Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/f1951bda-59cd-4b11-b7a1-19b1f5d32116.roa
File: f1951bda-59cd-4b11-b7a1-19b1f5d32116.roa (raw, json)
Hash identifier: 0tGuGUe4uHfyHY3Xq809rWtvXUYshjFuyKXIycSFuKs=
Subject key identifier: 7F:D2:D0:76:88:0D:FB:C9:D8:46:E4:2C:90:41:D4:FE:06:08:74:74
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 092198E2C19F62A5A4D578A6071F9D03BA5DF20B
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/f1951bda-59cd-4b11-b7a1-19b1f5d32116.roa
Signing time: Fri 26 Sep 2025 18:50:47 +0000
ROA not before: Fri 26 Sep 2025 18:50:47 +0000
ROA not after: Fri 31 Oct 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d072:5080::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 21 Oct 2025 00:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
09:21:98:e2:c1:9f:62:a5:a4:d5:78:a6:07:1f:9d:03:ba:5d:f2:0b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Sep 26 18:50:47 2025 GMT
Not After : Oct 31 23:59:59 2025 GMT
Subject: serialNumber=6dfa14c8bd6af5eedfb89c81a38660a2059089a6dc4ce0c14aeaad14dac9e840, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cc:eb:5a:79:8d:7b:93:c9:24:84:b2:47:89:09:
48:57:d3:65:37:bc:83:85:21:94:58:36:d9:05:cc:
d0:b0:4c:a1:9e:17:fe:f3:99:16:5e:85:bb:37:75:
71:a7:3e:f7:f4:99:eb:75:eb:0f:8c:3a:bc:f0:8a:
25:71:f6:5b:e5:c4:bf:81:fa:d2:4f:3f:72:73:d1:
1e:2d:9b:05:49:93:7b:ac:08:7a:9a:6c:3e:ad:dc:
31:91:83:af:31:fc:5a:7f:59:4d:06:a1:96:f4:4d:
be:d9:12:83:03:cf:bc:23:1c:7f:29:09:b8:e1:d4:
31:7d:b9:9c:40:ab:ba:ff:94:62:b6:f6:67:ba:ab:
78:72:a6:95:27:73:9a:3b:cc:60:36:16:7e:81:1e:
c3:62:ab:2e:9f:f8:01:b0:54:15:bc:2d:d0:1f:99:
0a:33:41:46:3f:2d:eb:19:d0:85:67:35:64:67:4b:
0e:0b:e2:9a:d9:41:fa:c6:18:cb:41:64:e2:7c:f7:
9d:0a:80:ae:3b:83:fa:3d:47:bb:84:ac:20:3e:9e:
81:6b:06:b5:5f:bd:eb:74:c1:e1:ab:0f:4c:ba:64:
7f:0d:04:30:ba:6d:0b:c3:af:c5:c9:ae:6f:80:9f:
27:2b:c7:54:13:07:5f:60:09:03:c1:7e:84:f8:59:
a3:ab
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7F:D2:D0:76:88:0D:FB:C9:D8:46:E4:2C:90:41:D4:FE:06:08:74:74
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/f1951bda-59cd-4b11-b7a1-19b1f5d32116.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d072:5080::/48
Signature Algorithm: sha256WithRSAEncryption
bc:f9:2d:0c:7e:88:5a:06:70:3e:f4:c0:4d:09:bf:4d:0b:e8:
b3:18:92:e1:0c:b8:c5:8c:07:c4:6d:d2:c1:5f:b7:96:de:f5:
30:48:ed:ef:a8:48:05:60:be:78:e7:27:5a:c8:90:e4:9c:34:
cb:c8:4c:32:84:51:d1:7e:99:eb:04:81:c4:6f:39:51:8c:33:
82:bf:99:35:0c:c5:14:89:51:7e:b6:ce:88:93:6d:77:25:65:
c1:17:19:30:9e:75:5a:1d:7c:cb:8e:32:39:70:36:4d:cf:9a:
50:ae:26:c7:e7:25:57:8c:21:a7:2d:cb:bb:54:e2:2c:34:2c:
5e:b2:b5:10:36:e4:a5:b7:07:1f:bd:7a:01:61:9f:ea:e1:95:
cf:90:c1:48:c7:cc:fa:c6:8e:bc:ef:93:21:40:80:5d:9d:f1:
82:49:ae:0a:2c:54:bc:7d:36:df:b9:08:fe:f1:72:f2:85:a3:
1c:b2:c8:da:2b:09:08:b1:f8:6c:ba:e3:04:e9:48:db:14:84:
81:78:18:df:cb:4c:53:fd:10:9a:e9:be:14:fe:fe:c3:76:36:
7d:be:54:62:43:80:85:a1:08:63:d8:4c:79:4c:4a:d0:18:82:
44:54:c2:2a:06:be:50:3d:48:b3:00:01:32:81:84:5e:57:f8:
b4:5a:a1:09
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUCSGY4sGfYqWk1XimBx+dA7pd8gswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MjYxODUwNDdaFw0yNTEwMzEyMzU5NTlaMHoxSTBHBgNV
BAUTQDZkZmExNGM4YmQ2YWY1ZWVkZmI4OWM4MWEzODY2MGEyMDU5MDg5YTZkYzRj
ZTBjMTRhZWFhZDE0ZGFjOWU4NDAxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMzrWnmNe5PJJISyR4kJSFfTZTe8g4UhlFg22QXM0LBMoZ4X/vOZFl6Fuzd1
cac+9/SZ63XrD4w6vPCKJXH2W+XEv4H60k8/cnPRHi2bBUmTe6wIeppsPq3cMZGD
rzH8Wn9ZTQahlvRNvtkSgwPPvCMcfykJuOHUMX25nECruv+UYrb2Z7qreHKmlSdz
mjvMYDYWfoEew2KrLp/4AbBUFbwt0B+ZCjNBRj8t6xnQhWc1ZGdLDgvimtlB+sYY
y0Fk4nz3nQqArjuD+j1Hu4SsID6egWsGtV+963TB4asPTLpkfw0EMLptC8Ovxcmu
b4CfJyvHVBMHX2AJA8F+hPhZo6sCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBR/0tB2
iA37ydhG5CyQQdT+Bgh0dDAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
ZjE5NTFiZGEtNTljZC00YjExLWI3YTEtMTliMWY1ZDMyMTE2LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0HJQ
gDANBgkqhkiG9w0BAQsFAAOCAQEAvPktDH6IWgZwPvTATQm/TQvosxiS4Qy4xYwH
xG3SwV+3lt71MEjt76hIBWC+eOcnWsiQ5Jw0y8hMMoRR0X6Z6wSBxG85UYwzgr+Z
NQzFFIlRfrbOiJNtdyVlwRcZMJ51Wh18y44yOXA2Tc+aUK4mx+clV4whpy3Lu1Ti
LDQsXrK1EDbkpbcHH716AWGf6uGVz5DBSMfM+saOvO+TIUCAXZ3xgkmuCixUvH02
37kI/vFy8oWjHLLI2isJCLH4bLrjBOlI2xSEgXgY38tMU/0Qmum+FP7+w3Y2fb5U
YkOAhaEIY9hMeUxK0BiCRFTCKga+UD1IswABMoGEXlf4tFqhCQ==
-----END CERTIFICATE-----
Generated at Mon Oct 20 08:53:23 2025 by rpki-client