Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/c0520c80-698f-4538-b32e-e9663caeb979.roa
File: c0520c80-698f-4538-b32e-e9663caeb979.roa (raw, json)
Hash identifier: 8SB5hRrKyZXOe/FyRRwobvvhxGUW1gq1GOX+NJIrw0g=
Subject key identifier: 01:4E:C2:5C:43:16:95:AE:66:C9:57:77:C9:65:38:0D:44:85:BB:5C
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 6B5E515895B5CBDD858F15775EAE3C251D0F9864
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/c0520c80-698f-4538-b32e-e9663caeb979.roa
Signing time: Tue 21 Oct 2025 14:00:58 +0000
ROA not before: Tue 21 Oct 2025 14:00:58 +0000
ROA not after: Tue 25 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d07f:8050::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 29 Oct 2025 00:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
6b:5e:51:58:95:b5:cb:dd:85:8f:15:77:5e:ae:3c:25:1d:0f:98:64
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Oct 21 14:00:58 2025 GMT
Not After : Nov 25 23:59:59 2025 GMT
Subject: serialNumber=a3c57a3f5d2811e1cb696b80e6c985342a5ba189307fe205c5a0b0c7d69fa058, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bb:a8:b4:25:75:70:d6:f8:0c:3e:27:a5:8d:ac:
18:01:74:61:63:a2:5d:57:11:49:51:69:c0:01:3b:
cf:54:3d:eb:7e:ed:5e:30:07:99:0b:08:fd:12:31:
5e:a3:d8:32:3c:46:be:98:f1:81:55:b3:eb:82:d6:
78:0d:4d:54:ca:89:28:2f:98:ee:0e:cc:1a:8b:d8:
76:2a:2a:0a:94:ab:94:a7:e0:97:2f:59:43:68:c7:
94:46:78:a6:fe:e8:e0:ea:e5:ad:2e:6b:5c:29:69:
9f:87:19:9b:84:05:56:70:e5:8a:d2:4a:75:28:4b:
f5:20:98:53:36:26:0d:ad:c5:6c:1a:7a:03:19:e0:
be:62:d9:ff:79:ac:d4:e8:04:8b:ea:2f:05:fe:30:
aa:7e:42:84:6a:02:1c:a5:83:6a:a6:e9:25:a4:18:
59:b0:48:c1:5c:7b:8a:14:1f:a9:f8:17:b2:22:74:
8b:8c:63:f9:04:a8:1f:87:b2:6c:b3:8a:a8:67:64:
3f:89:89:79:bd:ae:c5:33:71:67:7a:d9:d9:5d:f5:
6d:ed:a3:ee:29:a4:e5:37:cf:1d:d9:fd:e9:35:48:
33:c9:77:e7:7b:c3:ac:19:87:b6:fa:49:f4:e7:6b:
cf:58:32:23:c0:35:cc:4b:a6:19:cc:06:be:5d:d7:
16:81
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
01:4E:C2:5C:43:16:95:AE:66:C9:57:77:C9:65:38:0D:44:85:BB:5C
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/c0520c80-698f-4538-b32e-e9663caeb979.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d07f:8050::/48
Signature Algorithm: sha256WithRSAEncryption
81:0a:12:54:2a:21:e9:45:a1:96:65:81:ac:bc:b3:bf:92:a8:
7a:f1:e0:5c:d5:6e:a2:8b:a7:4b:14:41:82:b3:94:86:b0:99:
2e:be:53:af:7e:20:01:d3:cc:05:06:80:a7:ec:b0:b7:ba:68:
1b:e5:d8:aa:50:b2:e9:94:f5:1a:9e:0b:a8:e5:a1:b7:ee:1b:
5f:99:5d:a5:7b:4e:04:a1:57:e3:9e:9a:8b:c7:c9:2a:8b:07:
b1:c7:80:10:50:f5:e0:67:78:65:89:db:d3:12:25:40:0c:22:
df:55:98:37:28:5b:df:7d:be:d3:e3:5a:dd:01:a3:5c:b1:c1:
b1:35:bf:8c:bf:c9:8a:7d:7b:bd:43:e2:2f:fd:ab:5c:5d:be:
72:f9:9d:ab:08:84:e0:25:c2:11:6b:8c:9d:a8:1d:8b:d2:57:
31:b9:95:34:90:61:eb:42:16:42:9d:16:49:80:77:79:1e:3c:
87:07:68:c8:f8:ce:b2:19:fc:7a:9f:b4:14:38:0e:48:a5:58:
0e:fe:ca:67:3e:a6:f5:66:a8:9c:8d:13:d7:ce:5b:c0:83:cc:
dd:b9:1a:67:8b:5d:ac:e6:2c:ba:40:85:c9:b2:6a:1e:9c:f3:
f5:68:58:25:e2:1c:35:dc:87:52:47:fe:75:38:c4:65:6d:98:
34:bf:4e:b7
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUa15RWJW1y92FjxV3Xq48JR0PmGQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMjExNDAwNThaFw0yNTExMjUyMzU5NTlaMHoxSTBHBgNV
BAUTQGEzYzU3YTNmNWQyODExZTFjYjY5NmI4MGU2Yzk4NTM0MmE1YmExODkzMDdm
ZTIwNWM1YTBiMGM3ZDY5ZmEwNTgxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALuotCV1cNb4DD4npY2sGAF0YWOiXVcRSVFpwAE7z1Q9637tXjAHmQsI/RIx
XqPYMjxGvpjxgVWz64LWeA1NVMqJKC+Y7g7MGovYdioqCpSrlKfgly9ZQ2jHlEZ4
pv7o4OrlrS5rXClpn4cZm4QFVnDlitJKdShL9SCYUzYmDa3FbBp6AxngvmLZ/3ms
1OgEi+ovBf4wqn5ChGoCHKWDaqbpJaQYWbBIwVx7ihQfqfgXsiJ0i4xj+QSoH4ey
bLOKqGdkP4mJeb2uxTNxZ3rZ2V31be2j7imk5TfPHdn96TVIM8l353vDrBmHtvpJ
9Odrz1gyI8A1zEumGcwGvl3XFoECAwEAAaOCAiQwggIgMB0GA1UdDgQWBBQBTsJc
QxaVrmbJV3fJZTgNRIW7XDAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
YzA1MjBjODAtNjk4Zi00NTM4LWIzMmUtZTk2NjNjYWViOTc5LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0H+A
UDANBgkqhkiG9w0BAQsFAAOCAQEAgQoSVCoh6UWhlmWBrLyzv5KoevHgXNVuooun
SxRBgrOUhrCZLr5Tr34gAdPMBQaAp+ywt7poG+XYqlCy6ZT1Gp4LqOWht+4bX5ld
pXtOBKFX456ai8fJKosHsceAEFD14Gd4ZYnb0xIlQAwi31WYNyhb332+0+Na3QGj
XLHBsTW/jL/Jin17vUPiL/2rXF2+cvmdqwiE4CXCEWuMnagdi9JXMbmVNJBh60IW
Qp0WSYB3eR48hwdoyPjOshn8ep+0FDgOSKVYDv7KZz6m9WaonI0T185bwIPM3bka
Z4tdrOYsukCFybJqHpzz9WhYJeIcNdyHUkf+dTjEZW2YNL9Otw==
-----END CERTIFICATE-----
Generated at Tue Oct 28 04:11:20 2025 by rpki-client