Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/5fe931ae-e353-437d-9738-79004c5e9188.roa
File: 5fe931ae-e353-437d-9738-79004c5e9188.roa (raw, json)
Hash identifier: RsuaQBKffWeN9koNOyPdLpad1BKRxw7YoY//Y7G3qJI=
Subject key identifier: 20:C4:5F:1A:84:D6:04:81:52:A3:29:B2:B9:DD:36:70:77:47:BA:07
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 4B2DEB5E1BD45EFE82D11250DFE3E2F29E1128E9
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/5fe931ae-e353-437d-9738-79004c5e9188.roa
Signing time: Tue 21 Oct 2025 14:30:33 +0000
ROA not before: Tue 21 Oct 2025 14:30:33 +0000
ROA not after: Tue 25 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d034:c000::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 01 Nov 2025 09:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
4b:2d:eb:5e:1b:d4:5e:fe:82:d1:12:50:df:e3:e2:f2:9e:11:28:e9
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Oct 21 14:30:33 2025 GMT
Not After : Nov 25 23:59:59 2025 GMT
Subject: serialNumber=0d611d5bba8e65849a8841326d055e348d5001a6497dde075b46fef45d3f9484, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e3:6b:b7:14:79:7d:ef:63:d7:db:11:0d:39:38:
74:33:87:00:00:34:af:88:6d:22:fd:e7:c6:da:f6:
62:5d:8e:a3:cf:79:6e:80:e4:52:db:d7:e8:ae:5b:
07:65:cf:93:97:1c:d4:1e:41:91:02:3b:0f:65:1a:
21:c3:35:5f:31:cb:0d:ee:74:75:76:98:45:87:43:
48:fd:f0:08:fb:96:84:e9:fd:e9:14:a1:ce:78:2d:
52:12:44:97:9e:29:45:0c:5d:58:e8:d0:64:78:d5:
cc:53:4e:af:13:5e:9e:c9:6d:7f:98:f8:3e:59:a3:
76:45:c5:a1:db:1b:55:6c:0c:3a:a2:03:a3:58:99:
c9:93:f8:f4:03:3d:77:ab:ee:32:71:f4:d5:98:dd:
0a:e7:5e:d2:54:0f:56:19:4b:db:3e:ae:ee:d7:d5:
b6:f4:f7:b4:7e:66:b4:9f:e8:2e:63:e4:1d:f0:c1:
9c:f2:9e:14:06:ce:bc:1d:4c:db:50:c6:5a:46:b9:
c0:2e:47:ad:8c:59:80:5a:6f:6c:07:63:5e:0c:57:
c2:2e:85:a1:20:c0:15:ec:a5:de:91:73:a8:29:6a:
08:8f:40:cc:de:46:6c:5a:9a:69:f9:2d:e7:33:84:
c3:d1:37:3b:eb:d8:12:a8:a4:84:7f:d5:ae:6e:9b:
0a:13
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
20:C4:5F:1A:84:D6:04:81:52:A3:29:B2:B9:DD:36:70:77:47:BA:07
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/5fe931ae-e353-437d-9738-79004c5e9188.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d034:c000::/40
Signature Algorithm: sha256WithRSAEncryption
7e:a5:7b:b0:3a:eb:bb:68:77:72:e6:81:45:1f:84:45:a3:0b:
d1:fc:8e:8d:fe:b4:70:f1:23:cb:a5:7c:fa:91:f4:19:a1:15:
53:27:6f:78:99:0a:96:7e:92:1b:2b:62:11:06:ba:cf:e3:ad:
12:6e:a5:37:9f:16:57:6f:ce:a8:8e:0f:f1:9f:c9:03:19:f1:
b5:77:4e:74:ff:aa:68:3b:0d:a4:ac:8c:93:89:47:6a:f1:36:
c9:c9:cf:e2:59:78:fc:e7:84:a0:54:e7:5b:91:70:09:f4:65:
ea:fc:ad:3a:26:c8:35:1b:a8:73:0f:34:8b:34:ab:7e:1c:70:
42:7a:5d:4d:24:e7:66:75:d1:51:5a:89:9b:11:8c:7d:b3:88:
3e:36:7c:0e:c2:64:2f:f5:b1:3b:dd:03:89:1d:0b:48:9a:63:
5f:32:0e:fc:39:80:eb:5d:e4:cb:95:9c:ad:1b:53:5f:95:44:
f4:e5:b5:b8:c1:41:5b:12:bd:76:00:50:26:3f:f6:d7:74:67:
da:a3:6d:1c:71:63:44:7a:a2:00:7a:bf:19:91:12:41:c9:72:
77:b3:88:70:74:47:7f:30:08:6b:cd:63:a1:35:b6:19:38:35:
b4:e5:6a:53:95:46:70:c7:db:29:7a:7e:3b:47:0e:fe:18:b4:
af:ec:82:a1
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUSy3rXhvUXv6C0RJQ3+Pi8p4RKOkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMjExNDMwMzNaFw0yNTExMjUyMzU5NTlaMHoxSTBHBgNV
BAUTQDBkNjExZDViYmE4ZTY1ODQ5YTg4NDEzMjZkMDU1ZTM0OGQ1MDAxYTY0OTdk
ZGUwNzViNDZmZWY0NWQzZjk0ODQxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAONrtxR5fe9j19sRDTk4dDOHAAA0r4htIv3nxtr2Yl2Oo895boDkUtvX6K5b
B2XPk5cc1B5BkQI7D2UaIcM1XzHLDe50dXaYRYdDSP3wCPuWhOn96RShzngtUhJE
l54pRQxdWOjQZHjVzFNOrxNensltf5j4PlmjdkXFodsbVWwMOqIDo1iZyZP49AM9
d6vuMnH01ZjdCude0lQPVhlL2z6u7tfVtvT3tH5mtJ/oLmPkHfDBnPKeFAbOvB1M
21DGWka5wC5HrYxZgFpvbAdjXgxXwi6FoSDAFeyl3pFzqClqCI9AzN5GbFqaafkt
5zOEw9E3O+vYEqikhH/Vrm6bChMCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBQgxF8a
hNYEgVKjKbK53TZwd0e6BzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NWZlOTMxYWUtZTM1My00MzdkLTk3MzgtNzkwMDRjNWU5MTg4LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0DTA
MA0GCSqGSIb3DQEBCwUAA4IBAQB+pXuwOuu7aHdy5oFFH4RFowvR/I6N/rRw8SPL
pXz6kfQZoRVTJ294mQqWfpIbK2IRBrrP460SbqU3nxZXb86ojg/xn8kDGfG1d050
/6poOw2krIyTiUdq8TbJyc/iWXj854SgVOdbkXAJ9GXq/K06Jsg1G6hzDzSLNKt+
HHBCel1NJOdmddFRWombEYx9s4g+NnwOwmQv9bE73QOJHQtImmNfMg78OYDrXeTL
lZytG1NflUT05bW4wUFbEr12AFAmP/bXdGfao20ccWNEeqIAer8ZkRJByXJ3s4hw
dEd/MAhrzWOhNbYZODW05WpTlUZwx9spen47Rw7+GLSv7IKh
-----END CERTIFICATE-----
Generated at Fri Oct 31 13:22:01 2025 by rpki-client