Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/3901d4e7-d120-481a-a199-4762783cff5b.roa
File: 3901d4e7-d120-481a-a199-4762783cff5b.roa (raw, json)
Hash identifier: 86n8Za+EX7gscX6OYVgInU+85k+Us+S7Gzd14fH7RtA=
Subject key identifier: 5D:FB:E8:EC:38:D7:BC:11:CD:04:17:58:B7:6B:5C:7E:17:44:B0:0D
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 3062BC8A9BD004594768AAA8A8079CBC03E90D35
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/3901d4e7-d120-481a-a199-4762783cff5b.roa
Signing time: Tue 21 Oct 2025 14:00:10 +0000
ROA not before: Tue 21 Oct 2025 14:00:10 +0000
ROA not after: Tue 25 Nov 2025 23:59:59 +0000
asID: 14618
IP address blocks: 2a05:d059:4000::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 28 Oct 2025 21:56:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
30:62:bc:8a:9b:d0:04:59:47:68:aa:a8:a8:07:9c:bc:03:e9:0d:35
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Oct 21 14:00:10 2025 GMT
Not After : Nov 25 23:59:59 2025 GMT
Subject: serialNumber=e21f3af58a14c1b7f23a252b67b543286029362223b37496cfd400260d4a6297, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a5:d4:80:20:aa:21:0a:36:97:6c:f0:10:53:79:
fe:2b:1a:bd:97:4e:12:47:0b:37:57:d1:9f:15:53:
08:39:17:a4:0e:4f:40:a0:fe:93:98:81:ee:23:32:
db:5f:50:a9:e0:ad:c1:73:1c:60:74:01:bc:9e:72:
8a:1d:c4:2e:9a:bb:b0:09:1d:6d:61:23:23:55:3a:
8d:3e:04:53:3e:ce:13:13:b8:5d:5b:d4:4d:1c:6f:
b6:99:c3:c7:6c:60:5f:26:d7:fd:a1:d0:18:14:d3:
0b:c2:30:17:fa:4c:89:91:a1:04:6a:42:41:36:21:
af:bb:8e:9d:da:86:2e:a0:ee:d0:2a:06:2f:e5:c2:
fd:44:fe:5c:82:a9:18:0a:99:67:28:b3:2f:ab:20:
36:95:75:9e:42:7b:7f:99:4c:81:6a:f6:93:d3:6c:
57:1c:14:9c:90:f2:24:2a:93:ab:9d:60:cd:e4:af:
0f:ae:e6:09:3a:22:a6:41:43:a8:54:02:c4:bb:14:
fc:4c:2b:d6:2f:17:61:bd:46:d0:a8:cf:74:cf:f2:
8e:2e:45:ce:20:79:08:ee:c9:0a:b1:0e:4b:ed:f6:
07:ae:41:ab:42:c1:95:44:03:60:03:9c:45:c5:77:
f5:70:8f:e2:b5:b1:2e:ce:85:99:c7:65:03:78:31:
6e:01
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5D:FB:E8:EC:38:D7:BC:11:CD:04:17:58:B7:6B:5C:7E:17:44:B0:0D
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/3901d4e7-d120-481a-a199-4762783cff5b.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d059:4000::/40
Signature Algorithm: sha256WithRSAEncryption
2b:32:a4:33:44:c6:c6:97:35:6e:9a:fa:c9:02:20:fe:95:0e:
c6:4e:b3:09:61:46:7b:a9:15:8b:94:7e:31:e1:9d:0c:f3:5a:
0b:6c:bc:7a:b1:54:1a:41:e8:a4:63:1b:9a:77:aa:7b:4c:7e:
fa:d5:15:d8:be:31:87:8e:5d:48:c2:8a:ee:40:95:6d:22:42:
b7:32:8d:01:06:4d:95:6f:f0:c6:35:9c:68:d7:4a:83:33:01:
8d:41:21:3c:6d:d3:29:fc:a5:72:38:8c:7b:59:72:28:15:65:
d5:1a:fb:c5:36:a4:ac:9a:70:3f:76:79:1e:e1:27:36:3a:2e:
c1:40:a7:bd:30:28:b6:93:92:27:32:3e:8c:db:95:1d:cb:88:
76:0c:02:88:20:d6:03:7c:95:b4:36:12:7c:59:3f:eb:d2:ec:
9e:79:ca:34:74:c1:cd:3a:bf:d8:cd:66:2b:90:c2:89:59:9d:
47:79:5e:d7:0d:49:ba:20:05:5f:f3:26:89:fd:7f:19:37:89:
81:ab:24:e4:7e:ba:b9:0a:22:1a:ce:c3:af:f9:e4:ca:39:a7:
a6:3a:c2:76:16:cf:a6:ba:e1:4c:98:23:81:d9:09:60:c9:10:
8b:34:47:cf:3c:58:01:6e:b1:65:ac:92:74:d0:9d:77:a0:89:
78:4c:a5:be
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUMGK8ipvQBFlHaKqoqAecvAPpDTUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMjExNDAwMTBaFw0yNTExMjUyMzU5NTlaMHoxSTBHBgNV
BAUTQGUyMWYzYWY1OGExNGMxYjdmMjNhMjUyYjY3YjU0MzI4NjAyOTM2MjIyM2Iz
NzQ5NmNmZDQwMDI2MGQ0YTYyOTcxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKXUgCCqIQo2l2zwEFN5/isavZdOEkcLN1fRnxVTCDkXpA5PQKD+k5iB7iMy
219QqeCtwXMcYHQBvJ5yih3ELpq7sAkdbWEjI1U6jT4EUz7OExO4XVvUTRxvtpnD
x2xgXybX/aHQGBTTC8IwF/pMiZGhBGpCQTYhr7uOndqGLqDu0CoGL+XC/UT+XIKp
GAqZZyizL6sgNpV1nkJ7f5lMgWr2k9NsVxwUnJDyJCqTq51gzeSvD67mCToipkFD
qFQCxLsU/Ewr1i8XYb1G0KjPdM/yji5FziB5CO7JCrEOS+32B65Bq0LBlUQDYAOc
RcV39XCP4rWxLs6FmcdlA3gxbgECAwEAAaOCAiMwggIfMB0GA1UdDgQWBBRd++js
ONe8Ec0EF1i3a1x+F0SwDTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MzkwMWQ0ZTctZDEyMC00ODFhLWExOTktNDc2Mjc4M2NmZjViLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0FlA
MA0GCSqGSIb3DQEBCwUAA4IBAQArMqQzRMbGlzVumvrJAiD+lQ7GTrMJYUZ7qRWL
lH4x4Z0M81oLbLx6sVQaQeikYxuad6p7TH761RXYvjGHjl1IworuQJVtIkK3Mo0B
Bk2Vb/DGNZxo10qDMwGNQSE8bdMp/KVyOIx7WXIoFWXVGvvFNqSsmnA/dnke4Sc2
Oi7BQKe9MCi2k5InMj6M25Udy4h2DAKIINYDfJW0NhJ8WT/r0uyeeco0dMHNOr/Y
zWYrkMKJWZ1HeV7XDUm6IAVf8yaJ/X8ZN4mBqyTkfrq5CiIazsOv+eTKOaemOsJ2
Fs+muuFMmCOB2QlgyRCLNEfPPFgBbrFlrJJ00J13oIl4TKW+
-----END CERTIFICATE-----
Generated at Tue Oct 28 04:11:58 2025 by rpki-client