Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/b9f26696-5522-477d-b8bf-72de7350b09a.roa
File: b9f26696-5522-477d-b8bf-72de7350b09a.roa (raw, json)
Hash identifier: Jle1FPF1oDYoLW6uKNHjA8epMqnX3neVfp/xHwyHaKE=
Subject key identifier: 28:3D:9F:B9:FA:A3:1B:5C:61:76:4E:14:99:AF:25:EC:08:5A:97:A5
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 5B99CBE4F8561BF4C7403348DD1EA42812425883
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/b9f26696-5522-477d-b8bf-72de7350b09a.roa
Signing time: Tue 21 Oct 2025 13:20:37 +0000
ROA not before: Tue 21 Oct 2025 13:20:37 +0000
ROA not after: Tue 25 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d072:5000::/40 maxlen: 40
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 28 Oct 2025 21:56:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
5b:99:cb:e4:f8:56:1b:f4:c7:40:33:48:dd:1e:a4:28:12:42:58:83
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Oct 21 13:20:37 2025 GMT
Not After : Nov 25 23:59:59 2025 GMT
Subject: serialNumber=0ff16fa3965e539a9af5a4012dc68d9c3307f19ddddcdfeb828d1488a820b590, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c7:df:33:87:5e:22:b6:9a:14:1e:92:e1:4b:d0:
ec:ea:35:27:7d:26:51:e7:78:9f:3f:1a:0c:18:1f:
3e:33:20:ce:09:80:e3:bc:57:94:92:4d:6b:f0:3c:
58:fb:56:57:0b:f4:35:ba:b9:1a:2d:c2:da:96:d2:
93:ae:88:47:0e:12:e0:bc:51:f6:b1:3d:d1:88:e2:
34:75:d7:42:82:97:aa:53:8d:d0:e3:f8:4c:14:15:
23:ed:b8:68:f3:ce:5b:12:3d:c3:5b:2f:7d:52:79:
f2:ca:5a:fa:d4:64:b4:6d:2e:04:b4:cf:59:c3:d1:
29:92:12:71:0b:0c:d4:22:1f:32:f0:dc:22:d4:68:
ea:0d:2b:13:4f:0a:ae:84:a1:8c:58:1f:79:c8:6b:
f0:1f:ee:62:ee:3a:88:19:3d:b3:50:a5:0a:b3:9a:
ab:6d:54:66:45:51:47:79:5a:cc:49:5a:b2:51:39:
ed:39:14:d0:55:cf:ba:96:30:7e:d9:9e:ae:3a:4e:
0b:68:c9:8f:63:aa:93:11:51:ce:bc:15:ba:6f:c5:
72:48:81:6d:cb:fc:20:ae:ff:c6:b4:6a:41:14:f2:
8e:42:ab:ab:e7:99:23:5a:2a:b8:10:92:a5:2a:85:
dc:0f:54:c6:eb:3e:3c:66:9f:6e:6a:f9:be:4f:5b:
6f:6b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
28:3D:9F:B9:FA:A3:1B:5C:61:76:4E:14:99:AF:25:EC:08:5A:97:A5
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/b9f26696-5522-477d-b8bf-72de7350b09a.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d072:5000::/40
Signature Algorithm: sha256WithRSAEncryption
97:4a:1a:45:0e:a3:ae:85:9f:20:c1:b7:a0:3d:d8:1b:5b:d7:
a8:85:e7:51:3b:be:85:89:d0:5d:a1:a3:dd:c4:94:e9:ae:78:
9e:cf:c6:b6:ec:86:44:c8:fb:0e:49:5e:25:ec:37:e9:42:38:
c5:8c:84:ea:33:26:1b:83:5c:f5:e4:34:3f:bd:40:6b:c9:31:
24:ef:ee:59:1e:bd:2f:87:c3:3a:cb:df:13:61:bb:4f:f0:b8:
a4:57:b0:1f:83:37:ee:16:5d:9b:03:12:4d:61:9d:1a:9b:ea:
2e:db:f5:79:df:52:2a:89:0d:4d:e9:1b:f3:91:4d:3f:4a:67:
7d:ed:c0:40:56:92:1e:bd:2e:8c:e9:22:95:48:be:97:85:06:
f7:f6:c8:4e:02:99:36:c9:74:cf:a4:58:42:bf:0c:08:9b:57:
4e:53:15:0d:c8:0b:f6:fe:1f:4d:97:8a:8f:6f:b0:13:00:d9:
c8:88:ce:42:ee:82:a6:7b:9f:e2:e6:71:32:75:13:bb:58:e4:
83:78:8d:7f:62:01:70:94:c0:69:b7:b3:79:95:16:06:75:ca:
b0:a3:f9:45:41:96:4f:7e:2e:e7:c7:4e:01:53:19:0f:b7:82:
f3:32:ec:cf:41:dc:a6:8f:18:a2:52:68:5e:4a:c5:aa:9a:4c:
4c:4e:31:cd
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUW5nL5PhWG/THQDNI3R6kKBJCWIMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMjExMzIwMzdaFw0yNTExMjUyMzU5NTlaMHoxSTBHBgNV
BAUTQDBmZjE2ZmEzOTY1ZTUzOWE5YWY1YTQwMTJkYzY4ZDljMzMwN2YxOWRkZGRj
ZGZlYjgyOGQxNDg4YTgyMGI1OTAxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMffM4deIraaFB6S4UvQ7Oo1J30mUed4nz8aDBgfPjMgzgmA47xXlJJNa/A8
WPtWVwv0Nbq5Gi3C2pbSk66IRw4S4LxR9rE90YjiNHXXQoKXqlON0OP4TBQVI+24
aPPOWxI9w1svfVJ58spa+tRktG0uBLTPWcPRKZIScQsM1CIfMvDcItRo6g0rE08K
roShjFgfechr8B/uYu46iBk9s1ClCrOaq21UZkVRR3lazElaslE57TkU0FXPupYw
ftmerjpOC2jJj2OqkxFRzrwVum/FckiBbcv8IK7/xrRqQRTyjkKrq+eZI1oquBCS
pSqF3A9Uxus+PGafbmr5vk9bb2sCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBQoPZ+5
+qMbXGF2ThSZryXsCFqXpTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
YjlmMjY2OTYtNTUyMi00NzdkLWI4YmYtNzJkZTczNTBiMDlhLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0HJQ
MA0GCSqGSIb3DQEBCwUAA4IBAQCXShpFDqOuhZ8gwbegPdgbW9eohedRO76FidBd
oaPdxJTprniez8a27IZEyPsOSV4l7DfpQjjFjITqMyYbg1z15DQ/vUBryTEk7+5Z
Hr0vh8M6y98TYbtP8LikV7AfgzfuFl2bAxJNYZ0am+ou2/V531IqiQ1N6RvzkU0/
Smd97cBAVpIevS6M6SKVSL6XhQb39shOApk2yXTPpFhCvwwIm1dOUxUNyAv2/h9N
l4qPb7ATANnIiM5C7oKme5/i5nEydRO7WOSDeI1/YgFwlMBpt7N5lRYGdcqwo/lF
QZZPfi7nx04BUxkPt4LzMuzPQdymjxiiUmheSsWqmkxMTjHN
-----END CERTIFICATE-----
Generated at Tue Oct 28 04:15:09 2025 by rpki-client