Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/21e2f5c8-e012-44d0-a6f2-c4a065b3b954.roa
File: 21e2f5c8-e012-44d0-a6f2-c4a065b3b954.roa (raw, json)
Hash identifier: HDBYDQh65TNztv3GBJL5a5tE4tGNlIzvxND7IcRKjo8=
Subject key identifier: C2:07:B5:1F:E6:F6:B4:E6:A7:2B:79:96:20:AB:A6:C0:92:54:08:3A
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 2944EA52BF31B7F8B70BCA3926B051339FC9F952
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/21e2f5c8-e012-44d0-a6f2-c4a065b3b954.roa
Signing time: Tue 21 Oct 2025 14:10:41 +0000
ROA not before: Tue 21 Oct 2025 14:10:41 +0000
ROA not after: Tue 25 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d034:4000::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 28 Oct 2025 21:56:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
29:44:ea:52:bf:31:b7:f8:b7:0b:ca:39:26:b0:51:33:9f:c9:f9:52
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Oct 21 14:10:41 2025 GMT
Not After : Nov 25 23:59:59 2025 GMT
Subject: serialNumber=68ea3e5fefa99c72aa79ba758a58d496c16406a1c97beabb0a1c9b20194f05da, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ca:83:dd:ba:21:b9:23:34:0e:f1:a8:3a:1a:9f:
2b:b7:fe:e9:ba:0c:aa:e7:62:2c:ef:3b:34:70:be:
a4:44:7f:17:df:c3:2d:1c:b9:b8:73:63:46:99:9b:
54:c1:65:1c:1e:74:7a:19:82:e6:f9:99:be:a0:6a:
be:ab:26:e3:71:ee:76:9d:0b:94:63:1a:5a:af:7a:
75:56:a3:11:9f:7e:0c:10:1e:1e:09:37:1d:4e:c0:
c8:d0:fe:1f:81:25:42:88:b1:7a:9d:f3:14:0f:bd:
42:5d:42:40:21:08:10:fa:6b:e2:b5:e2:dc:31:3a:
46:d9:47:f6:35:6d:b7:09:e5:5b:64:d0:7f:ef:58:
d0:69:50:05:dd:dc:67:2a:0e:89:46:2a:3b:f3:84:
e7:33:10:0b:23:7f:4e:26:ef:dc:b8:34:17:20:10:
68:51:93:08:57:01:27:97:85:16:4f:ca:bc:62:d4:
58:72:b6:03:f7:3c:f4:b4:cf:8e:68:6d:5f:6d:e3:
d8:25:15:3f:2c:2b:3d:76:e8:61:d8:ca:5e:26:d3:
c7:c3:70:fa:b0:b9:88:44:05:64:12:43:ba:fc:5c:
29:ed:e4:a7:07:bc:e0:db:3c:e7:9f:73:8d:d8:ac:
01:aa:ba:82:10:6f:d3:07:31:5f:03:55:82:5c:ad:
8b:4d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C2:07:B5:1F:E6:F6:B4:E6:A7:2B:79:96:20:AB:A6:C0:92:54:08:3A
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/21e2f5c8-e012-44d0-a6f2-c4a065b3b954.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d034:4000::/40
Signature Algorithm: sha256WithRSAEncryption
1e:9e:9f:d1:72:29:15:62:19:e1:3e:3a:c0:62:19:20:13:95:
b6:b7:06:75:58:b9:52:2f:d1:28:32:ce:5c:29:2b:6e:f0:31:
ec:5e:af:d6:1a:64:ca:92:40:6b:5e:d0:8a:00:ef:df:e8:44:
df:99:96:03:e9:6a:0d:b1:38:af:14:a5:57:9a:8c:89:31:c4:
55:43:5f:f4:b2:b0:e4:85:2f:4d:3b:bc:18:9f:87:eb:d3:c8:
e6:d0:02:46:d4:28:61:96:06:13:c6:69:07:df:6e:af:5f:19:
e5:cd:77:c4:0c:cd:5b:41:e8:13:82:2f:21:1a:d7:a8:08:6b:
f6:e2:e8:54:e8:e1:b4:a7:21:7e:21:7e:6b:2c:cb:55:3e:82:
7d:b6:c8:a2:75:4b:b1:31:3b:56:e5:22:f9:00:cb:5e:1a:a8:
7c:54:24:08:d1:34:e6:10:61:bc:1a:e7:f0:ee:bb:89:54:be:
66:d8:2d:8d:14:d1:9d:27:79:1a:d0:74:73:fa:29:16:e5:28:
ac:3d:7b:64:62:b1:e5:eb:72:16:f4:4d:d1:5f:b2:50:c4:4f:
73:8f:b2:2d:16:7d:43:f7:a8:76:d7:d8:69:d8:ce:40:b8:f8:
f6:b3:c0:0a:17:53:a7:41:a1:f9:3f:1a:2c:9b:a5:86:ac:92:
8c:2d:56:12
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUKUTqUr8xt/i3C8o5JrBRM5/J+VIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMjExNDEwNDFaFw0yNTExMjUyMzU5NTlaMHoxSTBHBgNV
BAUTQDY4ZWEzZTVmZWZhOTljNzJhYTc5YmE3NThhNThkNDk2YzE2NDA2YTFjOTdi
ZWFiYjBhMWM5YjIwMTk0ZjA1ZGExLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMqD3bohuSM0DvGoOhqfK7f+6boMqudiLO87NHC+pER/F9/DLRy5uHNjRpmb
VMFlHB50ehmC5vmZvqBqvqsm43Hudp0LlGMaWq96dVajEZ9+DBAeHgk3HU7AyND+
H4ElQoixep3zFA+9Ql1CQCEIEPpr4rXi3DE6RtlH9jVttwnlW2TQf+9Y0GlQBd3c
ZyoOiUYqO/OE5zMQCyN/Tibv3Lg0FyAQaFGTCFcBJ5eFFk/KvGLUWHK2A/c89LTP
jmhtX23j2CUVPywrPXboYdjKXibTx8Nw+rC5iEQFZBJDuvxcKe3kpwe84Ns8559z
jdisAaq6ghBv0wcxXwNVglyti00CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBTCB7Uf
5va05qcreZYgq6bAklQIOjAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MjFlMmY1YzgtZTAxMi00NGQwLWE2ZjItYzRhMDY1YjNiOTU0LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0DRA
MA0GCSqGSIb3DQEBCwUAA4IBAQAenp/RcikVYhnhPjrAYhkgE5W2twZ1WLlSL9Eo
Ms5cKStu8DHsXq/WGmTKkkBrXtCKAO/f6ETfmZYD6WoNsTivFKVXmoyJMcRVQ1/0
srDkhS9NO7wYn4fr08jm0AJG1ChhlgYTxmkH326vXxnlzXfEDM1bQegTgi8hGteo
CGv24uhU6OG0pyF+IX5rLMtVPoJ9tsiidUuxMTtW5SL5AMteGqh8VCQI0TTmEGG8
Gufw7ruJVL5m2C2NFNGdJ3ka0HRz+ikW5SisPXtkYrHl63IW9E3RX7JQxE9zj7It
Fn1D96h219hp2M5AuPj2s8AKF1OnQaH5Pxosm6WGrJKMLVYS
-----END CERTIFICATE-----
Generated at Tue Oct 28 04:11:22 2025 by rpki-client