Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/10aa39be-4f99-4b39-b428-f034a0b57d69.roa
File: 10aa39be-4f99-4b39-b428-f034a0b57d69.roa (raw, json)
Hash identifier: TlrabwfGfysJGApkzTxIVslYycm/6vHl/lez0B8Ur/o=
Subject key identifier: D0:1F:B2:BA:0D:95:7F:23:F1:14:4A:D9:B9:8F:D8:1F:57:92:F8:39
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 7BB213690A07A9F2137A0C31A1F9DBEFA3ED8BE2
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/10aa39be-4f99-4b39-b428-f034a0b57d69.roa
Signing time: Fri 26 Sep 2025 19:40:04 +0000
ROA not before: Fri 26 Sep 2025 19:40:04 +0000
ROA not after: Fri 31 Oct 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d000:b000::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 21 Oct 2025 09:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
7b:b2:13:69:0a:07:a9:f2:13:7a:0c:31:a1:f9:db:ef:a3:ed:8b:e2
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Sep 26 19:40:04 2025 GMT
Not After : Oct 31 23:59:59 2025 GMT
Subject: serialNumber=b8fc0223c65423c69486cbb82b7c0290b566c8df3d9c8f775bc4dcac781558bf, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:85:f3:b2:a6:69:2b:ac:71:05:86:08:52:ce:c8:
8a:7e:39:00:df:88:1c:2c:bb:4e:4d:a4:3c:6c:5e:
19:50:f3:34:5a:d7:e0:81:9c:d9:8d:59:b4:bb:c9:
95:f2:20:fc:f9:88:56:b0:42:59:48:26:88:8d:0d:
f8:48:15:7e:1d:37:43:46:09:1e:ce:d8:1a:65:cc:
1b:13:8a:58:a8:f8:c1:a5:96:32:c1:85:bf:c0:55:
44:43:a3:86:da:5c:04:40:a1:18:f1:46:84:73:26:
bc:d2:58:5d:24:34:5a:7b:12:73:be:54:e7:13:76:
e8:a1:00:81:81:d1:85:c2:21:8a:36:e1:23:6b:1c:
3e:1b:4f:33:ce:93:2e:22:43:a3:48:26:85:45:48:
d6:fc:9f:83:e6:c5:3f:37:e0:3b:fe:05:d4:59:e1:
17:7a:84:ef:a6:f9:08:cb:33:4f:a8:ef:a6:04:ed:
82:70:e9:2b:31:d1:bd:ed:b2:73:3f:8f:40:05:21:
46:7b:cc:cc:b2:a4:9f:99:e7:78:bc:76:30:16:8d:
fb:2b:14:8d:9f:ff:77:a2:86:8c:47:6e:fa:9a:6f:
d2:e4:d7:5f:f9:ee:d4:6d:58:c6:c7:32:92:9a:f5:
9f:54:ba:0a:2a:63:82:8a:d1:b3:9b:9f:c7:94:61:
83:e5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D0:1F:B2:BA:0D:95:7F:23:F1:14:4A:D9:B9:8F:D8:1F:57:92:F8:39
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/10aa39be-4f99-4b39-b428-f034a0b57d69.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d000:b000::/40
Signature Algorithm: sha256WithRSAEncryption
10:04:3a:6d:7e:81:07:3a:96:b6:64:3b:1c:54:41:71:96:87:
ba:a8:ff:0b:80:c7:2d:df:cb:d4:a7:f5:cb:b9:6c:30:62:95:
8b:89:4e:dd:f8:cf:30:fa:f5:b7:06:d1:fa:99:f7:f5:36:68:
d8:15:db:1a:30:ee:87:d5:cb:13:85:14:35:b4:ca:72:04:01:
a1:51:89:80:1c:04:34:84:27:af:72:d9:68:b3:b2:82:1c:bc:
97:fd:23:f9:1b:9d:b7:75:8e:8f:b6:d1:f9:18:90:c7:a1:d3:
c7:72:a1:24:65:b8:73:0c:2f:07:58:71:93:5f:a7:ac:65:7e:
f4:58:80:10:31:02:f7:8f:f2:f7:57:69:2a:93:b1:c7:64:13:
bf:00:3b:8e:30:58:90:48:12:eb:58:34:b7:8e:b0:09:4f:46:
19:19:84:9f:d2:70:21:81:22:02:ab:7c:2d:79:ef:a0:4f:a0:
b3:79:1c:f4:8d:36:40:39:d2:27:77:43:6c:f5:a5:25:97:1a:
8b:24:2c:49:e0:43:b8:67:d4:8f:ae:58:74:da:8f:d4:53:1d:
ed:d9:ae:2f:8b:81:dc:1d:fe:0c:15:2e:b8:74:a4:12:2a:15:
7c:bb:5b:61:15:bd:88:5f:ee:93:44:66:12:da:45:2a:3c:35:
4d:0a:3f:a0
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUe7ITaQoHqfITegwxofnb76Pti+IwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MjYxOTQwMDRaFw0yNTEwMzEyMzU5NTlaMHoxSTBHBgNV
BAUTQGI4ZmMwMjIzYzY1NDIzYzY5NDg2Y2JiODJiN2MwMjkwYjU2NmM4ZGYzZDlj
OGY3NzViYzRkY2FjNzgxNTU4YmYxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAIXzsqZpK6xxBYYIUs7Iin45AN+IHCy7Tk2kPGxeGVDzNFrX4IGc2Y1ZtLvJ
lfIg/PmIVrBCWUgmiI0N+EgVfh03Q0YJHs7YGmXMGxOKWKj4waWWMsGFv8BVREOj
htpcBEChGPFGhHMmvNJYXSQ0WnsSc75U5xN26KEAgYHRhcIhijbhI2scPhtPM86T
LiJDo0gmhUVI1vyfg+bFPzfgO/4F1FnhF3qE76b5CMszT6jvpgTtgnDpKzHRve2y
cz+PQAUhRnvMzLKkn5nneLx2MBaN+ysUjZ//d6KGjEdu+ppv0uTXX/nu1G1Yxscy
kpr1n1S6CipjgorRs5ufx5Rhg+UCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBTQH7K6
DZV/I/EUStm5j9gfV5L4OTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MTBhYTM5YmUtNGY5OS00YjM5LWI0MjgtZjAzNGEwYjU3ZDY5LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0ACw
MA0GCSqGSIb3DQEBCwUAA4IBAQAQBDptfoEHOpa2ZDscVEFxloe6qP8LgMct38vU
p/XLuWwwYpWLiU7d+M8w+vW3BtH6mff1NmjYFdsaMO6H1csThRQ1tMpyBAGhUYmA
HAQ0hCevctlos7KCHLyX/SP5G523dY6PttH5GJDHodPHcqEkZbhzDC8HWHGTX6es
ZX70WIAQMQL3j/L3V2kqk7HHZBO/ADuOMFiQSBLrWDS3jrAJT0YZGYSf0nAhgSIC
q3wtee+gT6CzeRz0jTZAOdInd0Ns9aUllxqLJCxJ4EO4Z9SPrlh02o/UUx3t2a4v
i4HcHf4MFS64dKQSKhV8u1thFb2IX+6TRGYS2kUqPDVNCj+g
-----END CERTIFICATE-----
Generated at Mon Oct 20 12:52:58 2025 by rpki-client