Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/4a7b2b27-8130-47da-97da-78c91087b05e.roa
File: 4a7b2b27-8130-47da-97da-78c91087b05e.roa (raw, json)
Hash identifier: Fzl2RWOM98RqBS/uuCSjezSO5yn+kQBpoTMLxhSRQBM=
Subject key identifier: 66:5D:B1:82:B6:F7:3C:7A:0C:C9:62:E1:3E:BA:73:1D:79:C8:D0:91
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 7F5AFE2B7541B2EAB4B0B469928509CE27EB44C5
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/4a7b2b27-8130-47da-97da-78c91087b05e.roa
Signing time: Fri 26 Sep 2025 18:39:10 +0000
ROA not before: Fri 26 Sep 2025 18:39:10 +0000
ROA not after: Fri 31 Oct 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d072:c040::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 21 Oct 2025 00:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
7f:5a:fe:2b:75:41:b2:ea:b4:b0:b4:69:92:85:09:ce:27:eb:44:c5
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Sep 26 18:39:10 2025 GMT
Not After : Oct 31 23:59:59 2025 GMT
Subject: serialNumber=fcf23ad8e4447438157fe4400182ee51449f085d7d57f066dc3d5cb319f340cc, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b3:9f:78:99:82:29:8e:20:6b:51:a0:67:20:50:
9f:e6:12:51:8e:39:cf:38:00:25:60:fc:da:8d:35:
13:2c:77:48:aa:1f:23:a1:27:c1:3b:f2:a7:b0:65:
5f:7d:28:a8:f3:0d:1e:6b:13:e9:1c:6e:11:99:ac:
6f:a9:c4:73:b1:fc:f6:83:9b:63:5d:03:ec:fa:99:
c1:1d:60:76:67:86:3c:fa:7f:28:71:47:62:b0:33:
17:cf:9e:dd:76:96:42:df:af:28:3f:f0:0f:40:e4:
16:d0:6e:98:73:7a:c9:ac:65:96:e2:7b:e6:67:c5:
a7:d9:2d:56:9a:1d:1f:d9:52:d4:7f:e9:3d:22:f0:
4f:9c:da:37:41:3b:89:04:3c:c3:63:7c:ca:5a:46:
e9:4b:cf:2f:aa:d5:e1:ea:58:b1:6b:f3:b0:e6:ef:
55:21:d3:b6:91:02:34:3e:64:ca:1f:3d:c2:47:29:
ba:51:fc:7a:e9:15:67:f7:33:fb:f6:46:f6:d4:5b:
60:e4:13:3a:16:93:22:df:2d:16:ff:92:c4:71:f6:
a9:00:d0:f5:01:e4:de:9c:9b:7b:ee:63:a2:65:bd:
f8:19:44:b1:d9:62:42:1d:a2:cd:47:81:d8:52:eb:
19:26:a5:69:62:d0:33:60:97:70:91:1e:88:4f:30:
65:83
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
66:5D:B1:82:B6:F7:3C:7A:0C:C9:62:E1:3E:BA:73:1D:79:C8:D0:91
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/4a7b2b27-8130-47da-97da-78c91087b05e.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d072:c040::/48
Signature Algorithm: sha256WithRSAEncryption
0b:09:f9:0c:00:92:af:1f:02:20:fb:f8:aa:4e:45:a5:b0:ce:
17:b2:70:c0:1c:c5:45:2f:d6:c8:05:19:56:f0:00:b2:fb:21:
ec:67:00:35:bf:c6:77:71:a3:be:92:06:c6:ad:e9:6d:a3:c0:
02:ab:e5:3f:e2:f6:61:65:03:eb:32:ba:7f:59:92:1a:49:0c:
0b:9a:7b:49:90:c6:63:0a:dd:c1:c2:98:22:c2:0a:aa:ac:21:
d9:53:03:87:8f:48:1d:44:bb:a1:2d:3c:0a:94:93:2e:a2:40:
89:10:38:6a:bf:cc:ad:05:56:57:c0:e5:d6:68:b5:dc:c6:fa:
f2:3e:2d:85:b5:bd:ba:6c:0f:69:39:ab:d3:6d:0e:56:ab:57:
08:cd:f1:ed:88:a1:a5:45:64:91:2b:93:f1:59:f0:91:fc:d8:
b9:9e:59:5c:44:d1:ac:88:22:b5:8e:03:bc:04:c6:61:8f:0a:
df:27:ec:1a:6f:da:de:9d:a7:8d:c3:df:bc:fa:38:4e:68:a7:
3d:0d:4c:dc:c3:1e:87:b1:51:62:d5:40:3a:df:26:b2:b5:42:
07:f8:4d:e2:07:fd:68:0a:c5:42:5d:09:65:3f:eb:43:55:f7:
ca:7e:43:bf:16:33:69:33:f8:39:5c:a9:68:bb:26:09:5c:e8:
e4:75:52:b5
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUf1r+K3VBsuq0sLRpkoUJzifrRMUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MjYxODM5MTBaFw0yNTEwMzEyMzU5NTlaMHoxSTBHBgNV
BAUTQGZjZjIzYWQ4ZTQ0NDc0MzgxNTdmZTQ0MDAxODJlZTUxNDQ5ZjA4NWQ3ZDU3
ZjA2NmRjM2Q1Y2IzMTlmMzQwY2MxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALOfeJmCKY4ga1GgZyBQn+YSUY45zzgAJWD82o01Eyx3SKofI6EnwTvyp7Bl
X30oqPMNHmsT6RxuEZmsb6nEc7H89oObY10D7PqZwR1gdmeGPPp/KHFHYrAzF8+e
3XaWQt+vKD/wD0DkFtBumHN6yaxlluJ75mfFp9ktVpodH9lS1H/pPSLwT5zaN0E7
iQQ8w2N8ylpG6UvPL6rV4epYsWvzsObvVSHTtpECND5kyh89wkcpulH8eukVZ/cz
+/ZG9tRbYOQTOhaTIt8tFv+SxHH2qQDQ9QHk3pybe+5jomW9+BlEsdliQh2izUeB
2FLrGSalaWLQM2CXcJEeiE8wZYMCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBRmXbGC
tvc8egzJYuE+unMdecjQkTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NGE3YjJiMjctODEzMC00N2RhLTk3ZGEtNzhjOTEwODdiMDVlLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0HLA
QDANBgkqhkiG9w0BAQsFAAOCAQEACwn5DACSrx8CIPv4qk5FpbDOF7JwwBzFRS/W
yAUZVvAAsvsh7GcANb/Gd3GjvpIGxq3pbaPAAqvlP+L2YWUD6zK6f1mSGkkMC5p7
SZDGYwrdwcKYIsIKqqwh2VMDh49IHUS7oS08CpSTLqJAiRA4ar/MrQVWV8Dl1mi1
3Mb68j4thbW9umwPaTmr020OVqtXCM3x7YihpUVkkSuT8VnwkfzYuZ5ZXETRrIgi
tY4DvATGYY8K3yfsGm/a3p2njcPfvPo4TminPQ1M3MMeh7FRYtVAOt8msrVCB/hN
4gf9aArFQl0JZT/rQ1X3yn5DvxYzaTP4OVypaLsmCVzo5HVStQ==
-----END CERTIFICATE-----
Generated at Mon Oct 20 08:53:45 2025 by rpki-client