Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/45c6591c-1ba0-4769-9e6a-11566f006613.roa
File: 45c6591c-1ba0-4769-9e6a-11566f006613.roa (raw, json)
Hash identifier: pqKRB46rnHs3YnJ5h97hKYbDJjFJcyGrpq0CQ0dVhlw=
Subject key identifier: 63:2B:F5:56:2D:89:78:0C:F3:78:09:13:CA:D1:E5:E7:AC:92:FF:D9
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 4CDBE4AE3C4A8F645977871D6DF36272EF38E04D
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/45c6591c-1ba0-4769-9e6a-11566f006613.roa
Signing time: Fri 26 Sep 2025 18:42:20 +0000
ROA not before: Fri 26 Sep 2025 18:42:20 +0000
ROA not after: Fri 31 Oct 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d07f:90c0::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 21 Oct 2025 09:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
4c:db:e4:ae:3c:4a:8f:64:59:77:87:1d:6d:f3:62:72:ef:38:e0:4d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Sep 26 18:42:20 2025 GMT
Not After : Oct 31 23:59:59 2025 GMT
Subject: serialNumber=e304012c7949a915217c9614092b114bbe1e2c4787b7f1728d6dfc8d1b0e1e03, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9f:b0:6d:c5:bc:0b:f3:32:42:eb:bb:d8:4c:10:
23:8e:db:7d:56:ce:d2:d0:09:b1:1b:ff:71:66:3f:
53:39:24:0c:b1:d6:98:a4:39:31:c3:cf:40:22:7a:
f9:b0:8a:84:3c:1d:e8:00:c7:b9:c7:72:20:27:be:
0c:3e:c0:fb:80:c0:9e:00:1d:61:7c:9a:0b:3e:d4:
62:a6:36:2d:71:54:2e:ae:ae:84:5e:53:38:66:f9:
7f:70:e2:dd:fb:33:17:7e:07:9b:fe:8b:3c:e2:3c:
02:6e:d7:89:30:cc:f6:b8:b9:ef:88:b0:df:e9:31:
9e:84:e8:9d:11:a8:11:88:9c:11:cc:d0:a9:46:38:
05:30:5c:23:ca:da:6a:74:07:23:c2:9b:1a:50:43:
9b:8f:3f:dd:73:8f:ac:fe:c1:a3:7e:82:ee:99:f5:
aa:d5:c8:b9:8e:35:b3:9d:76:c2:8c:9a:7b:8a:39:
25:8b:35:ce:8d:90:b6:85:71:ef:65:7a:3a:89:aa:
c5:30:fa:3a:35:07:87:d3:a9:19:e9:14:d3:52:2a:
c3:15:0b:74:45:f1:80:c0:c4:7f:66:e6:43:ed:14:
a7:c3:e7:e5:12:5f:85:ee:85:59:b0:c3:c9:4c:5b:
03:ec:f2:30:ff:60:e2:6d:af:e7:85:fd:57:e7:95:
28:07
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
63:2B:F5:56:2D:89:78:0C:F3:78:09:13:CA:D1:E5:E7:AC:92:FF:D9
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/45c6591c-1ba0-4769-9e6a-11566f006613.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d07f:90c0::/48
Signature Algorithm: sha256WithRSAEncryption
0b:b2:bf:ba:92:c1:81:6b:5b:cf:ce:14:1b:42:b8:ba:07:13:
f6:89:23:0e:8c:f2:82:77:b4:54:7f:94:de:d0:66:7b:12:fe:
59:fa:f2:b7:20:4c:b7:a4:57:50:f6:a5:6a:3c:89:71:69:85:
91:b8:4b:37:48:1a:11:bc:af:d6:22:6d:1e:05:a6:3c:24:8b:
f7:30:d9:e4:f2:1d:3f:4c:c5:7a:67:61:28:f1:61:83:81:87:
62:2c:c5:6a:44:06:e4:29:eb:9d:cf:7e:9f:dc:bf:ab:0b:bc:
20:1c:79:e0:12:e6:59:ae:2c:1f:8b:35:9f:2f:ab:b3:0c:7a:
8c:c1:7a:d2:5c:73:f0:8a:5a:d1:86:81:a6:4d:80:bc:52:1b:
c1:05:45:ae:6a:45:16:44:6d:a4:94:6c:38:1e:c1:bc:bd:5d:
6a:1e:18:3f:f2:11:8e:a3:0a:2b:a6:e1:79:24:4a:fd:3f:92:
2b:52:aa:69:cd:4c:c0:4e:51:2a:15:69:bb:0a:ae:3c:a1:23:
4e:1e:bd:ef:90:e3:08:59:d9:ec:59:d6:20:b3:76:97:8c:81:
41:22:59:79:ef:df:c0:3d:ea:92:9d:10:95:1b:51:67:c9:68:
49:a1:97:34:ca:68:c6:ef:eb:bd:44:1d:83:07:a5:48:5e:15:
ea:e3:3d:2a
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUTNvkrjxKj2RZd4cdbfNicu844E0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MjYxODQyMjBaFw0yNTEwMzEyMzU5NTlaMHoxSTBHBgNV
BAUTQGUzMDQwMTJjNzk0OWE5MTUyMTdjOTYxNDA5MmIxMTRiYmUxZTJjNDc4N2I3
ZjE3MjhkNmRmYzhkMWIwZTFlMDMxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJ+wbcW8C/MyQuu72EwQI47bfVbO0tAJsRv/cWY/UzkkDLHWmKQ5McPPQCJ6
+bCKhDwd6ADHucdyICe+DD7A+4DAngAdYXyaCz7UYqY2LXFULq6uhF5TOGb5f3Di
3fszF34Hm/6LPOI8Am7XiTDM9ri574iw3+kxnoTonRGoEYicEczQqUY4BTBcI8ra
anQHI8KbGlBDm48/3XOPrP7Bo36C7pn1qtXIuY41s512woyae4o5JYs1zo2QtoVx
72V6OomqxTD6OjUHh9OpGekU01IqwxULdEXxgMDEf2bmQ+0Up8Pn5RJfhe6FWbDD
yUxbA+zyMP9g4m2v54X9V+eVKAcCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBRjK/VW
LYl4DPN4CRPK0eXnrJL/2TAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NDVjNjU5MWMtMWJhMC00NzY5LTllNmEtMTE1NjZmMDA2NjEzLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0H+Q
wDANBgkqhkiG9w0BAQsFAAOCAQEAC7K/upLBgWtbz84UG0K4ugcT9okjDozygne0
VH+U3tBmexL+WfrytyBMt6RXUPalajyJcWmFkbhLN0gaEbyv1iJtHgWmPCSL9zDZ
5PIdP0zFemdhKPFhg4GHYizFakQG5Cnrnc9+n9y/qwu8IBx54BLmWa4sH4s1ny+r
swx6jMF60lxz8Ipa0YaBpk2AvFIbwQVFrmpFFkRtpJRsOB7BvL1dah4YP/IRjqMK
K6bheSRK/T+SK1Kqac1MwE5RKhVpuwquPKEjTh6975DjCFnZ7FnWILN2l4yBQSJZ
ee/fwD3qkp0QlRtRZ8loSaGXNMpoxu/rvUQdgwelSF4V6uM9Kg==
-----END CERTIFICATE-----
Generated at Mon Oct 20 13:47:47 2025 by rpki-client