Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/507c534d-189b-43b3-945a-dd040ee200d5.roa
File: 507c534d-189b-43b3-945a-dd040ee200d5.roa (raw, json)
Hash identifier: Yshf5EgOmXgJid4YKvIdKMaw52aH0YHvIyZiYiS2J7g=
Subject key identifier: 02:4F:18:7A:92:01:C6:30:F7:28:B5:21:60:10:C7:07:01:E9:22:41
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 4DDA3FFCE68B2F6F72D70E533AACACB988C76136
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/507c534d-189b-43b3-945a-dd040ee200d5.roa
Signing time: Fri 26 Sep 2025 19:39:39 +0000
ROA not before: Fri 26 Sep 2025 19:39:39 +0000
ROA not after: Fri 31 Oct 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d03a:9000::/40 maxlen: 40
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 21 Oct 2025 09:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
4d:da:3f:fc:e6:8b:2f:6f:72:d7:0e:53:3a:ac:ac:b9:88:c7:61:36
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Sep 26 19:39:39 2025 GMT
Not After : Oct 31 23:59:59 2025 GMT
Subject: serialNumber=ec9e87ecb4542f9f0e0e54d71edf28d2285928078761808729cb755c55eb69ac, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ad:17:d8:fb:6c:bb:e7:79:10:9c:27:b4:1e:6f:
09:82:f6:f1:45:df:f4:90:24:58:22:b3:60:ac:ce:
be:68:f5:db:7b:dd:d4:17:2f:80:3f:7f:70:11:a0:
5a:58:de:22:7d:f7:8f:f0:ed:6f:59:d3:bb:1e:b6:
2c:06:c2:2d:3e:59:c9:ef:0f:50:1d:9f:c5:9c:7b:
96:7b:6b:c2:ba:e1:e9:52:b9:d7:83:3c:18:39:8c:
99:aa:2a:49:c5:1d:e6:11:7a:c1:47:aa:b0:a5:89:
3b:a5:4c:33:72:96:50:a3:40:b3:c2:50:ad:a6:a5:
87:b6:8d:d4:30:fb:f8:54:cd:5e:7f:97:87:00:91:
c2:e2:11:51:5d:7b:aa:e4:ef:2a:ca:6c:75:0b:1b:
6d:24:78:28:22:97:fd:3f:54:7a:bb:71:67:09:e1:
07:d1:38:9e:a9:38:21:74:75:4d:be:d9:e5:e4:e3:
3b:7e:69:92:da:c8:ce:7e:5b:3a:5f:ce:78:70:a2:
35:d8:9b:5d:5d:c1:30:b4:33:45:e2:74:bb:08:63:
e7:33:ce:21:c0:f3:a0:a5:38:77:40:cb:a3:57:57:
a5:72:ca:9c:d9:03:ef:b4:e0:e8:39:1c:fe:0d:c1:
01:1a:1b:13:aa:53:f7:72:32:ed:6e:d3:f7:e3:5c:
84:cf
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
02:4F:18:7A:92:01:C6:30:F7:28:B5:21:60:10:C7:07:01:E9:22:41
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/507c534d-189b-43b3-945a-dd040ee200d5.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d03a:9000::/40
Signature Algorithm: sha256WithRSAEncryption
b9:e8:80:46:f5:9e:b7:d0:cb:7f:b3:f5:9f:18:dd:0b:18:f4:
39:60:53:8d:73:93:e2:12:95:f1:30:00:29:3e:4c:57:fb:44:
39:56:53:ba:96:54:53:b9:5b:6f:c9:22:7e:4a:27:84:15:92:
0f:5f:6b:00:d1:9a:37:f3:02:70:d2:3b:b0:cb:4b:d7:ed:b5:
8b:e7:54:09:99:48:f9:23:f7:db:7f:01:20:95:af:0a:bb:c1:
ca:e7:7a:2a:b4:6c:8c:a9:49:29:86:5d:fa:dd:ff:48:1e:c6:
a8:6d:25:77:8c:38:a4:fe:39:f2:31:d2:72:b4:84:a5:2d:6d:
cb:a3:1e:31:00:79:9a:ae:74:8c:aa:69:4f:a2:dd:cd:fb:d4:
d2:d9:a6:8b:78:1f:6b:ba:6f:ed:44:bc:ff:e0:8a:e7:b2:93:
77:e5:15:23:d8:18:d4:05:d8:01:34:04:b4:64:f0:e5:04:96:
8b:6d:88:b3:76:cd:ee:eb:b6:8d:3a:ae:7f:11:f4:f9:80:81:
6f:fd:99:13:7f:81:c6:d3:ef:7b:00:cb:9d:21:55:91:a4:b4:
c0:55:ad:cd:43:ba:d7:95:dc:79:d6:d1:95:1e:af:89:e9:a0:
79:72:14:f8:e4:aa:25:b9:16:cd:27:ee:85:01:66:66:97:95:
8e:61:f9:b8
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUTdo//OaLL29y1w5TOqysuYjHYTYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MjYxOTM5MzlaFw0yNTEwMzEyMzU5NTlaMHoxSTBHBgNV
BAUTQGVjOWU4N2VjYjQ1NDJmOWYwZTBlNTRkNzFlZGYyOGQyMjg1OTI4MDc4NzYx
ODA4NzI5Y2I3NTVjNTVlYjY5YWMxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAK0X2Ptsu+d5EJwntB5vCYL28UXf9JAkWCKzYKzOvmj123vd1BcvgD9/cBGg
WljeIn33j/Dtb1nTux62LAbCLT5Zye8PUB2fxZx7lntrwrrh6VK514M8GDmMmaoq
ScUd5hF6wUeqsKWJO6VMM3KWUKNAs8JQraalh7aN1DD7+FTNXn+XhwCRwuIRUV17
quTvKspsdQsbbSR4KCKX/T9UertxZwnhB9E4nqk4IXR1Tb7Z5eTjO35pktrIzn5b
Ol/OeHCiNdibXV3BMLQzReJ0uwhj5zPOIcDzoKU4d0DLo1dXpXLKnNkD77Tg6Dkc
/g3BARobE6pT93Iy7W7T9+NchM8CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBQCTxh6
kgHGMPcotSFgEMcHAekiQTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NTA3YzUzNGQtMTg5Yi00M2IzLTk0NWEtZGQwNDBlZTIwMGQ1LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0DqQ
MA0GCSqGSIb3DQEBCwUAA4IBAQC56IBG9Z630Mt/s/WfGN0LGPQ5YFONc5PiEpXx
MAApPkxX+0Q5VlO6llRTuVtvySJ+SieEFZIPX2sA0Zo38wJw0juwy0vX7bWL51QJ
mUj5I/fbfwEgla8Ku8HK53oqtGyMqUkphl363f9IHsaobSV3jDik/jnyMdJytISl
LW3Lox4xAHmarnSMqmlPot3N+9TS2aaLeB9rum/tRLz/4IrnspN35RUj2BjUBdgB
NAS0ZPDlBJaLbYizds3u67aNOq5/EfT5gIFv/ZkTf4HG0+97AMudIVWRpLTAVa3N
Q7rXldx51tGVHq+J6aB5chT45KoluRbNJ+6FAWZml5WOYfm4
-----END CERTIFICATE-----
Generated at Mon Oct 20 12:52:37 2025 by rpki-client