Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/3b5c68d3-e5a1-4742-a90c-59b1e29cfc00.roa
File: 3b5c68d3-e5a1-4742-a90c-59b1e29cfc00.roa (raw, json)
Hash identifier: RMoX9kd8R2y+PwIL5nmjiSr9M0AZmsl+HjsxQ1B0pbk=
Subject key identifier: 8F:A3:27:86:81:2C:E9:A7:79:4E:80:17:BF:4A:8D:36:5A:72:C0:27
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 15E15ABDDA3A2FE77235F5C3594A556AC58E10D4
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/3b5c68d3-e5a1-4742-a90c-59b1e29cfc00.roa
Signing time: Tue 21 Oct 2025 13:10:14 +0000
ROA not before: Tue 21 Oct 2025 13:10:14 +0000
ROA not after: Tue 25 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d06f:c000::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 29 Oct 2025 00:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
15:e1:5a:bd:da:3a:2f:e7:72:35:f5:c3:59:4a:55:6a:c5:8e:10:d4
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Oct 21 13:10:14 2025 GMT
Not After : Nov 25 23:59:59 2025 GMT
Subject: serialNumber=1c109c35ab1af85b1e01e07d37ac10895f667a297a37453bd4c6fe0f04519e95, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:da:8f:57:93:36:89:c3:58:a6:27:30:78:b1:52:
81:0b:6f:c8:36:9d:76:99:a2:23:7a:6b:80:5c:a4:
d6:44:b2:71:fa:b2:e5:6c:ee:5a:8c:fc:08:71:b4:
58:e4:1f:4f:67:65:d2:18:0f:74:60:33:b7:b8:74:
fb:59:2e:fd:70:ba:12:1b:26:95:f8:24:64:7f:ed:
04:7e:8b:5a:44:58:de:29:92:27:4c:08:91:1b:fe:
d9:4f:fd:b1:98:38:d8:90:fa:29:61:64:66:9c:47:
8b:cb:36:6c:4a:24:7d:9c:c9:c9:36:f9:bc:60:98:
9a:ca:0b:37:40:4c:f5:ed:28:79:f4:24:81:49:9c:
48:bc:bc:60:5c:d6:ad:ec:6d:37:9b:00:19:32:2e:
71:39:75:40:9c:b1:d0:59:47:87:d9:7d:e1:ec:28:
8f:e7:09:c5:bc:b1:ab:d5:c4:c2:66:4b:b2:eb:eb:
9b:0c:4d:25:d0:d2:a4:4f:f9:e1:75:83:21:43:44:
f9:ab:51:8e:1b:45:65:41:e5:62:df:3f:89:c4:7e:
7d:8b:d0:e8:2c:70:62:a5:2d:6a:f6:8e:c4:9b:ef:
4f:cb:8d:fc:f9:c7:2d:25:4c:c1:0f:73:2d:0a:9d:
6d:4e:30:c5:d3:65:fe:ea:f2:19:fa:f3:0a:6f:7d:
01:b1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8F:A3:27:86:81:2C:E9:A7:79:4E:80:17:BF:4A:8D:36:5A:72:C0:27
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/3b5c68d3-e5a1-4742-a90c-59b1e29cfc00.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d06f:c000::/40
Signature Algorithm: sha256WithRSAEncryption
0f:a9:15:1b:b9:d2:3e:cb:00:97:16:a9:40:f5:4a:e3:c6:b0:
f1:c5:02:00:76:af:88:2b:b0:3c:7f:e7:49:08:f8:3c:7d:05:
34:50:01:cc:23:07:d4:4e:ea:f1:85:7d:f8:4d:4f:91:a4:f4:
b3:66:79:47:76:e8:b4:2a:cc:fc:ed:86:58:ba:d6:45:be:71:
e9:2b:2c:90:5d:fb:8b:cd:fa:a8:36:36:06:cf:03:8e:86:7e:
08:09:a7:e4:00:64:d9:53:ab:92:5e:57:2e:95:7a:42:b1:ef:
db:60:53:85:25:4d:65:d2:6a:ad:ab:e7:a0:f7:80:d5:12:d0:
29:2c:dc:25:18:8b:25:ef:a2:3d:89:59:9d:8b:4a:7e:17:65:
84:20:fd:9b:fa:85:ed:9d:2e:66:5e:21:ac:0b:71:bc:c7:f3:
e9:df:fa:f6:79:e3:60:bd:e2:ae:5e:b1:11:d4:f4:76:4b:cc:
f9:10:0a:c7:f7:8a:34:13:d9:30:be:c6:f0:ae:e8:8f:a2:36:
25:41:4f:09:1b:7e:54:00:72:97:ff:47:9c:82:e2:15:73:50:
17:68:38:c1:37:f9:90:d7:39:7e:46:aa:d0:2e:5a:41:00:d8:
60:ab:0a:60:44:3a:02:9f:f9:15:91:62:d7:5b:ce:13:f3:19:
e2:87:a4:68
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUFeFavdo6L+dyNfXDWUpVasWOENQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMjExMzEwMTRaFw0yNTExMjUyMzU5NTlaMHoxSTBHBgNV
BAUTQDFjMTA5YzM1YWIxYWY4NWIxZTAxZTA3ZDM3YWMxMDg5NWY2NjdhMjk3YTM3
NDUzYmQ0YzZmZTBmMDQ1MTllOTUxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANqPV5M2icNYpicweLFSgQtvyDaddpmiI3prgFyk1kSycfqy5WzuWoz8CHG0
WOQfT2dl0hgPdGAzt7h0+1ku/XC6EhsmlfgkZH/tBH6LWkRY3imSJ0wIkRv+2U/9
sZg42JD6KWFkZpxHi8s2bEokfZzJyTb5vGCYmsoLN0BM9e0oefQkgUmcSLy8YFzW
rextN5sAGTIucTl1QJyx0FlHh9l94ewoj+cJxbyxq9XEwmZLsuvrmwxNJdDSpE/5
4XWDIUNE+atRjhtFZUHlYt8/icR+fYvQ6CxwYqUtavaOxJvvT8uN/PnHLSVMwQ9z
LQqdbU4wxdNl/uryGfrzCm99AbECAwEAAaOCAiMwggIfMB0GA1UdDgQWBBSPoyeG
gSzpp3lOgBe/So02WnLAJzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
M2I1YzY4ZDMtZTVhMS00NzQyLWE5MGMtNTliMWUyOWNmYzAwLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0G/A
MA0GCSqGSIb3DQEBCwUAA4IBAQAPqRUbudI+ywCXFqlA9UrjxrDxxQIAdq+IK7A8
f+dJCPg8fQU0UAHMIwfUTurxhX34TU+RpPSzZnlHdui0Ksz87YZYutZFvnHpKyyQ
XfuLzfqoNjYGzwOOhn4ICafkAGTZU6uSXlculXpCse/bYFOFJU1l0mqtq+eg94DV
EtApLNwlGIsl76I9iVmdi0p+F2WEIP2b+oXtnS5mXiGsC3G8x/Pp3/r2eeNgveKu
XrER1PR2S8z5EArH94o0E9kwvsbwruiPojYlQU8JG35UAHKX/0ecguIVc1AXaDjB
N/mQ1zl+RqrQLlpBANhgqwpgRDoCn/kVkWLXW84T8xnih6Ro
-----END CERTIFICATE-----
Generated at Tue Oct 28 04:09:12 2025 by rpki-client