Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/ce577ba2-d2ac-4e2a-a4f9-ea37e9d56903.roa
File: ce577ba2-d2ac-4e2a-a4f9-ea37e9d56903.roa (raw, json)
Hash identifier: oKkgB2QmWI26Rp1IRTQos0ZIGWbMCCQhk166x3W8WKo=
Subject key identifier: C7:93:4C:75:05:F6:87:CD:49:68:79:BA:82:E1:46:53:B4:C0:6D:37
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 3A53E346C2E71ADCFB148BBF31BCBF657C927AF6
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/ce577ba2-d2ac-4e2a-a4f9-ea37e9d56903.roa
Signing time: Tue 21 Oct 2025 13:20:36 +0000
ROA not before: Tue 21 Oct 2025 13:20:36 +0000
ROA not after: Tue 25 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d06d:2000::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Wed 29 Oct 2025 00:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
3a:53:e3:46:c2:e7:1a:dc:fb:14:8b:bf:31:bc:bf:65:7c:92:7a:f6
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Oct 21 13:20:36 2025 GMT
Not After : Nov 25 23:59:59 2025 GMT
Subject: serialNumber=789406895a1cec3e1b15b6d99a231138f8029137b5a14bc7f4834c5c9467bd9c, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c0:b7:96:ba:43:94:c2:fe:79:9d:77:5e:6c:4e:
11:3e:73:02:03:9b:e5:ff:dd:89:b2:d6:b1:b6:0e:
a4:a4:d7:d5:da:6c:ba:10:8a:af:18:0e:00:9f:a2:
13:7c:7f:68:b3:ab:77:2e:d8:90:99:12:3f:d4:ec:
94:2f:d4:fb:00:51:a4:35:c1:33:89:38:67:1a:e1:
de:0f:23:c2:3f:aa:24:f9:f1:aa:65:e8:47:16:b5:
b5:46:5b:f2:61:39:3a:ea:1e:6c:39:50:8e:99:97:
fe:fa:58:dc:bd:97:29:88:27:db:12:2e:04:1a:0c:
90:ec:e6:12:e9:08:51:5f:24:b2:44:24:d2:03:ea:
91:2b:75:2d:b7:97:ea:50:d7:6c:cd:3c:81:8c:d6:
fa:7e:fc:36:f0:bb:06:30:bb:c8:86:65:64:2c:c9:
2e:05:90:56:ce:02:1d:3d:2b:b1:66:6c:9f:da:09:
f2:ba:ab:71:20:15:1c:ed:64:94:28:1e:a3:77:5c:
53:48:e4:b8:95:69:bb:b2:e1:62:1d:73:c9:b5:e2:
67:24:51:6d:3b:d4:0c:1f:d9:6b:ee:f9:6c:46:6b:
ee:be:1f:60:c6:c7:62:80:57:2a:0b:76:23:07:c4:
eb:88:6c:60:2d:12:50:e6:af:2b:5e:53:37:d5:3d:
73:11
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C7:93:4C:75:05:F6:87:CD:49:68:79:BA:82:E1:46:53:B4:C0:6D:37
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/ce577ba2-d2ac-4e2a-a4f9-ea37e9d56903.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d06d:2000::/40
Signature Algorithm: sha256WithRSAEncryption
57:b1:74:3c:1b:0e:62:77:a1:42:e3:1a:ec:4d:a4:e7:4b:6d:
a7:3e:16:0a:9f:ff:58:57:fb:d9:ee:88:74:0e:12:77:5c:6a:
53:90:7c:29:e6:af:ae:de:0a:9b:2a:b9:3c:a7:84:e2:6b:c5:
b3:34:6e:61:53:dc:76:54:cd:fa:8a:a6:a0:ae:fb:2c:49:ce:
14:2c:01:07:f5:ff:10:79:d6:71:26:1e:b5:e7:88:7f:b2:f0:
8d:cc:ed:86:a7:66:8e:1d:ca:3e:2c:2f:c0:6d:e4:2e:1d:d1:
02:bc:ec:ad:57:43:cd:6a:42:62:fb:a2:d3:9e:33:c6:55:0d:
6d:2c:c0:ee:3d:95:60:95:8f:d7:37:9d:22:26:75:87:5f:b5:
ef:82:91:cc:61:b9:05:e7:80:27:e7:62:f4:b2:bd:a3:1d:b9:
0f:21:97:73:b7:8f:58:3a:d4:0f:cd:79:a2:27:db:70:9a:14:
b6:77:b9:a8:dd:4b:db:5e:1f:f6:cd:18:b1:28:70:db:34:b9:
3d:c0:9a:e6:60:5e:dc:dc:09:d1:92:89:bc:17:29:50:63:26:
88:03:96:25:12:65:8e:f5:9d:b5:f7:f8:f5:30:89:27:75:4c:
95:c0:6f:21:33:a7:2f:c8:0c:b9:60:c7:a4:f7:84:37:3b:d5:
1c:20:82:7a
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUOlPjRsLnGtz7FIu/Mby/ZXySevYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMjExMzIwMzZaFw0yNTExMjUyMzU5NTlaMHoxSTBHBgNV
BAUTQDc4OTQwNjg5NWExY2VjM2UxYjE1YjZkOTlhMjMxMTM4ZjgwMjkxMzdiNWEx
NGJjN2Y0ODM0YzVjOTQ2N2JkOWMxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMC3lrpDlML+eZ13XmxOET5zAgOb5f/dibLWsbYOpKTX1dpsuhCKrxgOAJ+i
E3x/aLOrdy7YkJkSP9TslC/U+wBRpDXBM4k4Zxrh3g8jwj+qJPnxqmXoRxa1tUZb
8mE5OuoebDlQjpmX/vpY3L2XKYgn2xIuBBoMkOzmEukIUV8kskQk0gPqkSt1LbeX
6lDXbM08gYzW+n78NvC7BjC7yIZlZCzJLgWQVs4CHT0rsWZsn9oJ8rqrcSAVHO1k
lCgeo3dcU0jkuJVpu7LhYh1zybXiZyRRbTvUDB/Za+75bEZr7r4fYMbHYoBXKgt2
IwfE64hsYC0SUOavK15TN9U9cxECAwEAAaOCAiMwggIfMB0GA1UdDgQWBBTHk0x1
BfaHzUloebqC4UZTtMBtNzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
Y2U1NzdiYTItZDJhYy00ZTJhLWE0ZjktZWEzN2U5ZDU2OTAzLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0G0g
MA0GCSqGSIb3DQEBCwUAA4IBAQBXsXQ8Gw5id6FC4xrsTaTnS22nPhYKn/9YV/vZ
7oh0DhJ3XGpTkHwp5q+u3gqbKrk8p4Tia8WzNG5hU9x2VM36iqagrvssSc4ULAEH
9f8QedZxJh6154h/svCNzO2Gp2aOHco+LC/AbeQuHdECvOytV0PNakJi+6LTnjPG
VQ1tLMDuPZVglY/XN50iJnWHX7XvgpHMYbkF54An52L0sr2jHbkPIZdzt49YOtQP
zXmiJ9twmhS2d7mo3UvbXh/2zRixKHDbNLk9wJrmYF7c3AnRkom8FylQYyaIA5Yl
EmWO9Z219/j1MIkndUyVwG8hM6cvyAy5YMek94Q3O9UcIIJ6
-----END CERTIFICATE-----
Generated at Tue Oct 28 04:09:10 2025 by rpki-client