Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/699ed05f-92ce-48c3-8186-6564a7373323.roa
File: 699ed05f-92ce-48c3-8186-6564a7373323.roa (raw, json)
Hash identifier: E31hyc3HRTNkuX12w8+P2PZ/fjQoGC8hMv98iTR4gXY=
Subject key identifier: BB:35:96:0C:9E:0F:7C:01:5C:9E:C9:68:2C:F6:BE:1B:CF:5B:C0:B4
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 2DD5D89A5CAB75801CFBE6FB7CCC2B01C4DAF72C
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/699ed05f-92ce-48c3-8186-6564a7373323.roa
Signing time: Fri 26 Sep 2025 18:20:17 +0000
ROA not before: Fri 26 Sep 2025 18:20:17 +0000
ROA not after: Fri 31 Oct 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d031:c040::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 21 Oct 2025 00:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
2d:d5:d8:9a:5c:ab:75:80:1c:fb:e6:fb:7c:cc:2b:01:c4:da:f7:2c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Sep 26 18:20:17 2025 GMT
Not After : Oct 31 23:59:59 2025 GMT
Subject: serialNumber=acfe804f490abc8e5b9f315dc7e7607c03fcf7855fc3630c8e587786cd03e849, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:93:2c:a8:97:68:6b:db:70:0c:fd:2a:19:88:4b:
7b:16:94:7f:dc:24:cf:af:dd:4b:f1:ed:09:18:58:
a9:d3:58:1e:70:c8:6b:b6:56:d8:d9:ce:7c:10:29:
59:bf:63:42:54:49:5c:21:d2:19:a4:3d:26:4d:3e:
75:56:5d:03:ca:10:dc:78:62:82:47:b2:cc:77:86:
a3:4f:9f:44:bb:7c:a5:35:e4:f4:f8:46:80:05:82:
ed:e1:d2:09:29:4b:23:6a:91:9b:6d:4f:e8:e0:03:
77:cf:e2:c2:48:eb:f5:7e:d9:ed:44:b6:7d:1c:37:
24:cd:8c:00:98:6d:53:a8:fa:56:a2:43:7c:66:e9:
7a:70:07:42:74:b9:61:8c:a4:21:8e:10:75:3a:20:
8e:63:44:04:8b:6d:00:ab:c8:77:97:30:e0:b5:0b:
07:9e:f5:3c:03:76:81:74:1b:7e:cf:ab:0e:66:82:
5c:c0:66:45:d7:90:8e:68:ed:19:63:30:52:c3:9e:
32:10:2f:83:49:15:d3:ce:e6:52:f1:e3:57:87:1a:
6c:e0:d7:66:f5:77:52:b1:87:36:8d:ba:69:79:a4:
85:89:2b:94:e5:cf:c3:56:f1:88:56:5f:e5:43:a7:
30:f3:ca:a7:ca:73:96:8b:1c:58:2a:b6:23:ec:ec:
e8:a7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BB:35:96:0C:9E:0F:7C:01:5C:9E:C9:68:2C:F6:BE:1B:CF:5B:C0:B4
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/699ed05f-92ce-48c3-8186-6564a7373323.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d031:c040::/48
Signature Algorithm: sha256WithRSAEncryption
33:2f:57:4a:d5:63:d8:14:b4:2e:78:00:84:63:fc:8e:02:a3:
c2:ef:0a:b5:6f:c6:06:9e:5f:3b:7d:69:bf:ec:c6:c2:8c:f0:
ca:75:29:b2:cf:9d:89:bb:38:ca:6a:7f:45:e3:78:b7:58:9d:
b5:35:88:75:87:d5:dd:c5:07:7c:12:4d:c3:fa:a2:9c:25:af:
a9:45:dd:77:91:ed:a9:fa:b4:23:fc:eb:8d:33:02:74:19:8c:
b3:4f:b7:85:8f:ac:e3:9f:b3:0d:7a:84:4d:76:21:ef:10:e3:
37:4c:8b:e6:9c:8c:c6:4b:cd:bd:4b:63:bb:b8:c4:1d:85:62:
66:ec:7e:da:9b:9d:22:d5:0f:3b:b7:f6:1a:7d:e4:9a:3b:17:
99:f3:f7:47:c3:f7:38:cb:2e:cd:a8:73:95:32:27:f5:a7:29:
d0:b6:e0:8c:d1:a8:56:98:3a:01:02:44:fc:33:a9:be:6b:e1:
5f:08:35:6f:5c:2c:8f:9f:47:a1:a9:d1:39:c0:63:45:f3:a6:
06:c7:11:55:11:d5:5e:14:ce:a3:80:d7:e0:11:66:a6:02:e1:
1b:cf:1e:12:aa:0a:e0:42:cd:bc:0b:3f:43:08:62:4d:af:f8:
0c:37:23:07:88:5e:c9:bd:9f:14:2a:cc:1c:30:5e:6d:e3:d6:
f6:6b:90:51
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIULdXYmlyrdYAc++b7fMwrAcTa9ywwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MjYxODIwMTdaFw0yNTEwMzEyMzU5NTlaMHoxSTBHBgNV
BAUTQGFjZmU4MDRmNDkwYWJjOGU1YjlmMzE1ZGM3ZTc2MDdjMDNmY2Y3ODU1ZmMz
NjMwYzhlNTg3Nzg2Y2QwM2U4NDkxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJMsqJdoa9twDP0qGYhLexaUf9wkz6/dS/HtCRhYqdNYHnDIa7ZW2NnOfBAp
Wb9jQlRJXCHSGaQ9Jk0+dVZdA8oQ3HhigkeyzHeGo0+fRLt8pTXk9PhGgAWC7eHS
CSlLI2qRm21P6OADd8/iwkjr9X7Z7US2fRw3JM2MAJhtU6j6VqJDfGbpenAHQnS5
YYykIY4QdTogjmNEBIttAKvId5cw4LULB571PAN2gXQbfs+rDmaCXMBmRdeQjmjt
GWMwUsOeMhAvg0kV087mUvHjV4cabODXZvV3UrGHNo26aXmkhYkrlOXPw1bxiFZf
5UOnMPPKp8pzloscWCq2I+zs6KcCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBS7NZYM
ng98AVyeyWgs9r4bz1vAtDAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
Njk5ZWQwNWYtOTJjZS00OGMzLTgxODYtNjU2NGE3MzczMzIzLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0DHA
QDANBgkqhkiG9w0BAQsFAAOCAQEAMy9XStVj2BS0LngAhGP8jgKjwu8KtW/GBp5f
O31pv+zGwozwynUpss+dibs4ymp/ReN4t1idtTWIdYfV3cUHfBJNw/qinCWvqUXd
d5Htqfq0I/zrjTMCdBmMs0+3hY+s45+zDXqETXYh7xDjN0yL5pyMxkvNvUtju7jE
HYViZux+2pudItUPO7f2Gn3kmjsXmfP3R8P3OMsuzahzlTIn9acp0LbgjNGoVpg6
AQJE/DOpvmvhXwg1b1wsj59HoanROcBjRfOmBscRVRHVXhTOo4DX4BFmpgLhG88e
EqoK4ELNvAs/QwhiTa/4DDcjB4heyb2fFCrMHDBebePW9muQUQ==
-----END CERTIFICATE-----
Generated at Mon Oct 20 08:53:03 2025 by rpki-client