88:5b:7c:60:86:a0:29:e3:21:f9:
a3:67:06:bb:4b:cc:5a:1e:b6:29:58:c8:79:d2:46:c0:59:8d:
3b:91:ee:0f:50:8d:85:d5:77:83:f8:f5:32:7f:c7:2d:ef:d1:
86:a1:c9:7e:70:6b:25:e2:4c:5d:d7:2d:6d:49:e5:fd:e8:5f:
bf:45:0c:74:83:ec:e6:dc:71:61:e6:f6:fb:3d:65:32:0d:60:
de:ee:86:c4:29:2b:1b:73:f4:f3:7b:c6:35:0f:c3:29:e6:e1:
49:ff:be:65:60:86:c3:5e:a5:f8:ad:b0:8a:e2:52:7f:ac:82:
16:59:d6:c7:27:cd:46:9a:c8:88:55:ca:09:92:b0:ab:48:9d:
4c:fc:6a:92:77:3e:50:85:07:07:e0:5e:73:8c:da:16:37:16:
56:89:62:30:ae:11:5a:a6:ff:5b:d3:ac:26:5e:aa:2d:b5:1a:
c1:c6:38:59
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUDBlCpg1jlM0bWKEJei1//mbAE8swDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMDYxODAwNDFaFw0yNTExMTAyMzU5NTlaMHoxSTBHBgNV
BAUTQGNjYjI5OTJkNTFjYmJhZTljZTUzMTUwNTM1OWJlNDYwYmMzNDU0MzYzNWM1
YjcxZTk4MmE5N2UwZmQyMDk0ODUxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKykyARYB8ZRk0fy6WBogDaiCW5jIiqQsNsoDNDKR6TN0OQyU0+aKOsOgm+O
AS19N9kse01s74dZGqyo1lMacWSlcrxjxJ/BjGzefNtMNswk9D6z67GvE+fvXkvz
ImHwRunan4jSYtxJiHvFPUC2FGjPLJWzIoFfn71tXxJfVlZ4ICX1q4DttwM6OQyo
5ezqrPy1Xc1MBd7d6Y3MDjzjuTnbQwp3cLXiqKLaAZy2AHQa9VkrgrxMB1cmoXN2
3bD78NK7Ijo0eA2ubQ+tab5r+Lj/zU4lT6XaSfoMt0wbNTJbzSXv3xCj8ICZHZwa
Lve+DhITTsS7CcRiKpqd0dwJ36sCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBSjEnqT
vKUrmGkftEnOR/uTCDRnITAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MGZmYTZiZmQtY2M3OC00YTA1LWFkNTgtZmQ0MmVjNDgzMDdlLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHAioF0HOQ
gDANBgkqhkiG9w0BAQsFAAOCAQEAgVhMEY9VdcJi4+g1FBeXA2b7o95OXmIB6h4C
c30Ylxz/r+dJFcDH2foWrYFs3devCkqj1UCxisdZsiMadCsd5NzDObnmdssaIJno
zvhCaQyIW3xghqAp4yH5o2cGu0vMWh62KVjIedJGwFmNO5HuD1CNhdV3g/j1Mn/H
Le/RhqHJfnBrJeJMXdctbUnl/ehfv0UMdIPs5txxYeb2+z1lMg1g3u6GxCkrG3P0
83vGNQ/DKebhSf++ZWCGw16l+K2wiuJSf6yCFlnWxyfNRprIiFXKCZKwq0idTPxq
knc+UIUHB+Bec4zaFjcWVoliMK4RWqb/W9OsJl6qLbUawcY4WQ==
-----END CERTIFICATE-----
Generated at Tue Oct 21 04:19:00 2025 by rpki-client