Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/cda3712d-34a6-428d-a694-19bab377c44e.roa
File: cda3712d-34a6-428d-a694-19bab377c44e.roa (raw, json)
Hash identifier: K2oJyG08/n1IDa7DsfUR+3gY1jC6AjzXQmncuzwg4mI=
Subject key identifier: 72:52:46:98:34:3F:AA:C9:2C:F9:A4:C7:4E:EF:F0:76:9E:00:C3:3C
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 704EDF4CEE3D7FFF6C5441AEC25F31F9C8C2114E
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/cda3712d-34a6-428d-a694-19bab377c44e.roa
Signing time: Fri 26 Sep 2025 20:00:19 +0000
ROA not before: Fri 26 Sep 2025 20:00:19 +0000
ROA not after: Fri 31 Oct 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d01e::/38 maxlen: 38
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 21 Oct 2025 09:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
70:4e:df:4c:ee:3d:7f:ff:6c:54:41:ae:c2:5f:31:f9:c8:c2:11:4e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Sep 26 20:00:19 2025 GMT
Not After : Oct 31 23:59:59 2025 GMT
Subject: serialNumber=694825fce2a42752b67be405e7915964581aa738f901e45e75b52262a36bd365, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d9:d8:14:b4:65:36:05:0d:64:fc:c7:0a:a5:d3:
11:96:57:a3:6d:67:95:98:ef:44:a5:1b:bb:b6:7f:
ab:89:e7:6d:55:1e:e1:44:0e:53:72:19:ba:86:10:
e3:de:a4:c9:9e:5d:fe:fc:d2:4c:b1:14:a5:d0:2a:
b0:da:aa:82:64:a7:5b:aa:5e:65:71:cf:84:e1:d5:
6a:86:f2:45:a0:2e:3b:d7:b7:2c:ed:0c:28:a8:69:
b7:fb:b7:1f:66:59:b6:cd:c3:dc:bb:da:b8:40:1f:
39:1b:b0:4d:2a:8e:1e:e4:ff:d8:d8:2d:73:01:fa:
05:a3:22:3f:4a:42:3a:1d:50:7a:33:ee:c5:bc:23:
d3:a4:17:bf:19:bf:7e:a5:64:9c:d1:e1:5d:1c:83:
78:1a:39:ff:c7:68:23:a1:d6:a0:36:19:d7:49:21:
e7:40:04:57:26:e2:43:47:6c:99:a0:bd:bc:e2:bd:
14:17:89:0e:a7:be:bd:76:5c:5b:1f:ce:f2:3d:ea:
f5:77:33:13:ca:dc:88:80:23:69:6a:16:78:51:93:
06:d6:4e:83:04:f1:cd:fc:be:e5:dc:6e:08:bc:a1:
cf:44:2d:bf:85:ef:cc:71:b9:f9:82:32:83:40:0a:
c1:b2:d1:4a:70:20:04:ca:3c:b8:12:e2:2f:0f:ba:
f5:d7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
72:52:46:98:34:3F:AA:C9:2C:F9:A4:C7:4E:EF:F0:76:9E:00:C3:3C
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/cda3712d-34a6-428d-a694-19bab377c44e.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d01e::/38
Signature Algorithm: sha256WithRSAEncryption
31:03:b8:c5:e6:46:ba:61:cb:28:fd:13:b8:f2:d2:02:1e:83:
4b:63:2f:14:dd:fa:31:26:ec:52:54:0c:c0:58:87:79:ce:19:
5c:8f:11:36:e4:aa:4e:8b:01:2d:a4:1c:a6:a8:cb:f6:07:f4:
22:0d:80:0c:73:f7:f8:ae:87:af:cc:8f:d0:68:c4:62:41:4d:
3e:7f:77:d6:b6:32:6f:ac:38:ae:da:90:d7:7c:d0:0a:97:0f:
2e:40:5f:d5:68:fc:d5:a4:3a:04:e6:7e:8d:16:fc:16:12:de:
44:78:21:6b:9e:64:1f:44:a7:29:19:96:9d:32:fb:32:7e:ee:
44:12:2a:e6:06:16:c7:d9:64:b7:d2:99:98:4b:50:f1:5f:98:
7b:9c:15:c3:2c:b7:df:50:47:36:a3:1e:10:f4:81:5b:08:61:
73:6a:b2:e6:d6:a1:23:a7:c2:44:88:7b:f1:03:f2:3e:88:45:
27:4d:34:14:46:58:bf:a9:ed:9b:9b:59:42:61:ea:f2:f9:cb:
e0:44:43:b9:1c:b5:ca:b0:a7:af:22:b3:f2:21:3b:cb:79:8b:
73:c9:10:9e:36:78:b1:fd:7c:bd:b6:ad:47:23:f0:4f:7a:c1:
6f:f0:97:75:4e:d1:38:1c:6b:e8:34:94:15:4b:4a:2c:f3:87:
5a:b5:64:9f
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUcE7fTO49f/9sVEGuwl8x+cjCEU4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MjYyMDAwMTlaFw0yNTEwMzEyMzU5NTlaMHoxSTBHBgNV
BAUTQDY5NDgyNWZjZTJhNDI3NTJiNjdiZTQwNWU3OTE1OTY0NTgxYWE3MzhmOTAx
ZTQ1ZTc1YjUyMjYyYTM2YmQzNjUxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANnYFLRlNgUNZPzHCqXTEZZXo21nlZjvRKUbu7Z/q4nnbVUe4UQOU3IZuoYQ
496kyZ5d/vzSTLEUpdAqsNqqgmSnW6peZXHPhOHVaobyRaAuO9e3LO0MKKhpt/u3
H2ZZts3D3LvauEAfORuwTSqOHuT/2NgtcwH6BaMiP0pCOh1QejPuxbwj06QXvxm/
fqVknNHhXRyDeBo5/8doI6HWoDYZ10kh50AEVybiQ0dsmaC9vOK9FBeJDqe+vXZc
Wx/O8j3q9XczE8rciIAjaWoWeFGTBtZOgwTxzfy+5dxuCLyhz0Qtv4XvzHG5+YIy
g0AKwbLRSnAgBMo8uBLiLw+69dcCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBRyUkaY
ND+qySz5pMdO7/B2ngDDPDAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
Y2RhMzcxMmQtMzRhNi00MjhkLWE2OTQtMTliYWIzNzdjNDRlLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGAioF0B4A
MA0GCSqGSIb3DQEBCwUAA4IBAQAxA7jF5ka6Ycso/RO48tICHoNLYy8U3foxJuxS
VAzAWId5zhlcjxE25KpOiwEtpBymqMv2B/QiDYAMc/f4roevzI/QaMRiQU0+f3fW
tjJvrDiu2pDXfNAKlw8uQF/VaPzVpDoE5n6NFvwWEt5EeCFrnmQfRKcpGZadMvsy
fu5EEirmBhbH2WS30pmYS1DxX5h7nBXDLLffUEc2ox4Q9IFbCGFzarLm1qEjp8JE
iHvxA/I+iEUnTTQURli/qe2bm1lCYery+cvgREO5HLXKsKevIrPyITvLeYtzyRCe
Nnix/Xy9tq1HI/BPesFv8Jd1TtE4HGvoNJQVS0os84datWSf
-----END CERTIFICATE-----
Generated at Mon Oct 20 12:52:47 2025 by rpki-client