Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/a78aefb4-d1eb-4a11-9899-bf6729e18ccd.roa
File: a78aefb4-d1eb-4a11-9899-bf6729e18ccd.roa (raw, json)
Hash identifier: m4oAX29wm9B1IPzK4+9UBUf7J6oL/Y/2waeiV74z1hE=
Subject key identifier: 7F:63:CF:43:BF:6A:30:E0:11:D7:85:67:A9:CE:7B:94:F1:8E:61:0C
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 224C7720037F65C53147F7B66C041158844D1CDF
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/a78aefb4-d1eb-4a11-9899-bf6729e18ccd.roa
Signing time: Tue 04 Nov 2025 03:00:06 +0000
ROA not before: Tue 04 Nov 2025 03:00:06 +0000
ROA not after: Tue 09 Dec 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d074:b000::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 06 Nov 2025 12:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
22:4c:77:20:03:7f:65:c5:31:47:f7:b6:6c:04:11:58:84:4d:1c:df
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Nov 4 03:00:06 2025 GMT
Not After : Dec 9 23:59:59 2025 GMT
Subject: serialNumber=85b891c730c281803f14de2f2988408cc6c8a7ea5970c67ead1c699b30ef4ac4, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:91:26:c4:36:f0:d1:1d:76:f9:de:26:03:c7:30:
7e:c0:f1:f4:03:8a:0f:68:d7:2c:53:c5:17:0f:cc:
c3:a9:f8:17:b8:cd:45:d3:f8:98:29:07:08:74:98:
2e:72:dd:fa:a9:c8:d7:77:33:17:39:22:4b:9e:04:
e8:a2:b9:89:87:86:6b:17:73:5e:29:eb:a4:72:72:
8c:d4:6e:00:d3:a3:8b:55:03:d0:be:25:c2:7b:56:
8c:4f:4e:a6:9c:8e:49:bc:2e:95:e7:6d:f8:2d:9d:
c6:7c:61:d9:00:e7:60:5e:49:f5:48:b4:ad:9a:32:
28:22:d3:9a:c9:6b:0e:d2:97:1f:21:17:f5:9c:cc:
d9:1f:be:75:a4:be:0c:30:d2:40:65:1d:ea:98:ff:
27:fc:83:05:54:fb:8b:94:ef:43:99:0f:47:08:11:
f7:d4:2c:a2:6c:b7:bf:ec:d6:dc:cf:1d:9c:c9:9a:
59:f9:21:66:97:52:58:74:3a:1f:69:a0:c0:39:09:
41:20:d0:bb:3c:92:bb:cd:1d:52:b2:7f:d7:84:5a:
f5:ba:fd:8a:03:ef:84:6d:d8:6d:55:21:aa:d1:91:
15:f2:96:03:c5:d8:d1:48:3d:04:e3:44:b7:85:48:
39:8d:8b:c9:95:cf:52:66:80:76:a2:64:a2:8f:76:
6f:93
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7F:63:CF:43:BF:6A:30:E0:11:D7:85:67:A9:CE:7B:94:F1:8E:61:0C
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/a78aefb4-d1eb-4a11-9899-bf6729e18ccd.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d074:b000::/40
Signature Algorithm: sha256WithRSAEncryption
5d:41:64:79:cd:c3:5a:c2:73:02:7a:dd:70:9b:f8:fc:76:dc:
93:3b:3e:d0:c2:2c:12:b4:f8:ae:8d:2e:86:cd:13:ec:d4:9d:
ca:e5:0c:96:25:cd:57:78:42:63:66:0b:2b:db:c9:fc:be:98:
e0:12:22:77:ff:fc:33:9a:97:4d:00:84:a5:86:f0:37:11:c6:
0b:74:db:a1:e1:97:43:04:f8:e6:d6:cb:ee:11:fe:1f:11:1a:
07:c7:cb:9c:04:6e:44:6c:7b:36:c2:68:fc:86:76:7a:9c:23:
2d:a9:1e:17:aa:1b:15:94:e8:e8:4a:fb:52:b5:a6:10:61:9c:
88:f9:3a:c8:93:f4:bd:fd:de:6c:0d:41:d1:82:41:00:da:b2:
a7:a6:cc:86:2b:01:f3:3a:60:0f:15:35:95:fc:1b:fa:cd:2a:
2a:a8:57:50:3b:56:d5:e1:05:95:dc:bb:46:e1:f4:d1:58:a9:
93:94:3b:4a:38:73:d3:4b:10:cf:9a:28:56:fc:71:1d:5d:bc:
76:d4:df:03:3b:7b:e2:32:d1:19:b2:18:5a:0c:69:5f:6f:a6:
8b:6c:b7:8d:5e:8a:16:2e:73:d1:42:dd:00:cb:f5:b5:b3:92:
31:2b:30:2e:e3:93:c4:fb:3e:5c:78:58:4f:4d:e7:a5:48:6d:
3b:45:3e:44
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUIkx3IAN/ZcUxR/e2bAQRWIRNHN8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTExMDQwMzAwMDZaFw0yNTEyMDkyMzU5NTlaMHoxSTBHBgNV
BAUTQDg1Yjg5MWM3MzBjMjgxODAzZjE0ZGUyZjI5ODg0MDhjYzZjOGE3ZWE1OTcw
YzY3ZWFkMWM2OTliMzBlZjRhYzQxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJEmxDbw0R12+d4mA8cwfsDx9AOKD2jXLFPFFw/Mw6n4F7jNRdP4mCkHCHSY
LnLd+qnI13czFzkiS54E6KK5iYeGaxdzXinrpHJyjNRuANOji1UD0L4lwntWjE9O
ppyOSbwuledt+C2dxnxh2QDnYF5J9Ui0rZoyKCLTmslrDtKXHyEX9ZzM2R++daS+
DDDSQGUd6pj/J/yDBVT7i5TvQ5kPRwgR99Qsomy3v+zW3M8dnMmaWfkhZpdSWHQ6
H2mgwDkJQSDQuzySu80dUrJ/14Ra9br9igPvhG3YbVUhqtGRFfKWA8XY0Ug9BONE
t4VIOY2LyZXPUmaAdqJkoo92b5MCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBR/Y89D
v2ow4BHXhWepznuU8Y5hDDAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
YTc4YWVmYjQtZDFlYi00YTExLTk4OTktYmY2NzI5ZTE4Y2NkLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0HSw
MA0GCSqGSIb3DQEBCwUAA4IBAQBdQWR5zcNawnMCet1wm/j8dtyTOz7QwiwStPiu
jS6GzRPs1J3K5QyWJc1XeEJjZgsr28n8vpjgEiJ3//wzmpdNAISlhvA3EcYLdNuh
4ZdDBPjm1svuEf4fERoHx8ucBG5EbHs2wmj8hnZ6nCMtqR4XqhsVlOjoSvtStaYQ
YZyI+TrIk/S9/d5sDUHRgkEA2rKnpsyGKwHzOmAPFTWV/Bv6zSoqqFdQO1bV4QWV
3LtG4fTRWKmTlDtKOHPTSxDPmihW/HEdXbx21N8DO3viMtEZshhaDGlfb6aLbLeN
XooWLnPRQt0Ay/W1s5IxKzAu45PE+z5ceFhPTeelSG07RT5E
-----END CERTIFICATE-----
Generated at Wed Nov 5 20:28:38 2025 by rpki-client