Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/44d8b686-7db5-4309-8f09-3af611be3753.roa
File: 44d8b686-7db5-4309-8f09-3af611be3753.roa (raw, json)
Hash identifier: mrZ9qqtqyvuAClPzntuj9kBM56zSu3VTtdAYYcyBoVs=
Subject key identifier: 1D:5C:A5:CA:0B:FD:29:D3:ED:6C:6D:E3:7C:12:A4:05:FC:99:7E:2B
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 15B6F0369717A008B70E93225215B7B46EB9A569
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/44d8b686-7db5-4309-8f09-3af611be3753.roa
Signing time: Fri 26 Sep 2025 19:20:13 +0000
ROA not before: Fri 26 Sep 2025 19:20:13 +0000
ROA not after: Fri 31 Oct 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d07a:c000::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 21 Oct 2025 00:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
15:b6:f0:36:97:17:a0:08:b7:0e:93:22:52:15:b7:b4:6e:b9:a5:69
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Sep 26 19:20:13 2025 GMT
Not After : Oct 31 23:59:59 2025 GMT
Subject: serialNumber=f57391bf333e7048d2773c7aeb40ce5d14bca29db25b0a4955469c5f9b3cf42a, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c1:96:d4:4c:9b:45:35:42:f7:c1:eb:ad:ff:74:
13:57:c8:6f:bb:ba:2b:4f:63:ce:64:b4:b3:8b:02:
68:f7:cc:13:5d:ca:25:13:71:19:7e:d3:55:ee:33:
b8:46:6b:d6:3c:74:72:16:ed:96:50:f0:a9:36:80:
9a:f4:46:67:53:53:bf:a7:e7:04:e8:83:b4:7d:60:
8e:10:1d:e9:f3:6f:1a:57:3d:0d:af:6e:7e:47:13:
74:df:75:8c:7d:9a:d1:b8:9c:8d:c7:9b:71:f3:55:
f6:c5:67:ec:56:48:d6:db:23:91:4a:69:21:bd:3d:
2a:f5:ed:8e:4f:c2:70:1b:48:51:e8:09:d7:7c:a7:
69:fa:9b:76:a3:79:54:b6:e8:6a:a4:13:a4:fb:bc:
67:8a:5a:f7:55:9e:0f:51:b5:97:30:80:8e:65:61:
a4:03:28:f8:3a:3a:1a:3a:08:65:9f:02:e8:8b:d5:
09:8c:f0:60:ea:6f:a1:c5:1f:31:cd:1d:16:d4:de:
74:98:d3:b1:5d:2c:60:8e:d6:8b:96:96:dd:d1:43:
19:b5:f3:0a:d8:6c:a4:59:22:a5:e9:95:1e:43:d2:
4f:8d:4c:62:08:a9:fb:e0:77:d6:41:35:ff:c1:ef:
0d:85:09:14:6c:d8:8a:1a:47:8b:e4:e9:36:ac:b4:
87:c5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1D:5C:A5:CA:0B:FD:29:D3:ED:6C:6D:E3:7C:12:A4:05:FC:99:7E:2B
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/44d8b686-7db5-4309-8f09-3af611be3753.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d07a:c000::/40
Signature Algorithm: sha256WithRSAEncryption
9b:29:ac:b5:46:e6:16:ec:83:2c:25:7c:52:ad:a4:a0:e5:1d:
21:d7:d8:f8:db:aa:9f:91:b3:8b:22:41:25:e7:13:e3:83:52:
21:3f:9e:9c:8d:fe:5e:19:a0:5e:42:cf:98:3e:61:aa:dc:ea:
af:23:51:18:37:28:e3:5a:6c:bd:3a:53:cc:a5:b9:32:ff:4f:
10:cc:f9:c9:cd:3a:bf:2c:d7:1d:01:3d:c5:db:7f:34:d8:e8:
55:45:2f:e8:57:aa:cd:b7:26:9d:dc:7e:cd:2a:1c:70:fd:2e:
4b:ff:99:6e:d4:6b:40:f4:f4:e7:9d:64:76:8e:b1:d1:2f:36:
8f:98:a1:1a:4a:11:84:ef:47:1b:c8:bf:c5:26:ef:37:bf:e8:
eb:05:3b:b2:8b:6c:8b:cd:2f:fe:f6:8a:a8:7b:79:51:95:34:
71:05:35:63:c4:f7:89:d2:09:ff:3d:c6:1d:65:46:da:38:4d:
67:d8:16:df:94:35:9e:c7:3d:9d:b2:cd:9c:87:0b:d7:fd:b8:
3d:5c:cd:cc:57:1b:e7:32:25:15:ee:96:d1:5f:37:d8:4e:a0:
e0:31:7c:b3:7b:10:22:c0:ab:96:cc:a2:47:c3:65:cb:bb:9b:
69:3f:f8:66:68:fb:4b:4e:ef:a5:c0:23:33:63:06:59:02:e3:
61:f9:a6:7c
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUFbbwNpcXoAi3DpMiUhW3tG65pWkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MjYxOTIwMTNaFw0yNTEwMzEyMzU5NTlaMHoxSTBHBgNV
BAUTQGY1NzM5MWJmMzMzZTcwNDhkMjc3M2M3YWViNDBjZTVkMTRiY2EyOWRiMjVi
MGE0OTU1NDY5YzVmOWIzY2Y0MmExLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMGW1EybRTVC98Hrrf90E1fIb7u6K09jzmS0s4sCaPfME13KJRNxGX7TVe4z
uEZr1jx0chbtllDwqTaAmvRGZ1NTv6fnBOiDtH1gjhAd6fNvGlc9Da9ufkcTdN91
jH2a0bicjcebcfNV9sVn7FZI1tsjkUppIb09KvXtjk/CcBtIUegJ13ynafqbdqN5
VLboaqQTpPu8Z4pa91WeD1G1lzCAjmVhpAMo+Do6GjoIZZ8C6IvVCYzwYOpvocUf
Mc0dFtTedJjTsV0sYI7Wi5aW3dFDGbXzCthspFkipemVHkPST41MYgip++B31kE1
/8HvDYUJFGzYihpHi+TpNqy0h8UCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBQdXKXK
C/0p0+1sbeN8EqQF/Jl+KzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NDRkOGI2ODYtN2RiNS00MzA5LThmMDktM2FmNjExYmUzNzUzLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0HrA
MA0GCSqGSIb3DQEBCwUAA4IBAQCbKay1RuYW7IMsJXxSraSg5R0h19j426qfkbOL
IkEl5xPjg1IhP56cjf5eGaBeQs+YPmGq3OqvI1EYNyjjWmy9OlPMpbky/08QzPnJ
zTq/LNcdAT3F23802OhVRS/oV6rNtyad3H7NKhxw/S5L/5lu1GtA9PTnnWR2jrHR
LzaPmKEaShGE70cbyL/FJu83v+jrBTuyi2yLzS/+9oqoe3lRlTRxBTVjxPeJ0gn/
PcYdZUbaOE1n2BbflDWexz2dss2chwvX/bg9XM3MVxvnMiUV7pbRXzfYTqDgMXyz
exAiwKuWzKJHw2XLu5tpP/hmaPtLTu+lwCMzYwZZAuNh+aZ8
-----END CERTIFICATE-----
Generated at Mon Oct 20 08:53:36 2025 by rpki-client