Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/bf1db0f3-6cad-4fcc-96c5-ddde700e6264.roa
File: bf1db0f3-6cad-4fcc-96c5-ddde700e6264.roa (raw, json)
Hash identifier: wnqsFgnMNrYXuFsXx+Dg0VX1KmslY6Wud1YLos5qdcM=
Subject key identifier: DD:8A:C7:AA:DC:53:63:04:7A:59:FD:EE:BC:9C:8B:7A:F6:31:F2:3B
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 275C0F1EFED92CCAB05654BE8081BD931072DA51
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/bf1db0f3-6cad-4fcc-96c5-ddde700e6264.roa
Signing time: Tue 21 Oct 2025 14:00:39 +0000
ROA not before: Tue 21 Oct 2025 14:00:39 +0000
ROA not after: Tue 25 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d075:b000::/40 maxlen: 40
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 29 Oct 2025 00:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
27:5c:0f:1e:fe:d9:2c:ca:b0:56:54:be:80:81:bd:93:10:72:da:51
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Oct 21 14:00:39 2025 GMT
Not After : Nov 25 23:59:59 2025 GMT
Subject: serialNumber=a3e33c544dc052d7e2e7a0946123ccec820699d1e47225f683d4f50fd5a0018a, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c5:34:e5:91:5e:99:db:4e:c8:41:56:b0:b4:40:
cc:88:f6:45:f0:29:35:d2:54:c3:90:71:41:e7:f6:
fa:89:c1:5a:2f:e6:e6:28:a4:0d:94:c8:c6:56:d9:
9e:49:bd:2b:b0:3d:0e:a3:7e:7c:19:45:5a:36:4e:
d2:26:b0:b6:2e:af:20:4d:2a:f7:a1:ff:c7:1b:7b:
28:58:59:0c:80:d8:4b:f3:57:b1:33:5b:03:35:53:
a8:12:ea:e4:ac:10:76:ee:36:c3:92:2a:0c:6a:b3:
c4:a0:64:fe:6c:58:ce:04:51:bf:67:85:6a:5b:8a:
96:fe:0c:54:44:23:57:3f:7b:2c:fb:17:99:26:df:
b2:bf:d7:dd:53:81:f7:30:bf:c7:ad:17:3d:0b:a8:
78:60:13:71:fe:27:78:35:38:12:d9:1c:a7:d2:13:
bd:b7:4e:81:c1:b5:ce:d2:eb:d7:e3:ed:c9:39:49:
ea:ed:e3:42:ad:ed:d3:cc:24:6f:ef:b5:a9:bf:bc:
41:80:45:2e:cf:bc:5c:41:4f:4d:68:81:af:6c:3b:
1b:0a:75:a1:e0:ef:b8:eb:d4:1b:30:46:de:9d:35:
01:0f:91:12:a7:d4:c5:52:76:33:da:ff:5d:3a:53:
77:d9:6b:44:80:0d:fc:82:06:88:b9:b5:e4:a7:a4:
98:95
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DD:8A:C7:AA:DC:53:63:04:7A:59:FD:EE:BC:9C:8B:7A:F6:31:F2:3B
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/bf1db0f3-6cad-4fcc-96c5-ddde700e6264.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d075:b000::/40
Signature Algorithm: sha256WithRSAEncryption
15:77:ed:5b:94:fc:72:a6:02:2c:f0:e8:ce:48:62:6e:fb:36:
15:72:36:cb:bd:a5:c4:c4:db:a0:2a:26:8a:9d:45:25:3a:3c:
ae:2e:4d:ac:67:6a:7e:69:9d:68:ab:6b:d7:5d:a1:6b:3b:0b:
23:81:76:d7:ce:ca:8c:e9:07:6c:74:a6:23:c8:b7:b3:8e:0d:
00:5d:ba:84:3b:0b:48:b3:a7:d9:ad:da:d3:9f:c3:ee:0e:ad:
35:4a:66:47:cd:ac:d2:20:da:03:8c:5a:32:0e:02:92:d3:8f:
93:59:fe:60:89:0c:5a:34:d4:4a:35:2d:2e:78:1d:19:61:c0:
00:7a:1e:89:8d:e2:44:4b:98:55:00:88:fa:e5:33:6a:e5:f9:
ac:0a:17:cf:f1:25:85:36:5f:12:c9:69:07:9e:b6:97:0f:cf:
c3:e8:b7:62:38:45:bc:9b:ab:39:ce:fc:2e:ef:15:42:41:22:
9b:07:aa:ca:15:d7:1a:f8:d5:06:70:5d:23:e8:5e:ef:d5:7b:
18:c0:30:31:a1:95:4a:cb:2a:91:9b:b9:42:ca:34:a0:78:93:
0a:76:53:43:48:4a:b7:4b:ce:7b:ce:c3:18:42:e4:a7:8e:9a:
24:ad:19:5d:8f:7a:03:a4:b2:87:7e:b3:5b:2f:ce:27:2c:c6:
97:2f:e2:5c
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUJ1wPHv7ZLMqwVlS+gIG9kxBy2lEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMjExNDAwMzlaFw0yNTExMjUyMzU5NTlaMHoxSTBHBgNV
BAUTQGEzZTMzYzU0NGRjMDUyZDdlMmU3YTA5NDYxMjNjY2VjODIwNjk5ZDFlNDcy
MjVmNjgzZDRmNTBmZDVhMDAxOGExLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMU05ZFemdtOyEFWsLRAzIj2RfApNdJUw5BxQef2+onBWi/m5iikDZTIxlbZ
nkm9K7A9DqN+fBlFWjZO0iawti6vIE0q96H/xxt7KFhZDIDYS/NXsTNbAzVTqBLq
5KwQdu42w5IqDGqzxKBk/mxYzgRRv2eFaluKlv4MVEQjVz97LPsXmSbfsr/X3VOB
9zC/x60XPQuoeGATcf4neDU4Etkcp9ITvbdOgcG1ztLr1+PtyTlJ6u3jQq3t08wk
b++1qb+8QYBFLs+8XEFPTWiBr2w7Gwp1oeDvuOvUGzBG3p01AQ+REqfUxVJ2M9r/
XTpTd9lrRIAN/IIGiLm15KekmJUCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBTdiseq
3FNjBHpZ/e68nIt69jHyOzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
YmYxZGIwZjMtNmNhZC00ZmNjLTk2YzUtZGRkZTcwMGU2MjY0LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0HWw
MA0GCSqGSIb3DQEBCwUAA4IBAQAVd+1blPxypgIs8OjOSGJu+zYVcjbLvaXExNug
KiaKnUUlOjyuLk2sZ2p+aZ1oq2vXXaFrOwsjgXbXzsqM6QdsdKYjyLezjg0AXbqE
OwtIs6fZrdrTn8PuDq01SmZHzazSINoDjFoyDgKS04+TWf5giQxaNNRKNS0ueB0Z
YcAAeh6JjeJES5hVAIj65TNq5fmsChfP8SWFNl8SyWkHnraXD8/D6LdiOEW8m6s5
zvwu7xVCQSKbB6rKFdca+NUGcF0j6F7v1XsYwDAxoZVKyyqRm7lCyjSgeJMKdlND
SEq3S857zsMYQuSnjpokrRldj3oDpLKHfrNbL84nLMaXL+Jc
-----END CERTIFICATE-----
Generated at Tue Oct 28 04:14:25 2025 by rpki-client