Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/8e4adf38-a007-4c0e-8621-1e65a160ad12.roa
File: 8e4adf38-a007-4c0e-8621-1e65a160ad12.roa (raw, json)
Hash identifier: gGeGwPkXZJqGaR/K2qERKtkQXYfzpKfiz0HXK39jV7Y=
Subject key identifier: C3:18:41:3F:18:DA:D0:E7:32:4A:BF:61:81:8F:DF:EE:7F:81:98:B7
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 178F17AED162A2C36C3CD89456E65344A11A125B
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/8e4adf38-a007-4c0e-8621-1e65a160ad12.roa
Signing time: Fri 26 Sep 2025 19:10:14 +0000
ROA not before: Fri 26 Sep 2025 19:10:14 +0000
ROA not after: Fri 31 Oct 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d07f:2000::/40 maxlen: 40
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 21 Oct 2025 22:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
17:8f:17:ae:d1:62:a2:c3:6c:3c:d8:94:56:e6:53:44:a1:1a:12:5b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Sep 26 19:10:14 2025 GMT
Not After : Oct 31 23:59:59 2025 GMT
Subject: serialNumber=2bd1e8f12580c78e715855683b005b3d28d3d6b13fc258c4d736a455e6aafb41, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d3:4b:78:7c:4c:71:c5:8d:6e:59:f6:98:45:28:
b8:0a:c0:d6:c6:a6:ca:ce:25:69:77:a9:5e:f4:b3:
4a:80:66:11:52:8d:cc:73:21:c4:94:71:0d:22:27:
76:b2:a1:d1:08:bc:19:ce:34:b8:0a:2b:c7:eb:44:
cf:ae:a8:a8:3b:9a:2e:81:94:a0:83:d1:03:e2:10:
5d:bb:86:f6:6f:5a:4a:11:82:6c:aa:48:ed:8d:03:
91:3f:4d:19:aa:4d:0c:ac:0f:4f:13:e3:9e:d2:3b:
42:de:f3:c0:a1:b7:81:f4:2d:79:56:09:43:aa:bc:
97:97:8e:b9:46:ac:58:67:3a:87:c2:94:11:84:bc:
fc:b3:36:c8:97:71:0e:c9:3f:88:12:83:63:7f:b5:
a2:33:2a:d8:88:f0:e5:23:5b:cb:47:65:a2:24:ee:
58:97:23:15:de:28:43:2b:45:fd:21:80:3d:1c:f9:
02:2a:d7:76:2c:45:2a:2e:13:7c:5f:36:b3:02:bb:
09:7e:64:d6:bc:31:12:be:68:d4:b0:87:a9:28:fc:
ba:74:1a:71:60:04:18:63:a0:cb:df:7e:8f:eb:7d:
89:99:cf:b7:ba:3a:51:ea:18:3e:5a:30:68:45:85:
94:76:82:0c:89:e8:4f:d2:c2:33:99:cf:fe:8e:d5:
66:23
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C3:18:41:3F:18:DA:D0:E7:32:4A:BF:61:81:8F:DF:EE:7F:81:98:B7
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/8e4adf38-a007-4c0e-8621-1e65a160ad12.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d07f:2000::/40
Signature Algorithm: sha256WithRSAEncryption
c5:47:5a:02:d6:64:14:5e:90:a4:47:6e:e8:ae:a1:80:61:7f:
ae:e9:58:2b:b0:1a:6a:10:80:25:57:7f:70:c3:cc:8d:d2:f8:
27:48:be:3d:72:26:c8:61:12:8e:e6:6d:71:0c:4b:29:de:6b:
98:b4:bb:ca:aa:6c:44:00:74:6d:da:24:80:bf:6a:b5:db:79:
0d:89:26:79:8b:0a:0c:24:99:db:cd:68:62:15:e7:56:2c:7a:
6b:4d:44:13:5c:4d:32:4d:0d:70:34:6e:b0:c2:44:fb:09:18:
94:4a:22:ce:e7:34:c7:da:ac:50:a7:bb:b1:a3:ad:1c:74:1c:
ad:3b:d0:10:8c:86:20:09:43:e8:ef:a5:29:47:97:2a:74:37:
3b:a5:3e:ab:13:f8:98:b7:ad:af:7d:60:62:f1:66:f8:95:73:
ea:66:82:6b:0e:22:1c:c2:4f:16:da:7a:62:fa:07:9f:fd:fe:
be:16:de:2f:cb:24:f2:09:00:c3:c7:c2:f9:21:5f:00:f2:26:
b8:65:45:cf:12:bb:c9:6d:87:b4:64:76:34:d7:62:1d:38:2a:
a8:b6:8f:3c:65:2a:b2:0c:d5:bf:21:be:e0:4f:d8:2b:9a:06:
e3:5e:24:cf:c0:d3:7e:e5:74:29:5e:72:25:1f:10:cc:50:3e:
31:42:b4:62
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUF48XrtFiosNsPNiUVuZTRKEaElswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MjYxOTEwMTRaFw0yNTEwMzEyMzU5NTlaMHoxSTBHBgNV
BAUTQDJiZDFlOGYxMjU4MGM3OGU3MTU4NTU2ODNiMDA1YjNkMjhkM2Q2YjEzZmMy
NThjNGQ3MzZhNDU1ZTZhYWZiNDExLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANNLeHxMccWNbln2mEUouArA1samys4laXepXvSzSoBmEVKNzHMhxJRxDSIn
drKh0Qi8Gc40uAorx+tEz66oqDuaLoGUoIPRA+IQXbuG9m9aShGCbKpI7Y0DkT9N
GapNDKwPTxPjntI7Qt7zwKG3gfQteVYJQ6q8l5eOuUasWGc6h8KUEYS8/LM2yJdx
Dsk/iBKDY3+1ojMq2Ijw5SNby0dloiTuWJcjFd4oQytF/SGAPRz5AirXdixFKi4T
fF82swK7CX5k1rwxEr5o1LCHqSj8unQacWAEGGOgy99+j+t9iZnPt7o6UeoYPlow
aEWFlHaCDInoT9LCM5nP/o7VZiMCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBTDGEE/
GNrQ5zJKv2GBj9/uf4GYtzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
OGU0YWRmMzgtYTAwNy00YzBlLTg2MjEtMWU2NWExNjBhZDEyLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0H8g
MA0GCSqGSIb3DQEBCwUAA4IBAQDFR1oC1mQUXpCkR27orqGAYX+u6VgrsBpqEIAl
V39ww8yN0vgnSL49cibIYRKO5m1xDEsp3muYtLvKqmxEAHRt2iSAv2q123kNiSZ5
iwoMJJnbzWhiFedWLHprTUQTXE0yTQ1wNG6wwkT7CRiUSiLO5zTH2qxQp7uxo60c
dBytO9AQjIYgCUPo76UpR5cqdDc7pT6rE/iYt62vfWBi8Wb4lXPqZoJrDiIcwk8W
2npi+gef/f6+Ft4vyyTyCQDDx8L5IV8A8ia4ZUXPErvJbYe0ZHY012IdOCqoto88
ZSqyDNW/Ib7gT9grmgbjXiTPwNN+5XQpXnIlHxDMUD4xQrRi
-----END CERTIFICATE-----
Generated at Tue Oct 21 04:18:50 2025 by rpki-client