Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/28840fdb-fbc9-4b51-b09b-bc08d6342ea7.roa
File: 28840fdb-fbc9-4b51-b09b-bc08d6342ea7.roa (raw, json)
Hash identifier: +E6tKPvofIm/eK26hzi+mbMIlU1rTCn+GkzqQ5Iqz3E=
Subject key identifier: AE:8B:74:A2:0B:01:91:96:B9:79:0C:07:9C:2E:70:1B:4E:CB:D3:98
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 27BDE66A2F0EC8FA028EE1C547E8F1037929C0C4
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/28840fdb-fbc9-4b51-b09b-bc08d6342ea7.roa
Signing time: Tue 04 Nov 2025 03:00:06 +0000
ROA not before: Tue 04 Nov 2025 03:00:06 +0000
ROA not after: Tue 09 Dec 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d074:1000::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 06 Nov 2025 12:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
27:bd:e6:6a:2f:0e:c8:fa:02:8e:e1:c5:47:e8:f1:03:79:29:c0:c4
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Nov 4 03:00:06 2025 GMT
Not After : Dec 9 23:59:59 2025 GMT
Subject: serialNumber=7f71de95e0f566f607035bb9010220371b2c056e3e4ad2776e5fcdfd96fdbc30, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:de:4c:bc:ac:f0:2b:5d:60:c6:33:5a:36:2d:a6:
f0:b5:ac:02:21:54:b4:18:db:17:a9:4b:53:b9:d0:
ce:b6:22:ab:61:6b:39:10:ab:b4:78:fa:1c:2a:80:
b9:58:8f:ff:8c:d9:be:07:a0:8f:39:60:35:f4:f9:
75:0c:52:ee:bd:af:97:70:24:ab:cb:63:19:37:39:
ce:c3:c3:4b:66:84:8b:8a:bc:1d:35:7a:8f:4f:a4:
4a:ac:8e:61:e4:1d:39:33:35:ad:dd:db:23:03:6a:
01:c2:a9:20:9b:45:3d:74:70:33:f6:51:5c:53:d1:
dc:50:87:22:50:3a:bd:03:0c:8d:9d:59:bf:4a:81:
ee:d8:dd:14:13:6f:17:0d:cd:cd:ec:6d:10:cf:72:
1b:f3:51:b1:e6:46:54:d9:6b:57:b4:5a:d1:3c:51:
9f:27:31:01:d9:0c:45:32:d5:6e:bf:55:5b:6f:b6:
02:21:e3:1b:d9:56:7a:27:7e:5c:07:bb:d1:b6:f9:
95:8b:71:af:76:00:e5:1a:c2:72:b6:dd:25:52:93:
f4:38:f8:ba:2f:e6:f5:fa:9c:70:21:b0:78:a8:17:
34:cb:42:e6:a3:d2:56:e8:7c:4a:ac:ac:81:b3:36:
15:44:0f:ff:5a:c7:59:1e:97:43:68:4f:c8:6e:72:
17:17
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AE:8B:74:A2:0B:01:91:96:B9:79:0C:07:9C:2E:70:1B:4E:CB:D3:98
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/28840fdb-fbc9-4b51-b09b-bc08d6342ea7.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d074:1000::/40
Signature Algorithm: sha256WithRSAEncryption
2f:54:4f:18:26:3d:cb:b2:a7:7f:56:9a:08:40:81:1a:7f:54:
10:cf:d1:8d:10:c5:d1:1b:8c:00:4c:ac:0a:8e:c6:e9:8e:69:
1e:06:6f:f6:4b:0c:a9:da:31:73:24:e9:f0:b4:0f:6d:75:e2:
7d:97:11:3d:9e:0b:db:4b:c2:6d:de:c0:1a:88:0e:4a:9b:ce:
19:ce:e0:dd:d2:b8:b3:a7:40:e6:50:6d:de:0d:24:3a:59:d2:
2f:86:33:a7:8b:0e:1c:e0:c9:f1:4b:70:96:2e:fb:81:cd:1f:
61:c8:3c:05:c0:45:fd:9a:61:3a:74:53:8d:46:aa:6a:d2:48:
5c:22:a6:ac:1f:e6:24:49:14:66:82:70:2f:53:02:9d:d1:0b:
26:d9:6b:a8:eb:be:0f:41:9e:b2:a1:0a:ca:9a:bd:7c:a5:ed:
04:2b:16:d0:3b:81:30:95:91:fa:8a:98:08:72:8a:b4:1b:cd:
2c:41:d9:0f:52:1d:cf:74:c0:a5:57:58:ac:82:0f:e1:3b:ee:
2f:33:00:74:35:83:10:45:91:b2:c9:c8:8d:47:37:8b:77:04:
e0:ca:ac:78:d0:57:f6:09:31:f3:8b:96:7f:d5:60:1f:c3:d5:
16:b2:c7:d4:b8:a8:c7:a6:2f:43:c7:1b:57:fc:53:ca:0b:f2:
40:ee:c5:db
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUJ73mai8OyPoCjuHFR+jxA3kpwMQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTExMDQwMzAwMDZaFw0yNTEyMDkyMzU5NTlaMHoxSTBHBgNV
BAUTQDdmNzFkZTk1ZTBmNTY2ZjYwNzAzNWJiOTAxMDIyMDM3MWIyYzA1NmUzZTRh
ZDI3NzZlNWZjZGZkOTZmZGJjMzAxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAN5MvKzwK11gxjNaNi2m8LWsAiFUtBjbF6lLU7nQzrYiq2FrORCrtHj6HCqA
uViP/4zZvgegjzlgNfT5dQxS7r2vl3Akq8tjGTc5zsPDS2aEi4q8HTV6j0+kSqyO
YeQdOTM1rd3bIwNqAcKpIJtFPXRwM/ZRXFPR3FCHIlA6vQMMjZ1Zv0qB7tjdFBNv
Fw3NzextEM9yG/NRseZGVNlrV7Ra0TxRnycxAdkMRTLVbr9VW2+2AiHjG9lWeid+
XAe70bb5lYtxr3YA5RrCcrbdJVKT9Dj4ui/m9fqccCGweKgXNMtC5qPSVuh8Sqys
gbM2FUQP/1rHWR6XQ2hPyG5yFxcCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBSui3Si
CwGRlrl5DAecLnAbTsvTmDAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
Mjg4NDBmZGItZmJjOS00YjUxLWIwOWItYmMwOGQ2MzQyZWE3LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0HQQ
MA0GCSqGSIb3DQEBCwUAA4IBAQAvVE8YJj3Lsqd/VpoIQIEaf1QQz9GNEMXRG4wA
TKwKjsbpjmkeBm/2Swyp2jFzJOnwtA9tdeJ9lxE9ngvbS8Jt3sAaiA5Km84ZzuDd
0rizp0DmUG3eDSQ6WdIvhjOniw4c4MnxS3CWLvuBzR9hyDwFwEX9mmE6dFONRqpq
0khcIqasH+YkSRRmgnAvUwKd0Qsm2Wuo674PQZ6yoQrKmr18pe0EKxbQO4EwlZH6
ipgIcoq0G80sQdkPUh3PdMClV1isgg/hO+4vMwB0NYMQRZGyyciNRzeLdwTgyqx4
0Ff2CTHzi5Z/1WAfw9UWssfUuKjHpi9DxxtX/FPKC/JA7sXb
-----END CERTIFICATE-----
Generated at Wed Nov 5 20:28:14 2025 by rpki-client