Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/2636a453-2dd9-4fde-9f15-753f76341841.roa
File: 2636a453-2dd9-4fde-9f15-753f76341841.roa (raw, json)
Hash identifier: y63LIx0ZsjIo7oghi6D8k2CumAtUeVw/5oGZPTqQyus=
Subject key identifier: 6A:E5:4F:B3:C1:60:79:3A:80:0F:8F:48:7E:71:FE:33:6B:E7:18:B1
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 4AAED4C2BB0BE73E19B1D1EE3FF4F4971E82F5DF
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/2636a453-2dd9-4fde-9f15-753f76341841.roa
Signing time: Tue 04 Nov 2025 02:51:04 +0000
ROA not before: Tue 04 Nov 2025 02:51:04 +0000
ROA not after: Tue 09 Dec 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d074:a000::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 05 Nov 2025 22:37:02 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
4a:ae:d4:c2:bb:0b:e7:3e:19:b1:d1:ee:3f:f4:f4:97:1e:82:f5:df
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Nov 4 02:51:04 2025 GMT
Not After : Dec 9 23:59:59 2025 GMT
Subject: serialNumber=22be3aa069f16738666e51cba40dffd346286da2f90fec78385ab97361946f7a, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c1:0c:fa:07:c7:f8:ba:69:9a:32:a6:d4:16:d7:
97:8d:92:eb:f6:5d:dc:27:4b:77:c6:54:fa:77:0a:
46:37:02:bf:32:41:46:d2:bb:a7:4f:65:89:96:b0:
54:98:e5:1f:df:f8:0c:e1:73:4b:de:da:9d:14:46:
b4:95:f8:a0:2a:36:e9:d1:c4:a1:4a:7d:37:7f:c9:
ad:84:59:a4:54:6c:16:84:ed:12:85:49:e5:5b:5e:
bc:03:57:76:7c:c4:6d:b5:ef:b9:84:a7:2c:48:1b:
42:9d:4b:ca:3e:16:36:07:38:1e:07:06:0b:5c:eb:
3b:e9:15:77:fb:0f:92:e4:48:50:6a:a5:8a:c3:7d:
9e:ee:38:72:99:0c:bd:0f:4e:91:c4:be:53:5d:71:
78:f9:6b:35:26:ca:f0:f9:15:69:1d:a0:36:22:0a:
b9:dc:91:3b:dc:f3:0c:11:58:0d:20:c1:b5:37:ab:
0e:65:99:1a:63:d6:9a:42:f0:59:12:e3:ce:75:53:
a3:98:9e:86:78:2c:3e:59:74:4f:ef:93:b0:99:3b:
d2:a8:85:a2:6a:cc:d6:37:8f:12:14:79:6d:81:f1:
fc:86:9a:67:14:cd:61:74:24:d6:49:fe:cc:b6:b6:
4b:0e:d7:cf:14:e5:81:ca:2b:18:d6:b0:ea:35:17:
33:bb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6A:E5:4F:B3:C1:60:79:3A:80:0F:8F:48:7E:71:FE:33:6B:E7:18:B1
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/2636a453-2dd9-4fde-9f15-753f76341841.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d074:a000::/40
Signature Algorithm: sha256WithRSAEncryption
16:33:69:35:09:73:bb:7c:5c:b6:fc:60:a1:9a:34:2a:7a:99:
9c:15:84:d5:ac:06:0e:ed:9b:16:67:86:3b:9a:50:84:42:72:
b2:3b:f9:60:68:da:25:75:ce:36:3a:34:70:5e:07:9b:4e:fb:
ff:6e:cb:49:67:61:8a:69:b8:d5:6d:15:c7:c1:dd:9f:90:ef:
2a:d5:d8:ee:13:70:9d:3a:a7:09:32:3b:c0:2c:3f:7b:f0:79:
85:ed:91:16:3a:8b:b3:b1:37:73:5e:20:48:87:c6:99:c2:0e:
2b:7a:e6:dd:15:36:7b:49:f3:03:85:d8:f4:6b:24:a9:79:ac:
b6:9f:89:6d:94:57:76:e4:e4:37:24:9d:0a:39:2d:66:d4:ee:
31:1a:5d:8d:14:b9:eb:5a:fa:53:85:ab:9e:2d:53:79:d2:19:
7e:a5:fe:05:ef:a5:c2:dd:e8:31:3f:ad:c1:16:4c:78:a1:d4:
d7:b8:69:1e:e3:87:4e:cc:18:d4:a4:19:d2:13:b9:45:2e:04:
0b:ca:d0:8a:ea:cf:8f:24:41:aa:c9:6b:f6:3c:dc:66:ed:d2:
6a:60:03:88:d4:c6:7c:ed:5d:4e:68:d0:38:c7:fa:8c:c4:c5:
59:4f:6b:9b:30:a6:0e:33:c8:4c:1a:6d:28:07:7a:dd:9a:52:
65:7e:d4:2a
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUSq7UwrsL5z4ZsdHuP/T0lx6C9d8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTExMDQwMjUxMDRaFw0yNTEyMDkyMzU5NTlaMHoxSTBHBgNV
BAUTQDIyYmUzYWEwNjlmMTY3Mzg2NjZlNTFjYmE0MGRmZmQzNDYyODZkYTJmOTBm
ZWM3ODM4NWFiOTczNjE5NDZmN2ExLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMEM+gfH+LppmjKm1BbXl42S6/Zd3CdLd8ZU+ncKRjcCvzJBRtK7p09liZaw
VJjlH9/4DOFzS97anRRGtJX4oCo26dHEoUp9N3/JrYRZpFRsFoTtEoVJ5VtevANX
dnzEbbXvuYSnLEgbQp1Lyj4WNgc4HgcGC1zrO+kVd/sPkuRIUGqlisN9nu44cpkM
vQ9OkcS+U11xePlrNSbK8PkVaR2gNiIKudyRO9zzDBFYDSDBtTerDmWZGmPWmkLw
WRLjznVTo5iehngsPll0T++TsJk70qiFomrM1jePEhR5bYHx/IaaZxTNYXQk1kn+
zLa2Sw7XzxTlgcorGNaw6jUXM7sCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBRq5U+z
wWB5OoAPj0h+cf4za+cYsTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MjYzNmE0NTMtMmRkOS00ZmRlLTlmMTUtNzUzZjc2MzQxODQxLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0HSg
MA0GCSqGSIb3DQEBCwUAA4IBAQAWM2k1CXO7fFy2/GChmjQqepmcFYTVrAYO7ZsW
Z4Y7mlCEQnKyO/lgaNoldc42OjRwXgebTvv/bstJZ2GKabjVbRXHwd2fkO8q1dju
E3CdOqcJMjvALD978HmF7ZEWOouzsTdzXiBIh8aZwg4reubdFTZ7SfMDhdj0aySp
eay2n4ltlFd25OQ3JJ0KOS1m1O4xGl2NFLnrWvpThaueLVN50hl+pf4F76XC3egx
P63BFkx4odTXuGke44dOzBjUpBnSE7lFLgQLytCK6s+PJEGqyWv2PNxm7dJqYAOI
1MZ87V1OaNA4x/qMxMVZT2ubMKYOM8hMGm0oB3rdmlJlftQq
-----END CERTIFICATE-----
Generated at Wed Nov 5 07:14:33 2025 by rpki-client