Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/e584cad3-b485-48b5-a920-636e55268d8b.roa
File: e584cad3-b485-48b5-a920-636e55268d8b.roa (raw, json)
Hash identifier: PoLrE5hNwhCWzqwk4zJ1JsTj5wmYqH023t3SA3kgbNY=
Subject key identifier: EA:DB:47:EF:93:B0:7F:9D:9E:D1:84:54:E5:3A:14:50:9B:8A:B4:B5
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 6CE98E7B014AF752630E88BED5373F02522B7AAA
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/e584cad3-b485-48b5-a920-636e55268d8b.roa
Signing time: Fri 26 Sep 2025 19:01:28 +0000
ROA not before: Fri 26 Sep 2025 19:01:28 +0000
ROA not after: Fri 31 Oct 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d07f:20c0::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 21 Oct 2025 09:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
6c:e9:8e:7b:01:4a:f7:52:63:0e:88:be:d5:37:3f:02:52:2b:7a:aa
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Sep 26 19:01:28 2025 GMT
Not After : Oct 31 23:59:59 2025 GMT
Subject: serialNumber=104031330426968a339c5606626fc3d24017546b329b65bfac8ef596efe8b359, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bd:31:e6:2d:da:cf:a1:da:7d:8a:a4:97:b5:9b:
55:79:c9:79:83:43:0c:2b:db:71:75:a1:1a:9d:68:
1d:54:5b:40:b2:3f:91:69:0f:8e:d6:e9:dc:78:75:
8a:de:da:12:de:1c:1d:74:5d:e3:0a:cc:e2:c0:54:
6e:cb:5f:86:16:fd:ea:b7:b2:37:3e:a1:ff:4a:47:
5b:c2:9f:60:61:5b:a1:62:34:95:05:da:7c:71:d3:
c6:92:a8:39:14:b9:12:0b:4f:c3:43:88:15:5f:50:
67:14:be:13:91:83:ee:d7:75:13:df:cd:3d:0a:51:
db:71:06:4e:77:cf:d5:10:9c:aa:09:18:79:36:96:
72:76:d2:17:bf:0c:ce:ad:f7:e7:e8:2a:af:ed:04:
f3:45:cb:64:fe:43:6d:64:04:0d:ed:98:fe:f0:83:
e3:4d:cc:f9:6e:b7:36:ff:29:1e:28:db:9e:77:32:
2c:e2:40:cf:4f:36:2e:d2:f1:04:a2:19:9d:a5:47:
b0:32:74:50:8b:40:40:bc:83:a6:99:2d:c5:4d:b2:
a6:83:44:10:ea:ac:b9:2d:7a:2f:5b:4e:43:aa:b2:
73:9b:e2:ed:ab:73:81:38:b4:0f:54:f7:e2:02:45:
bd:ca:db:c7:1a:d4:f6:29:b2:2f:a3:e6:ea:4f:02:
05:bd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
EA:DB:47:EF:93:B0:7F:9D:9E:D1:84:54:E5:3A:14:50:9B:8A:B4:B5
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/e584cad3-b485-48b5-a920-636e55268d8b.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d07f:20c0::/48
Signature Algorithm: sha256WithRSAEncryption
be:f1:39:ea:40:da:f8:7f:30:59:8c:d0:36:c7:c1:8c:34:7d:
c0:ce:26:be:aa:98:21:a9:39:02:aa:33:9c:0b:10:00:07:89:
29:c4:f7:3e:65:16:05:76:a9:81:54:fb:0e:f2:4e:1b:f8:9e:
e7:d7:c1:a2:86:b9:58:3f:18:89:64:31:92:35:17:e5:ca:15:
0c:85:2e:2d:22:5c:8d:48:69:ef:e8:6b:2a:db:09:a2:08:ac:
42:36:55:7c:05:92:2f:63:d3:e9:26:ae:c8:f2:82:80:7d:93:
da:fc:2e:20:54:a9:a7:5b:7f:72:ea:9f:15:65:55:9e:92:db:
b0:0b:a6:6f:08:13:fc:54:18:41:c6:ec:17:78:83:ff:21:66:
47:20:69:c8:df:89:8d:01:a8:7a:60:cb:51:c5:e6:5a:d3:bb:
06:87:31:30:38:a1:b2:3e:57:35:c3:62:22:e3:fa:22:eb:1d:
51:69:30:08:9e:02:ff:a8:13:4d:7d:70:33:98:bb:02:0e:35:
dc:1c:d7:94:11:62:8d:2c:54:32:cf:13:55:f4:1e:b1:1c:58:
bd:27:1c:d3:12:d3:d0:e4:dc:8b:27:70:4c:f4:bb:62:81:69:
0d:c9:3b:d5:d2:ae:cb:81:0d:3a:d5:9c:ae:f7:3c:2d:f7:b7:
56:fc:a3:89
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUbOmOewFK91JjDoi+1Tc/AlIreqowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MjYxOTAxMjhaFw0yNTEwMzEyMzU5NTlaMHoxSTBHBgNV
BAUTQDEwNDAzMTMzMDQyNjk2OGEzMzljNTYwNjYyNmZjM2QyNDAxNzU0NmIzMjli
NjViZmFjOGVmNTk2ZWZlOGIzNTkxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAL0x5i3az6HafYqkl7WbVXnJeYNDDCvbcXWhGp1oHVRbQLI/kWkPjtbp3Hh1
it7aEt4cHXRd4wrM4sBUbstfhhb96reyNz6h/0pHW8KfYGFboWI0lQXafHHTxpKo
ORS5EgtPw0OIFV9QZxS+E5GD7td1E9/NPQpR23EGTnfP1RCcqgkYeTaWcnbSF78M
zq335+gqr+0E80XLZP5DbWQEDe2Y/vCD403M+W63Nv8pHijbnncyLOJAz082LtLx
BKIZnaVHsDJ0UItAQLyDppktxU2ypoNEEOqsuS16L1tOQ6qyc5vi7atzgTi0D1T3
4gJFvcrbxxrU9imyL6Pm6k8CBb0CAwEAAaOCAiQwggIgMB0GA1UdDgQWBBTq20fv
k7B/nZ7RhFTlOhRQm4q0tTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
ZTU4NGNhZDMtYjQ4NS00OGI1LWE5MjAtNjM2ZTU1MjY4ZDhiLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0H8g
wDANBgkqhkiG9w0BAQsFAAOCAQEAvvE56kDa+H8wWYzQNsfBjDR9wM4mvqqYIak5
AqoznAsQAAeJKcT3PmUWBXapgVT7DvJOG/ie59fBooa5WD8YiWQxkjUX5coVDIUu
LSJcjUhp7+hrKtsJogisQjZVfAWSL2PT6SauyPKCgH2T2vwuIFSpp1t/cuqfFWVV
npLbsAumbwgT/FQYQcbsF3iD/yFmRyBpyN+JjQGoemDLUcXmWtO7BocxMDihsj5X
NcNiIuP6IusdUWkwCJ4C/6gTTX1wM5i7Ag413BzXlBFijSxUMs8TVfQesRxYvScc
0xLT0OTciydwTPS7YoFpDck71dKuy4ENOtWcrvc8Lfe3VvyjiQ==
-----END CERTIFICATE-----
Generated at Mon Oct 20 13:47:27 2025 by rpki-client