Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/d62aaac2-f54a-4bc2-8155-22367e855165.roa
File: d62aaac2-f54a-4bc2-8155-22367e855165.roa (raw, json)
Hash identifier: 0h87DTGvZU+ASkJNTtNLyIqM1fABzG65RKX98hmIMjY=
Subject key identifier: F6:28:95:06:4C:4E:42:E1:D1:DE:D8:72:3E:36:D2:C2:BA:F1:8E:9F
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 4DEB6A8EAE0226325E793A4D44C5B623DF32018B
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/d62aaac2-f54a-4bc2-8155-22367e855165.roa
Signing time: Fri 26 Sep 2025 19:40:41 +0000
ROA not before: Fri 26 Sep 2025 19:40:41 +0000
ROA not after: Fri 31 Oct 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d032:b000::/40 maxlen: 40
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 21 Oct 2025 00:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
4d:eb:6a:8e:ae:02:26:32:5e:79:3a:4d:44:c5:b6:23:df:32:01:8b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Sep 26 19:40:41 2025 GMT
Not After : Oct 31 23:59:59 2025 GMT
Subject: serialNumber=4f023168c6cc3ac1917137f3905e98646cd889c7aad7fa3a9a8decd193c2fa0a, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ba:7b:88:42:7f:29:70:b8:54:bd:33:38:bc:d9:
40:c7:48:49:32:e0:dc:1d:2a:1d:31:97:28:cd:ca:
49:34:e5:cd:4b:35:4e:ca:3c:c9:3e:44:9c:43:63:
20:b8:33:0e:65:ee:4d:ba:f1:58:ad:1d:b3:34:ef:
14:f4:e1:55:ba:ca:aa:f2:8b:da:85:62:6d:52:80:
75:b1:15:5e:60:9f:ee:8f:53:e4:a7:88:2b:17:00:
de:24:3c:c8:b7:8f:f3:11:2d:59:cd:06:00:b5:6d:
5e:24:0c:a7:e0:bf:ff:3c:47:a7:d0:f6:3f:56:b2:
17:1e:ab:7f:e1:99:91:95:43:cb:62:cf:af:0e:37:
e0:2e:99:68:30:b1:21:d3:4c:25:16:c3:ab:fb:2c:
bd:8a:cd:06:f5:15:38:3e:57:d7:5c:fa:fe:47:e3:
5a:90:a0:be:ea:69:3e:24:70:4f:de:6c:01:18:54:
7e:7d:ab:57:24:0b:0a:2e:3d:9a:bd:4a:28:b8:08:
b3:5a:ce:11:e4:ea:9d:9b:f1:80:8d:ca:d9:a4:32:
33:62:18:07:ce:f8:f9:d4:ce:e1:a0:73:89:21:c5:
d7:da:04:5a:13:53:d8:d0:c1:16:a7:24:f9:51:a5:
a1:33:20:1c:5b:9e:4b:a0:c3:02:75:ef:d4:fe:95:
15:2f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F6:28:95:06:4C:4E:42:E1:D1:DE:D8:72:3E:36:D2:C2:BA:F1:8E:9F
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/d62aaac2-f54a-4bc2-8155-22367e855165.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d032:b000::/40
Signature Algorithm: sha256WithRSAEncryption
bc:f4:29:ca:95:ca:24:f1:17:4b:f1:b5:52:4b:94:14:be:b8:
ef:c8:91:15:b6:90:14:42:a4:f0:a0:20:35:8a:d9:63:e8:95:
e3:10:83:52:1c:06:71:10:96:61:e3:22:cf:98:8f:00:d3:33:
ee:6f:3f:78:54:50:9a:86:1b:fe:21:6e:74:16:90:36:13:cd:
25:03:54:3a:f4:2b:8c:04:31:3e:74:b9:01:45:26:9b:90:dc:
85:d6:40:57:9a:b0:08:2f:6c:e7:6c:d3:7b:38:4b:28:81:f0:
0e:23:1d:b5:f7:1a:76:4a:68:e8:d1:95:b7:a3:1b:bb:f2:9f:
f1:6a:ac:34:1a:d5:f1:09:a3:b7:eb:9c:5f:1d:2d:e4:86:bf:
c1:86:de:48:46:88:e5:5f:38:e5:d6:c2:bf:fd:0d:cf:7c:9d:
a6:09:a5:15:b6:d3:75:47:7b:21:45:58:78:39:6d:65:2a:cd:
44:ae:54:6a:0d:9c:18:b0:7d:ed:3f:c6:ba:e0:4e:d8:66:74:
24:79:3b:e0:ac:d2:78:40:db:49:26:68:b0:53:98:e8:f9:eb:
3b:32:cd:de:f1:72:53:22:fe:f2:5c:b3:a4:3a:be:72:0b:5e:
e8:85:10:ef:8d:e4:2e:c2:e6:2f:cb:78:a3:b0:68:c9:16:ed:
4d:87:1b:5d
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUTetqjq4CJjJeeTpNRMW2I98yAYswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MjYxOTQwNDFaFw0yNTEwMzEyMzU5NTlaMHoxSTBHBgNV
BAUTQDRmMDIzMTY4YzZjYzNhYzE5MTcxMzdmMzkwNWU5ODY0NmNkODg5YzdhYWQ3
ZmEzYTlhOGRlY2QxOTNjMmZhMGExLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALp7iEJ/KXC4VL0zOLzZQMdISTLg3B0qHTGXKM3KSTTlzUs1Tso8yT5EnENj
ILgzDmXuTbrxWK0dszTvFPThVbrKqvKL2oVibVKAdbEVXmCf7o9T5KeIKxcA3iQ8
yLeP8xEtWc0GALVtXiQMp+C//zxHp9D2P1ayFx6rf+GZkZVDy2LPrw434C6ZaDCx
IdNMJRbDq/ssvYrNBvUVOD5X11z6/kfjWpCgvuppPiRwT95sARhUfn2rVyQLCi49
mr1KKLgIs1rOEeTqnZvxgI3K2aQyM2IYB874+dTO4aBziSHF19oEWhNT2NDBFqck
+VGloTMgHFueS6DDAnXv1P6VFS8CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBT2KJUG
TE5C4dHe2HI+NtLCuvGOnzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
ZDYyYWFhYzItZjU0YS00YmMyLTgxNTUtMjIzNjdlODU1MTY1LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0DKw
MA0GCSqGSIb3DQEBCwUAA4IBAQC89CnKlcok8RdL8bVSS5QUvrjvyJEVtpAUQqTw
oCA1itlj6JXjEINSHAZxEJZh4yLPmI8A0zPubz94VFCahhv+IW50FpA2E80lA1Q6
9CuMBDE+dLkBRSabkNyF1kBXmrAIL2znbNN7OEsogfAOIx219xp2Smjo0ZW3oxu7
8p/xaqw0GtXxCaO365xfHS3khr/Bht5IRojlXzjl1sK//Q3PfJ2mCaUVttN1R3sh
RVh4OW1lKs1ErlRqDZwYsH3tP8a64E7YZnQkeTvgrNJ4QNtJJmiwU5jo+es7Ms3e
8XJTIv7yXLOkOr5yC17ohRDvjeQuwuYvy3ijsGjJFu1Nhxtd
-----END CERTIFICATE-----
Generated at Mon Oct 20 08:52:50 2025 by rpki-client