Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/304afa07-08cf-4abd-b55e-949deeea1591.roa
File: 304afa07-08cf-4abd-b55e-949deeea1591.roa (raw, json)
Hash identifier: 3yRibWj7C0JezKLwY6sJwJJGmyklyE51yt+XTUXD/hM=
Subject key identifier: AD:8D:C4:62:24:50:50:C7:D2:B2:37:46:F8:DD:28:E8:0D:BE:35:97
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 3D55171687C078036A49B453D7A440202A2DDB03
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/304afa07-08cf-4abd-b55e-949deeea1591.roa
Signing time: Fri 17 Oct 2025 21:10:16 +0000
ROA not before: Fri 17 Oct 2025 21:10:16 +0000
ROA not after: Fri 21 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d076:5000::/40 maxlen: 40
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 21 Oct 2025 09:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
3d:55:17:16:87:c0:78:03:6a:49:b4:53:d7:a4:40:20:2a:2d:db:03
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Oct 17 21:10:16 2025 GMT
Not After : Nov 21 23:59:59 2025 GMT
Subject: serialNumber=50e669a30fdca73f0abd00835f49257e52ed37fdcab21e9b58b44bfd1b92e635, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bb:5c:d5:fb:ba:81:fd:e0:2f:77:f3:65:f2:b3:
1f:f3:37:db:d5:76:25:bc:b8:43:ad:b2:b2:e9:b1:
58:25:df:a7:08:83:95:db:d3:e2:a2:1c:5a:6c:91:
18:15:6a:63:9d:97:da:7e:18:ba:02:0e:df:14:bc:
5b:5e:d9:61:ee:8b:e1:54:8c:d5:32:b5:b9:29:8a:
8a:23:13:b0:d7:1e:73:95:35:32:d9:87:53:38:99:
da:05:5c:97:3f:87:f8:44:70:4f:b2:d5:20:16:d9:
71:fa:d5:06:8d:e0:11:8e:8c:3d:e1:bc:e6:98:56:
d7:6a:5c:36:36:7e:1e:28:a2:96:be:9a:3e:03:22:
d1:7c:ff:e5:50:39:1f:66:53:91:47:97:17:7e:c8:
05:93:6f:97:5d:8c:b4:e9:a9:71:0e:9d:88:fc:78:
47:91:47:70:ac:48:3c:97:69:f8:c4:dd:20:fa:89:
ca:19:04:7f:73:9e:5b:b0:ae:71:ef:1f:22:1e:1c:
a3:30:b3:0a:7d:69:ba:be:59:49:05:4a:7c:a5:3e:
e4:1d:c7:20:c7:83:07:d9:07:23:59:06:4b:4e:20:
15:dd:8d:5b:59:9b:33:4a:b3:d1:a0:1b:df:d9:08:
11:f7:4d:cd:ef:1a:a8:f7:78:33:83:a1:ef:ba:66:
2e:bf
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AD:8D:C4:62:24:50:50:C7:D2:B2:37:46:F8:DD:28:E8:0D:BE:35:97
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/304afa07-08cf-4abd-b55e-949deeea1591.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d076:5000::/40
Signature Algorithm: sha256WithRSAEncryption
c8:23:60:d3:87:17:12:9b:d2:4c:61:73:f5:28:ea:28:5f:98:
15:a9:70:c4:d3:3c:6e:48:3e:bb:b0:bd:da:0f:c9:16:76:59:
b4:57:09:69:f7:d2:bd:6e:d1:c2:bf:10:95:fb:37:ad:90:75:
34:7b:60:2d:a0:ca:75:62:92:04:6a:5f:61:e4:d6:1f:40:19:
41:27:0a:43:c2:34:00:2e:48:88:0f:d7:7b:73:7b:ba:0a:34:
ad:08:ad:d4:96:83:72:8e:86:db:20:be:86:30:73:c8:50:da:
17:f5:05:18:c6:a8:37:03:ae:f6:da:73:8b:fd:87:cf:5f:45:
24:38:84:a8:52:ab:e6:80:dd:ee:b8:50:59:8b:8f:44:8b:d7:
b8:81:4b:1e:ca:a9:a6:e7:cf:d7:be:a0:74:2e:d4:d9:3c:c9:
e9:ba:eb:31:91:bc:16:25:0b:94:f2:5d:a0:62:fb:38:04:b3:
fd:be:21:5c:aa:91:99:cc:c7:06:fd:70:b5:00:86:4b:f6:ac:
3b:fd:33:86:79:26:36:e4:c1:08:93:7f:a2:1b:07:ab:05:a9:
8d:6c:9a:e8:6e:17:c9:0c:c3:08:8b:63:97:c7:9b:14:39:b3:
bd:47:f3:e0:eb:6c:84:5a:5a:6f:66:de:0b:0a:31:53:30:cc:
03:cc:83:ec
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUPVUXFofAeANqSbRT16RAICot2wMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMTcyMTEwMTZaFw0yNTExMjEyMzU5NTlaMHoxSTBHBgNV
BAUTQDUwZTY2OWEzMGZkY2E3M2YwYWJkMDA4MzVmNDkyNTdlNTJlZDM3ZmRjYWIy
MWU5YjU4YjQ0YmZkMWI5MmU2MzUxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALtc1fu6gf3gL3fzZfKzH/M329V2Jby4Q62ysumxWCXfpwiDldvT4qIcWmyR
GBVqY52X2n4YugIO3xS8W17ZYe6L4VSM1TK1uSmKiiMTsNcec5U1MtmHUziZ2gVc
lz+H+ERwT7LVIBbZcfrVBo3gEY6MPeG85phW12pcNjZ+Hiiilr6aPgMi0Xz/5VA5
H2ZTkUeXF37IBZNvl12MtOmpcQ6diPx4R5FHcKxIPJdp+MTdIPqJyhkEf3OeW7Cu
ce8fIh4cozCzCn1pur5ZSQVKfKU+5B3HIMeDB9kHI1kGS04gFd2NW1mbM0qz0aAb
39kIEfdNze8aqPd4M4Oh77pmLr8CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBStjcRi
JFBQx9KyN0b43SjoDb41lzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MzA0YWZhMDctMDhjZi00YWJkLWI1NWUtOTQ5ZGVlZWExNTkxLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0HZQ
MA0GCSqGSIb3DQEBCwUAA4IBAQDII2DThxcSm9JMYXP1KOooX5gVqXDE0zxuSD67
sL3aD8kWdlm0Vwlp99K9btHCvxCV+zetkHU0e2AtoMp1YpIEal9h5NYfQBlBJwpD
wjQALkiID9d7c3u6CjStCK3UloNyjobbIL6GMHPIUNoX9QUYxqg3A6722nOL/YfP
X0UkOISoUqvmgN3uuFBZi49Ei9e4gUseyqmm58/XvqB0LtTZPMnpuusxkbwWJQuU
8l2gYvs4BLP9viFcqpGZzMcG/XC1AIZL9qw7/TOGeSY25MEIk3+iGwerBamNbJro
bhfJDMMIi2OXx5sUObO9R/Pg62yEWlpvZt4LCjFTMMwDzIPs
-----END CERTIFICATE-----
Generated at Mon Oct 20 12:52:39 2025 by rpki-client