Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/f7fccc2a-aa8a-4cbc-89d7-d6a8ca121ba0.roa
File: f7fccc2a-aa8a-4cbc-89d7-d6a8ca121ba0.roa (raw, json)
Hash identifier: eAfFLgzyerMcPA6Z6r9IGB5HgF3kw6Cf5BNVGn2ItOU=
Subject key identifier: 93:44:A6:EA:C3:18:10:9A:74:24:E0:59:7B:D7:81:8F:D8:3C:2A:A9
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 5DDDB24261C339060376B321B63F25B73D903E6F
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/f7fccc2a-aa8a-4cbc-89d7-d6a8ca121ba0.roa
Signing time: Fri 26 Sep 2025 20:00:11 +0000
ROA not before: Fri 26 Sep 2025 20:00:11 +0000
ROA not after: Fri 31 Oct 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d019::/36 maxlen: 36
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 21 Oct 2025 09:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
5d:dd:b2:42:61:c3:39:06:03:76:b3:21:b6:3f:25:b7:3d:90:3e:6f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Sep 26 20:00:11 2025 GMT
Not After : Oct 31 23:59:59 2025 GMT
Subject: serialNumber=0d952d23b57d8386507858e0b804bfd34c2d8435ed99e2013d527d1416ce8d89, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ab:a9:cc:ce:1c:37:35:db:64:da:98:d8:d9:ad:
b6:0b:11:6a:b5:74:f5:dc:73:8a:f2:a3:d7:29:c0:
d2:05:3b:5d:a3:05:e3:55:8a:44:36:e9:e3:bb:28:
f8:2a:1b:6b:73:e4:4f:5a:b1:a6:21:ce:92:b4:81:
a9:81:be:c7:db:fb:98:30:6f:ee:8a:8c:b3:67:55:
bb:d5:6f:92:66:04:f4:bf:97:65:43:f7:06:11:3d:
96:d9:f8:60:a4:f2:72:ff:5a:ae:39:4a:9e:93:e8:
6b:38:45:92:25:b0:c6:5d:02:19:92:ce:16:1e:d3:
05:8a:9c:2b:3c:d3:79:11:93:40:b2:d5:09:00:00:
33:f1:b0:c0:b1:6b:4c:4b:c0:be:ef:70:ae:01:73:
cf:83:70:46:9f:a8:71:8d:3d:1b:fe:6b:03:db:0f:
4c:cb:99:f4:4c:21:2a:f4:29:0c:c7:4e:a7:66:ec:
72:29:fc:ba:5d:70:72:42:6f:cc:47:cc:38:8c:ae:
03:43:e5:e8:4a:65:ab:11:ca:37:0d:a6:99:2e:9a:
de:e7:7b:3c:08:4f:2e:41:30:65:08:ee:0b:a9:ac:
68:57:94:2f:ca:c8:2d:e4:8e:cd:9d:8c:16:af:12:
c4:8e:96:a5:42:21:2c:d3:d3:1f:95:1b:f1:bb:2f:
6e:1f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
93:44:A6:EA:C3:18:10:9A:74:24:E0:59:7B:D7:81:8F:D8:3C:2A:A9
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/f7fccc2a-aa8a-4cbc-89d7-d6a8ca121ba0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d019::/36
Signature Algorithm: sha256WithRSAEncryption
89:c3:c1:ff:c2:c3:86:39:6d:8c:d3:1b:6d:47:1e:10:ae:2e:
25:0f:f6:af:36:38:75:2b:0c:6d:81:c0:cd:2e:fd:46:4e:33:
95:29:5e:e2:5e:f9:54:be:2b:8c:2f:65:c1:1d:0e:7b:65:05:
5c:d6:5a:e1:72:7b:18:6f:a8:5e:1f:46:f8:85:e6:b9:4b:34:
c1:1a:00:78:1e:90:ae:ce:7e:9e:bc:af:01:2a:ed:a2:d8:37:
87:18:73:e7:29:34:1b:e2:34:15:45:c3:c0:32:71:a4:27:9d:
cf:39:c7:25:5f:0a:f0:30:c6:45:02:75:fe:3b:5a:63:e4:18:
3f:a9:6e:46:a0:18:83:09:82:3d:01:08:48:ca:3e:5f:b0:17:
c3:05:05:fb:ed:70:5f:71:58:0b:5c:af:4b:58:e0:25:6f:4f:
25:71:c5:99:79:9d:c7:c3:96:60:df:0b:25:f8:d1:c0:1d:5d:
0c:27:c7:f6:53:e6:18:8f:4f:80:66:d9:c9:59:d1:74:75:91:
e4:e5:51:c3:68:14:3f:93:4f:67:2b:d8:03:85:ed:6c:86:4e:
cf:15:c7:00:7a:47:91:0a:97:67:9c:60:2c:b9:2e:b1:5c:f9:
42:ca:d3:22:9e:29:37:98:0f:f3:a7:02:0c:82:1a:6d:cd:34:
8c:71:0d:bb
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUXd2yQmHDOQYDdrMhtj8ltz2QPm8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MjYyMDAwMTFaFw0yNTEwMzEyMzU5NTlaMHoxSTBHBgNV
BAUTQDBkOTUyZDIzYjU3ZDgzODY1MDc4NThlMGI4MDRiZmQzNGMyZDg0MzVlZDk5
ZTIwMTNkNTI3ZDE0MTZjZThkODkxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKupzM4cNzXbZNqY2NmttgsRarV09dxzivKj1ynA0gU7XaMF41WKRDbp47so
+Coba3PkT1qxpiHOkrSBqYG+x9v7mDBv7oqMs2dVu9VvkmYE9L+XZUP3BhE9ltn4
YKTycv9arjlKnpPoazhFkiWwxl0CGZLOFh7TBYqcKzzTeRGTQLLVCQAAM/GwwLFr
TEvAvu9wrgFzz4NwRp+ocY09G/5rA9sPTMuZ9EwhKvQpDMdOp2bscin8ul1wckJv
zEfMOIyuA0Pl6EplqxHKNw2mmS6a3ud7PAhPLkEwZQjuC6msaFeUL8rILeSOzZ2M
Fq8SxI6WpUIhLNPTH5Ub8bsvbh8CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBSTRKbq
wxgQmnQk4Fl714GP2DwqqTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
ZjdmY2NjMmEtYWE4YS00Y2JjLTg5ZDctZDZhOGNhMTIxYmEwLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGBCoF0BkA
MA0GCSqGSIb3DQEBCwUAA4IBAQCJw8H/wsOGOW2M0xttRx4Qri4lD/avNjh1Kwxt
gcDNLv1GTjOVKV7iXvlUviuML2XBHQ57ZQVc1lrhcnsYb6heH0b4hea5SzTBGgB4
HpCuzn6evK8BKu2i2DeHGHPnKTQb4jQVRcPAMnGkJ53POcclXwrwMMZFAnX+O1pj
5Bg/qW5GoBiDCYI9AQhIyj5fsBfDBQX77XBfcVgLXK9LWOAlb08lccWZeZ3Hw5Zg
3wsl+NHAHV0MJ8f2U+YYj0+AZtnJWdF0dZHk5VHDaBQ/k09nK9gDhe1shk7PFccA
ekeRCpdnnGAsuS6xXPlCytMinik3mA/zpwIMghptzTSMcQ27
-----END CERTIFICATE-----
Generated at Mon Oct 20 12:52:23 2025 by rpki-client