Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/1c81ae85-a97a-41c4-97f7-3327ccf0dc21.roa
File: 1c81ae85-a97a-41c4-97f7-3327ccf0dc21.roa (raw, json)
Hash identifier: am25BEyo670kOVm5gTUXzvTCkYVNG7ZWdPZ8IM4sRdY=
Subject key identifier: 54:F6:32:8E:10:86:87:47:36:3C:2B:CA:08:1E:D3:45:07:F3:B6:EB
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 47787402F742F379D2A75758ECC1C8C088EE3141
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/1c81ae85-a97a-41c4-97f7-3327ccf0dc21.roa
Signing time: Fri 26 Sep 2025 18:51:31 +0000
ROA not before: Fri 26 Sep 2025 18:51:31 +0000
ROA not after: Fri 31 Oct 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d000:a040::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 21 Oct 2025 09:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
47:78:74:02:f7:42:f3:79:d2:a7:57:58:ec:c1:c8:c0:88:ee:31:41
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Sep 26 18:51:31 2025 GMT
Not After : Oct 31 23:59:59 2025 GMT
Subject: serialNumber=4773ce97bf6881423e8032729ad25eec75cb4342199cbfb1bf215241b347afdf, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a4:2e:1c:11:a6:8e:32:93:03:ee:ad:80:99:6d:
af:55:ef:10:ea:f9:68:02:7a:d9:92:c4:5d:6e:9b:
e3:b3:0b:a8:07:3e:0c:bd:97:b3:81:6a:ff:d6:ef:
49:c2:5c:44:77:59:79:04:62:d2:1b:55:03:11:51:
1d:85:bd:0c:ce:3c:da:ba:18:31:d0:a3:dc:77:ae:
f0:84:ab:e1:9d:30:5b:32:8a:0b:1f:d0:83:02:35:
46:bd:98:44:89:0d:67:22:d2:48:42:92:77:19:31:
91:34:ef:e7:7c:3d:b4:28:35:47:8a:cf:46:51:d9:
04:48:b7:16:a6:be:39:df:f0:3c:d0:b5:d0:59:15:
b0:cd:5e:5d:50:e8:de:03:56:19:54:3c:bf:74:b9:
8a:f5:d9:7d:f8:a7:1c:b0:55:e9:e2:39:61:39:7d:
5c:84:09:6b:a5:1f:7c:07:df:d6:86:d1:94:76:79:
bc:66:5d:32:3c:8d:b7:48:b0:12:7f:bd:3a:b5:ce:
92:1d:68:12:8d:d5:70:3a:73:51:ba:58:cc:76:b8:
44:20:7a:49:e5:67:09:f9:74:2b:df:7e:96:89:94:
3b:f4:65:d6:ab:0a:86:b4:62:30:05:19:ac:40:32:
06:17:07:2c:7a:d9:df:3b:8e:f2:54:12:76:1f:6a:
ee:c7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
54:F6:32:8E:10:86:87:47:36:3C:2B:CA:08:1E:D3:45:07:F3:B6:EB
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/1c81ae85-a97a-41c4-97f7-3327ccf0dc21.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d000:a040::/48
Signature Algorithm: sha256WithRSAEncryption
5b:0d:28:d0:7c:68:a5:72:27:cf:be:6a:08:83:72:6d:ad:0f:
60:42:a0:6b:68:b1:02:46:31:33:3a:a9:f8:ae:65:9c:fd:9e:
15:97:c1:3e:e0:b5:11:c9:c7:5b:b5:9a:cd:14:f1:d2:0d:9d:
d7:f3:b2:62:aa:7e:5a:9e:96:57:e3:a4:8c:2d:fc:ff:c0:19:
fb:6e:0a:94:5b:67:4c:09:28:99:4c:8b:b5:d4:10:31:ec:de:
e0:c6:68:73:e7:f1:d8:55:96:10:85:1d:9d:14:ef:27:03:5f:
bd:65:5e:f6:e3:39:89:4a:3d:50:ba:b3:97:36:30:ad:de:01:
c3:59:50:61:6f:b3:6a:68:a9:54:8c:a5:18:2e:72:93:72:16:
d8:15:58:2d:be:c9:bc:19:28:73:13:1d:44:eb:53:f8:d5:b0:
55:3f:79:e2:98:77:b2:7d:52:63:9d:62:d2:b4:e9:a8:1b:95:
ec:03:ba:83:a7:73:c4:b2:d8:ed:77:6a:67:97:5f:2e:b4:99:
27:9b:2c:12:09:02:c2:dc:cb:7f:ef:cc:a6:6d:4a:41:96:c0:
22:95:b4:0d:a7:95:51:7d:de:8b:d5:8f:4f:39:c4:ec:4b:32:
bd:3f:fc:62:9c:d1:d5:5e:3b:e0:52:62:3b:69:a2:60:cc:49:
c9:47:af:fc
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUR3h0AvdC83nSp1dY7MHIwIjuMUEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MjYxODUxMzFaFw0yNTEwMzEyMzU5NTlaMHoxSTBHBgNV
BAUTQDQ3NzNjZTk3YmY2ODgxNDIzZTgwMzI3MjlhZDI1ZWVjNzVjYjQzNDIxOTlj
YmZiMWJmMjE1MjQxYjM0N2FmZGYxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKQuHBGmjjKTA+6tgJltr1XvEOr5aAJ62ZLEXW6b47MLqAc+DL2Xs4Fq/9bv
ScJcRHdZeQRi0htVAxFRHYW9DM482roYMdCj3Heu8ISr4Z0wWzKKCx/QgwI1Rr2Y
RIkNZyLSSEKSdxkxkTTv53w9tCg1R4rPRlHZBEi3Fqa+Od/wPNC10FkVsM1eXVDo
3gNWGVQ8v3S5ivXZffinHLBV6eI5YTl9XIQJa6UffAff1obRlHZ5vGZdMjyNt0iw
En+9OrXOkh1oEo3VcDpzUbpYzHa4RCB6SeVnCfl0K99+lomUO/Rl1qsKhrRiMAUZ
rEAyBhcHLHrZ3zuO8lQSdh9q7scCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBRU9jKO
EIaHRzY8K8oIHtNFB/O26zAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MWM4MWFlODUtYTk3YS00MWM0LTk3ZjctMzMyN2NjZjBkYzIxLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0ACg
QDANBgkqhkiG9w0BAQsFAAOCAQEAWw0o0HxopXInz75qCINyba0PYEKga2ixAkYx
Mzqp+K5lnP2eFZfBPuC1EcnHW7WazRTx0g2d1/OyYqp+Wp6WV+OkjC38/8AZ+24K
lFtnTAkomUyLtdQQMeze4MZoc+fx2FWWEIUdnRTvJwNfvWVe9uM5iUo9ULqzlzYw
rd4Bw1lQYW+zamipVIylGC5yk3IW2BVYLb7JvBkocxMdROtT+NWwVT954ph3sn1S
Y51i0rTpqBuV7AO6g6dzxLLY7XdqZ5dfLrSZJ5ssEgkCwtzLf+/Mpm1KQZbAIpW0
DaeVUX3ei9WPTznE7EsyvT/8YpzR1V474FJiO2miYMxJyUev/A==
-----END CERTIFICATE-----
Generated at Mon Oct 20 12:52:53 2025 by rpki-client