Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/376be0fe-aebc-4855-80a4-ea95cf413b51.roa
File: 376be0fe-aebc-4855-80a4-ea95cf413b51.roa (raw, json)
Hash identifier: T+i87D+EAetGBxbEcm5qbCOZOUHBEmHBCjM5R9Fw2p8=
Subject key identifier: 42:14:8E:2C:DA:6A:60:A6:21:EA:B4:C7:FD:15:F3:B2:BF:A3:60:44
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 770E5C10D7F167D778927387B899B3A06C12E46C
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/376be0fe-aebc-4855-80a4-ea95cf413b51.roa
Signing time: Mon 06 Oct 2025 18:10:06 +0000
ROA not before: Mon 06 Oct 2025 18:10:06 +0000
ROA not after: Mon 10 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d032:5000::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 21 Oct 2025 13:42:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
77:0e:5c:10:d7:f1:67:d7:78:92:73:87:b8:99:b3:a0:6c:12:e4:6c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Oct 6 18:10:06 2025 GMT
Not After : Nov 10 23:59:59 2025 GMT
Subject: serialNumber=0f9c2f904bd7d76a1cb59965d3b4beb2aaffdfba3cefbca7bd308e381b29d865, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bd:e9:cf:cc:3c:8d:b7:6c:07:27:d6:d1:82:dd:
59:d8:14:62:d8:8c:42:50:81:ad:59:70:67:94:ee:
17:6b:c9:9d:56:ca:9a:ba:b1:00:67:a8:ac:0c:e8:
ae:2a:a7:ac:ac:be:07:c4:78:3c:34:c5:9c:9e:a4:
77:05:76:93:58:5c:e6:3b:ce:89:62:bb:59:63:3b:
07:de:fa:63:0d:e7:da:44:8f:40:55:87:23:b5:8d:
07:5b:53:a5:18:28:14:18:af:b9:6c:29:02:bf:b9:
d5:07:b1:5a:05:6e:1d:79:8f:cd:37:e0:d1:f7:7f:
43:71:72:2b:e2:71:ad:d4:70:78:2f:42:19:5b:5d:
03:6c:60:6e:89:1c:2d:67:1f:dd:e8:d5:1b:f0:c5:
52:38:3a:29:f8:b1:71:ea:3c:1a:17:e3:3b:23:1b:
5e:91:15:13:d3:2f:d3:5d:12:f5:29:36:02:e0:cb:
bf:cb:2b:88:58:46:33:3b:65:3a:ec:0d:f6:b9:8b:
cb:64:ee:f7:25:45:0a:25:af:1c:6f:03:42:99:c1:
24:1f:32:e4:0b:89:77:3e:f0:68:03:89:86:16:fc:
8b:ab:ce:a1:c8:7d:07:c4:66:ac:da:76:da:41:85:
ce:32:14:dc:5c:53:b1:a2:55:f6:be:a2:00:7b:b1:
1c:85
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
42:14:8E:2C:DA:6A:60:A6:21:EA:B4:C7:FD:15:F3:B2:BF:A3:60:44
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/376be0fe-aebc-4855-80a4-ea95cf413b51.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d032:5000::/40
Signature Algorithm: sha256WithRSAEncryption
25:67:e3:de:1f:45:58:41:3b:85:77:bd:0a:60:9e:53:86:19:
5f:86:92:c3:8c:6d:f7:14:ed:11:68:5a:ea:46:62:b9:fa:97:
37:9a:a7:99:a1:4c:66:fe:49:ed:29:fd:ab:f1:fe:b6:48:17:
c7:79:c2:89:f5:16:6a:9d:18:1e:72:08:af:7c:06:86:84:d8:
63:b0:a8:94:40:ca:26:f7:95:a3:e9:2f:85:f9:75:94:37:a0:
a2:f0:62:5a:88:03:c4:40:ac:f4:d2:07:5d:33:a6:72:22:46:
83:2c:21:30:f0:26:fa:ed:d9:2a:2c:f6:13:ab:71:d9:bb:e9:
81:17:2d:56:31:e5:8f:dd:58:9f:0a:83:4b:14:cc:ca:bd:c2:
62:3a:c2:b1:4f:1e:e3:71:d1:00:b1:5d:66:aa:67:6c:5f:df:
27:08:70:f8:fd:53:c3:7b:3f:29:90:63:36:c1:76:ed:2e:b5:
87:6d:1d:e6:9e:3e:4b:8e:90:2c:b4:05:54:3e:c2:9c:ad:de:
d8:0f:a5:73:fc:62:57:f2:1c:b1:b0:bd:0a:47:1d:2c:2f:1a:
f8:dc:7e:f6:90:3e:6d:ae:f5:69:11:22:c1:62:67:d4:d1:9f:
aa:8c:da:8e:b7:2d:24:95:e6:59:42:a7:83:3f:a4:89:a9:ce:
bd:ba:c4:11
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUdw5cENfxZ9d4knOHuJmzoGwS5GwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMDYxODEwMDZaFw0yNTExMTAyMzU5NTlaMHoxSTBHBgNV
BAUTQDBmOWMyZjkwNGJkN2Q3NmExY2I1OTk2NWQzYjRiZWIyYWFmZmRmYmEzY2Vm
YmNhN2JkMzA4ZTM4MWIyOWQ4NjUxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAL3pz8w8jbdsByfW0YLdWdgUYtiMQlCBrVlwZ5TuF2vJnVbKmrqxAGeorAzo
riqnrKy+B8R4PDTFnJ6kdwV2k1hc5jvOiWK7WWM7B976Yw3n2kSPQFWHI7WNB1tT
pRgoFBivuWwpAr+51QexWgVuHXmPzTfg0fd/Q3FyK+JxrdRweC9CGVtdA2xgbokc
LWcf3ejVG/DFUjg6Kfixceo8GhfjOyMbXpEVE9Mv010S9Sk2AuDLv8sriFhGMztl
OuwN9rmLy2Tu9yVFCiWvHG8DQpnBJB8y5AuJdz7waAOJhhb8i6vOoch9B8RmrNp2
2kGFzjIU3FxTsaJV9r6iAHuxHIUCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBRCFI4s
2mpgpiHqtMf9FfOyv6NgRDAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
Mzc2YmUwZmUtYWViYy00ODU1LTgwYTQtZWE5NWNmNDEzYjUxLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0DJQ
MA0GCSqGSIb3DQEBCwUAA4IBAQAlZ+PeH0VYQTuFd70KYJ5ThhlfhpLDjG33FO0R
aFrqRmK5+pc3mqeZoUxm/kntKf2r8f62SBfHecKJ9RZqnRgecgivfAaGhNhjsKiU
QMom95Wj6S+F+XWUN6Ci8GJaiAPEQKz00gddM6ZyIkaDLCEw8Cb67dkqLPYTq3HZ
u+mBFy1WMeWP3VifCoNLFMzKvcJiOsKxTx7jcdEAsV1mqmdsX98nCHD4/VPDez8p
kGM2wXbtLrWHbR3mnj5LjpAstAVUPsKcrd7YD6Vz/GJX8hyxsL0KRx0sLxr43H72
kD5trvVpESLBYmfU0Z+qjNqOty0kleZZQqeDP6SJqc69usQR
-----END CERTIFICATE-----
Generated at Mon Oct 20 23:29:45 2025 by rpki-client