Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/7cde339d-568f-4b5b-98d4-9eca268d8a43.roa
File: 7cde339d-568f-4b5b-98d4-9eca268d8a43.roa (raw, json)
Hash identifier: +3jazl3UyRRlvHUwaDfYK/uRamFuq/cd3RRcd3ZcyoY=
Subject key identifier: BC:F1:8C:62:FB:6F:EF:B7:5D:5D:49:6C:CE:1A:3C:99:68:24:BF:6B
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 0D883E759D8758E358CEB5A3A700040ABBA1489E
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/7cde339d-568f-4b5b-98d4-9eca268d8a43.roa
Signing time: Fri 10 Oct 2025 17:05:01 +0000
ROA not before: Fri 10 Oct 2025 17:05:01 +0000
ROA not after: Fri 14 Nov 2025 23:59:59 +0000
asID: 14618
IP address blocks: 2a05:d074:5000::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 21 Oct 2025 09:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
0d:88:3e:75:9d:87:58:e3:58:ce:b5:a3:a7:00:04:0a:bb:a1:48:9e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Oct 10 17:05:01 2025 GMT
Not After : Nov 14 23:59:59 2025 GMT
Subject: serialNumber=7937f4845117e086d050cdaad21456b4222c718a74530eae7784a6d767704ed2, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bd:b2:e4:cb:08:3e:01:4e:52:43:d3:50:ae:5b:
5a:0c:d0:db:4e:07:91:6e:cb:24:92:4e:60:bd:16:
ae:54:2d:52:78:8d:8a:11:2f:73:5f:a4:18:ec:a8:
75:84:51:19:92:b4:1a:be:d2:c0:8f:43:13:cf:f3:
77:78:34:d3:10:b6:ec:36:38:5e:7b:01:fb:bb:19:
31:ca:cc:91:e7:b8:50:59:22:a6:52:97:e2:97:c6:
bc:24:c5:62:bd:20:f5:b5:f8:53:2b:4f:b2:16:26:
9d:13:a1:65:b5:d8:36:9c:17:97:1b:61:98:34:54:
8a:31:c2:5e:26:7f:be:24:74:5a:1b:62:18:e3:53:
81:09:94:38:83:3f:40:b4:55:c0:de:d7:8d:9f:05:
ee:3f:50:e6:cb:74:6f:f4:61:59:6c:31:55:31:3c:
aa:c9:67:5a:09:f9:9a:84:31:f6:4e:2c:a8:84:5d:
53:c1:d4:44:83:73:23:46:9a:6c:af:86:1d:dc:4e:
73:e8:49:41:7e:9a:46:65:5e:e8:c7:b8:74:89:40:
89:89:fa:dd:df:51:ca:1e:2a:3d:b5:90:53:bd:bc:
4a:f4:9d:d4:cb:b2:81:64:05:ab:81:42:7b:9f:d5:
65:73:56:9e:99:e7:bf:6b:4f:80:9b:84:4e:66:e1:
90:31
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BC:F1:8C:62:FB:6F:EF:B7:5D:5D:49:6C:CE:1A:3C:99:68:24:BF:6B
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/7cde339d-568f-4b5b-98d4-9eca268d8a43.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d074:5000::/40
Signature Algorithm: sha256WithRSAEncryption
38:68:4c:cf:48:60:63:3b:ff:25:b2:3a:a5:d4:8a:a7:f0:73:
74:b3:80:e4:42:fa:a7:f8:83:a8:4d:43:fd:b9:4e:0a:cd:40:
ef:37:33:ea:a5:e4:85:39:fc:42:58:20:df:a2:3b:ab:d4:e0:
04:65:73:f7:c7:f1:0f:ec:ad:4e:51:64:66:18:5e:8b:96:db:
50:a0:7f:4c:b5:a3:bd:d3:48:8c:7b:28:02:e9:2a:33:73:98:
ba:bc:e1:e1:69:e3:26:be:03:8d:c1:9d:0b:1b:e5:6f:09:f5:
a5:53:a3:21:2c:f8:9f:b2:a8:f2:ff:c1:b5:08:28:5b:06:5d:
d0:a3:85:e2:13:c1:bb:c6:0a:c7:79:2c:b3:7d:80:1a:18:c2:
ad:5e:82:f9:0e:6f:bc:34:f8:91:5a:8d:4f:2e:2f:0b:a4:cd:
13:5a:18:58:e9:83:77:12:d8:0a:5d:fe:a6:05:85:a4:0a:c4:
14:04:6c:b5:32:c2:f3:c1:a0:95:9b:c4:94:c5:5c:11:2d:6f:
ce:66:17:cc:45:5e:3b:e4:c0:99:24:76:b6:c9:9a:d1:9b:0a:
b1:9d:35:65:0b:99:92:89:43:53:99:29:8d:e0:b8:c4:0f:9c:
8e:eb:fa:bc:da:ea:c8:88:f6:ed:c9:c8:c7:a4:ea:ac:c2:58:
4b:4b:47:df
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUDYg+dZ2HWONYzrWjpwAECruhSJ4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMTAxNzA1MDFaFw0yNTExMTQyMzU5NTlaMHoxSTBHBgNV
BAUTQDc5MzdmNDg0NTExN2UwODZkMDUwY2RhYWQyMTQ1NmI0MjIyYzcxOGE3NDUz
MGVhZTc3ODRhNmQ3Njc3MDRlZDIxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAL2y5MsIPgFOUkPTUK5bWgzQ204HkW7LJJJOYL0WrlQtUniNihEvc1+kGOyo
dYRRGZK0Gr7SwI9DE8/zd3g00xC27DY4XnsB+7sZMcrMkee4UFkiplKX4pfGvCTF
Yr0g9bX4UytPshYmnROhZbXYNpwXlxthmDRUijHCXiZ/viR0WhtiGONTgQmUOIM/
QLRVwN7XjZ8F7j9Q5st0b/RhWWwxVTE8qslnWgn5moQx9k4sqIRdU8HURINzI0aa
bK+GHdxOc+hJQX6aRmVe6Me4dIlAiYn63d9Ryh4qPbWQU728SvSd1MuygWQFq4FC
e5/VZXNWnpnnv2tPgJuETmbhkDECAwEAAaOCAiMwggIfMB0GA1UdDgQWBBS88Yxi
+2/vt11dSWzOGjyZaCS/azAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
N2NkZTMzOWQtNTY4Zi00YjViLTk4ZDQtOWVjYTI2OGQ4YTQzLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0HRQ
MA0GCSqGSIb3DQEBCwUAA4IBAQA4aEzPSGBjO/8lsjql1Iqn8HN0s4DkQvqn+IOo
TUP9uU4KzUDvNzPqpeSFOfxCWCDfojur1OAEZXP3x/EP7K1OUWRmGF6LlttQoH9M
taO900iMeygC6Sozc5i6vOHhaeMmvgONwZ0LG+VvCfWlU6MhLPifsqjy/8G1CChb
Bl3Qo4XiE8G7xgrHeSyzfYAaGMKtXoL5Dm+8NPiRWo1PLi8LpM0TWhhY6YN3EtgK
Xf6mBYWkCsQUBGy1MsLzwaCVm8SUxVwRLW/OZhfMRV475MCZJHa2yZrRmwqxnTVl
C5mSiUNTmSmN4LjED5yO6/q82urIiPbtycjHpOqswlhLS0ff
-----END CERTIFICATE-----
Generated at Mon Oct 20 12:09:30 2025 by rpki-client