Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/a33fb27e-b368-403f-89e6-08d05302535f.roa
File: a33fb27e-b368-403f-89e6-08d05302535f.roa (raw, json)
Hash identifier: 2dxTEzjMnoSq03izQ/0MRO+JotZUNP+Ts17f+Aa8HlI=
Subject key identifier: 42:F7:57:9F:BA:04:1C:3A:1E:32:45:76:05:82:CD:CB:46:55:98:4D
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 5D1FDEA48FE0C3ED6C3391A06FFD64F25DB20E58
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/a33fb27e-b368-403f-89e6-08d05302535f.roa
Signing time: Tue 21 Oct 2025 14:40:06 +0000
ROA not before: Tue 21 Oct 2025 14:40:06 +0000
ROA not after: Tue 25 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d07f:40e0::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 29 Oct 2025 00:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
5d:1f:de:a4:8f:e0:c3:ed:6c:33:91:a0:6f:fd:64:f2:5d:b2:0e:58
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Oct 21 14:40:06 2025 GMT
Not After : Nov 25 23:59:59 2025 GMT
Subject: serialNumber=7190687317c6b6ca77bd87cff75b1237b9a50976862dcde3f5ec35dad6b8ac0d, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c4:e7:bd:08:4a:18:58:a7:14:3f:d6:0a:a8:75:
17:7d:21:ca:6f:f3:36:2e:dd:98:17:bb:57:5a:f0:
94:b0:4a:ba:a0:0c:dc:f3:e5:c1:57:41:29:22:2e:
47:34:4b:6a:0a:85:e8:11:90:55:87:1a:02:35:e4:
25:99:99:84:10:a7:eb:32:c9:43:89:c2:4b:12:a3:
09:c4:21:2b:b2:70:5c:46:f1:34:a9:71:21:be:ef:
d5:83:35:00:93:a0:d4:e2:b1:22:0a:92:b0:a0:b5:
f8:fa:89:13:36:09:f4:82:05:68:dc:2c:c4:ec:8c:
f8:7d:be:72:1f:7b:fb:76:82:e8:fa:3f:a7:a4:76:
6d:92:fd:4b:31:e5:01:ba:0a:82:9f:5b:a2:76:a2:
c7:ba:e1:8f:52:fa:3d:2a:5d:4c:e9:34:a1:15:14:
8e:68:56:1a:4b:fd:7a:bc:db:b0:d7:b1:7b:f3:42:
f3:a4:6a:77:2c:25:dd:9a:56:2d:4a:3a:8b:8a:db:
50:ba:6e:bf:14:99:79:c3:4e:06:0a:2a:c7:e9:cf:
84:ea:a7:a7:73:ac:20:c7:7e:6a:af:6f:8e:03:b2:
cb:98:dc:1a:23:98:3f:9d:b4:1b:97:a4:8d:e4:55:
d2:5d:34:74:4c:f4:12:37:af:06:05:b7:d3:31:ce:
1a:95
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
42:F7:57:9F:BA:04:1C:3A:1E:32:45:76:05:82:CD:CB:46:55:98:4D
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/a33fb27e-b368-403f-89e6-08d05302535f.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d07f:40e0::/48
Signature Algorithm: sha256WithRSAEncryption
23:e7:19:8f:97:8c:2c:1f:45:ea:f1:01:a3:4e:4d:9d:d1:32:
3f:d2:d6:ad:48:6c:df:86:b6:0f:18:ce:57:12:d8:2c:83:73:
6e:53:9f:48:bd:53:05:1d:10:2c:e3:01:8b:8e:44:a9:e2:76:
c3:27:56:b5:8f:ed:cf:4d:b3:25:c6:1f:89:51:94:70:0f:57:
b8:c1:7d:5e:d7:e7:f3:cc:b0:98:1c:27:98:8d:60:48:21:02:
b0:73:9e:db:8e:2b:82:5f:03:ee:78:6d:c6:e8:f6:45:2c:ae:
b3:26:b6:f9:2f:93:24:98:7d:ed:e3:9e:f4:e6:cd:cf:32:e1:
33:ba:bc:77:46:1b:b6:1f:8f:3f:2b:ff:0c:3b:80:ac:9f:f4:
65:57:c4:55:bc:e1:f0:dc:5b:d0:78:ec:e3:7e:67:ad:b5:be:
c3:f3:2f:c4:12:39:ad:a8:78:1e:80:6f:d7:55:ec:dd:4c:9a:
f5:d9:b5:19:2f:d5:19:d4:61:31:da:17:a9:ef:c5:66:b2:c7:
f8:53:58:de:01:6c:25:1e:96:48:2e:64:ed:3e:71:fc:0d:3f:
13:b8:05:77:e4:45:63:54:00:8c:14:0e:1c:54:3a:d5:e4:7d:
fc:6c:05:6e:c8:a9:97:63:d0:a9:8e:ae:36:09:ec:f6:32:03:
82:cd:d8:c9
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUXR/epI/gw+1sM5Ggb/1k8l2yDlgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMjExNDQwMDZaFw0yNTExMjUyMzU5NTlaMHoxSTBHBgNV
BAUTQDcxOTA2ODczMTdjNmI2Y2E3N2JkODdjZmY3NWIxMjM3YjlhNTA5NzY4NjJk
Y2RlM2Y1ZWMzNWRhZDZiOGFjMGQxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMTnvQhKGFinFD/WCqh1F30hym/zNi7dmBe7V1rwlLBKuqAM3PPlwVdBKSIu
RzRLagqF6BGQVYcaAjXkJZmZhBCn6zLJQ4nCSxKjCcQhK7JwXEbxNKlxIb7v1YM1
AJOg1OKxIgqSsKC1+PqJEzYJ9IIFaNwsxOyM+H2+ch97+3aC6Po/p6R2bZL9SzHl
AboKgp9bonaix7rhj1L6PSpdTOk0oRUUjmhWGkv9erzbsNexe/NC86Rqdywl3ZpW
LUo6i4rbULpuvxSZecNOBgoqx+nPhOqnp3OsIMd+aq9vjgOyy5jcGiOYP520G5ek
jeRV0l00dEz0EjevBgW30zHOGpUCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBRC91ef
ugQcOh4yRXYFgs3LRlWYTTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
YTMzZmIyN2UtYjM2OC00MDNmLTg5ZTYtMDhkMDUzMDI1MzVmLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0H9A
4DANBgkqhkiG9w0BAQsFAAOCAQEAI+cZj5eMLB9F6vEBo05NndEyP9LWrUhs34a2
DxjOVxLYLINzblOfSL1TBR0QLOMBi45EqeJ2wydWtY/tz02zJcYfiVGUcA9XuMF9
Xtfn88ywmBwnmI1gSCECsHOe244rgl8D7nhtxuj2RSyusya2+S+TJJh97eOe9ObN
zzLhM7q8d0Ybth+PPyv/DDuArJ/0ZVfEVbzh8Nxb0Hjs435nrbW+w/MvxBI5rah4
HoBv11Xs3Uya9dm1GS/VGdRhMdoXqe/FZrLH+FNY3gFsJR6WSC5k7T5x/A0/E7gF
d+RFY1QAjBQOHFQ61eR9/GwFbsipl2PQqY6uNgns9jIDgs3YyQ==
-----END CERTIFICATE-----
Generated at Tue Oct 28 04:19:30 2025 by rpki-client