Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/5d8e831e-4d61-449b-a532-a1dd9d743ac9.roa
File: 5d8e831e-4d61-449b-a532-a1dd9d743ac9.roa (raw, json)
Hash identifier: b9QalU8/D0lZw66jxCfOrAsxmWPrJpohfiFNpalgT8s=
Subject key identifier: 43:74:C4:54:AA:40:60:32:77:2A:73:60:EA:F8:E1:B8:D2:42:86:57
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 52B8F81D20EC00A3DF473673B4581E27C4E94524
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/5d8e831e-4d61-449b-a532-a1dd9d743ac9.roa
Signing time: Tue 21 Oct 2025 14:10:10 +0000
ROA not before: Tue 21 Oct 2025 14:10:10 +0000
ROA not after: Tue 25 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d07a:2000::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 29 Oct 2025 00:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
52:b8:f8:1d:20:ec:00:a3:df:47:36:73:b4:58:1e:27:c4:e9:45:24
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Oct 21 14:10:10 2025 GMT
Not After : Nov 25 23:59:59 2025 GMT
Subject: serialNumber=2b9c58bad7704d787aa0f59cda57ddb1cdab68bdb21b9a654c730fe8e95b0556, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c6:c7:58:16:02:b2:92:f7:95:6c:57:81:e0:aa:
75:78:8b:75:7f:e5:8d:75:c6:09:b4:01:06:ae:63:
e8:51:fd:14:b9:3d:49:28:2e:6d:7a:7f:6f:cb:6e:
34:1c:ac:d6:5d:f7:0a:cb:5d:ed:4e:f6:5f:70:15:
c8:0d:ab:7d:91:ac:99:0c:fb:c2:3b:d8:b2:c1:96:
54:3b:61:3a:28:ec:fd:f8:c8:16:8a:39:63:c7:e4:
42:26:98:1b:8c:f6:c3:55:21:39:e4:c1:27:24:05:
83:3c:f9:e3:42:c2:85:92:f3:42:29:d8:73:c7:cc:
76:7c:d7:1d:30:a2:4a:8e:81:64:ce:18:e3:4c:be:
51:84:d6:cd:5a:af:17:49:49:6a:7f:73:a2:20:97:
a6:01:94:61:7d:89:f9:af:7d:48:34:79:bc:22:78:
f9:38:10:2f:0a:15:81:07:57:60:0a:36:d5:02:45:
b6:2e:9f:43:17:ff:3e:21:79:94:02:15:d9:44:53:
b1:c4:1d:2f:8d:d8:45:5d:eb:fa:54:79:08:99:10:
dc:ce:79:56:84:a3:b0:a7:69:9d:70:34:06:cb:a3:
7f:11:5a:1a:6f:88:c3:e4:c6:92:fe:00:77:05:f7:
ed:76:2a:f1:cb:05:eb:06:8b:a8:42:31:0b:4a:33:
17:59
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
43:74:C4:54:AA:40:60:32:77:2A:73:60:EA:F8:E1:B8:D2:42:86:57
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/5d8e831e-4d61-449b-a532-a1dd9d743ac9.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d07a:2000::/40
Signature Algorithm: sha256WithRSAEncryption
39:a1:c3:f5:28:13:ac:01:fe:46:4b:0a:0e:e6:ee:53:0d:48:
1e:00:4c:b1:aa:b5:22:6f:99:3f:b4:34:b1:94:13:c0:7e:49:
1d:54:15:c8:c5:10:ce:43:e0:f3:98:96:0d:a1:e1:9e:a8:7b:
82:7a:6b:c0:ff:ad:91:2c:6f:5d:52:7d:83:78:96:a9:5e:7a:
9e:82:5b:34:6d:40:4e:a1:3c:9f:19:81:dc:a7:1a:ad:45:09:
01:82:30:e7:ea:de:bc:fc:db:f1:54:c5:a5:cb:33:37:d1:ab:
31:da:c6:9f:2c:ce:ce:5d:7c:3e:88:4b:1a:c7:29:1d:fd:80:
08:ab:95:aa:8c:da:7b:d6:84:df:dc:2a:11:a3:90:7d:5d:aa:
d7:01:07:8f:d1:c8:1e:2c:b7:72:8b:64:6d:ec:14:6f:b8:01:
1c:6c:39:88:a3:b9:e9:9c:31:e1:93:72:c7:86:a6:9f:23:f3:
46:38:d8:5b:17:0b:82:be:2b:b6:85:6f:cc:ff:33:4a:77:c6:
f6:b1:88:c3:7c:4e:a3:52:fb:64:1e:be:b0:7b:62:ff:57:8c:
03:f9:9d:f8:79:75:ba:c8:2d:14:42:dc:88:1b:f6:75:40:8a:
fa:39:cb:19:c4:5b:5e:12:2f:33:41:43:42:6b:a2:c8:a2:7b:
83:57:f5:fc
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUUrj4HSDsAKPfRzZztFgeJ8TpRSQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMjExNDEwMTBaFw0yNTExMjUyMzU5NTlaMHoxSTBHBgNV
BAUTQDJiOWM1OGJhZDc3MDRkNzg3YWEwZjU5Y2RhNTdkZGIxY2RhYjY4YmRiMjFi
OWE2NTRjNzMwZmU4ZTk1YjA1NTYxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMbHWBYCspL3lWxXgeCqdXiLdX/ljXXGCbQBBq5j6FH9FLk9SSgubXp/b8tu
NBys1l33Cstd7U72X3AVyA2rfZGsmQz7wjvYssGWVDthOijs/fjIFoo5Y8fkQiaY
G4z2w1UhOeTBJyQFgzz540LChZLzQinYc8fMdnzXHTCiSo6BZM4Y40y+UYTWzVqv
F0lJan9zoiCXpgGUYX2J+a99SDR5vCJ4+TgQLwoVgQdXYAo21QJFti6fQxf/PiF5
lAIV2URTscQdL43YRV3r+lR5CJkQ3M55VoSjsKdpnXA0BsujfxFaGm+Iw+TGkv4A
dwX37XYq8csF6waLqEIxC0ozF1kCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBRDdMRU
qkBgMncqc2Dq+OG40kKGVzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NWQ4ZTgzMWUtNGQ2MS00NDliLWE1MzItYTFkZDlkNzQzYWM5LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0Hog
MA0GCSqGSIb3DQEBCwUAA4IBAQA5ocP1KBOsAf5GSwoO5u5TDUgeAEyxqrUib5k/
tDSxlBPAfkkdVBXIxRDOQ+DzmJYNoeGeqHuCemvA/62RLG9dUn2DeJapXnqegls0
bUBOoTyfGYHcpxqtRQkBgjDn6t68/NvxVMWlyzM30asx2safLM7OXXw+iEsaxykd
/YAIq5WqjNp71oTf3CoRo5B9XarXAQeP0cgeLLdyi2Rt7BRvuAEcbDmIo7npnDHh
k3LHhqafI/NGONhbFwuCviu2hW/M/zNKd8b2sYjDfE6jUvtkHr6we2L/V4wD+Z34
eXW6yC0UQtyIG/Z1QIr6OcsZxFteEi8zQUNCa6LIonuDV/X8
-----END CERTIFICATE-----
Generated at Tue Oct 28 04:19:27 2025 by rpki-client