Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/4967c03f-f17b-42f4-bfca-8694bb963ab0.roa
File: 4967c03f-f17b-42f4-bfca-8694bb963ab0.roa (raw, json)
Hash identifier: +vCqKFLlsPkQbRaNej0xzwHFaefxRzLhVuTcxRkdqbo=
Subject key identifier: 0A:65:E7:64:A8:40:B3:44:4F:F4:ED:A3:2C:2B:B4:50:7E:AA:F6:88
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 6FCB0664F825A493C1D44E740E82013097361B0D
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/4967c03f-f17b-42f4-bfca-8694bb963ab0.roa
Signing time: Fri 26 Sep 2025 18:39:05 +0000
ROA not before: Fri 26 Sep 2025 18:39:05 +0000
ROA not after: Fri 31 Oct 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d000:9040::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 21 Oct 2025 22:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
6f:cb:06:64:f8:25:a4:93:c1:d4:4e:74:0e:82:01:30:97:36:1b:0d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Sep 26 18:39:05 2025 GMT
Not After : Oct 31 23:59:59 2025 GMT
Subject: serialNumber=5b9a9ec7ba11a4ea394c2f8a524b55df774ebe21c21be0c82bca63bc29183484, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:94:65:6c:b4:04:76:e0:8a:2d:97:07:2c:2d:b2:
65:51:36:55:a7:16:20:5d:ad:ee:e5:92:0e:ef:7e:
e8:93:54:d0:85:68:8f:29:57:64:a8:72:f9:16:aa:
7f:67:7e:56:6d:cb:d6:4b:81:f4:49:dc:df:f4:19:
94:a1:4a:a6:b3:70:e8:06:0c:2b:10:bf:18:7d:6c:
4a:40:1e:e0:09:fa:60:f7:fa:e5:69:64:f6:f2:5d:
3f:49:4c:bd:d5:c9:c6:47:f5:ff:f6:d5:63:0b:28:
08:3b:d8:bb:3f:36:5a:b5:39:a3:93:8f:b1:08:fa:
10:75:80:63:8a:d7:80:4c:3f:42:87:93:36:21:ac:
21:80:34:b4:10:87:7f:9a:fb:c6:aa:3e:59:50:8d:
3c:5f:f0:6e:52:b3:02:80:88:e2:e1:4f:09:e0:d8:
ec:c2:39:48:94:38:40:58:ce:27:11:00:c0:3d:01:
a0:d2:bb:29:87:6c:35:32:1e:c6:4c:e4:18:7c:60:
44:98:85:03:05:5d:20:12:f4:0e:f3:f3:03:55:4c:
11:80:a3:34:e1:1e:f2:bb:3b:6c:5c:1b:c7:40:68:
e5:6f:56:4d:a8:a1:21:6e:06:81:d7:4b:8d:77:3c:
b1:a4:ff:1c:1f:a8:c3:a7:f6:16:67:f3:db:dd:ca:
a5:87
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0A:65:E7:64:A8:40:B3:44:4F:F4:ED:A3:2C:2B:B4:50:7E:AA:F6:88
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/4967c03f-f17b-42f4-bfca-8694bb963ab0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d000:9040::/48
Signature Algorithm: sha256WithRSAEncryption
3f:cf:ed:a6:7f:1d:c5:95:20:55:89:cf:46:27:3b:ab:ff:7f:
fa:3d:b0:2b:ab:ef:9b:91:79:28:3e:e1:7d:c5:2b:92:a5:fb:
63:b9:a7:d4:69:3b:ce:1d:d7:d9:f0:5c:7e:aa:37:14:f9:72:
cb:85:f5:a7:bb:6e:60:3b:1d:f2:2f:9f:5c:8c:65:4d:01:2c:
60:d9:51:2d:a0:97:cc:ba:82:3a:9b:95:d9:33:1b:ba:65:a0:
cb:a2:76:ef:27:4c:e8:82:90:29:43:03:54:84:f0:a6:67:7b:
75:a5:06:19:4e:79:1b:16:30:2f:5b:bb:dc:8b:3e:a8:e1:d1:
62:e2:00:b4:8c:b3:64:ac:ab:3d:0a:23:ca:9a:4f:66:e4:bd:
99:6e:b5:de:bb:ab:10:a0:bb:14:44:8e:23:e6:b8:ac:58:1a:
40:7b:b3:e3:c1:ab:5b:c4:a4:42:cd:ce:a7:c4:01:2f:14:3e:
60:d6:e8:55:7f:3c:f3:5d:38:6b:a5:9f:eb:8c:2f:12:b1:96:
f6:63:c0:a8:a0:c8:32:fa:72:8b:f8:92:29:60:b3:da:3f:5a:
c7:83:d3:b8:c9:d0:bc:e4:50:09:97:b6:96:00:f9:a4:7a:7b:
ec:e4:c2:ae:18:a2:e6:23:24:ea:2f:38:3f:cb:a1:08:7e:5a:
1f:75:cd:32
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUb8sGZPglpJPB1E50DoIBMJc2Gw0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MjYxODM5MDVaFw0yNTEwMzEyMzU5NTlaMHoxSTBHBgNV
BAUTQDViOWE5ZWM3YmExMWE0ZWEzOTRjMmY4YTUyNGI1NWRmNzc0ZWJlMjFjMjFi
ZTBjODJiY2E2M2JjMjkxODM0ODQxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJRlbLQEduCKLZcHLC2yZVE2VacWIF2t7uWSDu9+6JNU0IVojylXZKhy+Raq
f2d+Vm3L1kuB9Enc3/QZlKFKprNw6AYMKxC/GH1sSkAe4An6YPf65Wlk9vJdP0lM
vdXJxkf1//bVYwsoCDvYuz82WrU5o5OPsQj6EHWAY4rXgEw/QoeTNiGsIYA0tBCH
f5r7xqo+WVCNPF/wblKzAoCI4uFPCeDY7MI5SJQ4QFjOJxEAwD0BoNK7KYdsNTIe
xkzkGHxgRJiFAwVdIBL0DvPzA1VMEYCjNOEe8rs7bFwbx0Bo5W9WTaihIW4GgddL
jXc8saT/HB+ow6f2Fmfz293KpYcCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBQKZedk
qECzRE/07aMsK7RQfqr2iDAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NDk2N2MwM2YtZjE3Yi00MmY0LWJmY2EtODY5NGJiOTYzYWIwLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0ACQ
QDANBgkqhkiG9w0BAQsFAAOCAQEAP8/tpn8dxZUgVYnPRic7q/9/+j2wK6vvm5F5
KD7hfcUrkqX7Y7mn1Gk7zh3X2fBcfqo3FPlyy4X1p7tuYDsd8i+fXIxlTQEsYNlR
LaCXzLqCOpuV2TMbumWgy6J27ydM6IKQKUMDVITwpmd7daUGGU55GxYwL1u73Is+
qOHRYuIAtIyzZKyrPQojyppPZuS9mW613rurEKC7FESOI+a4rFgaQHuz48GrW8Sk
Qs3Op8QBLxQ+YNboVX888104a6Wf64wvErGW9mPAqKDIMvpyi/iSKWCz2j9ax4PT
uMnQvORQCZe2lgD5pHp77OTCrhii5iMk6i84P8uhCH5aH3XNMg==
-----END CERTIFICATE-----
Generated at Tue Oct 21 04:15:56 2025 by rpki-client