Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/84b89066-b432-45c3-befb-ffa2b4be3b71.roa
File: 84b89066-b432-45c3-befb-ffa2b4be3b71.roa (raw, json)
Hash identifier: Q0s/mFNmvkJPxbcfxaWgxuib1p3q4uCMg12kZ1Kaht4=
Subject key identifier: 14:57:87:05:C4:04:43:08:51:EC:75:25:55:F7:E8:01:F4:BF:8F:7B
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 4DF21FBE21D80E19649EC9D6F0BA86921D049808
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/84b89066-b432-45c3-befb-ffa2b4be3b71.roa
Signing time: Tue 21 Oct 2025 14:20:11 +0000
ROA not before: Tue 21 Oct 2025 14:20:11 +0000
ROA not after: Tue 25 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d078:4000::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 06 Nov 2025 12:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
4d:f2:1f:be:21:d8:0e:19:64:9e:c9:d6:f0:ba:86:92:1d:04:98:08
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Oct 21 14:20:11 2025 GMT
Not After : Nov 25 23:59:59 2025 GMT
Subject: serialNumber=aa5c38143b0289e943d44f430dde9d169ab042cf8ea27d8bde8fee5877f52e80, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ed:37:e4:08:d9:2e:90:bc:80:11:ea:40:48:4a:
48:b6:15:87:57:90:b6:59:da:82:80:5c:02:bb:42:
cd:bd:69:73:0a:63:b4:1f:ce:34:c1:ed:90:a4:da:
df:a0:3c:25:e9:4c:86:63:33:85:2c:3c:23:38:d9:
76:87:c4:3f:a1:9b:15:bb:4c:c4:cc:5e:6b:f1:9b:
61:b2:ae:ee:66:ed:7e:ba:f2:41:8c:40:8d:75:14:
e6:ce:65:65:ed:33:51:57:7f:2d:3f:63:e5:ca:6a:
49:f3:cb:c9:e4:d9:29:25:bd:fc:5f:40:b6:ef:f6:
47:3e:ee:06:22:4b:31:2e:56:53:42:0e:c2:48:17:
f5:ad:aa:9e:74:65:36:e6:12:50:1a:b1:ff:40:2c:
6f:97:32:16:59:37:aa:ae:08:92:b7:9d:11:48:61:
d2:6f:24:3b:88:5e:3a:fe:df:3b:45:6c:cf:e1:5d:
a2:c4:06:72:77:85:36:31:b2:49:fc:78:a4:f8:d7:
aa:7e:c6:1f:c6:2f:f6:54:20:55:e6:cf:d4:32:85:
23:45:e7:ce:0c:0c:8c:ba:6f:37:97:82:5e:8b:a5:
f5:77:59:56:b2:a7:90:fa:e1:74:7a:89:40:c1:38:
0c:b5:a1:82:24:4a:8b:b8:f4:67:de:d4:f5:35:27:
29:03
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
14:57:87:05:C4:04:43:08:51:EC:75:25:55:F7:E8:01:F4:BF:8F:7B
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/84b89066-b432-45c3-befb-ffa2b4be3b71.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d078:4000::/40
Signature Algorithm: sha256WithRSAEncryption
05:46:66:8a:4a:41:ec:3f:7f:67:a1:e4:73:5b:74:66:6d:a8:
dd:04:85:04:79:91:8e:6c:d0:36:16:f1:4e:31:01:67:54:ad:
ad:3a:38:91:7b:80:c4:06:49:a1:d5:e8:ec:f4:1d:a9:cd:85:
85:da:4c:51:38:20:2d:b6:3b:1b:30:a8:12:db:7a:e0:cb:2c:
43:20:16:09:e7:40:a7:53:50:6a:c9:b2:a8:67:38:75:fa:19:
97:b9:9a:11:ca:2c:c5:37:d7:8b:5f:78:b4:c8:a2:df:52:28:
16:d2:7d:88:64:6a:fe:fe:cf:46:ac:a2:94:7f:6d:a0:dd:2c:
ea:3c:0f:d5:b2:9c:74:ad:90:c8:f3:c2:8c:33:2f:d0:0e:1b:
39:5a:ee:bb:87:8e:0c:57:99:9d:d8:ad:ea:2d:9f:e7:19:05:
3f:ff:d3:63:c4:bc:22:b6:98:19:bc:38:6c:b9:2e:e1:f8:2c:
8d:ff:e2:ee:cc:0e:25:9f:d9:59:9e:76:d2:b3:25:73:03:46:
0e:35:a0:2d:63:5f:7f:59:67:e7:13:b2:30:b0:fa:5d:5a:3c:
52:c7:26:c7:39:66:b7:22:e6:43:62:3c:ad:b7:95:83:a0:fc:
68:eb:29:31:54:1d:5b:70:59:f5:e4:fc:d3:ac:15:d5:14:5a:
cd:c6:4a:ab
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUTfIfviHYDhlknsnW8LqGkh0EmAgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMjExNDIwMTFaFw0yNTExMjUyMzU5NTlaMHoxSTBHBgNV
BAUTQGFhNWMzODE0M2IwMjg5ZTk0M2Q0NGY0MzBkZGU5ZDE2OWFiMDQyY2Y4ZWEy
N2Q4YmRlOGZlZTU4NzdmNTJlODAxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAO035AjZLpC8gBHqQEhKSLYVh1eQtlnagoBcArtCzb1pcwpjtB/ONMHtkKTa
36A8JelMhmMzhSw8IzjZdofEP6GbFbtMxMxea/GbYbKu7mbtfrryQYxAjXUU5s5l
Ze0zUVd/LT9j5cpqSfPLyeTZKSW9/F9Atu/2Rz7uBiJLMS5WU0IOwkgX9a2qnnRl
NuYSUBqx/0Asb5cyFlk3qq4IkredEUhh0m8kO4heOv7fO0Vsz+FdosQGcneFNjGy
Sfx4pPjXqn7GH8Yv9lQgVebP1DKFI0XnzgwMjLpvN5eCXoul9XdZVrKnkPrhdHqJ
QME4DLWhgiRKi7j0Z97U9TUnKQMCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBQUV4cF
xARDCFHsdSVV9+gB9L+PezAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
ODRiODkwNjYtYjQzMi00NWMzLWJlZmItZmZhMmI0YmUzYjcxLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0HhA
MA0GCSqGSIb3DQEBCwUAA4IBAQAFRmaKSkHsP39noeRzW3RmbajdBIUEeZGObNA2
FvFOMQFnVK2tOjiRe4DEBkmh1ejs9B2pzYWF2kxROCAttjsbMKgS23rgyyxDIBYJ
50CnU1BqybKoZzh1+hmXuZoRyizFN9eLX3i0yKLfUigW0n2IZGr+/s9GrKKUf22g
3SzqPA/Vspx0rZDI88KMMy/QDhs5Wu67h44MV5md2K3qLZ/nGQU//9NjxLwitpgZ
vDhsuS7h+CyN/+LuzA4ln9lZnnbSsyVzA0YONaAtY19/WWfnE7IwsPpdWjxSxybH
OWa3IuZDYjytt5WDoPxo6ykxVB1bcFn15PzTrBXVFFrNxkqr
-----END CERTIFICATE-----
Generated at Wed Nov 5 19:10:56 2025 by rpki-client