Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/74c7eb62-ad02-4aa2-9be5-024692c6239f.roa
File: 74c7eb62-ad02-4aa2-9be5-024692c6239f.roa (raw, json)
Hash identifier: wRFyJUK/aLN7Av0QjKRNyQi2LI/VYVKl/gCpGr6XtfU=
Subject key identifier: 2B:9B:8B:4B:D9:E0:AF:32:41:A1:68:C4:01:E1:0A:83:32:2E:B9:14
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 2C3E97D083E7D43B7EF21AE32F2BD8CD21EFF642
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/74c7eb62-ad02-4aa2-9be5-024692c6239f.roa
Signing time: Fri 26 Sep 2025 18:50:08 +0000
ROA not before: Fri 26 Sep 2025 18:50:08 +0000
ROA not after: Fri 31 Oct 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d000:2000::/40 maxlen: 40
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 21 Oct 2025 09:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
2c:3e:97:d0:83:e7:d4:3b:7e:f2:1a:e3:2f:2b:d8:cd:21:ef:f6:42
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Sep 26 18:50:08 2025 GMT
Not After : Oct 31 23:59:59 2025 GMT
Subject: serialNumber=bd5b14d9b5eb9b975eae2997cd3d5045fb9da941b05da58b6809ecc5c1de9491, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d8:70:1f:52:d3:f5:fa:a0:21:83:5b:4d:f0:cf:
77:b8:0a:6d:d2:fb:56:bf:d6:2c:84:a3:af:33:ee:
5c:4c:94:23:30:64:0f:81:b2:1b:cb:d0:c3:7d:f7:
73:ca:9f:66:85:b1:65:d0:25:5f:97:de:3c:60:55:
be:f8:52:28:2a:5b:6f:87:39:45:4a:fd:46:9b:c6:
33:8d:c0:05:85:78:1e:33:4d:20:9e:1f:f9:64:f4:
8c:9d:40:13:77:79:a5:62:0c:6e:6e:f7:64:7b:90:
06:b2:b7:df:27:e4:47:02:a7:bf:ee:4c:e3:64:03:
db:d2:7f:c2:0d:26:c2:7b:7c:a6:0c:74:2f:6e:d7:
aa:fc:bd:6e:fa:4c:ff:cb:fc:5a:2c:cd:67:f6:df:
35:3b:fc:04:eb:51:36:86:48:a1:4c:93:9d:5d:7b:
6f:72:85:34:10:c1:39:00:d0:c4:f8:76:10:0b:49:
ac:b4:ab:80:97:8c:62:aa:d3:08:57:b5:07:1e:d2:
6a:01:71:11:c1:c1:51:62:0e:ec:b8:29:0c:5b:9d:
9b:9a:da:5e:ce:b0:f3:66:96:2b:9a:3a:e5:d3:70:
19:8b:3a:1c:e3:48:69:fa:2a:57:78:2c:da:28:5b:
f5:d9:1b:bc:94:a1:01:6a:94:c2:29:d2:db:3b:0c:
58:99
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2B:9B:8B:4B:D9:E0:AF:32:41:A1:68:C4:01:E1:0A:83:32:2E:B9:14
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/74c7eb62-ad02-4aa2-9be5-024692c6239f.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d000:2000::/40
Signature Algorithm: sha256WithRSAEncryption
0e:2e:2d:bd:f6:2d:7d:b2:c6:da:8b:5e:f1:f0:6b:03:73:62:
82:11:25:1c:91:63:8d:51:ac:09:b3:d4:99:39:9a:e6:f6:57:
51:15:76:21:77:8e:84:1f:72:29:fb:4f:4d:b4:76:e8:2a:42:
50:41:26:96:a0:49:5a:bf:73:e9:fd:38:c6:83:45:02:37:85:
ab:c2:ca:4b:d7:03:b8:25:fa:f9:8a:59:5c:e1:8f:9d:94:ee:
b1:a7:5b:54:21:4a:34:17:11:d3:cb:79:27:7e:cf:0f:cb:81:
22:28:5f:83:92:73:10:79:0f:e0:ce:96:21:77:b4:db:0f:69:
01:b1:a0:e6:2e:88:e9:bb:56:2a:53:8c:4a:e9:b3:23:c2:76:
94:3e:6b:00:52:53:79:eb:f4:00:32:7b:44:3f:ab:5d:70:b1:
51:71:f8:6f:07:90:1f:a2:6c:8a:ea:1b:b4:73:d5:a4:8b:1d:
98:45:6c:27:2e:90:25:b2:4b:11:80:3a:94:af:5b:96:c9:b9:
70:17:16:96:41:e7:4a:39:ac:a4:f6:e4:15:90:a1:90:f3:12:
27:9d:90:27:cf:f7:5f:92:55:dc:f0:9a:ca:8c:80:19:83:38:
d8:fb:83:8f:ed:03:3d:53:4c:60:5f:f3:c7:9f:80:00:fb:50:
1a:db:67:c2
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIULD6X0IPn1Dt+8hrjLyvYzSHv9kIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MjYxODUwMDhaFw0yNTEwMzEyMzU5NTlaMHoxSTBHBgNV
BAUTQGJkNWIxNGQ5YjVlYjliOTc1ZWFlMjk5N2NkM2Q1MDQ1ZmI5ZGE5NDFiMDVk
YTU4YjY4MDllY2M1YzFkZTk0OTExLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANhwH1LT9fqgIYNbTfDPd7gKbdL7Vr/WLISjrzPuXEyUIzBkD4GyG8vQw333
c8qfZoWxZdAlX5fePGBVvvhSKCpbb4c5RUr9RpvGM43ABYV4HjNNIJ4f+WT0jJ1A
E3d5pWIMbm73ZHuQBrK33yfkRwKnv+5M42QD29J/wg0mwnt8pgx0L27Xqvy9bvpM
/8v8WizNZ/bfNTv8BOtRNoZIoUyTnV17b3KFNBDBOQDQxPh2EAtJrLSrgJeMYqrT
CFe1Bx7SagFxEcHBUWIO7LgpDFudm5raXs6w82aWK5o65dNwGYs6HONIafoqV3gs
2ihb9dkbvJShAWqUwinS2zsMWJkCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBQrm4tL
2eCvMkGhaMQB4QqDMi65FDAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NzRjN2ViNjItYWQwMi00YWEyLTliZTUtMDI0NjkyYzYyMzlmLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0AAg
MA0GCSqGSIb3DQEBCwUAA4IBAQAOLi299i19ssbai17x8GsDc2KCESUckWONUawJ
s9SZOZrm9ldRFXYhd46EH3Ip+09NtHboKkJQQSaWoElav3Pp/TjGg0UCN4WrwspL
1wO4Jfr5illc4Y+dlO6xp1tUIUo0FxHTy3knfs8Py4EiKF+DknMQeQ/gzpYhd7Tb
D2kBsaDmLojpu1YqU4xK6bMjwnaUPmsAUlN56/QAMntEP6tdcLFRcfhvB5AfomyK
6hu0c9Wkix2YRWwnLpAlsksRgDqUr1uWyblwFxaWQedKOayk9uQVkKGQ8xInnZAn
z/dfklXc8JrKjIAZgzjY+4OP7QM9U0xgX/PHn4AA+1Aa22fC
-----END CERTIFICATE-----
Generated at Mon Oct 20 12:52:47 2025 by rpki-client