Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/35a8717c-ecf6-4cf7-a73c-f566f7884a16.roa
File: 35a8717c-ecf6-4cf7-a73c-f566f7884a16.roa (raw, json)
Hash identifier: 3zW9WVduwL51rSaizLdRtsbkqKkMu7seVifYEoHqxbQ=
Subject key identifier: 48:DD:6F:2F:5F:AA:4B:A3:C9:18:88:6B:03:82:D9:8E:5E:DA:D5:D7
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 39C3450F47542065ECFE751721BE2462ECD50C24
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/35a8717c-ecf6-4cf7-a73c-f566f7884a16.roa
Signing time: Tue 21 Oct 2025 13:10:08 +0000
ROA not before: Tue 21 Oct 2025 13:10:08 +0000
ROA not after: Tue 25 Nov 2025 23:59:59 +0000
asID: 14618
IP address blocks: 2a05:d059:2000::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 29 Oct 2025 00:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
39:c3:45:0f:47:54:20:65:ec:fe:75:17:21:be:24:62:ec:d5:0c:24
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Oct 21 13:10:08 2025 GMT
Not After : Nov 25 23:59:59 2025 GMT
Subject: serialNumber=6208e901fbaaec86422796b6e0a8706820022dfe0daed64d2493d193581b2ca9, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b9:79:7c:b2:fe:b3:53:68:1e:fa:06:b2:08:54:
19:f2:df:e9:46:50:53:b0:55:14:c8:cb:52:11:9e:
aa:19:74:6e:10:71:ed:f0:c3:42:f7:e5:17:a0:1f:
a2:19:01:1f:a0:cb:4a:16:68:b1:71:86:ab:8e:d8:
d3:b2:30:6c:b4:66:38:c0:34:3d:89:75:e9:f0:e5:
81:f4:ce:ef:7c:44:e6:a1:15:e0:18:3f:e9:f0:f3:
0a:50:9c:31:9e:80:91:a8:a9:82:8f:f9:15:e8:f7:
f2:81:17:54:d9:66:a2:7f:ba:f5:4f:53:a1:5c:d3:
f8:36:da:4e:5a:e1:8c:3b:e7:9a:01:02:b3:85:49:
0e:34:6f:85:28:c2:d7:97:4c:c7:70:2b:a4:1f:c4:
4c:70:1a:f4:5b:8d:4b:de:43:dd:6c:56:e5:fe:43:
ff:71:75:be:d2:03:77:00:b3:45:24:aa:11:30:46:
5f:c1:58:5f:86:f2:da:51:42:25:c9:0d:61:d3:56:
4b:ff:15:86:7d:33:19:c4:32:bf:f0:5a:e5:04:df:
69:f4:8c:c8:54:27:84:2e:f3:8e:de:f1:94:43:8c:
9c:36:48:84:a0:01:5c:86:d9:8d:c3:56:0f:73:92:
d4:cd:0f:00:7d:5c:7c:3e:7d:5e:b2:16:0a:6c:a0:
e2:d7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
48:DD:6F:2F:5F:AA:4B:A3:C9:18:88:6B:03:82:D9:8E:5E:DA:D5:D7
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/35a8717c-ecf6-4cf7-a73c-f566f7884a16.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d059:2000::/40
Signature Algorithm: sha256WithRSAEncryption
11:e9:d7:39:ab:cd:5b:94:8b:e6:d1:4f:01:bd:ed:a4:3b:ae:
df:14:7f:78:97:ae:e2:3b:95:59:11:57:f7:f2:3c:f3:77:6d:
79:85:27:86:79:0b:33:ec:6b:2a:d9:30:ed:bd:76:6b:c0:4c:
08:dc:06:71:ac:ea:fb:05:21:8f:ad:90:ed:e9:96:5b:f6:cf:
a1:fc:91:75:18:27:4f:b5:b0:8e:51:00:5a:84:53:33:fe:89:
d4:89:1d:65:44:1f:7f:e5:f5:7e:dd:42:d3:f3:e5:ac:77:c1:
27:3b:eb:e5:41:1b:78:7b:fd:d1:db:ae:07:0a:d6:b0:6b:8c:
40:3a:64:26:b1:96:f9:f6:96:8d:18:54:53:13:32:95:13:b2:
ec:85:2a:b4:e6:bb:23:9a:65:d9:3e:d8:11:6e:62:c3:92:ad:
95:83:82:78:a1:11:5c:dc:50:ce:3f:4b:11:41:8c:4a:35:09:
7a:aa:a1:b1:51:4e:08:bc:65:3d:09:00:f6:da:5d:af:cb:38:
d4:c9:02:ad:d3:df:1f:50:21:82:97:f5:a5:bc:be:ec:3a:e2:
8a:55:73:a5:62:23:09:c7:3d:b7:f1:2a:df:2e:0e:05:54:9f:
4a:ac:09:2d:39:12:6b:03:6c:40:bf:b0:1d:26:44:55:3e:2f:
db:2b:04:9a
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUOcNFD0dUIGXs/nUXIb4kYuzVDCQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMjExMzEwMDhaFw0yNTExMjUyMzU5NTlaMHoxSTBHBgNV
BAUTQDYyMDhlOTAxZmJhYWVjODY0MjI3OTZiNmUwYTg3MDY4MjAwMjJkZmUwZGFl
ZDY0ZDI0OTNkMTkzNTgxYjJjYTkxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALl5fLL+s1NoHvoGsghUGfLf6UZQU7BVFMjLUhGeqhl0bhBx7fDDQvflF6Af
ohkBH6DLShZosXGGq47Y07IwbLRmOMA0PYl16fDlgfTO73xE5qEV4Bg/6fDzClCc
MZ6Akaipgo/5Fej38oEXVNlmon+69U9ToVzT+DbaTlrhjDvnmgECs4VJDjRvhSjC
15dMx3ArpB/ETHAa9FuNS95D3WxW5f5D/3F1vtIDdwCzRSSqETBGX8FYX4by2lFC
JckNYdNWS/8Vhn0zGcQyv/Ba5QTfafSMyFQnhC7zjt7xlEOMnDZIhKABXIbZjcNW
D3OS1M0PAH1cfD59XrIWCmyg4tcCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBRI3W8v
X6pLo8kYiGsDgtmOXtrV1zAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MzVhODcxN2MtZWNmNi00Y2Y3LWE3M2MtZjU2NmY3ODg0YTE2LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0Fkg
MA0GCSqGSIb3DQEBCwUAA4IBAQAR6dc5q81blIvm0U8Bve2kO67fFH94l67iO5VZ
EVf38jzzd215hSeGeQsz7Gsq2TDtvXZrwEwI3AZxrOr7BSGPrZDt6ZZb9s+h/JF1
GCdPtbCOUQBahFMz/onUiR1lRB9/5fV+3ULT8+Wsd8EnO+vlQRt4e/3R264HCtaw
a4xAOmQmsZb59paNGFRTEzKVE7LshSq05rsjmmXZPtgRbmLDkq2Vg4J4oRFc3FDO
P0sRQYxKNQl6qqGxUU4IvGU9CQD22l2vyzjUyQKt098fUCGCl/WlvL7sOuKKVXOl
YiMJxz238SrfLg4FVJ9KrAktORJrA2xAv7AdJkRVPi/bKwSa
-----END CERTIFICATE-----
Generated at Tue Oct 28 04:09:14 2025 by rpki-client