Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/4e91376d-8b45-49e6-bf21-9f8e5d21208b.roa
File: 4e91376d-8b45-49e6-bf21-9f8e5d21208b.roa (raw, json)
Hash identifier: snDAncs+ISuLQ2AVaBIzcpaJxxVuf3unycVyOfZruDg=
Subject key identifier: E3:36:6A:24:1F:03:11:00:BC:41:ED:82:05:27:2C:00:21:61:39:98
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 28F6C7332CC269E59C4BCA9624231E61984B9E1A
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/4e91376d-8b45-49e6-bf21-9f8e5d21208b.roa
Signing time: Mon 13 Oct 2025 18:00:08 +0000
ROA not before: Mon 13 Oct 2025 18:00:08 +0000
ROA not after: Mon 17 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d030:5000::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 21 Oct 2025 09:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
28:f6:c7:33:2c:c2:69:e5:9c:4b:ca:96:24:23:1e:61:98:4b:9e:1a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Oct 13 18:00:08 2025 GMT
Not After : Nov 17 23:59:59 2025 GMT
Subject: serialNumber=50e6d3ba040ec086c95b833da2455b1aeda94c9833e1bf08ceabaa70c95b3d2b, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9f:d0:ab:a4:ce:e7:6c:85:7b:57:ac:7a:93:36:
ce:e4:36:e5:4f:dc:c9:7d:36:96:8f:14:12:16:9a:
3f:d7:ed:6c:61:3d:b2:03:09:e4:28:3c:26:07:a0:
1a:f2:49:b5:4e:74:af:88:68:6e:cb:77:ba:14:6a:
2c:74:02:c1:d2:a3:6c:d3:a4:ff:93:1f:c7:5c:db:
00:19:19:70:6c:3b:87:2f:1d:1b:17:e2:2c:f1:3c:
47:5c:a4:15:45:6d:54:dd:93:6a:f2:47:6f:17:aa:
eb:00:ea:29:7d:c2:c3:38:da:91:a8:04:d7:4c:d7:
79:08:18:8d:bd:52:d3:16:ee:07:4c:d1:29:2b:03:
79:69:90:3c:01:d2:7b:bb:0d:68:78:d0:c2:58:89:
b1:4e:a0:40:0b:12:e9:a9:60:d1:c7:96:67:be:7e:
4b:5f:a2:fe:ec:87:01:0c:f1:43:fc:43:24:4e:32:
88:3a:37:d6:71:e2:c5:dd:76:c0:ad:d8:4d:79:0c:
39:1c:22:8a:89:b3:dd:e5:08:8b:af:99:18:7d:8b:
c8:67:e1:10:fc:b3:17:3c:cb:92:ba:34:38:20:50:
d7:54:7d:96:b6:e6:b8:1a:ce:e7:f9:44:2e:3c:b1:
de:68:a6:f6:65:5b:c6:79:89:cc:f2:c2:4e:b6:1d:
05:39
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E3:36:6A:24:1F:03:11:00:BC:41:ED:82:05:27:2C:00:21:61:39:98
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/4e91376d-8b45-49e6-bf21-9f8e5d21208b.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d030:5000::/40
Signature Algorithm: sha256WithRSAEncryption
5f:b3:2f:8f:a6:65:1f:34:70:ac:fa:42:8c:12:96:bc:02:1c:
55:70:38:d5:ce:19:18:e7:1b:ba:6f:76:74:d9:93:ff:f0:8c:
c8:d6:47:c9:85:c0:08:8a:ca:e5:c3:f6:5f:6d:9b:37:31:61:
fe:4f:ce:41:11:c0:71:c8:5c:83:95:f1:da:11:ea:41:da:f3:
4a:77:91:7a:4f:51:71:be:9a:7f:dc:ec:c1:51:af:e3:4f:46:
ee:69:1f:f3:07:97:9a:00:0b:c4:dd:6e:40:1d:94:12:c7:00:
07:dc:4e:de:5c:59:20:77:8f:7a:ab:e9:22:44:cd:32:a3:1d:
5e:de:3c:0a:23:30:54:f9:15:72:a1:db:35:98:14:ac:80:48:
45:0f:3d:bb:fc:48:79:63:24:cb:e2:d5:f6:e1:72:e2:5f:06:
b1:31:26:c6:a3:c4:56:e5:55:64:9c:22:63:c0:3a:b8:63:4d:
28:be:65:d5:29:fc:89:32:e9:e9:b9:e4:2d:91:83:0b:17:b7:
ce:30:7c:ce:97:d0:da:ee:3e:b3:87:c7:ad:36:8a:a9:24:1f:
38:38:a9:3c:60:1e:be:7f:0e:cf:99:9d:f1:01:e5:11:96:cd:
78:9a:71:7a:d5:2e:9c:07:3e:b9:fd:3a:39:18:db:08:69:ed:
41:a1:c6:da
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUKPbHMyzCaeWcS8qWJCMeYZhLnhowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMTMxODAwMDhaFw0yNTExMTcyMzU5NTlaMHoxSTBHBgNV
BAUTQDUwZTZkM2JhMDQwZWMwODZjOTViODMzZGEyNDU1YjFhZWRhOTRjOTgzM2Ux
YmYwOGNlYWJhYTcwYzk1YjNkMmIxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJ/Qq6TO52yFe1esepM2zuQ25U/cyX02lo8UEhaaP9ftbGE9sgMJ5Cg8Jgeg
GvJJtU50r4hobst3uhRqLHQCwdKjbNOk/5Mfx1zbABkZcGw7hy8dGxfiLPE8R1yk
FUVtVN2TavJHbxeq6wDqKX3CwzjakagE10zXeQgYjb1S0xbuB0zRKSsDeWmQPAHS
e7sNaHjQwliJsU6gQAsS6alg0ceWZ75+S1+i/uyHAQzxQ/xDJE4yiDo31nHixd12
wK3YTXkMORwiiomz3eUIi6+ZGH2LyGfhEPyzFzzLkro0OCBQ11R9lrbmuBrO5/lE
Ljyx3mim9mVbxnmJzPLCTrYdBTkCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBTjNmok
HwMRALxB7YIFJywAIWE5mDAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NGU5MTM3NmQtOGI0NS00OWU2LWJmMjEtOWY4ZTVkMjEyMDhiLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0DBQ
MA0GCSqGSIb3DQEBCwUAA4IBAQBfsy+PpmUfNHCs+kKMEpa8AhxVcDjVzhkY5xu6
b3Z02ZP/8IzI1kfJhcAIisrlw/ZfbZs3MWH+T85BEcBxyFyDlfHaEepB2vNKd5F6
T1Fxvpp/3OzBUa/jT0buaR/zB5eaAAvE3W5AHZQSxwAH3E7eXFkgd496q+kiRM0y
ox1e3jwKIzBU+RVyods1mBSsgEhFDz27/Eh5YyTL4tX24XLiXwaxMSbGo8RW5VVk
nCJjwDq4Y00ovmXVKfyJMunpueQtkYMLF7fOMHzOl9Da7j6zh8etNoqpJB84OKk8
YB6+fw7PmZ3xAeURls14mnF61S6cBz65/To5GNsIae1Bocba
-----END CERTIFICATE-----
Generated at Mon Oct 20 12:52:52 2025 by rpki-client