Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/25d38479-752d-418e-a4fb-397c5aa432f8.roa
File: 25d38479-752d-418e-a4fb-397c5aa432f8.roa (raw, json)
Hash identifier: aUIKvhQTr8SYae5qo+hP22OaUOvc8VuM/4reB0rWZcc=
Subject key identifier: 23:E9:3A:D5:E3:D5:78:7F:B1:90:86:56:FA:FB:9F:B9:B8:0F:88:14
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 17AE5614002E72812DB588C2889FCA18643781E0
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/25d38479-752d-418e-a4fb-397c5aa432f8.roa
Signing time: Sat 18 Oct 2025 04:30:18 +0000
ROA not before: Sat 18 Oct 2025 04:30:18 +0000
ROA not after: Sat 22 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d032:800::/40 maxlen: 40
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 21 Oct 2025 09:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
17:ae:56:14:00:2e:72:81:2d:b5:88:c2:88:9f:ca:18:64:37:81:e0
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Oct 18 04:30:18 2025 GMT
Not After : Nov 22 23:59:59 2025 GMT
Subject: serialNumber=64aea39a07554839ea2314ed62d86ec8c4de931edc4152f553aeeac23b4bdd44, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e9:ff:a4:56:f9:f9:47:90:1a:86:dc:44:cd:11:
b7:fb:30:8f:25:6c:13:5d:81:ac:2a:48:7c:b6:81:
65:15:6a:98:4c:00:dc:39:e2:91:9b:35:17:1d:f4:
4e:d4:d5:41:47:ce:f7:77:5c:69:ae:79:ad:c7:77:
c1:1b:d2:53:a6:77:9b:0f:dd:23:a9:2b:cc:b9:ba:
57:2d:df:6a:c4:95:b3:c4:93:57:eb:8d:fb:3d:80:
b6:44:6c:82:e2:26:51:0d:94:51:dd:38:46:52:09:
cc:e3:35:9c:3c:ca:2f:23:1e:39:d1:b8:47:f4:e0:
71:15:15:9f:44:fb:fd:6e:88:98:57:7f:b8:34:23:
3b:b4:bd:64:89:60:f0:73:65:1c:07:67:d8:df:9d:
46:03:51:35:89:40:46:53:e3:c5:0c:df:80:97:d7:
10:e5:80:0d:3e:ee:9f:c7:87:4b:51:46:b3:6b:56:
36:f8:f5:0c:de:29:70:6c:93:d3:f8:6a:ef:9c:2f:
4c:f4:3a:a8:46:50:09:23:f5:ea:e2:a3:17:44:92:
55:e8:6a:ed:20:60:08:6f:25:02:cd:d5:a3:39:27:
28:ff:26:79:89:d0:00:f9:c8:e2:52:80:7b:74:53:
63:aa:0f:c6:37:47:f8:4b:f9:94:f7:60:d3:cb:6d:
9b:35
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
23:E9:3A:D5:E3:D5:78:7F:B1:90:86:56:FA:FB:9F:B9:B8:0F:88:14
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/25d38479-752d-418e-a4fb-397c5aa432f8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d032:800::/40
Signature Algorithm: sha256WithRSAEncryption
8f:b8:f8:bd:21:63:36:e1:e7:8a:cc:14:3f:38:58:ff:b6:bb:
98:06:3f:70:c9:cc:8f:96:e4:59:17:3c:35:35:93:b3:13:2d:
14:18:47:f4:90:16:2a:dd:bf:50:14:88:b8:1e:f0:63:0c:5d:
b8:41:f4:21:34:86:20:3d:f9:91:67:f1:80:a4:6c:4e:32:83:
3a:d1:40:08:6a:0a:88:85:03:41:2c:9b:42:d0:63:20:cf:4b:
1c:8c:37:40:fd:56:3a:cf:0a:2e:a2:47:54:d7:44:11:8f:a1:
8d:76:75:e9:2f:13:ae:d1:d2:94:a6:e8:fb:1e:a5:5e:2f:f9:
b3:a4:61:86:b1:45:59:05:97:54:f1:ba:b5:96:a8:d8:6c:71:
48:74:e2:d8:da:14:b9:bd:52:51:55:37:84:32:9b:00:73:17:
40:12:57:80:8e:6d:f2:68:53:d8:35:02:db:57:ed:01:47:c5:
d9:4c:eb:bf:47:88:cd:46:4b:3e:58:c5:2d:07:9c:c7:2f:95:
1d:8b:d4:d8:31:53:f9:5a:e4:83:5d:bd:ee:f4:d0:d1:45:5e:
1d:ba:78:91:6e:d1:9d:b3:41:91:03:ae:23:66:e9:7b:c3:42:
1c:31:54:49:69:5c:6b:26:d2:04:74:dd:31:ed:dd:e5:9f:17:
fa:a7:cc:f7
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUF65WFAAucoEttYjCiJ/KGGQ3geAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMTgwNDMwMThaFw0yNTExMjIyMzU5NTlaMHoxSTBHBgNV
BAUTQDY0YWVhMzlhMDc1NTQ4MzllYTIzMTRlZDYyZDg2ZWM4YzRkZTkzMWVkYzQx
NTJmNTUzYWVlYWMyM2I0YmRkNDQxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAOn/pFb5+UeQGobcRM0Rt/swjyVsE12BrCpIfLaBZRVqmEwA3DnikZs1Fx30
TtTVQUfO93dcaa55rcd3wRvSU6Z3mw/dI6krzLm6Vy3fasSVs8STV+uN+z2AtkRs
guImUQ2UUd04RlIJzOM1nDzKLyMeOdG4R/TgcRUVn0T7/W6ImFd/uDQjO7S9ZIlg
8HNlHAdn2N+dRgNRNYlARlPjxQzfgJfXEOWADT7un8eHS1FGs2tWNvj1DN4pcGyT
0/hq75wvTPQ6qEZQCSP16uKjF0SSVehq7SBgCG8lAs3VozknKP8meYnQAPnI4lKA
e3RTY6oPxjdH+Ev5lPdg08ttmzUCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBQj6TrV
49V4f7GQhlb6+5+5uA+IFDAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MjVkMzg0NzktNzUyZC00MThlLWE0ZmItMzk3YzVhYTQzMmY4LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0DII
MA0GCSqGSIb3DQEBCwUAA4IBAQCPuPi9IWM24eeKzBQ/OFj/truYBj9wycyPluRZ
Fzw1NZOzEy0UGEf0kBYq3b9QFIi4HvBjDF24QfQhNIYgPfmRZ/GApGxOMoM60UAI
agqIhQNBLJtC0GMgz0scjDdA/VY6zwouokdU10QRj6GNdnXpLxOu0dKUpuj7HqVe
L/mzpGGGsUVZBZdU8bq1lqjYbHFIdOLY2hS5vVJRVTeEMpsAcxdAEleAjm3yaFPY
NQLbV+0BR8XZTOu/R4jNRks+WMUtB5zHL5Udi9TYMVP5WuSDXb3u9NDRRV4duniR
btGds0GRA64jZul7w0IcMVRJaVxrJtIEdN0x7d3lnxf6p8z3
-----END CERTIFICATE-----
Generated at Mon Oct 20 12:52:58 2025 by rpki-client