Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/bc69f8f6-03c8-4468-a98a-f23fe40eeaef.roa
File: bc69f8f6-03c8-4468-a98a-f23fe40eeaef.roa (raw, json)
Hash identifier: x25A4YyRaCRiaSuWxAN9CAriqai4XbHU2AZ1qtFC670=
Subject key identifier: 42:BF:90:AA:5F:47:C8:A6:1E:B7:08:5F:CE:0B:1E:DA:21:1B:B3:FE
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 5B2CDAD21D95C7D6C62333B8E19E3B1DDB29C59F
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/bc69f8f6-03c8-4468-a98a-f23fe40eeaef.roa
Signing time: Tue 21 Oct 2025 14:30:16 +0000
ROA not before: Tue 21 Oct 2025 14:30:16 +0000
ROA not after: Tue 25 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d071:5000::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 29 Oct 2025 00:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
5b:2c:da:d2:1d:95:c7:d6:c6:23:33:b8:e1:9e:3b:1d:db:29:c5:9f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Oct 21 14:30:16 2025 GMT
Not After : Nov 25 23:59:59 2025 GMT
Subject: serialNumber=2f1c4bd26145c35040427ad101acc0f3c5aa08352e61f44dbe375a72f39f8c51, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ba:2e:b4:b2:03:da:b7:1e:6e:07:66:3a:fb:d1:
4e:93:86:61:9a:84:d8:0c:11:40:6c:b4:97:e9:08:
5c:c6:a4:c4:67:9d:5f:a3:08:26:c6:71:83:d3:bf:
36:0b:da:d3:21:93:c5:eb:0a:45:43:a6:a3:1c:7d:
ac:5f:c4:1e:8e:67:ee:11:56:3b:b2:2f:6a:63:8d:
5c:46:22:d8:73:db:91:c2:00:4a:5a:e3:99:f5:1b:
05:33:cf:ae:ef:8f:ff:9b:c1:8e:8a:fa:c0:50:eb:
5f:df:c7:dc:42:69:bb:cc:87:42:7b:65:a8:cf:7f:
36:74:a2:59:4b:0b:2e:d6:c6:c7:5b:da:da:16:7c:
fe:d2:73:d2:81:e1:38:90:88:96:04:bb:57:7a:0b:
5c:e1:33:49:d2:85:86:2d:1e:3a:c9:71:bc:57:06:
e1:7c:03:9a:7e:db:62:2d:28:65:25:c2:9f:d3:c2:
47:70:e4:4f:67:7d:73:a8:01:47:e1:76:f0:10:1d:
d5:25:bf:34:ef:67:2e:f0:e2:ad:4b:77:2d:ac:b8:
3a:3b:aa:1e:73:bf:09:85:bc:ed:36:46:da:2f:af:
aa:23:1f:87:e0:bf:e1:1a:99:75:ca:94:31:9c:67:
fe:e4:e1:b2:ef:35:6f:3b:c0:50:0a:1d:03:8f:95:
f0:77
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
42:BF:90:AA:5F:47:C8:A6:1E:B7:08:5F:CE:0B:1E:DA:21:1B:B3:FE
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/bc69f8f6-03c8-4468-a98a-f23fe40eeaef.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d071:5000::/40
Signature Algorithm: sha256WithRSAEncryption
a2:84:c7:a4:b3:5f:f8:c0:f8:8e:19:6b:8c:87:16:64:3f:b5:
54:11:5f:20:68:67:14:3e:c3:c0:e6:5e:07:fb:d0:a2:25:3d:
be:7f:2e:0c:9c:d2:59:cf:ce:6d:17:29:00:31:4f:8a:e2:d1:
8e:89:23:f3:49:60:8f:55:51:4c:b1:36:b6:4f:c1:f7:99:05:
ca:a2:d6:c5:15:42:6e:bf:af:19:b7:61:fc:08:66:bc:3a:e2:
cd:c8:08:90:89:88:b0:e3:8a:69:66:1f:7f:24:12:6b:9e:a3:
fc:5b:ad:06:b9:99:44:ad:2e:cc:ee:a0:3d:79:57:d8:84:fc:
88:22:2b:dd:0e:b5:66:f2:f7:3f:e2:9a:82:8c:cf:f2:c5:f8:
f1:64:b3:f0:6a:6d:3e:c4:e1:1c:75:0a:e0:66:3b:3b:ab:62:
06:64:f9:24:8c:79:e3:f0:86:ad:28:45:2c:ec:cd:b9:4f:d7:
bb:c0:20:5a:3a:df:8a:8e:6e:e7:1d:89:41:37:59:4f:52:15:
48:bd:04:8e:89:22:e9:4e:b5:12:3e:6b:8d:c0:1a:f3:14:40:
ae:af:57:35:02:e0:9d:a1:13:4a:77:b4:01:93:fa:ea:5e:d3:
62:57:b8:5d:41:46:84:4d:fe:6a:1b:fe:24:05:4f:f2:f9:23:
d7:aa:88:72
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUWyza0h2Vx9bGIzO44Z47HdspxZ8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMjExNDMwMTZaFw0yNTExMjUyMzU5NTlaMHoxSTBHBgNV
BAUTQDJmMWM0YmQyNjE0NWMzNTA0MDQyN2FkMTAxYWNjMGYzYzVhYTA4MzUyZTYx
ZjQ0ZGJlMzc1YTcyZjM5ZjhjNTExLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALoutLID2rcebgdmOvvRTpOGYZqE2AwRQGy0l+kIXMakxGedX6MIJsZxg9O/
Ngva0yGTxesKRUOmoxx9rF/EHo5n7hFWO7IvamONXEYi2HPbkcIASlrjmfUbBTPP
ru+P/5vBjor6wFDrX9/H3EJpu8yHQntlqM9/NnSiWUsLLtbGx1va2hZ8/tJz0oHh
OJCIlgS7V3oLXOEzSdKFhi0eOslxvFcG4XwDmn7bYi0oZSXCn9PCR3DkT2d9c6gB
R+F28BAd1SW/NO9nLvDirUt3Lay4OjuqHnO/CYW87TZG2i+vqiMfh+C/4RqZdcqU
MZxn/uThsu81bzvAUAodA4+V8HcCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBRCv5Cq
X0fIph63CF/OCx7aIRuz/jAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
YmM2OWY4ZjYtMDNjOC00NDY4LWE5OGEtZjIzZmU0MGVlYWVmLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0HFQ
MA0GCSqGSIb3DQEBCwUAA4IBAQCihMeks1/4wPiOGWuMhxZkP7VUEV8gaGcUPsPA
5l4H+9CiJT2+fy4MnNJZz85tFykAMU+K4tGOiSPzSWCPVVFMsTa2T8H3mQXKotbF
FUJuv68Zt2H8CGa8OuLNyAiQiYiw44ppZh9/JBJrnqP8W60GuZlErS7M7qA9eVfY
hPyIIivdDrVm8vc/4pqCjM/yxfjxZLPwam0+xOEcdQrgZjs7q2IGZPkkjHnj8Iat
KEUs7M25T9e7wCBaOt+Kjm7nHYlBN1lPUhVIvQSOiSLpTrUSPmuNwBrzFECur1c1
AuCdoRNKd7QBk/rqXtNiV7hdQUaETf5qG/4kBU/y+SPXqohy
-----END CERTIFICATE-----
Generated at Tue Oct 28 04:11:57 2025 by rpki-client