Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/5854e06a-c825-40fe-bf51-5b77d3ba4d02.roa
File: 5854e06a-c825-40fe-bf51-5b77d3ba4d02.roa (raw, json)
Hash identifier: IT22zHK7lum9LBuvF8vYZjsu7Jx4j3KA/OXxGZICXvU=
Subject key identifier: BB:97:67:95:C5:A4:D8:84:00:A2:22:03:D5:74:79:4D:65:B3:FC:17
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 69D990041B9E03825EC425C081B3F994E8821C64
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/5854e06a-c825-40fe-bf51-5b77d3ba4d02.roa
Signing time: Tue 21 Oct 2025 13:20:05 +0000
ROA not before: Tue 21 Oct 2025 13:20:05 +0000
ROA not after: Tue 25 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d016:c00::/38 maxlen: 38
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 28 Oct 2025 21:56:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
69:d9:90:04:1b:9e:03:82:5e:c4:25:c0:81:b3:f9:94:e8:82:1c:64
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Oct 21 13:20:05 2025 GMT
Not After : Nov 25 23:59:59 2025 GMT
Subject: serialNumber=3110ebf531648c72a122ebbaec63ec3445e333a001071b4fa346aa766c9bc8be, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d3:73:68:97:66:fc:44:52:53:4d:06:db:57:b3:
43:33:b2:65:c4:2b:e9:18:3d:c6:6c:f3:19:6b:17:
7b:35:3c:56:08:e2:6e:45:df:ce:dc:3b:1e:1a:ea:
81:70:16:70:a8:46:ee:68:2a:2d:72:2e:24:ff:9a:
22:7c:da:36:3f:b4:38:22:64:1c:b4:e6:15:90:0d:
d0:96:c0:ba:21:bc:f8:6d:13:8b:ac:9c:3d:9a:79:
e0:30:92:ee:50:07:31:3d:db:0b:ed:01:01:b3:3e:
b9:96:ad:21:e2:61:15:88:7a:3e:50:c6:ab:57:c5:
1d:68:d4:c5:30:31:38:d4:f1:59:b4:7e:0d:10:51:
98:f0:a1:80:01:dc:14:44:07:f8:b5:69:13:ae:d8:
97:bf:b6:74:1f:aa:55:d3:1a:c0:81:6b:9a:d4:78:
b7:cb:0b:a8:b3:fa:99:60:b0:c5:de:e8:89:06:ca:
bb:88:3c:5c:f9:c9:9b:d7:6b:4d:46:27:76:57:69:
10:3d:86:e0:1f:ca:f6:ee:51:e3:46:93:84:d7:61:
ad:1d:dd:f6:e5:00:73:59:54:5c:4b:09:66:4b:c9:
6a:2c:05:4e:fd:0d:a6:3f:9a:e3:9b:31:63:84:32:
20:97:97:26:dd:a1:ee:27:5a:0a:14:45:2f:c2:62:
c5:4f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BB:97:67:95:C5:A4:D8:84:00:A2:22:03:D5:74:79:4D:65:B3:FC:17
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/5854e06a-c825-40fe-bf51-5b77d3ba4d02.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d016:c00::/38
Signature Algorithm: sha256WithRSAEncryption
ac:b0:9e:97:13:88:2e:62:d2:d9:c2:0d:92:76:9c:87:c7:d7:
3f:38:d4:b8:9d:3b:b0:0e:ec:b8:d6:6e:10:4f:c6:af:b0:f7:
8d:63:41:f6:bd:2c:bd:da:0e:3c:ee:6f:dc:d5:c5:cc:1c:18:
b7:62:3a:e2:b8:29:5e:f1:d1:df:54:8d:46:6a:dc:12:f5:ee:
be:34:63:16:8d:e5:85:69:72:f3:81:9a:f3:4b:f9:ad:d0:d8:
75:2d:90:79:71:56:03:28:6e:10:04:4e:fe:09:72:0d:9f:2d:
06:44:f2:b0:55:7f:e6:ac:3d:3a:eb:b9:5a:b1:45:31:73:35:
e3:d5:03:bc:95:c9:6f:d7:d5:58:dd:ca:b3:bd:c9:f2:fd:72:
73:71:5b:0c:a2:2b:db:b2:2f:71:ff:57:73:6e:24:08:be:75:
99:13:6e:b5:b9:59:e6:f5:28:c4:fd:35:03:17:6d:02:6c:9a:
57:d0:32:09:ed:f8:05:a6:f9:80:c0:0a:14:ed:96:21:d2:46:
e8:42:76:86:b5:52:2e:2d:3d:77:bd:db:ee:bc:a3:7f:c9:cc:
c0:96:be:f7:0a:04:62:50:11:cf:3f:b5:07:2c:49:00:49:00:
03:63:73:84:36:f0:f2:87:f5:f3:ee:ce:b8:3b:84:17:f0:b5:
d6:a1:61:79
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUadmQBBueA4JexCXAgbP5lOiCHGQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMjExMzIwMDVaFw0yNTExMjUyMzU5NTlaMHoxSTBHBgNV
BAUTQDMxMTBlYmY1MzE2NDhjNzJhMTIyZWJiYWVjNjNlYzM0NDVlMzMzYTAwMTA3
MWI0ZmEzNDZhYTc2NmM5YmM4YmUxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANNzaJdm/ERSU00G21ezQzOyZcQr6Rg9xmzzGWsXezU8VgjibkXfztw7Hhrq
gXAWcKhG7mgqLXIuJP+aInzaNj+0OCJkHLTmFZAN0JbAuiG8+G0Ti6ycPZp54DCS
7lAHMT3bC+0BAbM+uZatIeJhFYh6PlDGq1fFHWjUxTAxONTxWbR+DRBRmPChgAHc
FEQH+LVpE67Yl7+2dB+qVdMawIFrmtR4t8sLqLP6mWCwxd7oiQbKu4g8XPnJm9dr
TUYndldpED2G4B/K9u5R40aThNdhrR3d9uUAc1lUXEsJZkvJaiwFTv0Npj+a45sx
Y4QyIJeXJt2h7idaChRFL8JixU8CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBS7l2eV
xaTYhACiIgPVdHlNZbP8FzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NTg1NGUwNmEtYzgyNS00MGZlLWJmNTEtNWI3N2QzYmE0ZDAyLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGAioF0BYM
MA0GCSqGSIb3DQEBCwUAA4IBAQCssJ6XE4guYtLZwg2SdpyHx9c/ONS4nTuwDuy4
1m4QT8avsPeNY0H2vSy92g487m/c1cXMHBi3YjriuCle8dHfVI1GatwS9e6+NGMW
jeWFaXLzgZrzS/mt0Nh1LZB5cVYDKG4QBE7+CXINny0GRPKwVX/mrD0667lasUUx
czXj1QO8lclv19VY3cqzvcny/XJzcVsMoivbsi9x/1dzbiQIvnWZE261uVnm9SjE
/TUDF20CbJpX0DIJ7fgFpvmAwAoU7ZYh0kboQnaGtVIuLT13vdvuvKN/yczAlr73
CgRiUBHPP7UHLEkASQADY3OENvDyh/Xz7s64O4QX8LXWoWF5
-----END CERTIFICATE-----
Generated at Tue Oct 28 04:11:16 2025 by rpki-client