Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/4604fc5d-5125-4a3b-890a-3f8830a08b1f.roa
File: 4604fc5d-5125-4a3b-890a-3f8830a08b1f.roa (raw, json)
Hash identifier: U4tdn7rlCKI8S4xOZN5pg4+qNPLLGTkX7L7iVbjAQ8I=
Subject key identifier: F5:4E:2C:81:3A:A5:DC:00:F9:70:BC:A6:15:C4:A1:56:05:57:54:A8
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 4252A2097ED687A97080829BE98D7572CBEB7C33
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/4604fc5d-5125-4a3b-890a-3f8830a08b1f.roa
Signing time: Wed 29 Oct 2025 07:36:41 +0000
ROA not before: Wed 29 Oct 2025 07:36:41 +0000
ROA not after: Wed 03 Dec 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d06a:a0c0::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 06 Nov 2025 21:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
42:52:a2:09:7e:d6:87:a9:70:80:82:9b:e9:8d:75:72:cb:eb:7c:33
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Oct 29 07:36:41 2025 GMT
Not After : Dec 3 23:59:59 2025 GMT
Subject: serialNumber=a8b2b495a9d4c48d9a66d208a280ab002ce29277638e98f64cec0bb33d1b01ad, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9b:45:1d:4d:09:f1:04:62:14:26:f6:4c:68:b4:
fc:3f:3d:71:03:8e:cc:c1:d0:ca:39:a0:4e:39:5c:
81:7c:b6:67:39:9f:57:10:83:71:92:95:c7:c3:a0:
d9:81:af:24:89:6b:86:b2:45:e9:08:9a:0b:1e:b5:
a4:49:33:69:c4:0f:14:96:4b:dd:2e:13:9f:4d:68:
76:66:50:22:48:d4:31:0e:2a:4d:3e:fb:d0:7d:fb:
97:40:a3:af:bc:a0:52:99:92:60:88:b6:22:58:f0:
ea:91:8f:9d:c9:7a:81:ba:2b:15:1b:a9:9b:f6:b3:
d8:22:71:0a:fd:8c:71:98:1f:06:4c:dd:95:9d:8e:
31:95:d4:a1:68:8f:60:60:6d:43:2f:01:57:e9:26:
d9:fd:4c:ed:f3:9b:5c:5f:0b:97:6b:e1:5a:71:b9:
03:f1:86:9f:e6:2c:28:b7:11:8d:f1:ed:40:0d:75:
49:2f:6d:c3:bd:8f:34:30:47:e1:04:ca:7d:b2:c1:
cc:82:d4:ec:58:c1:f5:5b:b3:87:b6:91:4b:73:39:
89:82:33:2b:d4:9e:27:bd:70:4c:3d:3e:82:8b:67:
fe:ee:e0:19:f4:02:01:39:d6:7b:62:a4:67:83:25:
29:28:6d:bb:4d:e6:da:d9:a6:96:17:6a:90:56:39:
42:7b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F5:4E:2C:81:3A:A5:DC:00:F9:70:BC:A6:15:C4:A1:56:05:57:54:A8
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/4604fc5d-5125-4a3b-890a-3f8830a08b1f.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d06a:a0c0::/48
Signature Algorithm: sha256WithRSAEncryption
a8:b9:f1:79:c2:9b:08:b1:2e:d0:84:6c:ad:88:3c:fa:9b:b2:
1e:19:91:aa:fa:53:26:06:4a:02:ee:c3:48:68:56:aa:3e:b5:
7e:4a:4a:4d:1a:95:66:a0:83:9c:01:26:d7:74:44:72:d0:7b:
99:9e:62:b1:07:25:3d:12:4f:b0:22:ed:3e:2b:9b:f7:c9:f8:
e7:c3:ac:7a:ff:38:ff:9d:a8:a4:22:21:fe:3b:51:f2:c1:5d:
2b:24:24:c9:13:1f:6a:c0:c5:bd:39:bd:0e:bf:d8:2f:f0:72:
f0:9c:26:11:df:3d:03:35:f1:1d:2f:c1:c9:2b:70:e7:09:2a:
af:10:6f:c8:23:ea:4c:ea:07:33:7f:08:b1:6a:d9:95:3d:be:
fd:0f:1b:6d:25:6c:9f:98:b6:a8:e7:9f:be:77:ba:1b:6b:76:
c1:df:c7:03:b1:73:0a:71:9e:39:a1:9e:90:f7:95:97:21:62:
46:3e:ec:ac:d7:4c:1d:86:76:c9:f8:a7:33:84:a1:e1:69:65:
b6:80:4f:27:50:92:dd:75:6b:fe:d2:f6:a6:a0:ae:5b:62:75:
4a:fb:db:93:43:69:cc:3b:f6:16:c8:79:11:74:fb:39:e3:92:
d1:bb:77:60:46:3d:4c:5c:7c:b5:56:fe:66:ee:9e:73:de:01:
4a:1f:71:39
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUQlKiCX7Wh6lwgIKb6Y11csvrfDMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMjkwNzM2NDFaFw0yNTEyMDMyMzU5NTlaMHoxSTBHBgNV
BAUTQGE4YjJiNDk1YTlkNGM0OGQ5YTY2ZDIwOGEyODBhYjAwMmNlMjkyNzc2Mzhl
OThmNjRjZWMwYmIzM2QxYjAxYWQxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJtFHU0J8QRiFCb2TGi0/D89cQOOzMHQyjmgTjlcgXy2ZzmfVxCDcZKVx8Og
2YGvJIlrhrJF6QiaCx61pEkzacQPFJZL3S4Tn01odmZQIkjUMQ4qTT770H37l0Cj
r7ygUpmSYIi2Iljw6pGPncl6gborFRupm/az2CJxCv2McZgfBkzdlZ2OMZXUoWiP
YGBtQy8BV+km2f1M7fObXF8Ll2vhWnG5A/GGn+YsKLcRjfHtQA11SS9tw72PNDBH
4QTKfbLBzILU7FjB9Vuzh7aRS3M5iYIzK9SeJ71wTD0+gotn/u7gGfQCATnWe2Kk
Z4MlKShtu03m2tmmlhdqkFY5QnsCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBT1TiyB
OqXcAPlwvKYVxKFWBVdUqDAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NDYwNGZjNWQtNTEyNS00YTNiLTg5MGEtM2Y4ODMwYTA4YjFmLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0Gqg
wDANBgkqhkiG9w0BAQsFAAOCAQEAqLnxecKbCLEu0IRsrYg8+puyHhmRqvpTJgZK
Au7DSGhWqj61fkpKTRqVZqCDnAEm13REctB7mZ5isQclPRJPsCLtPiub98n458Os
ev84/52opCIh/jtR8sFdKyQkyRMfasDFvTm9Dr/YL/By8JwmEd89AzXxHS/ByStw
5wkqrxBvyCPqTOoHM38IsWrZlT2+/Q8bbSVsn5i2qOefvne6G2t2wd/HA7FzCnGe
OaGekPeVlyFiRj7srNdMHYZ2yfinM4Sh4WlltoBPJ1CS3XVr/tL2pqCuW2J1Svvb
k0NpzDv2Fsh5EXT7OeOS0bt3YEY9TFx8tVb+Zu6ec94BSh9xOQ==
-----END CERTIFICATE-----
Generated at Thu Nov 6 05:46:44 2025 by rpki-client