Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/4e84f0a8-9d20-4219-b641-9a6905a033d9.roa
File: 4e84f0a8-9d20-4219-b641-9a6905a033d9.roa (raw, json)
Hash identifier: 90lRwYAqVsgamtG7l0rff2Cg8oSm76hunlL0alZwA6k=
Subject key identifier: B2:25:80:A2:E3:D4:6E:1C:EC:C9:13:A4:56:B1:6D:11:C8:77:D6:64
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 5EE5E0FEFAF22C7773BE8348B583CF8402EF9E33
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/4e84f0a8-9d20-4219-b641-9a6905a033d9.roa
Signing time: Fri 26 Sep 2025 18:39:54 +0000
ROA not before: Fri 26 Sep 2025 18:39:54 +0000
ROA not after: Fri 31 Oct 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d072:a040::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 21 Oct 2025 09:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
5e:e5:e0:fe:fa:f2:2c:77:73:be:83:48:b5:83:cf:84:02:ef:9e:33
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Sep 26 18:39:54 2025 GMT
Not After : Oct 31 23:59:59 2025 GMT
Subject: serialNumber=23e5f6dfec3b13c76985b679853c5567dbc8d86ce984e55daf2d19d2e0a58a37, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d2:a1:3c:d8:e2:24:7f:18:92:fa:a5:01:b0:5d:
3a:7a:77:fa:b9:98:1f:5d:ed:ce:76:7e:a3:c5:67:
19:14:dd:9a:7f:03:1b:7c:98:6c:07:26:8f:8b:aa:
d2:ed:85:b1:2f:cc:9b:5c:04:65:53:01:8f:93:84:
35:14:f2:a1:66:88:56:96:33:8c:ca:77:d7:2d:52:
82:f6:7f:96:e0:90:72:7d:f0:34:ca:a9:b6:22:0e:
b5:51:fc:cb:73:b3:f9:5e:60:dd:a4:e1:f2:9a:7c:
e1:6d:22:a1:70:4d:84:d5:25:b3:57:8e:75:e7:4e:
84:08:34:1d:6a:99:a1:ec:f9:c5:ac:39:f7:82:31:
e7:a0:99:ff:ad:4c:78:5b:2f:20:00:c5:eb:e1:3d:
c3:a2:a5:8e:75:1f:9a:0b:15:4f:e3:d1:a9:2d:df:
71:3e:e5:ff:a2:0b:4e:d1:19:6a:ad:5e:da:27:62:
23:c4:00:07:63:9e:9d:2e:01:ad:07:65:e6:98:d8:
b4:6a:09:5d:45:75:62:ba:31:8b:cc:68:a0:41:a1:
0e:fd:f4:a9:ef:88:ba:64:74:95:3d:3c:cd:8e:38:
0e:e9:73:47:e7:ae:02:f4:4b:d9:6b:e3:34:92:06:
41:23:2f:2f:bb:7c:6d:14:e9:3e:65:4f:16:cd:9a:
e1:df
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B2:25:80:A2:E3:D4:6E:1C:EC:C9:13:A4:56:B1:6D:11:C8:77:D6:64
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/4e84f0a8-9d20-4219-b641-9a6905a033d9.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d072:a040::/48
Signature Algorithm: sha256WithRSAEncryption
50:b1:c9:6e:51:4a:9b:82:7b:c7:1a:6c:79:e6:ba:77:84:4d:
86:cf:24:4f:cf:95:2a:15:42:52:10:a2:9f:61:e1:44:ae:3c:
0e:7c:0a:4f:e6:79:c1:ae:d4:fb:3b:57:7a:a2:d7:d2:e9:24:
58:3f:14:c1:3f:2d:7b:9a:66:4c:2a:cf:79:e5:8e:69:ca:b5:
e9:a5:13:14:04:12:05:5d:fb:33:ee:7a:08:8d:f9:db:fc:e2:
6e:56:d5:53:3e:59:d3:44:24:c1:ac:91:ea:5a:9b:ea:cb:c4:
90:ec:01:47:d6:cf:1e:aa:2d:96:32:2e:ef:d6:34:13:d1:92:
8b:17:77:17:5b:39:3f:50:2c:8b:df:40:f3:fc:f3:b6:49:2a:
4e:28:ca:a1:1d:6b:a7:d1:b6:05:7b:a4:8e:83:41:85:93:7a:
7f:95:eb:d3:19:e8:69:16:2b:d3:9c:f8:7b:5f:86:6f:15:e1:
42:58:5a:1b:86:34:c3:13:52:52:31:eb:40:59:e6:d8:eb:29:
dd:18:b7:fe:7e:4f:33:6a:5e:d2:6a:86:2e:b5:59:a4:4e:66:
91:de:b7:63:3c:bd:7e:74:7a:15:21:09:9f:a2:34:2d:cb:00:
c0:b7:c2:57:f6:ad:cc:2e:1f:fd:c1:80:ac:af:9c:dd:d5:9c:
b9:ab:79:4c
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUXuXg/vryLHdzvoNItYPPhALvnjMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MjYxODM5NTRaFw0yNTEwMzEyMzU5NTlaMHoxSTBHBgNV
BAUTQDIzZTVmNmRmZWMzYjEzYzc2OTg1YjY3OTg1M2M1NTY3ZGJjOGQ4NmNlOTg0
ZTU1ZGFmMmQxOWQyZTBhNThhMzcxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANKhPNjiJH8YkvqlAbBdOnp3+rmYH13tznZ+o8VnGRTdmn8DG3yYbAcmj4uq
0u2FsS/Mm1wEZVMBj5OENRTyoWaIVpYzjMp31y1SgvZ/luCQcn3wNMqptiIOtVH8
y3Oz+V5g3aTh8pp84W0ioXBNhNUls1eOdedOhAg0HWqZoez5xaw594Ix56CZ/61M
eFsvIADF6+E9w6KljnUfmgsVT+PRqS3fcT7l/6ILTtEZaq1e2idiI8QAB2OenS4B
rQdl5pjYtGoJXUV1Yroxi8xooEGhDv30qe+IumR0lT08zY44DulzR+euAvRL2Wvj
NJIGQSMvL7t8bRTpPmVPFs2a4d8CAwEAAaOCAiQwggIgMB0GA1UdDgQWBBSyJYCi
49RuHOzJE6RWsW0RyHfWZDAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NGU4NGYwYTgtOWQyMC00MjE5LWI2NDEtOWE2OTA1YTAzM2Q5LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0HKg
QDANBgkqhkiG9w0BAQsFAAOCAQEAULHJblFKm4J7xxpseea6d4RNhs8kT8+VKhVC
UhCin2HhRK48DnwKT+Z5wa7U+ztXeqLX0ukkWD8UwT8te5pmTCrPeeWOacq16aUT
FAQSBV37M+56CI352/ziblbVUz5Z00QkwayR6lqb6svEkOwBR9bPHqotljIu79Y0
E9GSixd3F1s5P1Asi99A8/zztkkqTijKoR1rp9G2BXukjoNBhZN6f5Xr0xnoaRYr
05z4e1+GbxXhQlhaG4Y0wxNSUjHrQFnm2Osp3Ri3/n5PM2pe0mqGLrVZpE5mkd63
Yzy9fnR6FSEJn6I0LcsAwLfCV/atzC4f/cGArK+c3dWcuat5TA==
-----END CERTIFICATE-----
Generated at Mon Oct 20 13:47:22 2025 by rpki-client