Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/68d5d934-fed6-49a5-ae03-a28a586e9c2e.roa
File: 68d5d934-fed6-49a5-ae03-a28a586e9c2e.roa (raw, json)
Hash identifier: h8QS9njwq/dFePKEzGL0u1rnoV5i1nqkiaLtN1qWxdQ=
Subject key identifier: 59:A4:3A:84:44:83:82:BF:3E:82:6F:E3:F2:25:3E:35:DC:CA:C2:87
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 57098EB66DE2777A9687F89FDD0F4ADD5D6A4D41
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/68d5d934-fed6-49a5-ae03-a28a586e9c2e.roa
Signing time: Fri 26 Sep 2025 19:39:43 +0000
ROA not before: Fri 26 Sep 2025 19:39:43 +0000
ROA not after: Fri 31 Oct 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d058:a000::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 21 Oct 2025 22:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
57:09:8e:b6:6d:e2:77:7a:96:87:f8:9f:dd:0f:4a:dd:5d:6a:4d:41
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Sep 26 19:39:43 2025 GMT
Not After : Oct 31 23:59:59 2025 GMT
Subject: serialNumber=4d38bfe29d2c5651600949521e144425e610e6b6d288b9960720b7140b97cdc7, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c0:34:29:c7:71:c6:a9:fb:12:7c:f3:05:0e:47:
59:71:c9:19:60:d3:8e:30:7c:3a:27:b6:9d:91:c8:
ad:e7:36:30:d2:c4:1c:c3:c8:86:be:e0:70:e4:e1:
ca:f6:9e:2b:df:68:3e:3e:bc:2d:3c:db:54:c6:93:
59:ca:65:f8:a9:2b:dc:ad:e3:8f:2c:8b:e5:3b:15:
63:f5:98:39:a6:f1:e6:90:59:1c:2b:63:aa:5b:81:
90:17:d7:f2:8c:1c:59:25:7a:55:f4:16:46:eb:bd:
83:10:10:e9:ba:ea:80:1d:10:0a:da:83:13:ba:be:
e2:34:d8:0d:22:a4:41:17:4f:02:1a:5f:c9:61:45:
5b:0f:72:7b:35:96:49:95:75:03:2b:74:a8:a8:88:
14:0b:f6:7f:95:03:d3:0d:20:85:4f:cc:9b:54:e2:
50:b1:bf:87:18:9b:61:d4:c5:d7:25:eb:46:fe:ed:
2a:13:9f:e6:cb:b3:34:ea:e6:9e:62:db:0d:fd:b7:
b2:14:3f:0e:90:d1:97:ca:55:23:ec:6e:af:72:7f:
c2:15:58:b6:59:19:b8:a1:95:12:c7:82:6a:09:36:
4c:cf:50:c4:ec:fe:b6:ac:87:98:7c:d5:e9:c3:c2:
18:13:19:00:f2:ab:0f:f3:08:49:48:55:8b:1b:72:
97:9b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
59:A4:3A:84:44:83:82:BF:3E:82:6F:E3:F2:25:3E:35:DC:CA:C2:87
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/68d5d934-fed6-49a5-ae03-a28a586e9c2e.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d058:a000::/40
Signature Algorithm: sha256WithRSAEncryption
24:2d:8f:b9:0a:f9:7b:b5:7b:c6:ce:ca:31:a2:46:1b:10:39:
9c:da:a9:78:82:51:ab:6c:c2:49:ff:16:eb:ad:c0:27:db:84:
d9:91:5e:95:36:52:24:00:d3:99:b7:e8:2c:ee:57:b7:4e:d6:
47:a7:55:2e:e9:ad:b4:91:8e:e5:c8:53:5f:a1:a5:3f:26:8f:
44:2c:28:ce:40:81:d1:67:27:1e:e3:a7:0e:4a:e1:27:b0:db:
b7:da:c9:38:1c:7c:3b:1e:16:c9:b3:68:97:97:cc:de:93:72:
6e:7f:ce:76:b6:fb:22:67:3b:a5:de:31:a4:db:07:c4:6e:a9:
87:5e:a2:17:d6:8b:42:4f:62:96:43:5b:10:41:10:04:8c:bc:
e7:44:11:e1:43:a8:d0:92:3e:8c:7e:f8:05:54:20:e3:84:c9:
2d:27:59:97:1f:ca:3d:ff:40:b1:fb:b7:09:02:83:ef:d4:12:
3c:29:ff:86:57:83:8e:3a:8c:98:89:28:a8:05:49:9f:1a:b3:
00:c8:e7:c0:d3:b1:2f:60:bd:67:a1:9e:6b:cc:65:a1:69:10:
8a:9e:c2:5f:20:76:61:3e:0e:30:ea:34:c7:b8:63:36:2f:7b:
e9:7a:9a:fe:f4:33:69:33:83:2f:7f:14:59:8c:64:44:50:8f:
3d:ec:79:cf
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUVwmOtm3id3qWh/if3Q9K3V1qTUEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MjYxOTM5NDNaFw0yNTEwMzEyMzU5NTlaMHoxSTBHBgNV
BAUTQDRkMzhiZmUyOWQyYzU2NTE2MDA5NDk1MjFlMTQ0NDI1ZTYxMGU2YjZkMjg4
Yjk5NjA3MjBiNzE0MGI5N2NkYzcxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMA0Kcdxxqn7EnzzBQ5HWXHJGWDTjjB8Oie2nZHIrec2MNLEHMPIhr7gcOTh
yvaeK99oPj68LTzbVMaTWcpl+Kkr3K3jjyyL5TsVY/WYOabx5pBZHCtjqluBkBfX
8owcWSV6VfQWRuu9gxAQ6brqgB0QCtqDE7q+4jTYDSKkQRdPAhpfyWFFWw9yezWW
SZV1Ayt0qKiIFAv2f5UD0w0ghU/Mm1TiULG/hxibYdTF1yXrRv7tKhOf5suzNOrm
nmLbDf23shQ/DpDRl8pVI+xur3J/whVYtlkZuKGVEseCagk2TM9QxOz+tqyHmHzV
6cPCGBMZAPKrD/MISUhVixtyl5sCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBRZpDqE
RIOCvz6Cb+PyJT413MrChzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NjhkNWQ5MzQtZmVkNi00OWE1LWFlMDMtYTI4YTU4NmU5YzJlLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0Fig
MA0GCSqGSIb3DQEBCwUAA4IBAQAkLY+5Cvl7tXvGzsoxokYbEDmc2ql4glGrbMJJ
/xbrrcAn24TZkV6VNlIkANOZt+gs7le3TtZHp1Uu6a20kY7lyFNfoaU/Jo9ELCjO
QIHRZyce46cOSuEnsNu32sk4HHw7HhbJs2iXl8zek3Juf852tvsiZzul3jGk2wfE
bqmHXqIX1otCT2KWQ1sQQRAEjLznRBHhQ6jQkj6MfvgFVCDjhMktJ1mXH8o9/0Cx
+7cJAoPv1BI8Kf+GV4OOOoyYiSioBUmfGrMAyOfA07EvYL1noZ5rzGWhaRCKnsJf
IHZhPg4w6jTHuGM2L3vpepr+9DNpM4MvfxRZjGREUI897HnP
-----END CERTIFICATE-----
Generated at Tue Oct 21 04:18:49 2025 by rpki-client