Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/332d3a7e-56bb-435c-b479-a81f23cb0414.roa
File: 332d3a7e-56bb-435c-b479-a81f23cb0414.roa (raw, json)
Hash identifier: yhORnx2V6GPlx1DwqU6KXLnpYinOlnT1OILKWlaPUJc=
Subject key identifier: A4:4F:E4:79:1C:B7:CD:92:63:F0:E0:A1:0F:93:5D:DB:FF:81:6E:C5
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 2EE5BE904DC2AD52207B4FF9490ECE8FF84D3652
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/332d3a7e-56bb-435c-b479-a81f23cb0414.roa
Signing time: Tue 21 Oct 2025 14:30:18 +0000
ROA not before: Tue 21 Oct 2025 14:30:18 +0000
ROA not after: Tue 25 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 79.125.28.0/22 maxlen: 22
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 29 Oct 2025 00:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
2e:e5:be:90:4d:c2:ad:52:20:7b:4f:f9:49:0e:ce:8f:f8:4d:36:52
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Oct 21 14:30:18 2025 GMT
Not After : Nov 25 23:59:59 2025 GMT
Subject: serialNumber=ca6ddf79aa995e7274d7039c2b377a7d51e1367b03ea2d39e2aa81e8639e4204, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bf:78:c7:31:df:67:94:f2:7f:ec:7d:7e:c0:6e:
a4:1c:3b:e5:f6:f0:4d:e2:59:fb:cf:b3:0e:d6:de:
44:3a:3a:57:8d:02:9d:2a:43:f4:97:83:f4:68:10:
dd:f0:db:99:d8:e2:e8:16:22:1c:1a:5e:2c:8a:5e:
e7:87:73:35:bf:07:0a:ce:b8:a8:de:b0:aa:90:c8:
6f:cf:1f:07:72:8e:fd:54:62:ea:dd:f1:eb:39:4e:
f1:ec:c2:b9:7e:b5:33:c7:69:7e:2b:21:fe:f1:f1:
db:5b:5c:a9:22:42:e9:f5:68:19:b9:82:cc:a3:f3:
a9:f4:4a:7e:6e:3c:cd:72:c0:c8:51:1b:f9:35:a3:
a5:3c:f8:ec:9e:60:c8:ba:78:f1:69:b1:03:19:f3:
dd:42:2e:5f:56:45:27:40:6a:40:71:3b:a2:08:4e:
9c:4a:8f:c7:4a:d2:87:65:49:56:8b:84:6a:de:29:
80:cf:66:c4:7c:b9:62:22:56:f7:47:5f:60:c9:62:
5b:37:6c:e1:b4:2c:3f:3a:0e:54:09:86:2e:5f:eb:
38:1c:fa:11:d2:50:a4:5b:00:75:d7:28:bb:e1:b3:
fe:4b:85:5a:cf:74:b8:50:3f:9d:34:e8:e2:e6:4f:
b2:24:86:1d:ff:18:ba:97:83:56:ff:70:a8:40:84:
ac:19
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A4:4F:E4:79:1C:B7:CD:92:63:F0:E0:A1:0F:93:5D:DB:FF:81:6E:C5
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/332d3a7e-56bb-435c-b479-a81f23cb0414.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
79.125.28.0/22
Signature Algorithm: sha256WithRSAEncryption
ba:77:6d:bd:f1:1b:c7:4d:f3:22:d7:0a:ab:3f:b5:d4:52:57:
e8:c2:a2:18:89:19:27:3d:1b:4d:d2:5f:2f:43:80:ed:6d:4b:
12:ad:f9:a8:53:04:18:8d:ea:3a:c4:2b:b6:d7:cd:3d:01:ee:
be:b2:d9:ec:94:85:83:60:ee:c0:13:3c:18:39:db:68:c7:19:
ee:46:79:70:13:4b:15:51:15:af:1a:3c:c7:eb:32:ec:78:16:
1d:ab:99:23:9d:9b:8e:04:81:a7:17:e0:07:e1:fc:1e:9d:8d:
5a:6a:5d:da:5c:2c:8e:4c:af:57:17:81:16:94:91:e9:29:cb:
37:60:04:d8:aa:14:37:05:71:58:41:1a:c3:75:f3:62:23:12:
5b:30:ab:b4:65:0b:18:ec:36:ef:d1:89:80:32:1e:1b:fd:03:
00:87:f8:03:3a:ee:24:91:1d:75:0e:04:5d:40:52:47:12:9a:
a5:59:04:85:79:ef:ae:45:d3:52:3b:f7:09:3b:52:49:ed:12:
eb:42:e1:09:60:b9:93:b7:d3:b7:e2:11:f8:1a:b3:d1:bb:49:
1c:fb:89:2f:d1:cb:b1:bc:ff:e7:4e:39:58:61:8f:d9:53:98:
bc:d0:14:38:ff:93:00:84:05:f0:df:f6:02:8b:e9:7b:d1:1b:
93:26:16:b4
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIULuW+kE3CrVIge0/5SQ7Oj/hNNlIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMjExNDMwMThaFw0yNTExMjUyMzU5NTlaMHoxSTBHBgNV
BAUTQGNhNmRkZjc5YWE5OTVlNzI3NGQ3MDM5YzJiMzc3YTdkNTFlMTM2N2IwM2Vh
MmQzOWUyYWE4MWU4NjM5ZTQyMDQxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAL94xzHfZ5Tyf+x9fsBupBw75fbwTeJZ+8+zDtbeRDo6V40CnSpD9JeD9GgQ
3fDbmdji6BYiHBpeLIpe54dzNb8HCs64qN6wqpDIb88fB3KO/VRi6t3x6zlO8ezC
uX61M8dpfish/vHx21tcqSJC6fVoGbmCzKPzqfRKfm48zXLAyFEb+TWjpTz47J5g
yLp48WmxAxnz3UIuX1ZFJ0BqQHE7oghOnEqPx0rSh2VJVouEat4pgM9mxHy5YiJW
90dfYMliWzds4bQsPzoOVAmGLl/rOBz6EdJQpFsAddcou+Gz/kuFWs90uFA/nTTo
4uZPsiSGHf8YupeDVv9wqECErBkCAwEAAaOCAiEwggIdMB0GA1UdDgQWBBSkT+R5
HLfNkmPw4KEPk13b/4FuxTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MzMyZDNhN2UtNTZiYi00MzVjLWI0NzktYTgxZjIzY2IwNDE0LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAk99HDAN
BgkqhkiG9w0BAQsFAAOCAQEAundtvfEbx03zItcKqz+11FJX6MKiGIkZJz0bTdJf
L0OA7W1LEq35qFMEGI3qOsQrttfNPQHuvrLZ7JSFg2DuwBM8GDnbaMcZ7kZ5cBNL
FVEVrxo8x+sy7HgWHauZI52bjgSBpxfgB+H8Hp2NWmpd2lwsjkyvVxeBFpSR6SnL
N2AE2KoUNwVxWEEaw3XzYiMSWzCrtGULGOw279GJgDIeG/0DAIf4AzruJJEddQ4E
XUBSRxKapVkEhXnvrkXTUjv3CTtSSe0S60LhCWC5k7fTt+IR+Bqz0btJHPuJL9HL
sbz/5045WGGP2VOYvNAUOP+TAIQF8N/2Aovpe9EbkyYWtA==
-----END CERTIFICATE-----
Generated at Tue Oct 28 04:19:23 2025 by rpki-client