Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/fc3cf1ff-209d-46f6-a7dd-a7ba5d5bfba7.roa
File: fc3cf1ff-209d-46f6-a7dd-a7ba5d5bfba7.roa (raw, json)
Hash identifier: D2fuWkgpdQ4IdIaquDVlMZuoMOvO8uLNtvlVWjEQGJE=
Subject key identifier: D0:8F:FB:63:17:02:97:2F:85:16:10:90:82:F4:94:40:CF:76:B2:67
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 18C304CD9E0000D2CFDF06AF9DC89436CA70E981
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/fc3cf1ff-209d-46f6-a7dd-a7ba5d5bfba7.roa
Signing time: Fri 26 Sep 2025 18:50:50 +0000
ROA not before: Fri 26 Sep 2025 18:50:50 +0000
ROA not after: Fri 31 Oct 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d038:8000::/40 maxlen: 40
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 21 Oct 2025 13:42:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
18:c3:04:cd:9e:00:00:d2:cf:df:06:af:9d:c8:94:36:ca:70:e9:81
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Sep 26 18:50:50 2025 GMT
Not After : Oct 31 23:59:59 2025 GMT
Subject: serialNumber=a7cdaaae4e133359405ad170d1718c3f34f156191e7116577391f3ed7e45bbef, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:af:0d:e5:4d:7f:1e:98:d3:af:d0:b5:35:c2:11:
45:28:5f:af:4f:bd:2c:67:65:38:b6:c7:09:6a:b5:
6c:e6:0c:6a:b3:87:3a:5f:e5:68:f1:bb:e4:75:38:
9f:79:71:56:1d:79:fd:9b:d8:b6:99:a9:f5:57:58:
d2:5d:65:b5:88:e2:8d:fb:fc:c5:d4:5a:ef:ec:96:
ab:dc:fd:7b:63:0c:e9:08:54:ad:63:54:2c:f8:04:
01:6a:c4:4a:9d:d4:0e:8f:63:dc:1e:86:4a:4f:90:
2e:91:9b:02:ee:dc:c1:e3:bb:b1:57:86:a2:9a:b9:
17:57:37:ba:01:b9:be:1b:33:8b:84:c9:91:57:bd:
d0:cd:43:a4:e8:47:4b:2c:8d:10:a3:e9:19:36:4f:
32:43:5e:86:5f:49:c4:d3:14:8b:a2:30:02:0e:88:
a6:63:1d:90:a8:e9:e8:bb:eb:84:d4:ce:d1:26:94:
ee:a4:1a:f2:6d:4a:7f:7f:cf:60:c2:1d:47:a9:34:
23:42:81:94:76:11:19:8f:17:0b:dd:41:50:14:39:
68:51:54:12:9f:0a:88:76:47:fb:eb:64:96:38:1d:
03:9f:f8:cf:28:dd:0f:5a:8f:f6:d6:4a:00:48:49:
03:31:26:b8:73:ba:52:3d:2d:21:8f:7e:af:05:fb:
7c:bb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D0:8F:FB:63:17:02:97:2F:85:16:10:90:82:F4:94:40:CF:76:B2:67
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/fc3cf1ff-209d-46f6-a7dd-a7ba5d5bfba7.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d038:8000::/40
Signature Algorithm: sha256WithRSAEncryption
88:ba:d4:08:45:3a:50:5d:d3:f1:c4:c5:7e:84:e6:17:f7:13:
2e:91:29:4e:88:c5:93:1c:71:30:4d:d9:9f:96:35:60:50:8c:
45:e1:a8:c0:02:1c:d1:89:fa:f2:08:18:84:ab:be:78:7d:1a:
58:f3:a2:19:ab:13:42:32:8e:e8:58:f4:e5:0c:46:84:fe:ec:
c9:35:27:7b:0b:76:67:65:31:3d:31:d2:2c:10:49:fd:a7:0f:
2d:69:57:bd:4b:d0:e4:fa:83:ce:1d:ae:61:5d:f2:8f:31:5c:
5a:c2:e3:87:bf:91:63:6a:9f:9d:55:90:f1:7c:fe:29:b9:f7:
87:d4:71:1a:03:d6:22:51:09:08:2a:f8:71:2f:f6:56:0e:25:
5a:bc:d5:30:17:f2:90:4e:41:d9:79:99:15:7b:e2:f7:67:38:
2b:9e:ce:d7:be:a1:62:8d:9c:6c:a4:56:53:6b:8c:f9:d4:e3:
b6:48:ec:6c:00:8c:08:ff:97:f0:43:1b:17:25:15:5f:fa:ff:
b1:72:40:bf:ca:7a:0a:81:08:c8:a2:f9:c5:6d:3c:29:3b:46:
2d:6c:1a:21:4a:27:de:cd:0f:ae:dd:15:a2:07:08:c0:17:e3:
78:37:d9:1b:a9:0a:64:7a:57:e8:6e:af:d5:33:5d:1c:bc:47:
f7:07:56:18
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUGMMEzZ4AANLP3wavnciUNspw6YEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MjYxODUwNTBaFw0yNTEwMzEyMzU5NTlaMHoxSTBHBgNV
BAUTQGE3Y2RhYWFlNGUxMzMzNTk0MDVhZDE3MGQxNzE4YzNmMzRmMTU2MTkxZTcx
MTY1NzczOTFmM2VkN2U0NWJiZWYxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAK8N5U1/HpjTr9C1NcIRRShfr0+9LGdlOLbHCWq1bOYMarOHOl/laPG75HU4
n3lxVh15/ZvYtpmp9VdY0l1ltYjijfv8xdRa7+yWq9z9e2MM6QhUrWNULPgEAWrE
Sp3UDo9j3B6GSk+QLpGbAu7cweO7sVeGopq5F1c3ugG5vhszi4TJkVe90M1DpOhH
SyyNEKPpGTZPMkNehl9JxNMUi6IwAg6IpmMdkKjp6LvrhNTO0SaU7qQa8m1Kf3/P
YMIdR6k0I0KBlHYRGY8XC91BUBQ5aFFUEp8KiHZH++tkljgdA5/4zyjdD1qP9tZK
AEhJAzEmuHO6Uj0tIY9+rwX7fLsCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBTQj/tj
FwKXL4UWEJCC9JRAz3ayZzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
ZmMzY2YxZmYtMjA5ZC00NmY2LWE3ZGQtYTdiYTVkNWJmYmE3LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0DiA
MA0GCSqGSIb3DQEBCwUAA4IBAQCIutQIRTpQXdPxxMV+hOYX9xMukSlOiMWTHHEw
TdmfljVgUIxF4ajAAhzRifryCBiEq754fRpY86IZqxNCMo7oWPTlDEaE/uzJNSd7
C3ZnZTE9MdIsEEn9pw8taVe9S9Dk+oPOHa5hXfKPMVxawuOHv5Fjap+dVZDxfP4p
ufeH1HEaA9YiUQkIKvhxL/ZWDiVavNUwF/KQTkHZeZkVe+L3Zzgrns7XvqFijZxs
pFZTa4z51OO2SOxsAIwI/5fwQxsXJRVf+v+xckC/ynoKgQjIovnFbTwpO0YtbBoh
SifezQ+u3RWiBwjAF+N4N9kbqQpkelfobq/VM10cvEf3B1YY
-----END CERTIFICATE-----
Generated at Mon Oct 20 23:29:22 2025 by rpki-client