Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/60c499a8-e470-4a76-9095-20d8554a426a.roa
File: 60c499a8-e470-4a76-9095-20d8554a426a.roa (raw, json)
Hash identifier: Q5oZ2GkGdA9+dY7mD9HRontJEtA5bmufSJz5V9Qw0HM=
Subject key identifier: 7B:EC:9C:2F:72:CA:E3:6B:96:F1:2A:D2:5A:CB:6D:CD:ED:14:0C:31
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 5392E7CC1E1047DE5D60B71815259460115870D6
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/60c499a8-e470-4a76-9095-20d8554a426a.roa
Signing time: Tue 21 Oct 2025 14:10:23 +0000
ROA not before: Tue 21 Oct 2025 14:10:23 +0000
ROA not after: Tue 25 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d018:c00::/38 maxlen: 38
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 29 Oct 2025 00:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
53:92:e7:cc:1e:10:47:de:5d:60:b7:18:15:25:94:60:11:58:70:d6
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Oct 21 14:10:23 2025 GMT
Not After : Nov 25 23:59:59 2025 GMT
Subject: serialNumber=445ab49ab0ba5bda3e609950414fd1149c8f8ac0a9a47c018d27741662f15e0c, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d7:c0:6f:2d:e7:1e:36:5a:3d:a3:dd:cf:f9:67:
03:54:aa:ec:17:18:04:98:f6:c1:f7:6c:37:dc:1b:
f3:c4:e0:8e:44:fe:51:47:16:2f:eb:34:a7:8a:f4:
53:f3:9a:dd:52:36:c9:c1:54:1f:a6:74:55:cd:55:
2c:c3:ca:87:9b:0d:bf:02:db:04:5a:ae:e0:6d:f3:
08:7a:d4:88:d6:24:93:20:aa:7e:49:ed:27:64:0f:
46:ee:95:c7:38:85:f8:ba:7c:26:59:60:40:67:99:
97:71:c2:16:90:1f:b7:6f:ca:66:b9:43:82:71:47:
16:81:cd:26:97:76:42:7f:86:f8:9a:51:78:ef:07:
f9:1c:af:ee:9b:1d:74:5c:82:bc:b7:71:4f:65:1c:
ce:69:10:be:1e:fa:89:27:33:9a:a3:e8:68:ec:96:
ac:29:e9:08:ca:26:e6:ac:3d:fb:d7:79:c6:d6:b2:
db:d8:d2:0f:9b:78:6c:25:8d:ce:54:a8:09:f5:4d:
95:c5:8b:be:e8:6f:85:ae:c9:57:83:8a:ea:bc:9f:
9c:fe:24:09:b7:7b:e9:12:b9:b2:3f:82:2a:95:e0:
7c:b0:f0:96:0d:84:1a:a7:bf:27:06:d2:ef:2b:a7:
41:ee:45:16:35:b9:8f:66:65:d2:46:a6:ed:b6:3e:
a5:23
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7B:EC:9C:2F:72:CA:E3:6B:96:F1:2A:D2:5A:CB:6D:CD:ED:14:0C:31
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/60c499a8-e470-4a76-9095-20d8554a426a.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d018:c00::/38
Signature Algorithm: sha256WithRSAEncryption
61:bb:7e:2e:77:0c:8b:67:b9:3e:be:b0:3e:fb:b0:c8:8f:7e:
2e:b3:06:79:fa:c7:fe:94:4e:3a:59:21:de:7e:2d:6f:08:4e:
37:c5:90:6f:94:2d:68:e9:37:12:b3:8f:8f:5e:8f:93:f6:24:
05:c8:b1:7a:6b:18:78:e3:1e:75:c1:a2:b7:7f:3c:a5:47:eb:
4e:3b:a7:1b:00:ef:66:25:71:c4:8d:8e:cf:0c:09:ed:de:39:
d1:50:13:98:00:76:83:60:44:ce:b5:8e:39:bd:31:29:28:07:
b8:6c:d0:2f:51:b4:f6:2f:b6:eb:31:bb:c1:29:52:ae:3b:95:
c8:f7:0d:aa:ae:45:24:48:b4:73:52:5b:4d:80:d7:4a:31:c3:
32:17:10:56:90:12:c0:ea:fc:32:eb:64:ed:26:38:d0:76:26:
a8:04:f8:10:1a:6d:14:bd:40:a8:cb:18:1c:ac:00:bf:9a:6a:
c4:2c:df:21:b6:68:1f:29:1e:9d:62:1a:cd:20:76:f4:a6:b5:
4b:8e:f8:24:dd:83:de:3b:a3:78:82:3a:f7:95:2d:aa:b6:73:
28:c8:9d:ce:03:97:31:2f:4d:db:93:0b:2f:9e:7a:ea:07:db:
c2:05:ee:4c:b0:37:d4:cd:fa:b4:7e:b0:5e:f2:5f:74:e7:17:
99:00:45:3d
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUU5LnzB4QR95dYLcYFSWUYBFYcNYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMjExNDEwMjNaFw0yNTExMjUyMzU5NTlaMHoxSTBHBgNV
BAUTQDQ0NWFiNDlhYjBiYTViZGEzZTYwOTk1MDQxNGZkMTE0OWM4ZjhhYzBhOWE0
N2MwMThkMjc3NDE2NjJmMTVlMGMxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANfAby3nHjZaPaPdz/lnA1Sq7BcYBJj2wfdsN9wb88TgjkT+UUcWL+s0p4r0
U/Oa3VI2ycFUH6Z0Vc1VLMPKh5sNvwLbBFqu4G3zCHrUiNYkkyCqfkntJ2QPRu6V
xziF+Lp8JllgQGeZl3HCFpAft2/KZrlDgnFHFoHNJpd2Qn+G+JpReO8H+Ryv7psd
dFyCvLdxT2UczmkQvh76iSczmqPoaOyWrCnpCMom5qw9+9d5xtay29jSD5t4bCWN
zlSoCfVNlcWLvuhvha7JV4OK6ryfnP4kCbd76RK5sj+CKpXgfLDwlg2EGqe/JwbS
7yunQe5FFjW5j2Zl0kam7bY+pSMCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBR77Jwv
csrja5bxKtJay23N7RQMMTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NjBjNDk5YTgtZTQ3MC00YTc2LTkwOTUtMjBkODU1NGE0MjZhLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGAioF0BgM
MA0GCSqGSIb3DQEBCwUAA4IBAQBhu34udwyLZ7k+vrA++7DIj34uswZ5+sf+lE46
WSHefi1vCE43xZBvlC1o6TcSs4+PXo+T9iQFyLF6axh44x51waK3fzylR+tOO6cb
AO9mJXHEjY7PDAnt3jnRUBOYAHaDYETOtY45vTEpKAe4bNAvUbT2L7brMbvBKVKu
O5XI9w2qrkUkSLRzUltNgNdKMcMyFxBWkBLA6vwy62TtJjjQdiaoBPgQGm0UvUCo
yxgcrAC/mmrELN8htmgfKR6dYhrNIHb0prVLjvgk3YPeO6N4gjr3lS2qtnMoyJ3O
A5cxL03bkwsvnnrqB9vCBe5MsDfUzfq0frBe8l905xeZAEU9
-----END CERTIFICATE-----
Generated at Tue Oct 28 04:21:13 2025 by rpki-client