Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/d2b7a4eb-e2de-4458-a759-5125161eb686.roa
File: d2b7a4eb-e2de-4458-a759-5125161eb686.roa (raw, json)
Hash identifier: q8lXXMAUYC6NLDrBqyuB2j8LE7vZvkMNSrNwaNwYN2o=
Subject key identifier: E7:69:A5:CD:97:06:16:52:5A:81:91:E5:95:71:70:8E:64:FB:7B:CE
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 0F6E2F0A85279AB66C30A327720A3A6469D6C212
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/d2b7a4eb-e2de-4458-a759-5125161eb686.roa
Signing time: Tue 04 Nov 2025 02:51:00 +0000
ROA not before: Tue 04 Nov 2025 02:51:00 +0000
ROA not after: Tue 09 Dec 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d059:a000::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 05 Nov 2025 22:37:02 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
0f:6e:2f:0a:85:27:9a:b6:6c:30:a3:27:72:0a:3a:64:69:d6:c2:12
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Nov 4 02:51:00 2025 GMT
Not After : Dec 9 23:59:59 2025 GMT
Subject: serialNumber=353088d094553839141916ee0e9559bf3f83bc9711936b4badf7afc3c79c3547, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9e:e2:ac:a6:d0:9f:4d:23:6e:24:58:cd:a3:fa:
b8:90:be:45:e4:6a:0f:43:3a:26:d3:4e:3f:40:51:
13:93:1a:ce:79:ac:3a:7c:c6:1b:90:f8:42:0b:fb:
33:11:18:45:46:b1:c5:31:43:2f:c5:85:bf:29:01:
db:7b:0d:db:a4:44:dd:10:c0:c2:ab:1b:6d:07:35:
a7:27:6f:8a:e1:8b:2b:fc:de:c2:12:43:42:4f:f4:
8c:26:2d:d9:68:44:d2:dd:40:ca:cf:42:b9:33:56:
0c:cc:16:07:53:b6:9e:81:65:e7:da:ab:1f:f1:94:
bf:c2:bd:48:72:1a:13:9c:4b:c0:ce:34:60:06:a8:
0d:2b:44:70:c1:b5:5f:34:6c:3d:3d:62:70:30:4f:
a8:f2:6c:2f:26:8d:cb:fd:ee:49:db:c9:18:66:22:
90:c5:d2:8a:03:d7:97:12:c4:56:6a:6d:5b:2b:3a:
62:e3:3f:3f:31:96:8f:ab:e4:c6:6a:83:ad:80:f9:
19:c2:c6:41:ce:96:d3:d7:99:3f:68:d1:62:e7:1c:
fa:29:80:6c:d7:da:d0:b2:18:87:9e:05:77:7c:cd:
d5:66:a1:c2:7f:36:e1:3a:9c:3f:3a:c7:36:63:cf:
d0:f8:a5:e6:c9:82:3b:9c:0c:6d:f8:76:1e:83:45:
4b:7b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E7:69:A5:CD:97:06:16:52:5A:81:91:E5:95:71:70:8E:64:FB:7B:CE
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/d2b7a4eb-e2de-4458-a759-5125161eb686.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d059:a000::/40
Signature Algorithm: sha256WithRSAEncryption
7b:fb:8d:1e:ae:35:56:df:47:2e:b2:5a:df:ee:44:6a:e0:22:
03:d1:c0:d4:1c:55:ac:8b:08:21:9c:f4:fe:ae:8f:dd:ee:af:
9d:9c:78:53:9e:c9:11:ab:73:aa:f8:b8:3f:1b:2f:8e:25:5d:
7f:47:85:66:0b:ab:8f:d1:ba:8c:fc:88:26:1b:65:cc:8f:74:
02:bc:8d:33:76:cb:3e:d1:75:a9:60:d1:27:a1:23:28:da:63:
70:71:e8:14:21:e9:dc:f6:df:d1:d1:2b:03:59:bf:af:04:7e:
6e:d1:f6:de:81:28:3d:47:18:5a:51:a5:7c:06:10:91:87:87:
3f:31:73:83:44:28:f0:7d:c6:64:14:8a:53:05:f6:4d:1c:d7:
2e:e3:ba:fe:a5:50:54:08:ae:71:2f:5f:56:da:7c:7d:92:87:
16:55:dc:75:fe:a6:78:40:98:3e:75:95:4e:d3:69:ed:d9:af:
d9:6e:58:44:cb:9a:dc:f1:1b:b8:84:81:54:6f:d9:e3:c4:af:
1f:74:c4:bf:90:f9:83:bc:2e:c8:1e:05:6c:63:cc:3c:40:70:
62:a9:79:95:40:52:b1:4c:cc:0c:35:42:d9:b3:d3:5c:06:88:
d7:b8:6f:c8:ec:b2:68:a0:7d:2f:4d:36:7e:9c:5c:4e:e8:7f:
69:7b:78:8a
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUD24vCoUnmrZsMKMncgo6ZGnWwhIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTExMDQwMjUxMDBaFw0yNTEyMDkyMzU5NTlaMHoxSTBHBgNV
BAUTQDM1MzA4OGQwOTQ1NTM4MzkxNDE5MTZlZTBlOTU1OWJmM2Y4M2JjOTcxMTkz
NmI0YmFkZjdhZmMzYzc5YzM1NDcxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJ7irKbQn00jbiRYzaP6uJC+ReRqD0M6JtNOP0BRE5MaznmsOnzGG5D4Qgv7
MxEYRUaxxTFDL8WFvykB23sN26RE3RDAwqsbbQc1pydviuGLK/zewhJDQk/0jCYt
2WhE0t1Ays9CuTNWDMwWB1O2noFl59qrH/GUv8K9SHIaE5xLwM40YAaoDStEcMG1
XzRsPT1icDBPqPJsLyaNy/3uSdvJGGYikMXSigPXlxLEVmptWys6YuM/PzGWj6vk
xmqDrYD5GcLGQc6W09eZP2jRYucc+imAbNfa0LIYh54Fd3zN1Wahwn824TqcPzrH
NmPP0Pil5smCO5wMbfh2HoNFS3sCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBTnaaXN
lwYWUlqBkeWVcXCOZPt7zjAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
ZDJiN2E0ZWItZTJkZS00NDU4LWE3NTktNTEyNTE2MWViNjg2LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0Fmg
MA0GCSqGSIb3DQEBCwUAA4IBAQB7+40erjVW30cuslrf7kRq4CID0cDUHFWsiwgh
nPT+ro/d7q+dnHhTnskRq3Oq+Lg/Gy+OJV1/R4VmC6uP0bqM/IgmG2XMj3QCvI0z
dss+0XWpYNEnoSMo2mNwcegUIenc9t/R0SsDWb+vBH5u0fbegSg9RxhaUaV8BhCR
h4c/MXODRCjwfcZkFIpTBfZNHNcu47r+pVBUCK5xL19W2nx9kocWVdx1/qZ4QJg+
dZVO02nt2a/ZblhEy5rc8Ru4hIFUb9njxK8fdMS/kPmDvC7IHgVsY8w8QHBiqXmV
QFKxTMwMNULZs9NcBojXuG/I7LJooH0vTTZ+nFxO6H9pe3iK
-----END CERTIFICATE-----
Generated at Wed Nov 5 07:14:39 2025 by rpki-client