Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/0b022346-638e-4570-8b19-5cf9b4c378c8.roa
File: 0b022346-638e-4570-8b19-5cf9b4c378c8.roa (raw, json)
Hash identifier: BiO8G5nqdJKSf+i4rA6CNcacZpRzmJtt9t7dERdjPV8=
Subject key identifier: 53:FE:B9:A9:3E:1D:52:94:44:66:07:FB:59:CF:95:B8:CE:2E:B2:BA
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 10D21D0D1CBCAFDE20B8319CA8C3985EF9DD9296
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/0b022346-638e-4570-8b19-5cf9b4c378c8.roa
Signing time: Tue 21 Oct 2025 14:10:29 +0000
ROA not before: Tue 21 Oct 2025 14:10:29 +0000
ROA not after: Tue 25 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 79.125.96.0/21 maxlen: 21
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 28 Oct 2025 21:56:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
10:d2:1d:0d:1c:bc:af:de:20:b8:31:9c:a8:c3:98:5e:f9:dd:92:96
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Oct 21 14:10:29 2025 GMT
Not After : Nov 25 23:59:59 2025 GMT
Subject: serialNumber=f652dfa1317a4691146ba57dcb68451629cf364160408ae3d046f77718d42547, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ae:e4:89:99:9f:e9:fa:24:da:38:7c:89:72:ea:
87:6a:cb:8e:d3:3e:23:d0:bd:f4:7e:f5:e0:07:27:
b5:8d:c4:45:78:6b:31:90:f7:b5:cb:fd:f0:7f:30:
29:27:b1:55:1c:05:f0:d5:af:22:df:bb:91:cd:75:
23:04:01:5b:51:2c:ba:cd:4f:41:4f:aa:42:68:4b:
1f:87:bd:a0:b6:20:1c:41:4d:c8:61:c1:c5:bf:a7:
31:b2:79:1d:39:1a:28:3e:c6:06:39:37:2e:2b:9c:
76:40:e1:f2:ef:8b:8e:c4:3e:11:91:b9:46:4b:c1:
c6:e6:bb:6a:b3:75:90:cb:43:77:ec:ad:cb:7c:65:
83:5f:d2:68:07:75:be:b3:fe:85:4a:9e:d7:2d:ed:
33:86:70:28:47:52:fe:24:83:a3:a9:af:7b:5c:66:
fe:41:78:a9:c9:31:1d:ab:05:cf:30:16:79:97:4d:
f1:a0:4f:08:76:21:74:8e:d8:ca:54:e7:d1:83:5e:
3d:c3:b8:82:05:e0:73:7d:ad:1a:04:2d:c6:23:56:
41:58:eb:fe:49:67:68:ef:8f:80:f2:2a:07:ed:42:
66:22:ad:94:ef:f4:97:e6:e3:c3:c2:b3:fc:cc:a9:
be:74:41:11:e2:2b:12:45:8c:1b:01:25:49:73:e4:
67:f5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
53:FE:B9:A9:3E:1D:52:94:44:66:07:FB:59:CF:95:B8:CE:2E:B2:BA
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/0b022346-638e-4570-8b19-5cf9b4c378c8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
79.125.96.0/21
Signature Algorithm: sha256WithRSAEncryption
2a:f7:f0:46:c9:2d:e3:7e:49:96:95:0a:78:30:74:36:95:b3:
86:88:98:f6:82:82:a2:f6:da:e3:4b:54:d2:f8:f1:5e:de:c9:
3a:45:4b:70:1c:cb:9d:b6:f1:44:c8:83:d9:c2:bd:c6:ba:d6:
b6:3c:d4:66:4b:00:b1:5c:97:bb:3d:c5:32:e5:04:96:5b:8f:
33:8b:3c:b7:fe:fc:a4:ce:51:d8:00:7f:d2:99:c1:ce:a5:ab:
8b:c2:4f:99:ac:e7:df:56:64:ad:26:bd:82:85:25:c0:02:f9:
60:a2:f1:5b:0c:7e:64:b9:b3:99:28:80:23:e7:ec:b7:37:bf:
d1:9b:85:f5:81:ea:b3:67:af:11:0d:a0:53:fc:2b:d4:f8:ac:
c0:d9:c4:a7:62:2b:7a:a0:34:74:26:48:ec:f8:2f:7b:ca:b0:
3c:8b:2c:2e:2e:cf:08:e5:1e:06:a3:78:fe:e9:53:b9:8b:26:
98:f0:b3:96:b6:a0:ed:74:b6:3e:43:84:bc:c2:0b:d3:bc:42:
74:e4:35:41:bf:39:f6:90:d8:c5:e1:4a:ff:62:da:f0:b9:bf:
a4:f0:0d:99:28:61:11:e2:65:2b:4c:83:4f:3b:13:37:38:93:
e9:5a:f3:ed:13:78:28:c3:bf:fc:8b:5a:09:f8:28:83:dc:17:
f3:dd:fe:03
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUENIdDRy8r94guDGcqMOYXvndkpYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMjExNDEwMjlaFw0yNTExMjUyMzU5NTlaMHoxSTBHBgNV
BAUTQGY2NTJkZmExMzE3YTQ2OTExNDZiYTU3ZGNiNjg0NTE2MjljZjM2NDE2MDQw
OGFlM2QwNDZmNzc3MThkNDI1NDcxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAK7kiZmf6fok2jh8iXLqh2rLjtM+I9C99H714AcntY3ERXhrMZD3tcv98H8w
KSexVRwF8NWvIt+7kc11IwQBW1Esus1PQU+qQmhLH4e9oLYgHEFNyGHBxb+nMbJ5
HTkaKD7GBjk3LiucdkDh8u+LjsQ+EZG5RkvBxua7arN1kMtDd+yty3xlg1/SaAd1
vrP+hUqe1y3tM4ZwKEdS/iSDo6mve1xm/kF4qckxHasFzzAWeZdN8aBPCHYhdI7Y
ylTn0YNePcO4ggXgc32tGgQtxiNWQVjr/klnaO+PgPIqB+1CZiKtlO/0l+bjw8Kz
/MypvnRBEeIrEkWMGwElSXPkZ/UCAwEAAaOCAiEwggIdMB0GA1UdDgQWBBRT/rmp
Ph1SlERmB/tZz5W4zi6yujAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MGIwMjIzNDYtNjM4ZS00NTcwLThiMTktNWNmOWI0YzM3OGM4LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEA099YDAN
BgkqhkiG9w0BAQsFAAOCAQEAKvfwRskt435JlpUKeDB0NpWzhoiY9oKCovba40tU
0vjxXt7JOkVLcBzLnbbxRMiD2cK9xrrWtjzUZksAsVyXuz3FMuUElluPM4s8t/78
pM5R2AB/0pnBzqWri8JPmazn31ZkrSa9goUlwAL5YKLxWwx+ZLmzmSiAI+fstze/
0ZuF9YHqs2evEQ2gU/wr1PiswNnEp2IreqA0dCZI7Pgve8qwPIssLi7PCOUeBqN4
/ulTuYsmmPCzlrag7XS2PkOEvMIL07xCdOQ1Qb859pDYxeFK/2La8Lm/pPANmShh
EeJlK0yDTzsTNziT6Vrz7RN4KMO//ItaCfgog9wX893+Aw==
-----END CERTIFICATE-----
Generated at Tue Oct 28 04:15:08 2025 by rpki-client