Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/4b43f183-cd0a-4862-a7f0-bf7122100edb.roa
File: 4b43f183-cd0a-4862-a7f0-bf7122100edb.roa (raw, json)
Hash identifier: FL7oo+2JxZPY3VL/VJ73Dg3Ly+sstbHrZWv8Aqat5rk=
Subject key identifier: C9:1A:F5:5C:EF:59:41:BD:C2:A5:C0:B3:1C:15:71:64:C8:BA:7F:DD
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 4D8C12C17E830D582BD7F8E0332B92BDBDE45B8E
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/4b43f183-cd0a-4862-a7f0-bf7122100edb.roa
Signing time: Fri 26 Sep 2025 20:01:01 +0000
ROA not before: Fri 26 Sep 2025 20:01:01 +0000
ROA not after: Fri 31 Oct 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d014:c00::/38 maxlen: 38
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 21 Oct 2025 00:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
4d:8c:12:c1:7e:83:0d:58:2b:d7:f8:e0:33:2b:92:bd:bd:e4:5b:8e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Sep 26 20:01:01 2025 GMT
Not After : Oct 31 23:59:59 2025 GMT
Subject: serialNumber=590340f16856de78293e2b64e4a84eb98698e09e3546cb1941c55ccd7fa22e86, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b1:f1:dd:b4:fa:8e:22:69:26:11:d8:cc:e8:c1:
2a:57:9b:a1:3d:71:81:c0:46:1d:60:94:68:72:02:
42:6b:c7:16:01:5d:85:ed:60:de:be:a3:56:d7:83:
d3:12:24:f3:0d:64:74:d0:75:9a:3b:f3:65:74:ad:
7e:a1:da:27:62:20:fb:ca:1e:8f:7d:fd:fb:80:a0:
46:b6:b4:0f:98:4a:38:af:c6:a5:03:a3:cd:38:e2:
1e:11:8d:6c:10:14:78:9a:56:21:d4:25:6e:e3:c8:
ed:41:ff:4f:15:40:20:e4:08:5b:3e:10:af:58:b6:
09:bf:30:11:b3:f8:f8:be:15:91:3f:65:16:f0:d3:
ba:da:b7:7f:d4:bc:59:25:22:4f:90:8b:ab:14:f4:
f3:08:d3:b2:5d:8d:de:25:08:4d:f7:6c:c3:6b:85:
a4:43:d8:93:67:80:59:38:27:e1:b2:bb:de:0d:73:
0a:fb:ae:2a:11:a6:bc:ec:2b:56:1c:43:c2:08:26:
c3:84:5f:38:3d:62:36:4a:73:06:1b:34:2d:99:3e:
5f:f4:69:4b:8f:0e:3f:6b:a4:3b:03:f4:0f:a7:ef:
09:a2:07:90:e3:d9:7a:7d:08:ba:ae:12:13:d3:7c:
47:e6:b9:f1:90:9c:7d:fd:12:9a:e8:39:24:53:95:
50:53
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C9:1A:F5:5C:EF:59:41:BD:C2:A5:C0:B3:1C:15:71:64:C8:BA:7F:DD
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/4b43f183-cd0a-4862-a7f0-bf7122100edb.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d014:c00::/38
Signature Algorithm: sha256WithRSAEncryption
74:1a:99:d1:f6:55:a5:82:f9:19:1c:26:f7:0e:5d:27:ae:95:
69:7d:cc:e7:86:1f:92:93:9b:b9:d6:b8:5e:94:23:1a:59:e5:
75:73:a7:03:8a:f8:73:46:47:ac:f9:fe:e8:38:27:b1:d6:5c:
c8:01:7a:ef:d7:4e:a7:50:9f:b7:c8:2a:49:2c:a0:4e:0d:7d:
dc:a8:d8:81:3c:25:f6:e8:4b:7f:3b:e2:49:2f:86:cb:61:25:
54:81:a1:e9:f8:8c:d2:0b:fe:09:ad:eb:27:58:7a:28:dd:e4:
64:50:d6:9a:bb:4d:8c:74:45:b6:d3:18:27:6d:d6:ee:f8:1b:
a3:c5:06:6f:a8:b6:08:fa:c7:4a:f7:12:e9:cf:ef:40:bb:92:
82:1e:f9:6b:05:47:c5:88:ca:1f:61:f1:ba:9f:c3:ac:a7:ed:
b3:6c:f6:ec:84:14:b7:12:d0:69:ae:02:44:b5:bc:01:36:03:
a2:fd:af:4b:87:63:00:47:83:6c:68:56:ad:78:c0:f9:b1:ac:
7e:84:3e:94:ef:18:b8:d0:d4:6c:a6:49:98:2c:78:32:02:62:
3d:1a:e8:2b:26:fb:e2:cc:d9:c7:60:56:4c:ab:38:dd:56:ab:
c7:26:33:d5:56:4c:7e:13:a3:06:ec:e6:1e:11:8c:be:f8:d2:
e6:6f:04:a0
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUTYwSwX6DDVgr1/jgMyuSvb3kW44wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MjYyMDAxMDFaFw0yNTEwMzEyMzU5NTlaMHoxSTBHBgNV
BAUTQDU5MDM0MGYxNjg1NmRlNzgyOTNlMmI2NGU0YTg0ZWI5ODY5OGUwOWUzNTQ2
Y2IxOTQxYzU1Y2NkN2ZhMjJlODYxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALHx3bT6jiJpJhHYzOjBKleboT1xgcBGHWCUaHICQmvHFgFdhe1g3r6jVteD
0xIk8w1kdNB1mjvzZXStfqHaJ2Ig+8oej339+4CgRra0D5hKOK/GpQOjzTjiHhGN
bBAUeJpWIdQlbuPI7UH/TxVAIOQIWz4Qr1i2Cb8wEbP4+L4VkT9lFvDTutq3f9S8
WSUiT5CLqxT08wjTsl2N3iUITfdsw2uFpEPYk2eAWTgn4bK73g1zCvuuKhGmvOwr
VhxDwggmw4RfOD1iNkpzBhs0LZk+X/RpS48OP2ukOwP0D6fvCaIHkOPZen0Iuq4S
E9N8R+a58ZCcff0Smug5JFOVUFMCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBTJGvVc
71lBvcKlwLMcFXFkyLp/3TAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NGI0M2YxODMtY2QwYS00ODYyLWE3ZjAtYmY3MTIyMTAwZWRiLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGAioF0BQM
MA0GCSqGSIb3DQEBCwUAA4IBAQB0GpnR9lWlgvkZHCb3Dl0nrpVpfcznhh+Sk5u5
1rhelCMaWeV1c6cDivhzRkes+f7oOCex1lzIAXrv106nUJ+3yCpJLKBODX3cqNiB
PCX26Et/O+JJL4bLYSVUgaHp+IzSC/4JresnWHoo3eRkUNaau02MdEW20xgnbdbu
+BujxQZvqLYI+sdK9xLpz+9Au5KCHvlrBUfFiMofYfG6n8Osp+2zbPbshBS3EtBp
rgJEtbwBNgOi/a9Lh2MAR4NsaFateMD5sax+hD6U7xi40NRspkmYLHgyAmI9Gugr
JvvizNnHYFZMqzjdVqvHJjPVVkx+E6MG7OYeEYy++NLmbwSg
-----END CERTIFICATE-----
Generated at Mon Oct 20 08:53:45 2025 by rpki-client