Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/94b69c02-a117-42df-89a0-b463fa809f2d.roa
File: 94b69c02-a117-42df-89a0-b463fa809f2d.roa (raw, json)
Hash identifier: Y5yJBE7ocbpYfG19+BMIPlhi7084iZ/imWNuhoUw7o8=
Subject key identifier: B0:0A:1D:29:8E:EE:A3:2D:30:38:0E:BE:49:41:CA:48:8D:CD:A8:EB
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 23B8381BDF370CDED6210230576021C0BA56ABDC
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/94b69c02-a117-42df-89a0-b463fa809f2d.roa
Signing time: Fri 26 Sep 2025 19:42:01 +0000
ROA not before: Fri 26 Sep 2025 19:42:01 +0000
ROA not after: Fri 31 Oct 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d036:2000::/40 maxlen: 40
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 21 Oct 2025 09:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
23:b8:38:1b:df:37:0c:de:d6:21:02:30:57:60:21:c0:ba:56:ab:dc
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Sep 26 19:42:01 2025 GMT
Not After : Oct 31 23:59:59 2025 GMT
Subject: serialNumber=e75f3656c7b08c24d8dc1747abac3539b7d6a08bae6594c86dbf1080d1ce7ccb, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a3:2f:0e:bf:85:78:0e:ef:41:89:1a:de:92:b8:
52:8b:1a:ef:9d:40:5d:d0:45:a5:18:0e:4a:ad:3c:
6e:28:d0:68:99:cc:df:29:de:fb:8c:50:81:4d:00:
68:80:28:0a:4c:ff:3d:f4:7c:e7:42:e3:41:83:a6:
72:0c:b2:09:fa:7e:28:3f:e2:d0:11:df:ce:8e:22:
ba:53:2e:10:51:cf:fc:b1:fa:8d:dd:b9:3f:04:31:
5c:79:25:12:d8:6f:4f:25:00:da:b3:9f:1b:2a:c3:
0d:e6:e2:1f:b1:3f:db:5c:25:f6:2c:be:e7:19:dc:
9a:52:ff:a4:ce:57:2f:6d:47:30:20:29:82:27:70:
58:2d:4d:d8:20:c2:05:fa:c9:32:e5:f0:0f:af:40:
5a:c8:f2:91:fc:a6:d5:ef:b6:5b:65:d1:bd:11:ce:
a7:82:49:b8:12:24:98:60:cf:99:25:27:ca:b7:ac:
30:c8:6a:38:c7:9e:06:ad:b0:09:94:f0:71:cc:d1:
e7:a1:01:d7:12:04:41:bb:b0:1d:ab:21:b3:54:2a:
16:e2:31:ba:72:ae:9c:7d:0f:6f:01:99:02:5a:be:
66:cb:f5:85:b2:94:69:b2:03:e4:3c:ab:1b:72:81:
01:10:cd:5a:24:1e:9e:f3:d7:8b:7d:90:93:39:59:
ec:11
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B0:0A:1D:29:8E:EE:A3:2D:30:38:0E:BE:49:41:CA:48:8D:CD:A8:EB
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/94b69c02-a117-42df-89a0-b463fa809f2d.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d036:2000::/40
Signature Algorithm: sha256WithRSAEncryption
29:4b:21:a4:6b:79:26:fc:08:18:f3:cc:c3:ce:77:82:b8:2d:
14:42:18:e1:df:bf:53:d6:12:ab:86:0b:28:d6:02:8d:ae:46:
2a:a0:98:b5:43:97:86:d5:58:1b:18:7d:46:cc:d0:87:2b:8a:
a7:0f:dc:4a:c3:8e:b9:c6:77:7f:49:c7:f1:18:07:10:8e:cc:
99:0b:72:8f:fc:42:ba:98:30:96:ad:c0:a7:71:1c:4b:82:3f:
3d:45:74:53:59:b5:1e:c6:d1:b1:ba:06:28:f5:9b:77:e3:73:
f4:41:16:ac:0d:33:e1:25:5a:69:c0:21:90:71:6c:88:48:f8:
51:22:62:09:04:c5:6b:c3:05:47:ef:ef:b4:60:e7:20:cb:34:
3a:a7:c6:44:9b:f7:25:e1:04:06:44:64:95:41:f1:7a:af:26:
0a:52:9a:b9:27:f8:f9:96:44:5e:09:18:c9:bb:52:3a:b3:f5:
0c:15:47:57:91:5d:f0:30:08:87:a5:d7:e9:fc:a0:26:0c:c6:
c9:40:e7:1a:72:62:bc:42:5d:9f:86:8a:ea:80:58:35:c6:53:
57:66:d7:91:ce:17:75:18:41:e2:2b:8d:26:7b:9a:bd:cd:0d:
22:ad:d9:06:ad:e3:b7:4a:48:96:86:4b:64:17:9a:20:f6:00:
ca:b7:d9:de
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUI7g4G983DN7WIQIwV2AhwLpWq9wwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MjYxOTQyMDFaFw0yNTEwMzEyMzU5NTlaMHoxSTBHBgNV
BAUTQGU3NWYzNjU2YzdiMDhjMjRkOGRjMTc0N2FiYWMzNTM5YjdkNmEwOGJhZTY1
OTRjODZkYmYxMDgwZDFjZTdjY2IxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKMvDr+FeA7vQYka3pK4Uosa751AXdBFpRgOSq08bijQaJnM3yne+4xQgU0A
aIAoCkz/PfR850LjQYOmcgyyCfp+KD/i0BHfzo4iulMuEFHP/LH6jd25PwQxXHkl
EthvTyUA2rOfGyrDDebiH7E/21wl9iy+5xncmlL/pM5XL21HMCApgidwWC1N2CDC
BfrJMuXwD69AWsjykfym1e+2W2XRvRHOp4JJuBIkmGDPmSUnyresMMhqOMeeBq2w
CZTwcczR56EB1xIEQbuwHashs1QqFuIxunKunH0PbwGZAlq+Zsv1hbKUabID5Dyr
G3KBARDNWiQenvPXi32QkzlZ7BECAwEAAaOCAiMwggIfMB0GA1UdDgQWBBSwCh0p
ju6jLTA4Dr5JQcpIjc2o6zAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
OTRiNjljMDItYTExNy00MmRmLTg5YTAtYjQ2M2ZhODA5ZjJkLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0DYg
MA0GCSqGSIb3DQEBCwUAA4IBAQApSyGka3km/AgY88zDzneCuC0UQhjh379T1hKr
hgso1gKNrkYqoJi1Q5eG1VgbGH1GzNCHK4qnD9xKw465xnd/ScfxGAcQjsyZC3KP
/EK6mDCWrcCncRxLgj89RXRTWbUextGxugYo9Zt343P0QRasDTPhJVppwCGQcWyI
SPhRImIJBMVrwwVH7++0YOcgyzQ6p8ZEm/cl4QQGRGSVQfF6ryYKUpq5J/j5lkRe
CRjJu1I6s/UMFUdXkV3wMAiHpdfp/KAmDMbJQOcacmK8Ql2fhorqgFg1xlNXZteR
zhd1GEHiK40me5q9zQ0irdkGreO3SkiWhktkF5og9gDKt9ne
-----END CERTIFICATE-----
Generated at Mon Oct 20 12:53:15 2025 by rpki-client