Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/4ba54e4f-0294-4e83-8037-7d266c37f0c9.roa
File: 4ba54e4f-0294-4e83-8037-7d266c37f0c9.roa (raw, json)
Hash identifier: MlzTLnWIUdpD63IUiazVptTZV2m7O6ggH8dqAoDqJmc=
Subject key identifier: B9:32:4C:5D:2C:D1:87:F4:4B:6F:83:8E:F2:E2:30:77:2F:B3:92:CB
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 14B377FA11180FC98B9698D8B2CB0E378401632B
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/4ba54e4f-0294-4e83-8037-7d266c37f0c9.roa
Signing time: Mon 13 Oct 2025 18:00:05 +0000
ROA not before: Mon 13 Oct 2025 18:00:05 +0000
ROA not after: Mon 17 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d030:a000::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 21 Oct 2025 00:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
14:b3:77:fa:11:18:0f:c9:8b:96:98:d8:b2:cb:0e:37:84:01:63:2b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Oct 13 18:00:05 2025 GMT
Not After : Nov 17 23:59:59 2025 GMT
Subject: serialNumber=5e3295850bcd24ae41b6b856bd4abed0ab27cd339592d386905855115d7812e0, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d0:35:ff:8b:34:de:78:85:09:32:b8:a6:02:e4:
47:db:83:fa:48:2d:01:63:9b:54:f7:a6:12:e6:f2:
55:f8:0d:37:50:fd:4e:dc:46:ef:16:d5:31:cc:42:
ad:d7:49:2b:62:ed:cb:e2:1a:93:cf:b1:9e:61:f2:
15:da:eb:3f:60:cc:bc:27:d5:e4:4b:0d:82:8b:bb:
32:02:e9:7d:e4:6f:ee:1d:bc:44:7c:9a:92:e7:60:
7e:0e:47:2b:39:88:70:8b:96:36:6f:86:89:1c:21:
0b:3c:5f:d4:30:6a:2e:cf:cb:d3:86:23:d6:21:5b:
5b:ba:16:25:70:76:41:2a:b3:21:4a:36:c6:04:1a:
e6:3e:91:49:56:ea:21:cb:d1:91:6c:48:be:02:dd:
65:99:78:1d:57:4b:6b:2c:e1:54:d0:8b:7a:78:38:
84:20:b1:75:fa:1d:53:5a:bd:94:e7:22:0d:93:6d:
c4:e5:40:7b:78:17:8a:e9:2d:9d:6f:14:ad:7b:2a:
6e:c7:d7:e5:4c:49:28:35:c8:5a:c6:16:4c:a1:c4:
aa:73:b0:0a:bc:ca:4a:8b:e5:4e:ac:de:e1:ec:48:
11:bd:86:a9:7e:93:d9:a0:7c:1e:78:1b:ee:d1:69:
da:9b:b0:3b:31:b3:41:d4:a9:e1:16:ce:aa:fe:5b:
07:df
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B9:32:4C:5D:2C:D1:87:F4:4B:6F:83:8E:F2:E2:30:77:2F:B3:92:CB
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/4ba54e4f-0294-4e83-8037-7d266c37f0c9.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d030:a000::/40
Signature Algorithm: sha256WithRSAEncryption
29:67:72:65:fe:68:0d:29:a6:91:36:d6:5c:ce:50:25:3f:2e:
01:de:a2:b5:cd:99:a1:46:2e:36:34:a2:a1:bf:68:61:35:2b:
2c:22:66:44:d9:3d:6f:43:40:cc:96:6b:06:63:a7:d0:6b:2c:
73:db:15:a8:75:3f:84:bf:e4:21:c9:a1:a4:cf:4c:42:a6:b2:
11:19:05:8e:b2:41:53:42:c4:f0:45:31:0c:31:94:2d:0e:b4:
69:d2:00:69:f7:61:e3:7a:c6:c2:c4:c0:4e:00:e6:69:b5:95:
37:34:1e:9a:65:db:12:e4:bd:62:ec:8d:7b:75:5c:cc:28:0d:
e6:da:a3:d9:4e:3e:0e:76:94:df:5d:03:c3:0b:42:db:d2:c3:
c2:4f:31:30:4d:f5:46:d8:73:4b:05:fb:5a:c6:13:7f:2a:aa:
83:f4:a2:2f:2f:38:34:7b:c4:d2:23:17:7d:68:c6:81:11:be:
87:17:9d:e9:c9:99:c1:eb:2b:1e:d6:dc:39:60:a2:0d:8b:7f:
de:84:c3:3a:49:8b:44:c6:c4:d2:18:44:07:b2:22:36:6d:64:
06:9e:0d:ff:53:c9:4c:4b:93:43:4a:8a:79:4d:a6:e2:ac:7a:
ed:86:05:a8:48:a3:4d:06:de:14:64:89:d3:51:f0:99:eb:30:
76:ac:8a:09
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUFLN3+hEYD8mLlpjYsssON4QBYyswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMTMxODAwMDVaFw0yNTExMTcyMzU5NTlaMHoxSTBHBgNV
BAUTQDVlMzI5NTg1MGJjZDI0YWU0MWI2Yjg1NmJkNGFiZWQwYWIyN2NkMzM5NTky
ZDM4NjkwNTg1NTExNWQ3ODEyZTAxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANA1/4s03niFCTK4pgLkR9uD+kgtAWObVPemEubyVfgNN1D9TtxG7xbVMcxC
rddJK2Lty+Iak8+xnmHyFdrrP2DMvCfV5EsNgou7MgLpfeRv7h28RHyakudgfg5H
KzmIcIuWNm+GiRwhCzxf1DBqLs/L04Yj1iFbW7oWJXB2QSqzIUo2xgQa5j6RSVbq
IcvRkWxIvgLdZZl4HVdLayzhVNCLeng4hCCxdfodU1q9lOciDZNtxOVAe3gXiukt
nW8UrXsqbsfX5UxJKDXIWsYWTKHEqnOwCrzKSovlTqze4exIEb2GqX6T2aB8Hngb
7tFp2puwOzGzQdSp4RbOqv5bB98CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBS5Mkxd
LNGH9Etvg47y4jB3L7OSyzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NGJhNTRlNGYtMDI5NC00ZTgzLTgwMzctN2QyNjZjMzdmMGM5LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0DCg
MA0GCSqGSIb3DQEBCwUAA4IBAQApZ3Jl/mgNKaaRNtZczlAlPy4B3qK1zZmhRi42
NKKhv2hhNSssImZE2T1vQ0DMlmsGY6fQayxz2xWodT+Ev+QhyaGkz0xCprIRGQWO
skFTQsTwRTEMMZQtDrRp0gBp92HjesbCxMBOAOZptZU3NB6aZdsS5L1i7I17dVzM
KA3m2qPZTj4OdpTfXQPDC0Lb0sPCTzEwTfVG2HNLBftaxhN/KqqD9KIvLzg0e8TS
Ixd9aMaBEb6HF53pyZnB6yse1tw5YKINi3/ehMM6SYtExsTSGEQHsiI2bWQGng3/
U8lMS5NDSop5TabirHrthgWoSKNNBt4UZInTUfCZ6zB2rIoJ
-----END CERTIFICATE-----
Generated at Mon Oct 20 08:53:47 2025 by rpki-client