Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/97700b94-3ec6-472c-97f5-b54fb1f56f76.roa
File: 97700b94-3ec6-472c-97f5-b54fb1f56f76.roa (raw, json)
Hash identifier: i/G5v4OKYBDmnsCyR9QzM+SWTRyB3YtRGG+hKnxeUuc=
Subject key identifier: C9:E3:8A:EA:51:BB:12:F5:F8:45:E7:35:E6:92:68:D5:EA:A5:E7:83
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 038FB2276C47561E42F642D5F96EBAC98E7F5227
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/97700b94-3ec6-472c-97f5-b54fb1f56f76.roa
Signing time: Mon 06 Oct 2025 18:10:03 +0000
ROA not before: Mon 06 Oct 2025 18:10:03 +0000
ROA not after: Mon 10 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d073:2040::/46 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 21 Oct 2025 09:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
03:8f:b2:27:6c:47:56:1e:42:f6:42:d5:f9:6e:ba:c9:8e:7f:52:27
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Oct 6 18:10:03 2025 GMT
Not After : Nov 10 23:59:59 2025 GMT
Subject: serialNumber=e38f94403e00f10681defdcdcd89cc6f7a6601b13570bf71240aa26ef533d345, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8c:94:0f:80:0b:24:35:dc:93:7d:29:5f:97:5f:
6e:04:1b:41:52:a3:5f:f2:1e:90:95:d8:0c:67:1b:
42:45:f6:d8:56:a5:ae:a2:d9:9f:8b:2e:bc:15:75:
8a:c0:a2:b0:28:ec:95:d1:2c:bb:67:55:67:c3:51:
f6:0a:e4:7e:49:ef:46:6a:fd:de:51:be:1b:d3:2a:
b9:e9:8f:c5:aa:1f:4c:0f:18:35:4d:25:25:da:a0:
ed:7a:02:af:1b:cf:e2:6c:31:88:e9:ef:4e:30:61:
1e:6d:f7:74:3b:bf:15:28:ed:ac:5c:61:23:c3:5a:
5b:0d:de:2b:2b:c0:f3:d9:66:0c:d3:a4:f9:4e:4d:
2d:c9:f4:ad:3f:14:c5:96:0e:90:c3:10:5e:9a:36:
58:28:50:39:bc:7f:b5:3e:8b:04:3d:8f:c4:fd:ef:
fe:cf:23:72:88:eb:c7:85:8e:c1:d2:eb:7d:d9:9a:
3a:c7:b3:0e:a4:03:40:03:da:76:7d:d9:ba:4f:0e:
16:d5:a3:21:6d:77:78:6f:7a:e9:8c:9b:10:71:62:
5b:9a:e9:4c:2a:83:58:78:03:4f:3d:72:70:2e:c1:
b0:63:56:2c:58:08:9c:5c:a7:df:3e:92:36:50:bc:
a5:b9:ad:83:84:da:5a:cd:3f:4d:f1:a0:11:15:41:
fe:07
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C9:E3:8A:EA:51:BB:12:F5:F8:45:E7:35:E6:92:68:D5:EA:A5:E7:83
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/97700b94-3ec6-472c-97f5-b54fb1f56f76.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d073:2040::/46
Signature Algorithm: sha256WithRSAEncryption
7b:c7:4e:9a:de:03:cc:45:47:13:82:f4:d2:41:ae:d3:a2:4e:
eb:8e:58:fa:ac:3f:39:c8:38:e2:5d:5b:f5:15:4d:43:c0:c8:
cb:03:49:b8:5b:4b:30:ff:61:f0:51:47:45:af:57:cf:84:ed:
52:e5:01:04:9b:43:05:33:c2:26:44:8d:35:43:68:a3:1e:1c:
70:65:e0:4e:03:ea:24:d1:27:5d:8f:24:7d:e3:93:37:6c:ef:
c5:d9:0a:3d:62:72:97:f3:a7:79:0a:ed:37:7e:5d:58:a2:d3:
14:1a:02:1f:cf:28:0c:88:b5:3e:a9:45:56:d2:41:fc:9b:06:
b2:6b:9e:b0:cc:2d:cf:91:0c:fb:51:24:e5:3d:03:0e:d0:dc:
87:58:b6:87:93:55:72:d7:13:7c:36:47:26:de:dc:b7:51:d4:
a3:4a:f6:16:dc:96:02:93:9d:bc:5a:96:65:e6:f6:66:ed:b9:
66:af:c3:76:e1:54:a9:d6:b9:f8:2a:08:c2:e7:65:10:6c:e9:
9c:7e:dd:74:6d:86:74:bc:8e:27:c1:86:b0:fa:10:09:04:77:
bd:f2:3c:e7:bd:20:23:94:2e:ec:dc:4a:8a:b7:9a:c4:e9:41:
fc:18:e6:1b:7d:78:99:71:6b:d8:02:3e:13:d5:a0:5f:bb:ac:
e8:cf:5b:1e
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUA4+yJ2xHVh5C9kLV+W66yY5/UicwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMDYxODEwMDNaFw0yNTExMTAyMzU5NTlaMHoxSTBHBgNV
BAUTQGUzOGY5NDQwM2UwMGYxMDY4MWRlZmRjZGNkODljYzZmN2E2NjAxYjEzNTcw
YmY3MTI0MGFhMjZlZjUzM2QzNDUxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAIyUD4ALJDXck30pX5dfbgQbQVKjX/IekJXYDGcbQkX22FalrqLZn4suvBV1
isCisCjsldEsu2dVZ8NR9grkfknvRmr93lG+G9MquemPxaofTA8YNU0lJdqg7XoC
rxvP4mwxiOnvTjBhHm33dDu/FSjtrFxhI8NaWw3eKyvA89lmDNOk+U5NLcn0rT8U
xZYOkMMQXpo2WChQObx/tT6LBD2PxP3v/s8jcojrx4WOwdLrfdmaOsezDqQDQAPa
dn3Zuk8OFtWjIW13eG966YybEHFiW5rpTCqDWHgDTz1ycC7BsGNWLFgInFyn3z6S
NlC8pbmtg4TaWs0/TfGgERVB/gcCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBTJ44rq
UbsS9fhF5zXmkmjV6qXngzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
OTc3MDBiOTQtM2VjNi00NzJjLTk3ZjUtYjU0ZmIxZjU2Zjc2LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHAioF0HMg
QDANBgkqhkiG9w0BAQsFAAOCAQEAe8dOmt4DzEVHE4L00kGu06JO645Y+qw/Ocg4
4l1b9RVNQ8DIywNJuFtLMP9h8FFHRa9Xz4TtUuUBBJtDBTPCJkSNNUNoox4ccGXg
TgPqJNEnXY8kfeOTN2zvxdkKPWJyl/OneQrtN35dWKLTFBoCH88oDIi1PqlFVtJB
/JsGsmuesMwtz5EM+1Ek5T0DDtDch1i2h5NVctcTfDZHJt7ct1HUo0r2FtyWApOd
vFqWZeb2Zu25Zq/DduFUqda5+CoIwudlEGzpnH7ddG2GdLyOJ8GGsPoQCQR3vfI8
570gI5Qu7NxKireaxOlB/BjmG314mXFr2AI+E9WgX7us6M9bHg==
-----END CERTIFICATE-----
Generated at Mon Oct 20 12:53:14 2025 by rpki-client