Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/decd4459-2e9b-442e-a3bd-6633fdd0250b.roa
File: decd4459-2e9b-442e-a3bd-6633fdd0250b.roa (raw, json)
Hash identifier: DJtKaWzHvDkjDTIV+kD3H42o6429EIDjRkcs2UVtJMo=
Subject key identifier: C0:A0:F2:E1:A6:5B:46:52:38:7B:A4:69:0C:B8:D7:42:5B:86:04:A4
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 2837B648B6DE2D44DE2F68AB5D175FDE495E48B0
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/decd4459-2e9b-442e-a3bd-6633fdd0250b.roa
Signing time: Fri 26 Sep 2025 18:41:49 +0000
ROA not before: Fri 26 Sep 2025 18:41:49 +0000
ROA not after: Fri 31 Oct 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d072:a000::/40 maxlen: 40
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 21 Oct 2025 09:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
28:37:b6:48:b6:de:2d:44:de:2f:68:ab:5d:17:5f:de:49:5e:48:b0
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Sep 26 18:41:49 2025 GMT
Not After : Oct 31 23:59:59 2025 GMT
Subject: serialNumber=06efbe60f1f9ea464e6f0db4dee139ce2b6a2ce829c4190f9010982df245e264, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bb:14:c8:2e:24:da:36:07:3a:67:27:bf:07:8b:
2a:19:2e:2e:80:f4:0b:1f:2e:43:b0:59:1c:53:7c:
7f:32:3c:09:a1:71:f9:1a:42:94:8b:37:15:87:1a:
e7:b0:47:d3:65:d2:53:83:c0:db:3a:6a:01:e1:ac:
d0:83:5c:df:e7:54:fb:7b:f1:1f:0e:e8:f2:20:79:
98:81:d7:91:f2:a4:f9:5e:08:34:fe:ef:f8:d6:77:
88:88:64:26:a2:a6:00:b4:3c:3d:a3:ce:38:b5:92:
35:7d:c5:71:b5:c2:86:82:6f:f5:8a:d9:3e:66:52:
4f:20:42:c6:f7:e8:cb:d6:47:d6:2e:74:5d:7b:07:
2b:34:36:ba:97:f6:b6:9b:7d:bc:ee:af:f5:bf:0b:
8b:5c:b3:7b:2d:bf:e8:a4:1b:90:59:3f:9e:38:f9:
03:e6:38:52:a7:64:28:99:9d:2c:1a:28:95:49:02:
c2:57:b3:01:f3:8b:0c:3f:b0:ae:22:6b:81:74:49:
4d:99:29:84:76:0b:e1:51:46:0c:bd:a5:92:af:62:
dd:40:fd:f5:d3:a5:49:dc:88:54:1d:4a:8b:06:a4:
ef:fb:4b:11:d3:42:c7:57:77:f1:f3:8a:a1:3b:48:
dd:c0:23:b4:fa:81:cc:d2:d0:d1:b3:b0:c1:fc:c6:
c5:23
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C0:A0:F2:E1:A6:5B:46:52:38:7B:A4:69:0C:B8:D7:42:5B:86:04:A4
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/decd4459-2e9b-442e-a3bd-6633fdd0250b.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d072:a000::/40
Signature Algorithm: sha256WithRSAEncryption
51:a2:86:74:9c:af:ec:4e:35:57:49:82:44:d3:05:fc:37:6c:
3a:d5:b7:00:00:21:60:a2:9b:d6:f0:e7:11:b2:df:66:17:69:
82:44:60:c5:8b:82:1a:11:d0:7a:f6:51:75:43:92:5e:d2:a8:
51:4d:71:10:a2:88:fa:1d:97:a5:70:eb:6c:ae:f3:f5:d1:77:
50:f4:9b:bb:2c:1b:69:7c:05:ce:db:3a:a8:f0:83:3d:ed:d1:
85:fd:cb:45:c1:fb:e5:18:92:a4:05:69:dc:50:c2:b2:0a:ec:
6a:43:5e:e7:b4:47:57:81:56:5b:53:7b:b8:01:6a:e6:1d:2a:
3e:a9:1c:52:88:26:df:2c:e1:27:59:a8:5e:d9:3c:25:22:79:
3f:42:03:e2:3b:f0:be:67:eb:6c:df:09:30:19:95:d3:02:74:
04:90:a3:c3:c3:13:84:26:50:0c:a8:58:61:37:e9:a0:ae:87:
76:47:e2:68:d1:8a:bc:34:44:d8:4d:4d:da:e7:78:09:b4:41:
0c:d6:f7:42:eb:0a:21:c0:32:42:e9:ee:0d:ff:86:84:42:36:
a8:b2:32:a8:ac:31:a3:af:dc:ea:ea:bd:c2:3a:a8:17:96:18:
28:61:34:f5:8e:56:6e:04:76:52:71:c5:9f:93:03:ad:08:2d:
f2:ca:ed:e2
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUKDe2SLbeLUTeL2irXRdf3kleSLAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MjYxODQxNDlaFw0yNTEwMzEyMzU5NTlaMHoxSTBHBgNV
BAUTQDA2ZWZiZTYwZjFmOWVhNDY0ZTZmMGRiNGRlZTEzOWNlMmI2YTJjZTgyOWM0
MTkwZjkwMTA5ODJkZjI0NWUyNjQxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALsUyC4k2jYHOmcnvweLKhkuLoD0Cx8uQ7BZHFN8fzI8CaFx+RpClIs3FYca
57BH02XSU4PA2zpqAeGs0INc3+dU+3vxHw7o8iB5mIHXkfKk+V4INP7v+NZ3iIhk
JqKmALQ8PaPOOLWSNX3FcbXChoJv9YrZPmZSTyBCxvfoy9ZH1i50XXsHKzQ2upf2
tpt9vO6v9b8Li1yzey2/6KQbkFk/njj5A+Y4UqdkKJmdLBoolUkCwlezAfOLDD+w
riJrgXRJTZkphHYL4VFGDL2lkq9i3UD99dOlSdyIVB1Kiwak7/tLEdNCx1d38fOK
oTtI3cAjtPqBzNLQ0bOwwfzGxSMCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBTAoPLh
pltGUjh7pGkMuNdCW4YEpDAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
ZGVjZDQ0NTktMmU5Yi00NDJlLWEzYmQtNjYzM2ZkZDAyNTBiLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0HKg
MA0GCSqGSIb3DQEBCwUAA4IBAQBRooZ0nK/sTjVXSYJE0wX8N2w61bcAACFgopvW
8OcRst9mF2mCRGDFi4IaEdB69lF1Q5Je0qhRTXEQooj6HZelcOtsrvP10XdQ9Ju7
LBtpfAXO2zqo8IM97dGF/ctFwfvlGJKkBWncUMKyCuxqQ17ntEdXgVZbU3u4AWrm
HSo+qRxSiCbfLOEnWahe2TwlInk/QgPiO/C+Z+ts3wkwGZXTAnQEkKPDwxOEJlAM
qFhhN+mgrod2R+Jo0Yq8NETYTU3a53gJtEEM1vdC6wohwDJC6e4N/4aEQjaosjKo
rDGjr9zq6r3COqgXlhgoYTT1jlZuBHZSccWfkwOtCC3yyu3i
-----END CERTIFICATE-----
Generated at Mon Oct 20 13:47:29 2025 by rpki-client