Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/da8369e9-0146-44b6-865e-0064a4d1ed72.roa
File: da8369e9-0146-44b6-865e-0064a4d1ed72.roa (raw, json)
Hash identifier: 6Q2PtiwrSzkcdg2fZjprNdVXNveObJZ9R6XbBuq7qik=
Subject key identifier: 7A:72:F3:02:FE:6C:C4:F3:FA:55:17:96:3C:B2:01:BB:A0:30:00:72
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 2D7E17509764BCD1E863224286E7D797DE1DC979
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/da8369e9-0146-44b6-865e-0064a4d1ed72.roa
Signing time: Fri 26 Sep 2025 19:01:30 +0000
ROA not before: Fri 26 Sep 2025 19:01:30 +0000
ROA not after: Fri 31 Oct 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d031:6000::/40 maxlen: 40
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 21 Oct 2025 00:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
2d:7e:17:50:97:64:bc:d1:e8:63:22:42:86:e7:d7:97:de:1d:c9:79
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Sep 26 19:01:30 2025 GMT
Not After : Oct 31 23:59:59 2025 GMT
Subject: serialNumber=c77284d968af96484951de6152e024a578af705dd00f8977544d34f3191cff45, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b5:91:f7:43:f7:de:bd:c3:82:8d:6c:4f:cc:24:
fd:8e:17:04:eb:ed:89:ca:08:99:5e:68:b6:4a:f4:
53:03:ec:85:76:8a:a1:80:9f:64:e1:bc:e3:38:1f:
ca:a0:aa:9d:74:22:d6:b9:a7:8b:3e:bb:83:b3:69:
4e:2f:ba:3e:e2:b5:b5:b7:b8:1a:6c:b0:74:72:76:
13:1c:77:33:fb:dc:e0:80:f1:14:ef:18:a4:fb:38:
8c:ff:92:75:a8:05:50:03:56:8a:4d:8e:a6:60:eb:
1e:25:99:bf:c7:fb:00:2a:30:71:c3:cd:a1:2d:16:
f3:61:91:20:da:40:eb:93:cc:42:ca:a8:a8:a6:30:
01:25:05:b1:b7:a8:d3:23:a6:80:a2:08:8b:87:46:
a1:67:f5:f0:e7:08:8a:94:2f:7e:ab:5c:52:c5:cc:
be:50:1e:70:6b:0a:10:1b:a9:5d:22:f7:31:f8:3d:
66:60:19:6f:a9:4d:5d:97:ee:a4:cb:70:b8:97:88:
2a:ed:ac:a4:0c:f1:56:dc:e5:39:2e:c3:1b:66:79:
08:6b:e8:2e:51:18:bb:f8:dc:a3:88:67:f3:c3:53:
92:30:c0:0e:9e:31:82:c5:fe:9d:6e:c6:90:6b:7f:
58:8d:1f:9d:5f:4c:b8:a2:6a:96:07:4c:c1:5f:25:
04:cb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7A:72:F3:02:FE:6C:C4:F3:FA:55:17:96:3C:B2:01:BB:A0:30:00:72
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/da8369e9-0146-44b6-865e-0064a4d1ed72.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d031:6000::/40
Signature Algorithm: sha256WithRSAEncryption
13:8a:6c:5c:67:ae:e1:0f:aa:a8:15:2a:22:c2:66:56:36:06:
82:44:1d:a0:98:77:7f:d2:1d:a5:e1:e4:2e:46:b5:f5:8b:fc:
af:c5:67:41:30:e8:90:e1:c5:38:b4:c8:47:50:53:03:c0:3d:
cf:4c:88:6a:d1:1b:bf:14:c0:6c:c8:f2:9f:54:7d:46:7c:12:
df:e8:2b:1e:3e:9f:21:20:79:d9:07:9b:60:94:d1:5a:6c:6f:
bc:8b:e9:0a:22:d8:71:fa:30:d5:1c:ad:b6:95:a1:ad:b5:f5:
8e:33:d0:6a:48:38:9d:97:f0:13:cc:29:ba:c6:39:44:77:c6:
50:e6:db:55:97:4b:f7:2b:f3:bf:05:6e:d6:23:33:2a:f4:9b:
1c:ae:8a:37:53:3b:fc:b5:fe:50:2d:4a:01:54:5e:a5:39:9b:
9c:f7:6f:d7:0b:3b:c7:9a:e5:39:bb:94:8c:4c:5f:0f:5d:6f:
39:f0:35:ae:18:95:07:96:6d:4e:0d:e5:c5:3a:4b:72:85:2d:
b6:b5:16:80:d0:d5:a3:fd:6a:d9:31:73:86:85:bf:bb:77:31:
34:8c:fa:23:c1:b1:6b:42:2b:6a:68:d6:30:b1:ca:81:41:d7:
b3:83:79:46:ce:0d:aa:3c:9d:96:49:43:f5:b9:51:d1:be:86:
ed:18:7d:53
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIULX4XUJdkvNHoYyJChufXl94dyXkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MjYxOTAxMzBaFw0yNTEwMzEyMzU5NTlaMHoxSTBHBgNV
BAUTQGM3NzI4NGQ5NjhhZjk2NDg0OTUxZGU2MTUyZTAyNGE1NzhhZjcwNWRkMDBm
ODk3NzU0NGQzNGYzMTkxY2ZmNDUxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALWR90P33r3Dgo1sT8wk/Y4XBOvticoImV5otkr0UwPshXaKoYCfZOG84zgf
yqCqnXQi1rmniz67g7NpTi+6PuK1tbe4GmywdHJ2Exx3M/vc4IDxFO8YpPs4jP+S
dagFUANWik2OpmDrHiWZv8f7ACowccPNoS0W82GRINpA65PMQsqoqKYwASUFsbeo
0yOmgKIIi4dGoWf18OcIipQvfqtcUsXMvlAecGsKEBupXSL3Mfg9ZmAZb6lNXZfu
pMtwuJeIKu2spAzxVtzlOS7DG2Z5CGvoLlEYu/jco4hn88NTkjDADp4xgsX+nW7G
kGt/WI0fnV9MuKJqlgdMwV8lBMsCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBR6cvMC
/mzE8/pVF5Y8sgG7oDAAcjAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
ZGE4MzY5ZTktMDE0Ni00NGI2LTg2NWUtMDA2NGE0ZDFlZDcyLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0DFg
MA0GCSqGSIb3DQEBCwUAA4IBAQATimxcZ67hD6qoFSoiwmZWNgaCRB2gmHd/0h2l
4eQuRrX1i/yvxWdBMOiQ4cU4tMhHUFMDwD3PTIhq0Ru/FMBsyPKfVH1GfBLf6Cse
Pp8hIHnZB5tglNFabG+8i+kKIthx+jDVHK22laGttfWOM9BqSDidl/ATzCm6xjlE
d8ZQ5ttVl0v3K/O/BW7WIzMq9Jscroo3Uzv8tf5QLUoBVF6lOZuc92/XCzvHmuU5
u5SMTF8PXW858DWuGJUHlm1ODeXFOktyhS22tRaA0NWj/WrZMXOGhb+7dzE0jPoj
wbFrQitqaNYwscqBQdezg3lGzg2qPJ2WSUP1uVHRvobtGH1T
-----END CERTIFICATE-----
Generated at Mon Oct 20 08:53:45 2025 by rpki-client