Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/a40e2cf2-d6e4-4813-a5aa-623eda8926e6.roa
File: a40e2cf2-d6e4-4813-a5aa-623eda8926e6.roa (raw, json)
Hash identifier: XDr/w213GIOaBMH5/YO/rsQUVA1EoDGJsXf1Rh2LiJc=
Subject key identifier: 79:CF:32:69:B0:2E:06:F8:22:66:C7:78:32:E7:58:53:56:BF:2A:95
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 67F5A9CDC70ECF04E2F24A9AE44E21A6A61B0215
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/a40e2cf2-d6e4-4813-a5aa-623eda8926e6.roa
Signing time: Fri 26 Sep 2025 19:01:30 +0000
ROA not before: Fri 26 Sep 2025 19:01:30 +0000
ROA not after: Fri 31 Oct 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d031:6080::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 21 Oct 2025 09:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
67:f5:a9:cd:c7:0e:cf:04:e2:f2:4a:9a:e4:4e:21:a6:a6:1b:02:15
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Sep 26 19:01:30 2025 GMT
Not After : Oct 31 23:59:59 2025 GMT
Subject: serialNumber=29ddb5ed5fc37c6ec5252be590a38e066fd3290e07309feae4252c3c6e12a04e, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9a:d0:a4:ce:5e:0e:6b:ee:71:f6:a4:66:6f:dd:
ed:6b:54:5d:50:17:f1:02:25:0a:da:b5:9a:a3:a7:
be:40:be:11:fd:93:cd:d7:82:f4:46:d0:d2:61:61:
af:ea:1c:5d:8b:31:27:e1:f5:fc:bf:ca:0d:b1:53:
81:9b:e8:3d:17:8a:24:36:3e:54:44:ae:7d:3f:8f:
d1:b5:14:77:99:19:16:f4:3f:b6:a0:af:01:41:b0:
08:13:56:93:e1:85:36:c6:07:ac:93:97:74:7a:46:
0c:6c:f0:ea:78:d9:4a:f1:ca:14:e8:f4:dc:52:b5:
01:9e:02:8c:25:e3:55:5d:cd:4c:45:25:0e:75:a0:
88:46:a2:41:02:17:34:db:1d:ea:d2:26:aa:dc:d7:
40:0c:d9:1d:da:e0:15:e6:e4:47:5a:29:d4:38:08:
07:43:14:a6:80:72:30:6c:7c:e5:21:ef:93:c0:7d:
80:43:a2:db:cc:80:18:7a:42:37:a0:02:00:58:7c:
fe:71:fc:2e:44:38:b9:99:45:dc:ba:15:94:7d:72:
0d:24:f6:1e:23:71:16:19:cd:98:87:46:32:1c:d2:
03:a9:4b:d7:4f:b3:67:08:de:15:20:5d:33:87:58:
2a:45:1a:8c:67:da:14:22:5c:92:08:77:1b:9b:ef:
a6:c7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
79:CF:32:69:B0:2E:06:F8:22:66:C7:78:32:E7:58:53:56:BF:2A:95
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/a40e2cf2-d6e4-4813-a5aa-623eda8926e6.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d031:6080::/48
Signature Algorithm: sha256WithRSAEncryption
3f:ec:a7:ab:05:5b:25:9a:8e:4c:59:c9:6c:f8:d3:bf:61:b9:
86:51:d7:0a:1f:91:2a:89:7d:d8:3a:d9:cd:bf:52:85:5c:24:
e1:6c:45:2b:20:35:01:ef:04:ed:06:c5:7b:c7:67:34:4c:68:
ab:af:4a:32:ee:78:1d:ca:2c:2f:9a:dc:7f:47:52:6b:a7:c0:
04:30:b4:8d:3e:10:6f:44:c1:57:b5:49:b3:2d:a0:19:c3:ab:
fd:8e:7a:48:ab:f4:b3:90:a6:8c:65:44:81:ee:3d:97:ac:e7:
c1:f5:62:a5:4e:b3:22:12:55:2f:9f:cf:75:5e:f5:29:b8:ed:
f0:12:98:de:bd:99:92:6f:1f:98:36:e8:22:0b:38:ea:e4:a1:
cb:b6:e7:56:2e:61:88:39:3f:5e:b8:47:8f:2f:57:d6:43:c0:
87:d4:14:f7:e0:4a:59:29:d3:6b:70:c0:71:3e:d4:51:76:5e:
0f:17:cc:11:e7:7f:91:83:4d:6d:40:68:52:8c:c9:4b:d1:d8:
8d:97:15:90:ea:d8:0d:b3:fb:1f:28:14:33:98:7d:fd:02:0c:
e9:9b:4b:41:b0:89:72:a5:6b:c5:9e:a6:68:bc:d4:17:fe:a6:
c8:50:9d:9c:2d:56:33:ba:35:eb:d0:72:f5:91:94:ea:0c:6c:
34:bd:81:8d
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUZ/WpzccOzwTi8kqa5E4hpqYbAhUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MjYxOTAxMzBaFw0yNTEwMzEyMzU5NTlaMHoxSTBHBgNV
BAUTQDI5ZGRiNWVkNWZjMzdjNmVjNTI1MmJlNTkwYTM4ZTA2NmZkMzI5MGUwNzMw
OWZlYWU0MjUyYzNjNmUxMmEwNGUxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJrQpM5eDmvucfakZm/d7WtUXVAX8QIlCtq1mqOnvkC+Ef2TzdeC9EbQ0mFh
r+ocXYsxJ+H1/L/KDbFTgZvoPReKJDY+VESufT+P0bUUd5kZFvQ/tqCvAUGwCBNW
k+GFNsYHrJOXdHpGDGzw6njZSvHKFOj03FK1AZ4CjCXjVV3NTEUlDnWgiEaiQQIX
NNsd6tImqtzXQAzZHdrgFebkR1op1DgIB0MUpoByMGx85SHvk8B9gEOi28yAGHpC
N6ACAFh8/nH8LkQ4uZlF3LoVlH1yDST2HiNxFhnNmIdGMhzSA6lL10+zZwjeFSBd
M4dYKkUajGfaFCJckgh3G5vvpscCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBR5zzJp
sC4G+CJmx3gy51hTVr8qlTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
YTQwZTJjZjItZDZlNC00ODEzLWE1YWEtNjIzZWRhODkyNmU2LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0DFg
gDANBgkqhkiG9w0BAQsFAAOCAQEAP+ynqwVbJZqOTFnJbPjTv2G5hlHXCh+RKol9
2DrZzb9ShVwk4WxFKyA1Ae8E7QbFe8dnNExoq69KMu54HcosL5rcf0dSa6fABDC0
jT4Qb0TBV7VJsy2gGcOr/Y56SKv0s5CmjGVEge49l6znwfVipU6zIhJVL5/PdV71
Kbjt8BKY3r2Zkm8fmDboIgs46uShy7bnVi5hiDk/XrhHjy9X1kPAh9QU9+BKWSnT
a3DAcT7UUXZeDxfMEed/kYNNbUBoUozJS9HYjZcVkOrYDbP7HygUM5h9/QIM6ZtL
QbCJcqVrxZ6maLzUF/6myFCdnC1WM7o169By9ZGU6gxsNL2BjQ==
-----END CERTIFICATE-----
Generated at Mon Oct 20 12:52:59 2025 by rpki-client