Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/22d7b2a5-6a19-49db-bc0e-383c33bbe3a5.roa
File: 22d7b2a5-6a19-49db-bc0e-383c33bbe3a5.roa (raw, json)
Hash identifier: FDhOMkfxnwTQvOUD4YoCRSbv7ItufFrfHpjLWR1t3Q0=
Subject key identifier: BB:F0:FD:99:6E:5A:39:13:7F:F7:5A:24:28:02:5F:6F:95:3D:38:77
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 7F8454324A4C3720A0201DEDBFB5CDB23DC7B72A
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/22d7b2a5-6a19-49db-bc0e-383c33bbe3a5.roa
Signing time: Mon 06 Oct 2025 17:50:05 +0000
ROA not before: Mon 06 Oct 2025 17:50:05 +0000
ROA not after: Mon 10 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d07d:2000::/40 maxlen: 40
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 21 Oct 2025 13:42:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
7f:84:54:32:4a:4c:37:20:a0:20:1d:ed:bf:b5:cd:b2:3d:c7:b7:2a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Oct 6 17:50:05 2025 GMT
Not After : Nov 10 23:59:59 2025 GMT
Subject: serialNumber=e445734aaca17c4133a1cf94730a8f86811ba3dd679025e034780ea6e5a1f63e, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b9:48:9c:28:a7:06:1c:88:1a:01:9f:41:47:2a:
d8:23:ec:0a:02:73:40:a4:b3:07:ed:df:cc:47:10:
42:75:0c:9a:6a:8c:d2:45:be:8b:fe:93:66:08:7f:
0b:5a:ef:cb:51:63:e3:48:d4:fc:15:47:09:3d:48:
82:cf:15:af:44:eb:ee:6e:c2:85:03:74:d4:5b:a9:
83:5f:f5:86:84:c9:6d:72:02:38:70:a4:ea:e4:51:
77:1d:d5:7f:bc:15:75:f3:88:eb:52:98:2f:d8:43:
47:6c:b5:04:8c:d4:c5:af:e3:02:19:64:6c:fd:5e:
f2:f0:9b:31:0c:e2:55:0c:8d:b3:f8:28:dd:e1:9b:
38:d6:4e:3b:9f:0b:34:42:29:ab:fc:ae:26:31:01:
1c:79:a9:a1:e9:37:60:95:51:82:ba:87:d8:ca:40:
30:ad:7c:ff:64:cc:a7:63:8b:f1:3e:61:60:8e:6c:
99:9d:86:a0:7e:4a:7d:32:40:ff:cd:33:61:cd:b1:
b3:52:77:8b:09:c3:10:e5:d1:19:29:e6:a3:25:cf:
41:87:16:26:99:bb:44:60:15:75:08:f6:27:ca:b8:
8d:c5:86:2a:1b:49:a2:9a:4e:7f:9f:ce:ca:0b:56:
5a:94:39:02:1a:f6:74:f0:dd:6e:3b:ab:9f:68:3c:
81:93
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BB:F0:FD:99:6E:5A:39:13:7F:F7:5A:24:28:02:5F:6F:95:3D:38:77
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/22d7b2a5-6a19-49db-bc0e-383c33bbe3a5.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d07d:2000::/40
Signature Algorithm: sha256WithRSAEncryption
66:d6:03:fb:8e:4c:0c:bc:7b:8c:90:b7:89:6b:b8:1a:ff:ac:
53:63:95:53:4c:5e:89:2e:c3:03:68:ff:1e:7b:7f:14:a5:a2:
9e:88:59:66:52:87:24:91:4b:97:94:82:cf:ec:a8:d5:54:52:
63:04:65:19:ff:17:98:d2:b3:44:0c:b1:76:07:af:66:2a:80:
46:68:9b:e6:82:2a:f6:fd:d3:f8:1c:c2:0e:ed:c3:5f:a4:7a:
e7:8f:cc:90:33:53:29:1d:ca:c9:a5:85:17:70:dd:c0:b9:d5:
22:85:1f:3a:f9:fa:68:1d:09:d0:49:72:72:6d:8e:40:a2:3d:
64:d9:4f:92:82:ae:79:9b:cd:82:e8:b7:86:37:dd:87:52:20:
43:7c:fa:77:4d:b9:ff:85:e7:a6:1e:f5:e2:22:ae:75:02:5a:
03:ec:c6:ab:85:e3:e5:49:58:36:12:39:71:7d:47:27:f9:40:
4e:78:fe:eb:05:95:57:9d:f2:f5:bb:20:a5:90:12:ec:1c:ef:
a7:2f:22:52:4f:bf:15:9a:25:59:22:8f:d9:e7:46:2e:e8:d2:
7a:5c:42:34:ed:98:4d:aa:77:72:6d:dd:77:0f:76:9b:b8:48:
7d:80:92:e3:b2:b6:7f:e2:4e:e7:66:42:2c:92:74:2b:c3:34:
e1:94:d2:86
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUf4RUMkpMNyCgIB3tv7XNsj3HtyowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMDYxNzUwMDVaFw0yNTExMTAyMzU5NTlaMHoxSTBHBgNV
BAUTQGU0NDU3MzRhYWNhMTdjNDEzM2ExY2Y5NDczMGE4Zjg2ODExYmEzZGQ2Nzkw
MjVlMDM0NzgwZWE2ZTVhMWY2M2UxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALlInCinBhyIGgGfQUcq2CPsCgJzQKSzB+3fzEcQQnUMmmqM0kW+i/6TZgh/
C1rvy1Fj40jU/BVHCT1Igs8Vr0Tr7m7ChQN01Fupg1/1hoTJbXICOHCk6uRRdx3V
f7wVdfOI61KYL9hDR2y1BIzUxa/jAhlkbP1e8vCbMQziVQyNs/go3eGbONZOO58L
NEIpq/yuJjEBHHmpoek3YJVRgrqH2MpAMK18/2TMp2OL8T5hYI5smZ2GoH5KfTJA
/80zYc2xs1J3iwnDEOXRGSnmoyXPQYcWJpm7RGAVdQj2J8q4jcWGKhtJoppOf5/O
ygtWWpQ5Ahr2dPDdbjurn2g8gZMCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBS78P2Z
blo5E3/3WiQoAl9vlT04dzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MjJkN2IyYTUtNmExOS00OWRiLWJjMGUtMzgzYzMzYmJlM2E1LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0H0g
MA0GCSqGSIb3DQEBCwUAA4IBAQBm1gP7jkwMvHuMkLeJa7ga/6xTY5VTTF6JLsMD
aP8ee38UpaKeiFlmUockkUuXlILP7KjVVFJjBGUZ/xeY0rNEDLF2B69mKoBGaJvm
gir2/dP4HMIO7cNfpHrnj8yQM1MpHcrJpYUXcN3AudUihR86+fpoHQnQSXJybY5A
oj1k2U+Sgq55m82C6LeGN92HUiBDfPp3Tbn/heemHvXiIq51AloD7MarhePlSVg2
EjlxfUcn+UBOeP7rBZVXnfL1uyClkBLsHO+nLyJST78VmiVZIo/Z50Yu6NJ6XEI0
7ZhNqndybd13D3abuEh9gJLjsrZ/4k7nZkIsknQrwzThlNKG
-----END CERTIFICATE-----
Generated at Mon Oct 20 18:13:33 2025 by rpki-client