Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/55ba2d71-c4db-41f1-a648-b39b354abfa6.roa
File: 55ba2d71-c4db-41f1-a648-b39b354abfa6.roa (raw, json)
Hash identifier: 0zHRwjTF2u9N/BniFqNOsquTU9lL21jLL0t5S1INrss=
Subject key identifier: 2B:99:A6:0F:20:1C:B9:B9:02:73:F2:43:FE:F9:14:FF:38:82:E2:AD
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 17831C7A4B7DAB909804F48A63935691A3FC5B08
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/55ba2d71-c4db-41f1-a648-b39b354abfa6.roa
Signing time: Fri 26 Sep 2025 19:40:23 +0000
ROA not before: Fri 26 Sep 2025 19:40:23 +0000
ROA not after: Fri 31 Oct 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d058:8000::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 21 Oct 2025 13:42:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
17:83:1c:7a:4b:7d:ab:90:98:04:f4:8a:63:93:56:91:a3:fc:5b:08
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Sep 26 19:40:23 2025 GMT
Not After : Oct 31 23:59:59 2025 GMT
Subject: serialNumber=a86ead4b18ea4501b13128fdcd245c21e6a76ff2e48dddc995d6f876708243ca, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d0:de:9c:8d:2c:e1:22:a3:31:15:3e:5c:dc:65:
10:50:d4:57:26:63:1a:94:15:3e:e4:1c:74:2a:b2:
e0:4b:f5:23:0b:a7:27:4e:ad:1b:da:a5:50:42:2a:
89:d8:ce:eb:f4:93:a0:c3:78:b7:83:db:87:d0:c4:
90:75:c3:3d:81:0c:41:33:1b:19:6b:3a:f0:a8:36:
3e:a4:3a:a4:89:45:9c:a3:90:1b:16:f2:2e:05:4a:
68:b6:f0:4b:ab:2d:87:d1:46:87:1d:eb:1b:cd:5d:
5a:30:03:8e:c2:b9:d9:d1:d8:80:6a:52:1b:9e:ef:
b2:02:a7:74:df:b2:d0:04:2a:29:ae:92:97:39:86:
fc:31:4e:af:08:eb:8e:ee:87:6d:b8:d2:0a:c2:c6:
7c:f0:32:1f:1f:37:7d:fb:54:ea:4f:71:36:36:7e:
fc:0b:1b:b7:d3:fa:82:80:09:c2:75:84:7a:5e:f3:
f0:fb:eb:9f:c5:27:1f:cb:78:5a:bb:68:e2:e2:fd:
e3:4b:a2:19:6b:41:0b:c1:ec:aa:76:b0:74:2d:99:
1d:5f:7e:e0:c0:17:30:37:5b:ad:50:79:ea:b4:ef:
aa:4e:b9:85:b5:59:ff:97:fa:36:6a:86:1d:27:15:
c3:3e:f9:c2:14:58:67:88:60:a4:f8:f0:4c:99:32:
27:5d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2B:99:A6:0F:20:1C:B9:B9:02:73:F2:43:FE:F9:14:FF:38:82:E2:AD
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/55ba2d71-c4db-41f1-a648-b39b354abfa6.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d058:8000::/40
Signature Algorithm: sha256WithRSAEncryption
06:8c:11:70:3d:9b:2e:77:b3:7d:8a:b2:90:23:a6:40:20:0a:
80:a3:bf:56:98:be:8d:bd:bf:b1:e0:ba:68:80:f0:1a:9d:45:
78:4f:24:46:c2:f0:d5:5f:d7:76:29:10:4a:98:6d:52:7b:88:
d4:91:cb:64:18:b9:ce:f0:6d:45:88:5b:cd:67:aa:14:99:55:
40:ff:a1:5c:9d:5b:cc:3a:3f:1b:c5:03:2f:ca:a8:b5:66:1f:
d3:9f:96:53:d0:b3:ac:66:db:f9:29:1a:d8:91:93:fc:9c:a0:
46:d7:87:15:a2:7b:32:ad:24:fd:31:e4:4a:8e:c9:73:da:f0:
84:30:69:63:60:bb:1f:fd:8e:cf:c3:76:ab:3a:1a:07:50:41:
8e:b8:36:57:13:fc:ce:04:5d:5d:35:99:67:7a:7b:2a:a6:dc:
01:29:d1:73:c7:8d:1b:e9:40:bd:25:16:20:a7:bd:19:18:ae:
4f:db:d6:e8:af:e6:d0:ff:33:ca:b5:41:c1:79:47:55:79:73:
65:86:bf:b8:13:fc:7b:a4:dd:ac:6f:21:ae:e7:8e:cc:84:e3:
77:9d:cf:83:17:4d:84:c8:96:27:42:28:78:f3:e0:ce:cc:ef:
2b:3e:22:c9:09:ca:4c:fe:d3:08:4e:21:16:5b:dc:ff:e2:7c:
0b:d0:e2:17
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUF4Mcekt9q5CYBPSKY5NWkaP8WwgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MjYxOTQwMjNaFw0yNTEwMzEyMzU5NTlaMHoxSTBHBgNV
BAUTQGE4NmVhZDRiMThlYTQ1MDFiMTMxMjhmZGNkMjQ1YzIxZTZhNzZmZjJlNDhk
ZGRjOTk1ZDZmODc2NzA4MjQzY2ExLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANDenI0s4SKjMRU+XNxlEFDUVyZjGpQVPuQcdCqy4Ev1IwunJ06tG9qlUEIq
idjO6/SToMN4t4Pbh9DEkHXDPYEMQTMbGWs68Kg2PqQ6pIlFnKOQGxbyLgVKaLbw
S6sth9FGhx3rG81dWjADjsK52dHYgGpSG57vsgKndN+y0AQqKa6SlzmG/DFOrwjr
ju6HbbjSCsLGfPAyHx83fftU6k9xNjZ+/Asbt9P6goAJwnWEel7z8Pvrn8UnH8t4
Wrto4uL940uiGWtBC8HsqnawdC2ZHV9+4MAXMDdbrVB56rTvqk65hbVZ/5f6NmqG
HScVwz75whRYZ4hgpPjwTJkyJ10CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBQrmaYP
IBy5uQJz8kP++RT/OILirTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NTViYTJkNzEtYzRkYi00MWYxLWE2NDgtYjM5YjM1NGFiZmE2LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0FiA
MA0GCSqGSIb3DQEBCwUAA4IBAQAGjBFwPZsud7N9irKQI6ZAIAqAo79WmL6Nvb+x
4LpogPAanUV4TyRGwvDVX9d2KRBKmG1Se4jUkctkGLnO8G1FiFvNZ6oUmVVA/6Fc
nVvMOj8bxQMvyqi1Zh/Tn5ZT0LOsZtv5KRrYkZP8nKBG14cVonsyrST9MeRKjslz
2vCEMGljYLsf/Y7Pw3arOhoHUEGOuDZXE/zOBF1dNZlnensqptwBKdFzx40b6UC9
JRYgp70ZGK5P29bor+bQ/zPKtUHBeUdVeXNlhr+4E/x7pN2sbyGu547MhON3nc+D
F02EyJYnQih48+DOzO8rPiLJCcpM/tMITiEWW9z/4nwL0OIX
-----END CERTIFICATE-----
Generated at Mon Oct 20 23:29:35 2025 by rpki-client