Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/42a2bbbc-4bfd-4172-8004-b90bf9d2de72.roa
File: 42a2bbbc-4bfd-4172-8004-b90bf9d2de72.roa (raw, json)
Hash identifier: utsQAoYfBsPcnV3EFCEJLP5RZL5dVAhjdmqVu5e0qrc=
Subject key identifier: A8:D1:8E:A2:FF:83:0B:AD:F7:14:D4:B5:B2:ED:EE:F0:4C:D6:27:A7
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 236618B6740F35B9EE50B3FA773BC0F0FC929969
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/42a2bbbc-4bfd-4172-8004-b90bf9d2de72.roa
Signing time: Fri 17 Oct 2025 21:10:16 +0000
ROA not before: Fri 17 Oct 2025 21:10:16 +0000
ROA not after: Fri 21 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d076:9000::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 21 Oct 2025 09:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
23:66:18:b6:74:0f:35:b9:ee:50:b3:fa:77:3b:c0:f0:fc:92:99:69
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Oct 17 21:10:16 2025 GMT
Not After : Nov 21 23:59:59 2025 GMT
Subject: serialNumber=8ddd04e0208c75fe2bb1f33d985f6c73edbda3ab6d400903b428c51893c07604, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:97:af:f8:93:a1:27:4e:8a:44:d8:51:0b:ba:68:
46:19:16:22:d8:80:46:88:b8:c1:68:61:c0:30:e3:
c9:97:98:1a:ed:cb:e1:55:f3:d1:9d:76:7b:5f:f0:
61:23:0e:2a:32:37:d7:7f:6c:b5:3a:60:88:6b:31:
3f:2a:80:98:f3:dc:90:fe:cc:f4:96:28:65:63:60:
3b:31:51:b3:56:09:50:f8:d8:94:69:26:d2:8c:94:
47:83:21:53:fc:db:46:cf:31:75:83:5b:5d:68:3e:
46:ad:43:2f:c0:28:e6:24:cf:cd:da:22:0d:07:e5:
19:16:e5:9b:3a:0a:5f:6d:37:f2:bf:3c:9d:a0:74:
02:02:a9:e6:f0:2f:17:e6:f7:c4:29:a3:41:33:f7:
d1:a2:24:3f:23:fa:6a:d6:d4:a1:11:b6:39:d1:c1:
60:18:8d:4a:8b:0a:40:ed:fa:ed:ea:96:69:b1:83:
52:66:0f:87:30:16:c5:93:ed:ed:dd:07:eb:d6:9b:
ef:7b:45:dd:fe:cf:15:8b:f1:39:a1:ab:41:be:99:
5d:0c:1c:ca:82:81:98:48:63:b0:6f:5b:c8:3b:46:
fa:d3:6d:bd:7f:53:56:e8:ce:56:5e:66:9f:da:eb:
64:bf:d8:82:be:57:00:f8:f9:27:1b:69:99:b9:7f:
1c:c5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A8:D1:8E:A2:FF:83:0B:AD:F7:14:D4:B5:B2:ED:EE:F0:4C:D6:27:A7
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/42a2bbbc-4bfd-4172-8004-b90bf9d2de72.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d076:9000::/48
Signature Algorithm: sha256WithRSAEncryption
48:c0:30:df:39:73:24:1a:4e:58:37:49:13:d3:bc:9d:de:ba:
e3:f8:61:cd:f8:55:78:6d:9e:05:fe:a1:e2:e2:4a:a6:fd:36:
f1:3c:2d:4a:ca:d8:d1:e9:9d:a7:48:2c:02:3e:12:a2:cc:ce:
4f:e8:22:f3:3e:3d:67:40:0d:d7:02:be:d0:d5:d4:13:58:1c:
10:fb:f7:91:85:da:a3:a5:d7:a9:4d:11:37:21:c2:fe:c5:d3:
42:70:c9:c2:c0:62:95:48:5e:1b:48:b1:91:ba:1d:47:78:47:
df:e2:93:f4:d5:08:ae:a7:90:3b:57:68:fa:7b:86:e8:06:eb:
02:2b:22:eb:78:48:e0:45:26:dc:a0:ef:a0:23:47:3e:bf:0a:
d3:a0:d9:b2:74:d7:b8:b6:fb:81:64:a4:f2:f5:f2:c9:73:55:
00:95:2e:8d:82:b7:65:bf:c7:62:bc:46:95:50:f3:89:4c:1c:
f9:2a:19:6e:96:b0:70:2e:1d:24:52:ac:f8:05:7b:3d:e6:b0:
04:fd:b0:df:4d:45:6c:e5:c7:1a:40:95:8a:7a:b2:f2:49:05:
94:68:5a:eb:ad:27:e2:34:98:1a:92:6f:99:40:01:f6:c0:4c:
c2:d5:7f:cb:a0:ca:a2:64:27:e2:53:6d:5f:95:10:91:9d:d5:
01:f3:85:cd
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUI2YYtnQPNbnuULP6dzvA8PySmWkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMTcyMTEwMTZaFw0yNTExMjEyMzU5NTlaMHoxSTBHBgNV
BAUTQDhkZGQwNGUwMjA4Yzc1ZmUyYmIxZjMzZDk4NWY2YzczZWRiZGEzYWI2ZDQw
MDkwM2I0MjhjNTE4OTNjMDc2MDQxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJev+JOhJ06KRNhRC7poRhkWItiARoi4wWhhwDDjyZeYGu3L4VXz0Z12e1/w
YSMOKjI3139stTpgiGsxPyqAmPPckP7M9JYoZWNgOzFRs1YJUPjYlGkm0oyUR4Mh
U/zbRs8xdYNbXWg+Rq1DL8Ao5iTPzdoiDQflGRblmzoKX2038r88naB0AgKp5vAv
F+b3xCmjQTP30aIkPyP6atbUoRG2OdHBYBiNSosKQO367eqWabGDUmYPhzAWxZPt
7d0H69ab73tF3f7PFYvxOaGrQb6ZXQwcyoKBmEhjsG9byDtG+tNtvX9TVujOVl5m
n9rrZL/Ygr5XAPj5Jxtpmbl/HMUCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBSo0Y6i
/4MLrfcU1LWy7e7wTNYnpzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NDJhMmJiYmMtNGJmZC00MTcyLTgwMDQtYjkwYmY5ZDJkZTcyLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0HaQ
ADANBgkqhkiG9w0BAQsFAAOCAQEASMAw3zlzJBpOWDdJE9O8nd664/hhzfhVeG2e
Bf6h4uJKpv028TwtSsrY0emdp0gsAj4SoszOT+gi8z49Z0AN1wK+0NXUE1gcEPv3
kYXao6XXqU0RNyHC/sXTQnDJwsBilUheG0ixkbodR3hH3+KT9NUIrqeQO1do+nuG
6AbrAisi63hI4EUm3KDvoCNHPr8K06DZsnTXuLb7gWSk8vXyyXNVAJUujYK3Zb/H
YrxGlVDziUwc+SoZbpawcC4dJFKs+AV7PeawBP2w301FbOXHGkCVinqy8kkFlGha
660n4jSYGpJvmUAB9sBMwtV/y6DKomQn4lNtX5UQkZ3VAfOFzQ==
-----END CERTIFICATE-----
Generated at Mon Oct 20 12:52:17 2025 by rpki-client