Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/fb455f5d-6ce6-4373-b5bc-1c1e034a148a.roa
File: fb455f5d-6ce6-4373-b5bc-1c1e034a148a.roa (raw, json)
Hash identifier: ukJje2O5+7SovRpRadDEkLtqFWBFPbFcI/CenRqVFqI=
Subject key identifier: 66:DD:A3:CD:CA:5B:5A:EC:54:5D:9E:7B:3E:2F:A3:92:F0:88:20:52
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 3AFAFDF77CD3B6CE7E26D58369D1F36FAB41D1AD
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/fb455f5d-6ce6-4373-b5bc-1c1e034a148a.roa
Signing time: Fri 26 Sep 2025 18:41:10 +0000
ROA not before: Fri 26 Sep 2025 18:41:10 +0000
ROA not after: Fri 31 Oct 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d000:4060::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 21 Oct 2025 09:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
3a:fa:fd:f7:7c:d3:b6:ce:7e:26:d5:83:69:d1:f3:6f:ab:41:d1:ad
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Sep 26 18:41:10 2025 GMT
Not After : Oct 31 23:59:59 2025 GMT
Subject: serialNumber=14110ae0a82c1c2b9f8bfc19033ebddbc4250813611314920d62b94d62b67579, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c0:a4:d1:be:8f:44:fb:99:fd:7e:cd:6d:c8:c4:
58:92:07:0a:b5:33:52:32:68:50:70:30:82:ce:31:
f4:2e:bd:92:2d:43:a7:c1:7a:0d:6e:a2:9c:67:a1:
5d:a6:b6:b0:19:4c:24:cc:32:a2:20:aa:ba:d9:2d:
ac:2d:61:9d:01:ba:c2:50:8e:27:b3:2e:d0:89:c6:
0a:33:0f:3a:39:7e:de:01:bc:e2:ef:78:ae:50:61:
ae:02:da:51:81:cd:ae:90:5c:f0:02:99:73:fa:1b:
85:76:49:87:63:72:12:d0:75:d9:a0:de:1a:ba:f7:
ab:83:4a:5e:6c:55:e5:02:0b:69:ce:d0:50:39:76:
85:be:dc:da:bc:39:3a:f9:69:a8:ee:c7:68:a9:e9:
e0:43:11:c8:30:bd:fe:8c:97:28:31:ed:27:8e:98:
9a:c7:72:59:3c:2e:77:8a:b2:44:f1:2f:bc:ed:47:
5e:9d:bd:61:f3:16:28:81:49:e5:48:cd:79:36:ac:
ec:25:60:cb:3e:c7:e3:f1:48:75:8e:82:99:4c:d7:
e8:34:87:66:59:d2:c6:ca:da:ba:55:3e:ae:39:78:
1c:de:2f:6a:d5:e2:1a:9e:87:a4:27:07:63:a8:56:
f3:3a:24:b9:af:88:ad:f5:72:dd:a7:2d:c3:83:53:
9a:41
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
66:DD:A3:CD:CA:5B:5A:EC:54:5D:9E:7B:3E:2F:A3:92:F0:88:20:52
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/fb455f5d-6ce6-4373-b5bc-1c1e034a148a.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d000:4060::/48
Signature Algorithm: sha256WithRSAEncryption
bc:e0:ac:14:64:82:b6:17:3d:15:42:86:21:ec:f5:0d:8d:fa:
26:b6:58:cb:2a:c8:b7:c5:ce:55:dc:97:ae:92:2d:bb:c6:1a:
fa:08:28:ed:67:69:8e:2f:2b:63:1d:ab:e8:9a:98:33:9f:42:
bc:ad:dd:5b:31:d4:ef:c8:b7:bc:81:93:6a:bd:fb:c2:19:ca:
c2:75:77:65:33:9a:1b:ac:58:bd:a2:ce:7b:ff:67:4f:10:fe:
60:80:9e:5a:a6:4f:5c:03:4a:c2:d2:10:64:8a:11:c7:56:e1:
12:df:ac:6c:c4:33:20:dc:c6:1f:5a:e8:72:e6:64:8b:30:a9:
5c:2a:a3:68:84:2b:07:c2:be:86:88:e9:c9:4d:25:cb:aa:e8:
86:e7:9d:22:1b:c9:eb:d4:c5:96:d5:08:f5:89:16:76:ef:6e:
a8:95:b1:dc:0c:91:45:7f:f0:4a:37:ea:cb:d2:df:e8:f7:20:
4f:79:2e:0b:df:92:c9:fe:7d:f0:7f:3e:c7:ff:bf:6c:af:6b:
7a:f3:3f:d2:59:3f:8c:e6:c9:b4:ae:f3:1e:db:91:b2:14:9a:
97:c4:4e:8b:58:82:bb:30:8d:3e:e9:a7:e4:7f:6c:70:ec:13:
79:db:77:b8:d6:49:d5:f6:70:2d:6c:21:07:02:98:59:62:67:
5c:46:e5:43
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUOvr993zTts5+JtWDadHzb6tB0a0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MjYxODQxMTBaFw0yNTEwMzEyMzU5NTlaMHoxSTBHBgNV
BAUTQDE0MTEwYWUwYTgyYzFjMmI5ZjhiZmMxOTAzM2ViZGRiYzQyNTA4MTM2MTEz
MTQ5MjBkNjJiOTRkNjJiNjc1NzkxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMCk0b6PRPuZ/X7NbcjEWJIHCrUzUjJoUHAwgs4x9C69ki1Dp8F6DW6inGeh
Xaa2sBlMJMwyoiCqutktrC1hnQG6wlCOJ7Mu0InGCjMPOjl+3gG84u94rlBhrgLa
UYHNrpBc8AKZc/obhXZJh2NyEtB12aDeGrr3q4NKXmxV5QILac7QUDl2hb7c2rw5
OvlpqO7HaKnp4EMRyDC9/oyXKDHtJ46YmsdyWTwud4qyRPEvvO1HXp29YfMWKIFJ
5UjNeTas7CVgyz7H4/FIdY6CmUzX6DSHZlnSxsraulU+rjl4HN4vatXiGp6HpCcH
Y6hW8zokua+IrfVy3actw4NTmkECAwEAAaOCAiQwggIgMB0GA1UdDgQWBBRm3aPN
ylta7FRdnns+L6OS8IggUjAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
ZmI0NTVmNWQtNmNlNi00MzczLWI1YmMtMWMxZTAzNGExNDhhLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0ABA
YDANBgkqhkiG9w0BAQsFAAOCAQEAvOCsFGSCthc9FUKGIez1DY36JrZYyyrIt8XO
VdyXrpItu8Ya+ggo7Wdpji8rYx2r6JqYM59CvK3dWzHU78i3vIGTar37whnKwnV3
ZTOaG6xYvaLOe/9nTxD+YICeWqZPXANKwtIQZIoRx1bhEt+sbMQzINzGH1rocuZk
izCpXCqjaIQrB8K+hojpyU0ly6rohuedIhvJ69TFltUI9YkWdu9uqJWx3AyRRX/w
Sjfqy9Lf6PcgT3kuC9+Syf598H8+x/+/bK9revM/0lk/jObJtK7zHtuRshSal8RO
i1iCuzCNPumn5H9scOwTedt3uNZJ1fZwLWwhBwKYWWJnXEblQw==
-----END CERTIFICATE-----
Generated at Mon Oct 20 13:47:08 2025 by rpki-client