Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/28fc43ad-0c3b-4d77-aa32-5efc431e69c3.roa
File: 28fc43ad-0c3b-4d77-aa32-5efc431e69c3.roa (raw, json)
Hash identifier: pxjOGIeac7vy7xMbXUlx5kc/WVN2CNVXCX8tqQQxFMU=
Subject key identifier: 86:79:2D:81:E0:5C:B0:96:68:22:12:8A:27:63:5A:01:7B:8F:C5:15
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 0C5B8E81A9DAEBB6F4C70C1A78E4F00942374E5B
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/28fc43ad-0c3b-4d77-aa32-5efc431e69c3.roa
Signing time: Fri 26 Sep 2025 19:11:48 +0000
ROA not before: Fri 26 Sep 2025 19:11:48 +0000
ROA not after: Fri 31 Oct 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d07f:80e0::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 21 Oct 2025 09:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
0c:5b:8e:81:a9:da:eb:b6:f4:c7:0c:1a:78:e4:f0:09:42:37:4e:5b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Sep 26 19:11:48 2025 GMT
Not After : Oct 31 23:59:59 2025 GMT
Subject: serialNumber=3371b165b2467942714c308da648b1de516176c14c2cf2943019eace24e099d5, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ac:e2:e9:1a:d5:be:43:09:aa:aa:4f:05:3e:91:
23:16:e8:a5:64:fd:58:13:6c:57:b3:2a:5a:4f:a1:
13:bf:70:34:15:91:c3:33:a7:47:d7:90:74:74:b0:
37:2b:f7:9b:0d:42:96:0d:02:bc:48:72:f4:e8:2f:
fe:85:02:c1:54:fd:30:7a:0a:eb:67:1a:14:a9:00:
17:3c:c9:a9:1f:d9:06:52:4d:b8:70:53:ac:b1:af:
ae:3c:8c:3f:64:a5:28:27:24:51:97:1b:ef:ef:d1:
6a:c9:b7:df:e4:f6:78:b5:3f:d3:07:9d:19:4b:18:
7e:67:9f:3d:37:0a:da:de:bb:f1:40:ae:3b:27:a4:
5a:6b:1f:df:6a:6b:86:b1:18:d9:48:b9:d1:fc:2e:
2e:54:00:d0:4e:45:c6:2b:7b:97:9e:56:2c:e3:2e:
09:d9:f8:c0:1a:f8:97:2b:18:17:78:16:d5:c6:89:
10:6c:23:35:f1:3b:62:87:97:fa:a5:70:29:9c:7f:
a3:44:c7:3c:da:e8:3c:1b:26:91:e0:44:d8:24:a1:
99:b9:57:f1:c6:b5:80:12:8a:fc:dc:3a:b6:05:ab:
5a:e3:a8:33:49:dd:c6:78:5b:84:81:70:26:74:d5:
03:05:e5:fd:f4:c0:5a:d5:ff:e8:c1:6e:ea:a6:68:
91:d1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
86:79:2D:81:E0:5C:B0:96:68:22:12:8A:27:63:5A:01:7B:8F:C5:15
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/28fc43ad-0c3b-4d77-aa32-5efc431e69c3.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d07f:80e0::/48
Signature Algorithm: sha256WithRSAEncryption
4d:9b:87:1c:7b:fa:75:80:40:29:81:24:3e:29:32:1f:04:08:
df:a4:55:9d:dd:77:95:00:58:30:a4:c4:99:14:16:5a:15:01:
60:94:1a:fb:fc:7c:eb:1c:5d:a8:6c:99:87:f5:a4:96:3b:c2:
ef:af:f9:53:f7:28:00:f5:91:b6:f9:28:66:1a:36:e3:94:6f:
7f:d4:f9:bd:96:33:43:6d:bb:6a:f0:5d:cf:60:4d:1c:24:ee:
53:38:4b:b4:b4:17:45:73:ab:bd:7d:41:d7:08:1b:46:88:36:
0c:55:d4:14:7e:66:c9:1c:c4:11:9d:2c:bb:26:81:ce:9b:70:
87:a0:0c:97:ff:f1:e0:5d:12:04:5b:fb:6f:83:d7:d6:2b:e9:
dd:0b:be:bb:c0:c3:fd:10:f7:22:b8:5b:0b:6b:1c:b2:23:e9:
24:b0:ab:32:66:e0:56:6a:99:d6:bb:20:53:e9:69:10:a4:0b:
1d:5a:c7:e8:0e:95:55:39:1e:d7:9d:05:3c:b2:15:bd:64:61:
af:0c:3a:cf:01:e0:ab:58:2a:a4:82:9f:6b:5b:ca:5f:9e:7e:
41:18:99:6e:ca:54:2c:d2:6e:d4:c9:34:55:1d:d7:98:0f:b6:
2d:bf:6c:6f:73:84:7f:81:c4:b8:69:9e:6d:a2:d7:89:f7:36:
96:99:51:95
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUDFuOgana67b0xwwaeOTwCUI3TlswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MjYxOTExNDhaFw0yNTEwMzEyMzU5NTlaMHoxSTBHBgNV
BAUTQDMzNzFiMTY1YjI0Njc5NDI3MTRjMzA4ZGE2NDhiMWRlNTE2MTc2YzE0YzJj
ZjI5NDMwMTllYWNlMjRlMDk5ZDUxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKzi6RrVvkMJqqpPBT6RIxbopWT9WBNsV7MqWk+hE79wNBWRwzOnR9eQdHSw
Nyv3mw1Clg0CvEhy9Ogv/oUCwVT9MHoK62caFKkAFzzJqR/ZBlJNuHBTrLGvrjyM
P2SlKCckUZcb7+/Rasm33+T2eLU/0wedGUsYfmefPTcK2t678UCuOyekWmsf32pr
hrEY2Ui50fwuLlQA0E5Fxit7l55WLOMuCdn4wBr4lysYF3gW1caJEGwjNfE7YoeX
+qVwKZx/o0THPNroPBsmkeBE2CShmblX8ca1gBKK/Nw6tgWrWuOoM0ndxnhbhIFw
JnTVAwXl/fTAWtX/6MFu6qZokdECAwEAAaOCAiQwggIgMB0GA1UdDgQWBBSGeS2B
4FywlmgiEoonY1oBe4/FFTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MjhmYzQzYWQtMGMzYi00ZDc3LWFhMzItNWVmYzQzMWU2OWMzLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0H+A
4DANBgkqhkiG9w0BAQsFAAOCAQEATZuHHHv6dYBAKYEkPikyHwQI36RVnd13lQBY
MKTEmRQWWhUBYJQa+/x86xxdqGyZh/WkljvC76/5U/coAPWRtvkoZho245Rvf9T5
vZYzQ227avBdz2BNHCTuUzhLtLQXRXOrvX1B1wgbRog2DFXUFH5myRzEEZ0suyaB
zptwh6AMl//x4F0SBFv7b4PX1ivp3Qu+u8DD/RD3IrhbC2scsiPpJLCrMmbgVmqZ
1rsgU+lpEKQLHVrH6A6VVTke150FPLIVvWRhrww6zwHgq1gqpIKfa1vKX55+QRiZ
bspULNJu1Mk0VR3XmA+2Lb9sb3OEf4HEuGmebaLXifc2lplRlQ==
-----END CERTIFICATE-----
Generated at Mon Oct 20 13:47:39 2025 by rpki-client