Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/3bde61a2-7506-48c2-8365-3447411d858e.roa
File: 3bde61a2-7506-48c2-8365-3447411d858e.roa (raw, json)
Hash identifier: 3/ZS4gVITnfFFTm55FuMOOIKOjb9x3QgfGvimMs2Vec=
Subject key identifier: 6B:49:95:E1:61:CD:1E:42:F3:F9:EB:1D:C9:1A:FB:89:57:7A:46:DE
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 01C3162C30ED4773CF210F8DE305C94017B3DE72
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/3bde61a2-7506-48c2-8365-3447411d858e.roa
Signing time: Tue 21 Oct 2025 14:20:45 +0000
ROA not before: Tue 21 Oct 2025 14:20:45 +0000
ROA not after: Tue 25 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d050:5000::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 28 Oct 2025 21:56:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:c3:16:2c:30:ed:47:73:cf:21:0f:8d:e3:05:c9:40:17:b3:de:72
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Oct 21 14:20:45 2025 GMT
Not After : Nov 25 23:59:59 2025 GMT
Subject: serialNumber=71d057f60c8adeb00de01d113fa7963bd7fae577fa9ed0bd4ea1b547a3052cf5, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9c:2b:d5:57:97:2b:de:f2:3c:ec:75:25:66:5b:
f9:3c:41:2d:67:3d:22:e6:84:c9:7e:eb:9c:5c:ee:
3e:0b:87:f1:bc:54:3b:7d:62:c4:7e:85:00:37:7a:
ea:58:c1:a8:2e:f8:3d:69:17:44:c3:c7:7b:f5:b4:
b6:a8:05:1f:0d:dc:71:14:5e:0a:86:a3:73:2f:d7:
39:af:8d:4b:fd:60:34:b3:ef:e9:ff:dc:c7:57:3a:
21:34:37:64:c6:9e:09:96:d5:ca:8b:83:87:79:d0:
35:00:8b:6d:99:a2:bc:bb:d0:38:06:9b:9d:d0:41:
6b:a5:c2:6f:6e:0d:16:d0:89:a9:12:1b:c7:90:66:
c6:53:a1:3c:0b:0c:e7:99:16:66:7c:51:34:e6:3d:
f3:2b:cf:cb:9d:0d:1b:39:76:2a:65:d1:72:6f:76:
00:d6:13:b0:f9:29:02:ff:03:61:d7:e3:41:fb:03:
82:e2:c6:b6:67:8f:f0:ba:95:b6:b6:c2:fb:5f:c2:
b0:34:35:85:12:a8:32:79:d4:12:90:ca:52:1a:68:
ea:bb:79:5c:db:b3:ad:70:ea:1b:ab:63:51:ac:24:
c6:51:74:b2:4c:a9:06:3e:78:b5:89:2f:13:28:a8:
b7:bf:86:c6:d1:19:e9:56:74:9e:82:db:8e:82:2e:
5e:59
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6B:49:95:E1:61:CD:1E:42:F3:F9:EB:1D:C9:1A:FB:89:57:7A:46:DE
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/3bde61a2-7506-48c2-8365-3447411d858e.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d050:5000::/40
Signature Algorithm: sha256WithRSAEncryption
44:dd:54:81:1d:dc:aa:45:dc:11:b4:15:24:9f:15:46:34:18:
68:ad:be:52:0b:7f:5d:eb:6a:68:41:41:bf:24:ec:1a:8b:a2:
a2:df:5a:81:39:1b:65:a2:fc:74:4d:37:c7:23:85:48:63:cc:
3c:3b:81:85:ab:06:43:84:55:35:9d:1f:b8:f5:fc:ce:45:df:
32:b5:d2:89:9f:b3:bf:4e:91:76:75:93:3b:18:1c:1c:56:86:
f9:c1:58:62:f6:17:c9:b6:46:94:6d:67:ea:f3:36:5f:00:b2:
89:ed:60:d1:94:08:f4:f5:b6:28:f8:d5:df:e0:ec:8a:72:1e:
67:dc:86:09:0a:a0:e2:a9:97:da:fd:4d:70:6c:a0:2f:48:73:
a5:3b:f9:16:a8:30:4b:fb:9b:d9:36:13:05:b4:4a:06:38:78:
46:b1:74:39:d7:9d:08:31:d2:f6:8a:d1:cb:53:be:5a:89:bf:
1f:d5:f9:7d:9a:09:41:cc:7f:9c:70:48:81:0d:9a:ad:0a:af:
5f:63:48:e8:fe:f3:84:ec:78:1e:a2:04:00:54:7c:16:13:8a:
bd:0c:88:b0:a7:85:ee:8d:e5:48:3f:5b:43:cb:2e:37:2a:eb:
2d:8b:c8:c8:45:39:61:dd:03:93:12:2d:24:bd:a9:6a:ff:8d:
e8:74:f6:33
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUAcMWLDDtR3PPIQ+N4wXJQBez3nIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMjExNDIwNDVaFw0yNTExMjUyMzU5NTlaMHoxSTBHBgNV
BAUTQDcxZDA1N2Y2MGM4YWRlYjAwZGUwMWQxMTNmYTc5NjNiZDdmYWU1NzdmYTll
ZDBiZDRlYTFiNTQ3YTMwNTJjZjUxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJwr1VeXK97yPOx1JWZb+TxBLWc9IuaEyX7rnFzuPguH8bxUO31ixH6FADd6
6ljBqC74PWkXRMPHe/W0tqgFHw3ccRReCoajcy/XOa+NS/1gNLPv6f/cx1c6ITQ3
ZMaeCZbVyouDh3nQNQCLbZmivLvQOAabndBBa6XCb24NFtCJqRIbx5BmxlOhPAsM
55kWZnxRNOY98yvPy50NGzl2KmXRcm92ANYTsPkpAv8DYdfjQfsDguLGtmeP8LqV
trbC+1/CsDQ1hRKoMnnUEpDKUhpo6rt5XNuzrXDqG6tjUawkxlF0skypBj54tYkv
Eyiot7+GxtEZ6VZ0noLbjoIuXlkCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBRrSZXh
Yc0eQvP56x3JGvuJV3pG3jAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
M2JkZTYxYTItNzUwNi00OGMyLTgzNjUtMzQ0NzQxMWQ4NThlLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0FBQ
MA0GCSqGSIb3DQEBCwUAA4IBAQBE3VSBHdyqRdwRtBUknxVGNBhorb5SC39d62po
QUG/JOwai6Ki31qBORtlovx0TTfHI4VIY8w8O4GFqwZDhFU1nR+49fzORd8ytdKJ
n7O/TpF2dZM7GBwcVob5wVhi9hfJtkaUbWfq8zZfALKJ7WDRlAj09bYo+NXf4OyK
ch5n3IYJCqDiqZfa/U1wbKAvSHOlO/kWqDBL+5vZNhMFtEoGOHhGsXQ5150IMdL2
itHLU75aib8f1fl9mglBzH+ccEiBDZqtCq9fY0jo/vOE7HgeogQAVHwWE4q9DIiw
p4XujeVIP1tDyy43Kusti8jIRTlh3QOTEi0kvalq/43odPYz
-----END CERTIFICATE-----
Generated at Tue Oct 28 04:19:37 2025 by rpki-client