Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/446c7294-15f2-4794-9a7f-77119799815e.roa
File: 446c7294-15f2-4794-9a7f-77119799815e.roa (raw, json)
Hash identifier: AXQc/MQ8Ckq6hOhmKXuAQ9YmQxd2jbxSGhJcKesxLA4=
Subject key identifier: 43:AF:3C:EB:4C:3C:FF:83:E1:8D:6D:8A:08:A7:42:F0:98:EE:2B:17
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 3F0B6ABDCBBA2EF263A9AA46605ED8764103E1AA
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/446c7294-15f2-4794-9a7f-77119799815e.roa
Signing time: Mon 06 Oct 2025 18:00:06 +0000
ROA not before: Mon 06 Oct 2025 18:00:06 +0000
ROA not after: Mon 10 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d073:60c0::/46 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 21 Oct 2025 22:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
3f:0b:6a:bd:cb:ba:2e:f2:63:a9:aa:46:60:5e:d8:76:41:03:e1:aa
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Oct 6 18:00:06 2025 GMT
Not After : Nov 10 23:59:59 2025 GMT
Subject: serialNumber=76e307e4edd2e269f8362d02387ea3f3228214053242d4de383c2e27a369a3e1, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a6:eb:10:81:75:d2:91:7b:cd:4a:2f:76:b0:71:
06:39:06:a7:a9:1f:3d:f8:24:36:86:9e:06:17:72:
44:3f:55:f8:54:4d:73:eb:52:10:d8:18:d3:d9:2a:
24:9c:eb:59:6c:65:90:ca:9b:c2:7a:1c:07:69:d6:
c8:f0:2c:c7:ef:03:91:52:4f:72:c5:13:c0:e1:54:
23:92:b1:a8:c9:00:63:1d:c5:72:18:cf:b2:47:15:
52:09:7d:60:6e:19:f1:95:73:61:4b:82:d3:77:4d:
3d:59:db:ca:a9:2a:36:26:7d:29:de:b4:91:78:98:
cd:40:94:2b:d6:e9:d7:af:71:49:83:9e:fe:1f:cd:
aa:6e:67:61:3e:ed:bb:ed:47:1f:05:7a:0f:13:37:
1c:a4:e2:6c:da:6b:2a:e1:d9:dd:ff:0a:72:24:54:
03:5c:22:32:af:ae:d1:4a:a2:d2:8b:25:d5:70:98:
6a:da:e9:9f:f8:a6:9d:bb:29:1e:d1:00:55:89:72:
1b:98:03:6d:82:cf:34:fe:30:e7:34:36:31:72:2f:
d6:f5:90:c6:8c:c2:81:43:21:c3:4f:ae:e1:c8:0d:
3b:84:9e:25:34:b7:76:98:09:29:c5:e1:c2:64:90:
92:d2:b5:2e:05:87:dd:53:78:2b:b2:ef:4d:d8:4a:
4f:1d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
43:AF:3C:EB:4C:3C:FF:83:E1:8D:6D:8A:08:A7:42:F0:98:EE:2B:17
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/446c7294-15f2-4794-9a7f-77119799815e.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d073:60c0::/46
Signature Algorithm: sha256WithRSAEncryption
bc:e1:46:30:b0:db:b5:71:2a:ed:24:89:6a:71:e2:65:2a:7a:
27:13:a3:a5:3a:48:f8:d2:74:67:ca:f0:39:4e:1a:31:ac:df:
b4:60:8d:df:ae:06:97:a0:d8:32:bb:ba:65:41:e0:56:ad:72:
1d:53:c6:46:91:98:88:92:7c:46:91:95:1e:3c:77:34:35:df:
97:6b:f1:81:9d:d7:b3:16:8c:b7:ca:d7:c8:12:44:b9:6f:a4:
47:52:b1:6c:39:b3:63:72:3c:43:cf:8d:08:2a:60:6d:e2:2d:
24:ac:05:e4:16:2f:f2:4f:fc:e6:21:eb:13:fa:b6:ce:c3:f3:
29:63:02:cf:92:d7:e0:a2:19:fa:21:9e:48:8a:17:c5:f0:87:
2f:01:36:b7:de:e5:d2:ea:90:00:2d:43:89:1c:e2:ea:6d:8b:
bb:e5:6a:14:52:0b:63:06:f8:35:12:fd:ea:15:e6:a6:e4:75:
c6:90:6a:35:f1:fc:ee:3d:bf:36:bc:82:76:cd:0a:d0:a1:92:
02:ae:72:3d:7b:4f:a8:5f:d0:9e:84:72:5f:a5:e5:76:7b:db:
d3:53:e7:d9:bf:2e:65:9e:2e:0d:fc:3c:2c:23:3c:d9:c0:f1:
1f:d9:2d:55:51:55:85:58:0f:db:46:e9:ed:b1:7b:c2:ca:de:
36:52:ca:9d
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUPwtqvcu6LvJjqapGYF7YdkED4aowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMDYxODAwMDZaFw0yNTExMTAyMzU5NTlaMHoxSTBHBgNV
BAUTQDc2ZTMwN2U0ZWRkMmUyNjlmODM2MmQwMjM4N2VhM2YzMjI4MjE0MDUzMjQy
ZDRkZTM4M2MyZTI3YTM2OWEzZTExLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKbrEIF10pF7zUovdrBxBjkGp6kfPfgkNoaeBhdyRD9V+FRNc+tSENgY09kq
JJzrWWxlkMqbwnocB2nWyPAsx+8DkVJPcsUTwOFUI5KxqMkAYx3FchjPskcVUgl9
YG4Z8ZVzYUuC03dNPVnbyqkqNiZ9Kd60kXiYzUCUK9bp169xSYOe/h/Nqm5nYT7t
u+1HHwV6DxM3HKTibNprKuHZ3f8KciRUA1wiMq+u0Uqi0osl1XCYatrpn/imnbsp
HtEAVYlyG5gDbYLPNP4w5zQ2MXIv1vWQxozCgUMhw0+u4cgNO4SeJTS3dpgJKcXh
wmSQktK1LgWH3VN4K7LvTdhKTx0CAwEAAaOCAiQwggIgMB0GA1UdDgQWBBRDrzzr
TDz/g+GNbYoIp0LwmO4rFzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NDQ2YzcyOTQtMTVmMi00Nzk0LTlhN2YtNzcxMTk3OTk4MTVlLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHAioF0HNg
wDANBgkqhkiG9w0BAQsFAAOCAQEAvOFGMLDbtXEq7SSJanHiZSp6JxOjpTpI+NJ0
Z8rwOU4aMazftGCN364Gl6DYMru6ZUHgVq1yHVPGRpGYiJJ8RpGVHjx3NDXfl2vx
gZ3XsxaMt8rXyBJEuW+kR1KxbDmzY3I8Q8+NCCpgbeItJKwF5BYv8k/85iHrE/q2
zsPzKWMCz5LX4KIZ+iGeSIoXxfCHLwE2t97l0uqQAC1DiRzi6m2Lu+VqFFILYwb4
NRL96hXmpuR1xpBqNfH87j2/NryCds0K0KGSAq5yPXtPqF/QnoRyX6Xldnvb01Pn
2b8uZZ4uDfw8LCM82cDxH9ktVVFVhVgP20bp7bF7wsreNlLKnQ==
-----END CERTIFICATE-----
Generated at Tue Oct 21 01:36:26 2025 by rpki-client