Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/2b0de12a-ec1d-465b-8f38-68a2dd6a19df.roa
File: 2b0de12a-ec1d-465b-8f38-68a2dd6a19df.roa (raw, json)
Hash identifier: 1QW0q0LzIYUmgcMrrVYB5LLkplzxlC6kGwcJkiI6fRU=
Subject key identifier: 50:87:1A:66:14:F9:53:39:69:BB:3C:BF:E5:0B:5F:DE:4C:0E:33:07
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 57F86991735DF2E447BCBC13B174243C8B75FA55
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/2b0de12a-ec1d-465b-8f38-68a2dd6a19df.roa
Signing time: Fri 26 Sep 2025 19:11:03 +0000
ROA not before: Fri 26 Sep 2025 19:11:03 +0000
ROA not after: Fri 31 Oct 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d000:6000::/40 maxlen: 40
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 21 Oct 2025 09:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
57:f8:69:91:73:5d:f2:e4:47:bc:bc:13:b1:74:24:3c:8b:75:fa:55
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Sep 26 19:11:03 2025 GMT
Not After : Oct 31 23:59:59 2025 GMT
Subject: serialNumber=8dc16eb9a93835cceb3b3422e30bd2a28b849c5b651edf56c0790232cf5777b6, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b7:62:71:8b:66:d3:f9:5b:e0:66:f8:05:7c:75:
f1:d7:02:2c:01:3b:49:7d:09:e9:6a:7e:d7:a9:23:
ff:f4:21:2f:71:f0:d4:33:01:90:47:7a:4b:19:4d:
69:14:80:76:aa:98:c8:1d:d8:8f:a2:4b:76:8f:65:
9c:59:65:a1:05:7a:c7:16:e7:55:7d:7f:80:57:25:
bd:84:bc:ec:46:04:7c:29:68:19:16:7a:d2:82:99:
2b:a6:58:0e:a5:8c:c5:a1:38:0c:a0:71:4e:7a:cd:
48:c7:a3:75:f0:35:30:71:74:54:12:2c:78:a2:8b:
b1:21:6b:53:27:c6:2b:d3:69:ae:e8:07:be:0e:73:
a6:3c:d2:7f:0d:39:d3:9d:3c:3c:75:3e:3d:07:a7:
e4:b5:89:73:2c:fc:f1:bf:86:f8:91:2a:19:eb:9c:
5e:f6:84:ae:32:77:76:1f:81:d5:a0:23:aa:b7:5d:
90:17:be:10:fc:bd:65:58:09:c7:62:f8:09:e6:0c:
a3:ca:e8:83:68:ca:c4:fd:38:e2:6d:eb:26:62:17:
bf:52:77:3b:ae:6c:a1:50:7d:27:22:0e:d3:65:c1:
67:62:f5:54:f9:e9:45:52:18:ba:59:4b:b9:19:2a:
e8:8d:be:c1:e9:06:18:e8:2c:b6:00:92:9a:a3:e6:
0a:93
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
50:87:1A:66:14:F9:53:39:69:BB:3C:BF:E5:0B:5F:DE:4C:0E:33:07
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/2b0de12a-ec1d-465b-8f38-68a2dd6a19df.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d000:6000::/40
Signature Algorithm: sha256WithRSAEncryption
46:29:e1:fc:26:5e:4c:a6:3e:00:c4:c9:6b:bd:a7:3e:c1:4d:
15:64:c9:a3:b6:a2:65:15:11:3a:66:d2:96:e0:45:23:27:70:
79:33:f2:74:46:02:f3:29:06:b1:55:70:57:c0:f8:0e:58:36:
cf:e2:b0:c7:7c:8c:1c:fd:ca:5b:c3:b9:19:3a:df:be:12:35:
f9:d2:92:bd:1b:0b:86:71:a5:4e:5c:e0:97:1f:ae:30:67:65:
22:f1:57:d5:fa:cd:b6:0b:c5:e2:45:70:ee:1d:9d:ea:b4:57:
ac:cd:cd:ab:12:6f:34:92:22:e5:0e:04:d4:f2:57:69:29:ed:
cb:28:eb:3f:2c:17:a3:04:3d:e6:21:61:c3:b6:62:f4:96:9a:
61:d5:84:89:a8:7a:fb:93:c3:0d:cb:0c:c0:2f:09:85:1c:5f:
8e:66:9a:90:49:64:88:59:4c:bd:f8:6a:f3:79:8c:9a:38:5c:
9a:c7:3f:f5:5b:b4:3d:5e:6d:af:a1:7e:ad:37:90:04:63:e0:
0a:c9:2a:2d:7a:7b:b9:e7:aa:0c:24:6a:86:b9:66:63:72:dc:
3c:e2:bb:74:24:60:bb:a0:14:20:bb:b6:66:ae:ba:3e:e8:a9:
a0:86:3a:59:e2:82:0f:60:12:a9:e2:cb:0b:53:5c:ad:2d:f5:
5c:79:6f:69
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUV/hpkXNd8uRHvLwTsXQkPIt1+lUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MjYxOTExMDNaFw0yNTEwMzEyMzU5NTlaMHoxSTBHBgNV
BAUTQDhkYzE2ZWI5YTkzODM1Y2NlYjNiMzQyMmUzMGJkMmEyOGI4NDljNWI2NTFl
ZGY1NmMwNzkwMjMyY2Y1Nzc3YjYxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALdicYtm0/lb4Gb4BXx18dcCLAE7SX0J6Wp+16kj//QhL3Hw1DMBkEd6SxlN
aRSAdqqYyB3Yj6JLdo9lnFlloQV6xxbnVX1/gFclvYS87EYEfCloGRZ60oKZK6ZY
DqWMxaE4DKBxTnrNSMejdfA1MHF0VBIseKKLsSFrUyfGK9NprugHvg5zpjzSfw05
0508PHU+PQen5LWJcyz88b+G+JEqGeucXvaErjJ3dh+B1aAjqrddkBe+EPy9ZVgJ
x2L4CeYMo8rog2jKxP044m3rJmIXv1J3O65soVB9JyIO02XBZ2L1VPnpRVIYullL
uRkq6I2+wekGGOgstgCSmqPmCpMCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBRQhxpm
FPlTOWm7PL/lC1/eTA4zBzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MmIwZGUxMmEtZWMxZC00NjViLThmMzgtNjhhMmRkNmExOWRmLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0ABg
MA0GCSqGSIb3DQEBCwUAA4IBAQBGKeH8Jl5Mpj4AxMlrvac+wU0VZMmjtqJlFRE6
ZtKW4EUjJ3B5M/J0RgLzKQaxVXBXwPgOWDbP4rDHfIwc/cpbw7kZOt++EjX50pK9
GwuGcaVOXOCXH64wZ2Ui8VfV+s22C8XiRXDuHZ3qtFeszc2rEm80kiLlDgTU8ldp
Ke3LKOs/LBejBD3mIWHDtmL0lpph1YSJqHr7k8MNywzALwmFHF+OZpqQSWSIWUy9
+GrzeYyaOFyaxz/1W7Q9Xm2voX6tN5AEY+AKySotenu556oMJGqGuWZjctw84rt0
JGC7oBQgu7Zmrro+6KmghjpZ4oIPYBKp4ssLU1ytLfVceW9p
-----END CERTIFICATE-----
Generated at Mon Oct 20 12:52:54 2025 by rpki-client