Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/3a6271c8-6f02-45f1-97d6-ce27b463d3b5.roa
File: 3a6271c8-6f02-45f1-97d6-ce27b463d3b5.roa (raw, json)
Hash identifier: CZh9QphqVG6uZ56XY9El3PNARW3lxtyvaQhX81lZkoI=
Subject key identifier: FC:89:9D:A3:BC:5D:3D:72:0A:F9:5C:6C:A1:E0:18:98:FE:95:C1:1F
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 664AB9E3C221BB1E89396D64C23DEA79AC29671F
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/3a6271c8-6f02-45f1-97d6-ce27b463d3b5.roa
Signing time: Fri 26 Sep 2025 19:38:47 +0000
ROA not before: Fri 26 Sep 2025 19:38:47 +0000
ROA not after: Fri 31 Oct 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d03a:a000::/40 maxlen: 40
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 21 Oct 2025 09:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
66:4a:b9:e3:c2:21:bb:1e:89:39:6d:64:c2:3d:ea:79:ac:29:67:1f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Sep 26 19:38:47 2025 GMT
Not After : Oct 31 23:59:59 2025 GMT
Subject: serialNumber=220f9877c8e4446554efa801e7483b285cd4a7f190a467fc0612efeceb3c864b, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ae:de:5b:e7:da:bd:89:1c:4f:f7:68:45:c5:31:
8b:c1:ef:1b:7a:85:3a:25:1b:30:74:e5:e0:02:80:
20:2a:91:9a:fb:5d:cf:d9:b8:98:3f:71:aa:69:7a:
59:5f:af:52:5b:f2:a0:a4:a2:aa:dd:43:02:22:4b:
d7:93:47:74:bc:ff:34:d6:49:12:3f:35:be:11:92:
3d:cb:45:f9:e7:d0:2c:f9:30:88:64:e3:e6:f3:28:
86:62:49:7e:c8:c6:d7:4b:e9:0c:6a:fe:ba:ac:7a:
e3:ea:a3:a7:63:15:2d:29:02:4f:2d:4b:48:f0:2d:
68:bc:fb:d0:49:6b:cc:60:00:69:b4:0a:7d:fd:6e:
ac:e5:b4:ac:6c:55:29:43:64:f5:de:c6:de:2b:a7:
f0:30:d0:8f:05:83:b1:05:f5:63:ce:ee:aa:9a:0f:
fb:d4:ab:eb:a8:c4:6d:d4:81:14:f9:ac:7b:a5:03:
17:71:ab:38:58:8d:07:db:49:2a:1b:55:30:64:7d:
b4:28:ea:21:cf:49:fc:6d:91:e5:93:4b:21:ca:ea:
45:96:7b:df:30:26:7b:06:4e:e7:5f:45:3c:7f:7d:
ba:20:35:7d:5f:0d:76:a6:5a:b1:30:6d:3a:70:e5:
6a:a6:d6:03:38:f7:37:38:04:bd:15:e6:93:70:a7:
f2:dd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FC:89:9D:A3:BC:5D:3D:72:0A:F9:5C:6C:A1:E0:18:98:FE:95:C1:1F
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/3a6271c8-6f02-45f1-97d6-ce27b463d3b5.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d03a:a000::/40
Signature Algorithm: sha256WithRSAEncryption
0d:de:48:7a:f2:a1:4c:de:22:9b:6f:12:e2:e6:98:23:ab:20:
7b:80:af:85:e8:7d:a1:6a:16:79:eb:3f:6e:f6:46:3b:15:28:
9e:1b:fb:c6:45:19:4d:4c:9d:00:1d:14:67:9a:01:96:56:dd:
87:19:eb:79:f6:69:38:d9:bd:bb:e3:bc:94:94:73:cf:21:18:
cf:6a:cb:a7:7b:d5:ba:df:15:7f:52:c1:46:3d:f9:05:d9:cc:
fc:3e:47:5f:53:07:5e:db:98:61:9b:a9:27:84:2b:36:db:b3:
4c:2f:3f:89:90:fc:1c:6a:b6:58:cf:ab:a2:6b:48:c2:11:d3:
17:12:9c:2f:e0:a3:4c:a4:ba:54:ee:86:24:ea:33:41:39:4a:
ef:63:33:6e:fd:bb:bc:b1:a1:d1:06:73:73:18:b4:70:68:9c:
f4:73:b3:a3:35:98:78:c3:7b:2f:30:70:18:29:dc:b0:0d:63:
c3:72:28:e0:7a:1a:f5:7e:16:5b:05:27:6c:28:f8:72:5a:6f:
b2:94:ea:90:03:db:d8:30:9c:a2:ba:49:41:2a:fb:b1:e6:3c:
26:2f:6b:8c:21:14:b8:74:e1:5a:67:4e:ca:b1:70:02:f0:3b:
a8:e5:5b:d2:ea:00:29:22:d6:fe:71:d5:68:3e:7f:4f:01:a6:
4e:73:51:e8
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUZkq548Ihux6JOW1kwj3qeawpZx8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MjYxOTM4NDdaFw0yNTEwMzEyMzU5NTlaMHoxSTBHBgNV
BAUTQDIyMGY5ODc3YzhlNDQ0NjU1NGVmYTgwMWU3NDgzYjI4NWNkNGE3ZjE5MGE0
NjdmYzA2MTJlZmVjZWIzYzg2NGIxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAK7eW+favYkcT/doRcUxi8HvG3qFOiUbMHTl4AKAICqRmvtdz9m4mD9xqml6
WV+vUlvyoKSiqt1DAiJL15NHdLz/NNZJEj81vhGSPctF+efQLPkwiGTj5vMohmJJ
fsjG10vpDGr+uqx64+qjp2MVLSkCTy1LSPAtaLz70ElrzGAAabQKff1urOW0rGxV
KUNk9d7G3iun8DDQjwWDsQX1Y87uqpoP+9Sr66jEbdSBFPmse6UDF3GrOFiNB9tJ
KhtVMGR9tCjqIc9J/G2R5ZNLIcrqRZZ73zAmewZO519FPH99uiA1fV8NdqZasTBt
OnDlaqbWAzj3NzgEvRXmk3Cn8t0CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBT8iZ2j
vF09cgr5XGyh4BiY/pXBHzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
M2E2MjcxYzgtNmYwMi00NWYxLTk3ZDYtY2UyN2I0NjNkM2I1LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0Dqg
MA0GCSqGSIb3DQEBCwUAA4IBAQAN3kh68qFM3iKbbxLi5pgjqyB7gK+F6H2hahZ5
6z9u9kY7FSieG/vGRRlNTJ0AHRRnmgGWVt2HGet59mk42b2747yUlHPPIRjPasun
e9W63xV/UsFGPfkF2cz8PkdfUwde25hhm6knhCs227NMLz+JkPwcarZYz6uia0jC
EdMXEpwv4KNMpLpU7oYk6jNBOUrvYzNu/bu8saHRBnNzGLRwaJz0c7OjNZh4w3sv
MHAYKdywDWPDcijgehr1fhZbBSdsKPhyWm+ylOqQA9vYMJyiuklBKvux5jwmL2uM
IRS4dOFaZ07KsXAC8Duo5VvS6gApItb+cdVoPn9PAaZOc1Ho
-----END CERTIFICATE-----
Generated at Mon Oct 20 13:47:07 2025 by rpki-client