Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/5f28c807-572d-4641-be39-53109963f4c3.roa
File: 5f28c807-572d-4641-be39-53109963f4c3.roa (raw, json)
Hash identifier: WGZOJfHQvfUOcT7T5cZdlojJjlwggnwnd3UOR4MHiYw=
Subject key identifier: 39:9E:E7:68:BA:50:03:06:F0:BB:94:8C:FD:F6:91:E1:5C:81:F5:A4
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 529E5A2C936883BD87AAEE616C3F38C08492DE63
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/5f28c807-572d-4641-be39-53109963f4c3.roa
Signing time: Tue 21 Oct 2025 12:30:13 +0000
ROA not before: Tue 21 Oct 2025 12:30:13 +0000
ROA not after: Tue 25 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d036:a000::/40 maxlen: 40
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 29 Oct 2025 00:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
52:9e:5a:2c:93:68:83:bd:87:aa:ee:61:6c:3f:38:c0:84:92:de:63
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Oct 21 12:30:13 2025 GMT
Not After : Nov 25 23:59:59 2025 GMT
Subject: serialNumber=8179928950d20c290ae02d1ff3d25d0e8b1ca1a2227195b30602956d74816d2f, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b0:78:22:9a:a1:80:86:b1:6a:a6:2f:7e:2c:9b:
a6:c3:2e:60:31:57:8c:ba:bc:e6:5f:f5:30:84:ea:
ae:52:5d:15:79:d9:ea:f8:d7:b2:f9:e6:55:d1:fd:
52:49:1c:71:df:ea:da:0b:04:85:22:f8:ca:0d:c5:
06:13:2b:bd:17:a2:e6:d7:68:6a:dd:11:e7:11:fa:
cb:65:98:a9:6b:c4:37:b4:bd:01:2d:a5:d3:97:f9:
3e:ec:4a:ed:cd:fa:07:45:3c:21:3a:81:f6:b2:0e:
8c:d4:3a:28:74:19:8b:ec:12:6b:01:f0:ab:6d:42:
26:d9:3a:b1:4b:c6:1b:8a:6f:d9:07:f1:4f:df:35:
9a:c1:41:32:b6:ec:64:33:e2:0d:fd:3c:79:8f:2a:
67:87:21:a4:2c:bc:1f:d2:e8:99:0a:2f:c3:7d:0c:
ce:e3:d8:63:2d:18:82:99:b9:43:05:ea:05:c2:c3:
3f:c8:26:8b:95:4b:94:1e:27:fd:84:3d:66:0f:63:
b7:3a:45:42:e5:90:01:b5:fe:3f:9c:2b:59:64:eb:
59:10:97:d9:1b:bb:08:95:4f:dd:7e:66:9a:f3:b3:
d3:7a:64:e3:22:1a:52:02:78:8b:44:60:69:27:87:
c3:74:d1:9c:0c:d3:32:30:eb:af:bd:e5:d0:27:88:
1c:9d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
39:9E:E7:68:BA:50:03:06:F0:BB:94:8C:FD:F6:91:E1:5C:81:F5:A4
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/5f28c807-572d-4641-be39-53109963f4c3.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d036:a000::/40
Signature Algorithm: sha256WithRSAEncryption
62:12:6b:6f:ad:5a:dd:ec:bc:78:79:42:ab:e0:d5:fe:24:a0:
03:91:9f:13:d2:7a:fa:be:ae:6b:e8:1d:41:34:5e:09:be:4e:
fa:c0:ff:14:32:ac:81:f2:53:1f:80:81:93:3b:33:e5:06:8f:
a1:8b:b7:eb:c7:d5:82:50:6e:e8:2c:3d:38:46:7c:29:a5:b3:
5c:b8:06:87:9f:16:ca:be:ff:10:c5:55:2b:37:a4:88:80:1b:
14:97:cf:9c:55:34:ab:30:3c:eb:03:f8:ca:7f:4b:f8:a3:66:
65:3c:fb:2b:8d:3d:fc:08:66:63:15:ce:38:11:4d:da:02:ba:
60:22:5d:6f:15:e5:e7:e0:4e:a6:c0:7a:fd:e1:47:75:9a:12:
d5:9b:a7:cd:a7:c5:aa:f0:79:be:51:a7:03:24:d6:2f:5a:3f:
95:5a:53:cc:ff:21:de:04:ba:00:7b:26:c5:4a:58:20:a7:2a:
ec:ed:48:bb:04:b8:d2:45:64:3a:2f:24:a8:c3:da:d4:68:79:
25:6e:1e:d3:c0:48:44:c1:5a:1f:9d:26:b7:6c:a6:f9:f8:fe:
ab:ff:c4:d3:7e:2e:34:ad:9b:5b:57:2d:d1:6c:97:94:f0:06:
85:ee:34:f9:7a:ee:11:f8:7b:ea:9a:21:6a:85:0a:2f:a4:f9:
6d:1e:2d:fd
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUUp5aLJNog72Hqu5hbD84wISS3mMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMjExMjMwMTNaFw0yNTExMjUyMzU5NTlaMHoxSTBHBgNV
BAUTQDgxNzk5Mjg5NTBkMjBjMjkwYWUwMmQxZmYzZDI1ZDBlOGIxY2ExYTIyMjcx
OTViMzA2MDI5NTZkNzQ4MTZkMmYxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALB4IpqhgIaxaqYvfiybpsMuYDFXjLq85l/1MITqrlJdFXnZ6vjXsvnmVdH9
Ukkccd/q2gsEhSL4yg3FBhMrvRei5tdoat0R5xH6y2WYqWvEN7S9AS2l05f5PuxK
7c36B0U8ITqB9rIOjNQ6KHQZi+wSawHwq21CJtk6sUvGG4pv2QfxT981msFBMrbs
ZDPiDf08eY8qZ4chpCy8H9LomQovw30MzuPYYy0Ygpm5QwXqBcLDP8gmi5VLlB4n
/YQ9Zg9jtzpFQuWQAbX+P5wrWWTrWRCX2Ru7CJVP3X5mmvOz03pk4yIaUgJ4i0Rg
aSeHw3TRnAzTMjDrr73l0CeIHJ0CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBQ5nudo
ulADBvC7lIz99pHhXIH1pDAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NWYyOGM4MDctNTcyZC00NjQxLWJlMzktNTMxMDk5NjNmNGMzLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0Dag
MA0GCSqGSIb3DQEBCwUAA4IBAQBiEmtvrVrd7Lx4eUKr4NX+JKADkZ8T0nr6vq5r
6B1BNF4Jvk76wP8UMqyB8lMfgIGTOzPlBo+hi7frx9WCUG7oLD04RnwppbNcuAaH
nxbKvv8QxVUrN6SIgBsUl8+cVTSrMDzrA/jKf0v4o2ZlPPsrjT38CGZjFc44EU3a
ArpgIl1vFeXn4E6mwHr94Ud1mhLVm6fNp8Wq8Hm+UacDJNYvWj+VWlPM/yHeBLoA
eybFSlggpyrs7Ui7BLjSRWQ6LySow9rUaHklbh7TwEhEwVofnSa3bKb5+P6r/8TT
fi40rZtbVy3RbJeU8AaF7jT5eu4R+HvqmiFqhQovpPltHi39
-----END CERTIFICATE-----
Generated at Tue Oct 28 04:15:12 2025 by rpki-client