Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/84b89066-b432-45c3-befb-ffa2b4be3b71.roa
File: 84b89066-b432-45c3-befb-ffa2b4be3b71.roa (raw, json)
Hash identifier: DTA3zLraGEezy1fJ+S+30YjbnsppnOVY/z2GpmSOEQI=
Subject key identifier: A5:B6:82:F2:E8:D2:78:5C:CD:0E:F1:26:69:10:DF:B1:6A:D2:F7:8A
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 6A332FC38269A28AB5D95D9084DC5768365889DB
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/84b89066-b432-45c3-befb-ffa2b4be3b71.roa
Signing time: Fri 26 Sep 2025 19:41:24 +0000
ROA not before: Fri 26 Sep 2025 19:41:24 +0000
ROA not after: Fri 31 Oct 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d078:4000::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 21 Oct 2025 09:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
6a:33:2f:c3:82:69:a2:8a:b5:d9:5d:90:84:dc:57:68:36:58:89:db
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Sep 26 19:41:24 2025 GMT
Not After : Oct 31 23:59:59 2025 GMT
Subject: serialNumber=40a6a0e7a15e279aae7aeed7234e92e59932fce0260abb94840c3711baa0b2ab, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bd:fe:fe:73:e1:03:37:62:8a:06:36:97:2f:df:
c7:f5:49:d7:35:f0:8f:bd:85:ae:e3:0a:fa:4d:96:
e6:69:e5:43:37:f5:40:25:c1:9d:7d:f8:27:90:02:
b0:40:3d:8d:d0:ca:9d:1f:28:8b:e3:49:b4:51:af:
47:2d:8e:4c:8c:91:4a:a2:f6:bc:f6:80:61:f4:5e:
91:8f:51:cf:92:61:49:25:33:ef:30:42:2c:40:46:
9a:7c:50:55:cc:f8:c6:20:f6:29:71:e9:24:1b:6c:
4f:b7:23:28:74:6d:36:2a:f0:54:7d:25:ec:aa:78:
a8:1e:9f:9e:08:b8:f7:d3:cb:38:8e:14:36:f0:b0:
bc:3e:1b:56:87:45:96:bc:cc:70:46:62:f6:5a:8d:
7e:e8:31:f1:40:ea:48:81:d8:52:ee:89:5f:63:9c:
9c:e3:a5:fc:62:26:f0:2b:d5:7d:66:46:99:8c:fe:
f3:84:85:b4:80:24:01:83:44:e3:37:cd:c6:e5:f4:
3d:3f:43:5c:a5:31:32:c7:d8:51:25:76:76:06:d5:
89:0d:81:f1:0d:84:8a:06:32:7e:12:e1:7f:70:37:
8a:f0:44:ec:f7:72:47:5d:fa:5b:e0:47:f7:80:25:
4e:bd:75:f7:b9:c6:81:c2:5a:6e:da:0e:36:ad:10:
0e:5d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A5:B6:82:F2:E8:D2:78:5C:CD:0E:F1:26:69:10:DF:B1:6A:D2:F7:8A
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/84b89066-b432-45c3-befb-ffa2b4be3b71.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d078:4000::/40
Signature Algorithm: sha256WithRSAEncryption
16:c6:12:15:88:31:f8:e3:0b:0c:99:c3:0e:72:3e:10:af:7f:
79:0d:27:c6:64:0d:15:ce:2e:4f:0b:8c:c3:f8:95:5b:7b:ba:
bd:4f:b9:c0:36:52:a4:66:6c:b3:be:a3:9e:8d:71:4a:0f:61:
60:bc:ab:c2:4b:cd:ae:d4:e5:fc:0e:0c:d9:75:95:f4:11:ac:
fd:6b:0b:50:40:4c:2a:2c:0a:8b:e5:ad:f0:38:53:ba:58:39:
54:1a:22:05:96:c4:b2:f1:b9:f0:6b:39:0f:c8:0a:2d:37:e3:
d6:8f:93:43:f0:e0:39:13:ed:71:81:71:41:59:b8:78:4a:64:
e6:61:fb:d7:af:a2:ef:87:3b:7f:2f:ca:b3:9b:58:7c:a1:97:
22:84:d8:6d:24:de:87:fd:75:40:ac:b3:5b:08:c0:52:ba:a0:
5c:9a:72:e8:29:1a:61:e4:af:09:af:93:49:ff:ef:46:3d:c5:
0d:1c:70:53:68:7c:dc:b2:71:8c:05:23:11:4b:8c:cb:ba:3a:
72:55:33:4b:ef:0c:dc:0e:a1:cb:02:c8:68:77:f6:8f:00:90:
9e:8a:fb:af:18:86:d4:66:16:62:c1:89:a1:c2:d6:8b:2d:ca:
e5:fc:0e:17:21:7e:d2:cc:8e:17:56:88:39:a0:67:86:3a:0a:
67:2d:c3:56
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUajMvw4Jpooq12V2QhNxXaDZYidswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MjYxOTQxMjRaFw0yNTEwMzEyMzU5NTlaMHoxSTBHBgNV
BAUTQDQwYTZhMGU3YTE1ZTI3OWFhZTdhZWVkNzIzNGU5MmU1OTkzMmZjZTAyNjBh
YmI5NDg0MGMzNzExYmFhMGIyYWIxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAL3+/nPhAzdiigY2ly/fx/VJ1zXwj72FruMK+k2W5mnlQzf1QCXBnX34J5AC
sEA9jdDKnR8oi+NJtFGvRy2OTIyRSqL2vPaAYfRekY9Rz5JhSSUz7zBCLEBGmnxQ
Vcz4xiD2KXHpJBtsT7cjKHRtNirwVH0l7Kp4qB6fngi499PLOI4UNvCwvD4bVodF
lrzMcEZi9lqNfugx8UDqSIHYUu6JX2OcnOOl/GIm8CvVfWZGmYz+84SFtIAkAYNE
4zfNxuX0PT9DXKUxMsfYUSV2dgbViQ2B8Q2EigYyfhLhf3A3ivBE7PdyR136W+BH
94AlTr1197nGgcJabtoONq0QDl0CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBSltoLy
6NJ4XM0O8SZpEN+xatL3ijAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
ODRiODkwNjYtYjQzMi00NWMzLWJlZmItZmZhMmI0YmUzYjcxLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0HhA
MA0GCSqGSIb3DQEBCwUAA4IBAQAWxhIViDH44wsMmcMOcj4Qr395DSfGZA0Vzi5P
C4zD+JVbe7q9T7nANlKkZmyzvqOejXFKD2FgvKvCS82u1OX8DgzZdZX0Eaz9awtQ
QEwqLAqL5a3wOFO6WDlUGiIFlsSy8bnwazkPyAotN+PWj5ND8OA5E+1xgXFBWbh4
SmTmYfvXr6Lvhzt/L8qzm1h8oZcihNhtJN6H/XVArLNbCMBSuqBcmnLoKRph5K8J
r5NJ/+9GPcUNHHBTaHzcsnGMBSMRS4zLujpyVTNL7wzcDqHLAshod/aPAJCeivuv
GIbUZhZiwYmhwtaLLcrl/A4XIX7SzI4XVog5oGeGOgpnLcNW
-----END CERTIFICATE-----
Generated at Mon Oct 20 13:47:24 2025 by rpki-client