Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/8aeef071-ad76-436d-a059-ad727b09eb3b.roa
File: 8aeef071-ad76-436d-a059-ad727b09eb3b.roa (raw, json)
Hash identifier: m/hEAMfWQvO/1WTnWeoPfRvevvlIOp5KLwQ1yEMLzR4=
Subject key identifier: D6:85:5F:73:8E:81:05:13:5E:AE:F8:DB:85:F3:70:BE:82:52:BD:33
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 7204EA3A460FE688FEFF7EC8F1AD729139148CEB
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/8aeef071-ad76-436d-a059-ad727b09eb3b.roa
Signing time: Fri 26 Sep 2025 19:40:45 +0000
ROA not before: Fri 26 Sep 2025 19:40:45 +0000
ROA not after: Fri 31 Oct 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d038:2000::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 21 Oct 2025 09:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
72:04:ea:3a:46:0f:e6:88:fe:ff:7e:c8:f1:ad:72:91:39:14:8c:eb
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Sep 26 19:40:45 2025 GMT
Not After : Oct 31 23:59:59 2025 GMT
Subject: serialNumber=057167189196741a055412ccd24e090d0aa9efbc61a29561f10b2ec975db0066, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:df:3a:4a:5f:9c:62:a0:cf:a5:c0:94:5c:d1:85:
b9:7d:41:da:b7:cb:e4:e3:17:a1:f7:9f:e8:07:4f:
96:81:bc:8f:40:41:b8:76:e1:c1:03:76:fe:ef:89:
68:00:f6:6b:53:f7:88:82:6e:f8:2a:8d:4c:87:36:
5f:52:e6:6a:83:91:2a:73:53:05:c8:e8:c7:25:7b:
b5:1d:a7:7a:90:32:2f:1a:59:c3:07:c2:c9:13:1e:
36:2c:cf:04:5e:c2:ec:00:b0:bd:be:df:40:f6:0c:
18:27:7a:0d:e6:32:ff:87:e7:3e:06:ba:57:5f:99:
51:5f:02:49:b4:3b:b1:71:da:52:f1:ab:71:02:82:
ce:e0:24:77:3f:15:5b:e0:b4:06:ae:44:81:f7:69:
31:88:db:68:dc:82:84:4a:98:36:e6:f1:a3:b5:6f:
31:dc:bd:93:64:50:c0:b1:97:bd:23:a1:ba:dd:fb:
d2:3e:50:e9:62:3d:27:95:18:f1:fe:c4:b0:f6:12:
b2:1d:0a:6d:14:a2:c5:f9:a4:31:39:22:09:9b:ae:
f3:1c:06:aa:84:45:a4:e6:fc:a2:5b:e1:f4:2f:0b:
1b:2b:de:f4:b1:fa:0e:03:50:34:36:e8:2b:fb:2f:
da:6f:87:16:3d:af:9a:94:4b:37:c8:46:77:12:3c:
98:5b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D6:85:5F:73:8E:81:05:13:5E:AE:F8:DB:85:F3:70:BE:82:52:BD:33
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/8aeef071-ad76-436d-a059-ad727b09eb3b.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d038:2000::/40
Signature Algorithm: sha256WithRSAEncryption
28:ad:51:b0:c1:98:f8:66:ce:d1:34:5d:ad:22:c1:61:1d:24:
47:bc:33:32:1a:cc:67:81:64:9e:26:ec:1e:95:2f:6a:56:7d:
d7:fa:e5:b6:cc:2e:42:b4:3a:04:a6:fe:47:2e:bd:f3:a7:d9:
cc:a5:e4:40:15:ac:be:2d:c3:7d:f5:1e:63:2c:11:e6:f8:1d:
a8:c6:37:39:1f:f0:2b:f9:7e:54:2e:66:f3:0c:8e:6f:b7:e5:
59:8c:06:43:84:76:a2:7a:6d:8f:14:07:b8:dc:ab:05:90:84:
40:c9:7e:11:7f:0e:cb:80:68:5c:ac:2e:e3:0f:af:29:3d:bf:
c2:70:46:bd:42:33:96:3c:d8:cf:5c:dc:cd:73:2c:a0:fe:8d:
f3:c4:59:dc:0d:65:26:cf:98:76:80:9d:90:ce:2e:45:02:51:
06:bf:26:19:9c:e8:94:33:fe:97:84:64:96:35:46:df:48:6d:
7c:4a:e7:e4:34:e7:7f:7e:52:d7:04:df:ed:41:dd:f0:33:77:
93:5d:fe:3f:e9:c6:24:66:c0:21:05:87:41:5b:bb:a2:01:34:
44:06:f0:b3:ed:13:bf:6f:34:41:d0:f1:e3:49:89:2b:53:e0:
52:e9:b6:8c:1c:3f:b8:fe:87:05:24:23:d5:81:26:8f:b1:ca:
3c:8a:0e:f2
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUcgTqOkYP5oj+/37I8a1ykTkUjOswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MjYxOTQwNDVaFw0yNTEwMzEyMzU5NTlaMHoxSTBHBgNV
BAUTQDA1NzE2NzE4OTE5Njc0MWEwNTU0MTJjY2QyNGUwOTBkMGFhOWVmYmM2MWEy
OTU2MWYxMGIyZWM5NzVkYjAwNjYxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAN86Sl+cYqDPpcCUXNGFuX1B2rfL5OMXofef6AdPloG8j0BBuHbhwQN2/u+J
aAD2a1P3iIJu+CqNTIc2X1LmaoORKnNTBcjoxyV7tR2nepAyLxpZwwfCyRMeNizP
BF7C7ACwvb7fQPYMGCd6DeYy/4fnPga6V1+ZUV8CSbQ7sXHaUvGrcQKCzuAkdz8V
W+C0Bq5EgfdpMYjbaNyChEqYNubxo7VvMdy9k2RQwLGXvSOhut370j5Q6WI9J5UY
8f7EsPYSsh0KbRSixfmkMTkiCZuu8xwGqoRFpOb8olvh9C8LGyve9LH6DgNQNDbo
K/sv2m+HFj2vmpRLN8hGdxI8mFsCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBTWhV9z
joEFE16u+NuF83C+glK9MzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
OGFlZWYwNzEtYWQ3Ni00MzZkLWEwNTktYWQ3MjdiMDllYjNiLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0Dgg
MA0GCSqGSIb3DQEBCwUAA4IBAQAorVGwwZj4Zs7RNF2tIsFhHSRHvDMyGsxngWSe
JuwelS9qVn3X+uW2zC5CtDoEpv5HLr3zp9nMpeRAFay+LcN99R5jLBHm+B2oxjc5
H/Ar+X5ULmbzDI5vt+VZjAZDhHaiem2PFAe43KsFkIRAyX4Rfw7LgGhcrC7jD68p
Pb/CcEa9QjOWPNjPXNzNcyyg/o3zxFncDWUmz5h2gJ2Qzi5FAlEGvyYZnOiUM/6X
hGSWNUbfSG18SufkNOd/flLXBN/tQd3wM3eTXf4/6cYkZsAhBYdBW7uiATREBvCz
7RO/bzRB0PHjSYkrU+BS6baMHD+4/ocFJCPVgSaPsco8ig7y
-----END CERTIFICATE-----
Generated at Mon Oct 20 13:47:42 2025 by rpki-client