Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/98ae6903-6674-49ca-b677-ce1e731619a3.roa
File: 98ae6903-6674-49ca-b677-ce1e731619a3.roa (raw, json)
Hash identifier: u9B93boB2SbKj6Izm733osFQ7j+sBsUEqGE5NyabP5c=
Subject key identifier: A0:69:93:3C:A6:87:F5:E0:24:73:5E:B9:1D:BF:B5:AD:4F:92:F4:02
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 5000456A7A952644BCE0920255E4D369F30FF174
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/98ae6903-6674-49ca-b677-ce1e731619a3.roa
Signing time: Sat 27 Sep 2025 00:53:25 +0000
ROA not before: Sat 27 Sep 2025 00:53:25 +0000
ROA not after: Sat 01 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d014:1c00::/38 maxlen: 38
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 21 Oct 2025 22:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
50:00:45:6a:7a:95:26:44:bc:e0:92:02:55:e4:d3:69:f3:0f:f1:74
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Sep 27 00:53:25 2025 GMT
Not After : Nov 1 23:59:59 2025 GMT
Subject: serialNumber=c2bf566f011dd57779c5dda0bcdaabc149af6ed9d71d1fc727fc45b8dcd2a452, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cd:5d:4a:81:6c:f3:bd:f5:aa:b0:f1:1f:0d:28:
39:cf:97:dc:6d:ef:b9:be:5a:49:33:ea:4b:a6:cc:
25:04:a5:ac:04:0d:c7:33:db:0f:3d:48:7c:43:65:
49:aa:1d:12:55:9f:03:15:17:78:e1:e0:c6:06:8a:
1c:0b:81:24:96:73:a8:fe:7f:ff:26:73:fe:00:00:
dc:c7:1c:8f:21:0a:47:02:4f:e7:e8:55:cf:35:39:
8c:85:a7:8b:c7:7e:ff:4d:b5:5e:6e:8a:64:ed:3f:
e9:1f:1c:4a:e4:e5:e7:bf:40:1b:d6:09:3c:95:82:
e6:77:68:b3:64:23:7d:b7:0a:54:8c:fc:d9:03:8b:
7a:ad:07:5c:24:b2:76:80:c4:a0:65:51:2c:61:68:
70:c0:02:b8:55:1c:fa:a2:e6:64:8c:df:91:4f:71:
ca:d6:f6:c5:e5:fe:33:c2:a1:14:36:4e:d3:00:29:
22:95:51:d2:92:3f:b6:1a:5f:94:2c:4f:0c:c7:83:
4b:c3:e4:83:b8:42:90:0d:ad:e8:9d:15:73:80:78:
d7:c1:62:94:a1:ac:47:9c:e5:ed:12:23:0a:51:37:
04:3a:22:58:01:d1:cb:b3:e8:16:f5:44:e9:09:22:
8d:d4:a7:b7:7f:07:5b:12:b6:23:b0:ab:94:88:42:
ec:d1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A0:69:93:3C:A6:87:F5:E0:24:73:5E:B9:1D:BF:B5:AD:4F:92:F4:02
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/98ae6903-6674-49ca-b677-ce1e731619a3.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d014:1c00::/38
Signature Algorithm: sha256WithRSAEncryption
c1:ab:2f:6e:a2:78:e9:1b:59:85:4a:24:39:b3:30:59:d1:8a:
3c:d8:31:53:a5:4f:a0:1f:20:fc:96:80:35:c6:b6:c4:0b:2d:
02:a4:00:f4:f5:70:b0:8e:83:8c:4f:22:31:4d:93:36:87:24:
96:ed:14:98:25:1c:89:c6:d9:93:ca:a4:ff:d8:55:50:16:c8:
57:96:b4:5e:16:f7:57:d5:36:13:f0:f6:10:bb:2f:6e:92:73:
78:1f:e6:80:8e:a2:c7:27:1f:bd:e3:47:55:67:2d:49:a3:2b:
ae:05:9b:a9:3d:91:75:88:d5:9d:ec:9d:55:2c:31:32:32:40:
e9:e6:a4:5b:e4:3b:19:44:01:ed:a5:4b:f9:90:86:d2:cc:22:
28:9a:d8:27:a5:e3:75:29:88:b5:7d:f2:a0:53:6e:19:d3:b2:
ff:4f:ba:d6:54:f5:40:f9:c7:87:38:11:be:70:32:25:73:56:
91:02:bf:78:c8:36:0c:b7:6b:c8:12:38:61:26:92:1e:b2:8a:
ef:e4:55:db:64:6d:b3:50:b5:7e:61:9c:b3:88:f5:b9:32:92:
b3:aa:3b:39:80:88:6d:19:73:7a:d1:90:68:88:ab:88:df:5b:
53:41:c2:43:08:22:91:9a:e2:74:b0:0b:4c:03:c4:d1:d9:75:
d4:87:70:2e
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUUABFanqVJkS84JICVeTTafMP8XQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MjcwMDUzMjVaFw0yNTExMDEyMzU5NTlaMHoxSTBHBgNV
BAUTQGMyYmY1NjZmMDExZGQ1Nzc3OWM1ZGRhMGJjZGFhYmMxNDlhZjZlZDlkNzFk
MWZjNzI3ZmM0NWI4ZGNkMmE0NTIxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAM1dSoFs8731qrDxHw0oOc+X3G3vub5aSTPqS6bMJQSlrAQNxzPbDz1IfENl
SaodElWfAxUXeOHgxgaKHAuBJJZzqP5//yZz/gAA3MccjyEKRwJP5+hVzzU5jIWn
i8d+/021Xm6KZO0/6R8cSuTl579AG9YJPJWC5ndos2QjfbcKVIz82QOLeq0HXCSy
doDEoGVRLGFocMACuFUc+qLmZIzfkU9xytb2xeX+M8KhFDZO0wApIpVR0pI/thpf
lCxPDMeDS8Pkg7hCkA2t6J0Vc4B418FilKGsR5zl7RIjClE3BDoiWAHRy7PoFvVE
6QkijdSnt38HWxK2I7CrlIhC7NECAwEAAaOCAiMwggIfMB0GA1UdDgQWBBSgaZM8
pof14CRzXrkdv7WtT5L0AjAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
OThhZTY5MDMtNjY3NC00OWNhLWI2NzctY2UxZTczMTYxOWEzLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGAioF0BQc
MA0GCSqGSIb3DQEBCwUAA4IBAQDBqy9uonjpG1mFSiQ5szBZ0Yo82DFTpU+gHyD8
loA1xrbECy0CpAD09XCwjoOMTyIxTZM2hySW7RSYJRyJxtmTyqT/2FVQFshXlrRe
FvdX1TYT8PYQuy9uknN4H+aAjqLHJx+940dVZy1JoyuuBZupPZF1iNWd7J1VLDEy
MkDp5qRb5DsZRAHtpUv5kIbSzCIomtgnpeN1KYi1ffKgU24Z07L/T7rWVPVA+ceH
OBG+cDIlc1aRAr94yDYMt2vIEjhhJpIesorv5FXbZG2zULV+YZyziPW5MpKzqjs5
gIhtGXN60ZBoiKuI31tTQcJDCCKRmuJ0sAtMA8TR2XXUh3Au
-----END CERTIFICATE-----
Generated at Tue Oct 21 01:36:29 2025 by rpki-client