Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/21e2f5c8-e012-44d0-a6f2-c4a065b3b954.roa
File: 21e2f5c8-e012-44d0-a6f2-c4a065b3b954.roa (raw, json)
Hash identifier: YsVfgINyZbLc/hAhdSJ8Q3e2DcRgBkSdIVFTbU+v7QM=
Subject key identifier: C5:05:C1:4D:E8:21:75:77:75:82:BA:B5:45:F2:27:B1:24:31:BF:37
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 35459DD54F751453C426A51AC906D20435888598
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/21e2f5c8-e012-44d0-a6f2-c4a065b3b954.roa
Signing time: Fri 26 Sep 2025 19:41:50 +0000
ROA not before: Fri 26 Sep 2025 19:41:50 +0000
ROA not after: Fri 31 Oct 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d034:4000::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 21 Oct 2025 13:42:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
35:45:9d:d5:4f:75:14:53:c4:26:a5:1a:c9:06:d2:04:35:88:85:98
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Sep 26 19:41:50 2025 GMT
Not After : Oct 31 23:59:59 2025 GMT
Subject: serialNumber=b9ca088d4e65b7ec97b355e523170b179bcb87feb97c0426211f592c64f90b7c, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ab:eb:55:8f:c0:ac:89:e4:f5:b5:43:08:57:df:
f5:42:c8:40:08:47:d5:4d:05:14:63:ef:70:2d:53:
40:f7:dc:47:af:f9:ad:43:06:f3:ed:9c:11:6f:09:
23:39:c2:c0:aa:0b:76:b7:01:d8:fe:fd:c7:cd:a0:
23:79:d4:66:30:2c:1d:9d:a0:3d:18:75:66:a3:1f:
59:51:36:21:c9:a8:31:f5:65:d4:9d:86:db:7a:a5:
c9:fa:f7:bb:1c:1f:af:ba:7c:ad:fe:17:b8:ba:83:
5f:51:6e:9f:06:0b:9b:45:b3:e1:87:88:4e:79:de:
fa:b7:15:9d:15:71:60:4c:0a:8e:98:50:1d:b6:54:
52:76:f2:34:82:26:4f:ae:99:d1:3b:13:60:da:cd:
7c:f7:22:84:dd:86:71:8a:b6:9b:72:72:a0:ac:ef:
2d:dc:9a:0c:03:d8:51:ab:30:25:c2:de:0b:28:51:
cd:c6:38:a2:b5:f2:61:37:f9:9f:db:17:43:d8:dd:
4e:42:41:6e:cb:f5:77:a9:75:be:a9:bc:3f:33:b8:
ca:74:c2:8c:53:ae:dd:43:61:c0:f7:cc:65:63:35:
d2:df:e4:1e:b5:92:6d:81:86:1e:aa:c8:8b:50:a1:
7b:7c:39:f6:60:e3:c8:a3:c3:89:7c:45:b0:42:80:
52:05
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C5:05:C1:4D:E8:21:75:77:75:82:BA:B5:45:F2:27:B1:24:31:BF:37
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/21e2f5c8-e012-44d0-a6f2-c4a065b3b954.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d034:4000::/40
Signature Algorithm: sha256WithRSAEncryption
84:5c:da:34:1a:0b:6c:85:28:e6:4c:c7:bc:af:51:5f:f9:8d:
f1:e4:92:ca:77:38:40:55:93:3e:8a:f7:c6:a4:24:74:d1:80:
2c:fa:9e:0d:ea:24:3e:b7:b1:07:b6:4a:0e:31:45:c9:d3:06:
05:9b:b9:e6:4b:ca:10:13:e1:81:54:6b:74:66:05:a6:55:ab:
c1:ae:28:b6:21:a8:dd:2e:7e:54:18:eb:ad:d9:15:bb:3a:78:
bd:b8:70:83:1c:6e:0b:fd:39:38:de:87:8f:6d:19:e3:54:1a:
2d:96:4e:ac:0e:19:4d:c2:82:10:fa:5a:46:27:df:c7:db:5e:
69:65:cb:50:a4:aa:d2:ad:b0:ad:a9:45:db:de:fd:24:2e:26:
50:0c:0a:fc:7e:80:5a:08:04:4b:c5:fb:15:ff:bf:87:39:d1:
e1:75:1d:16:b3:0e:04:17:97:1c:3a:24:1f:13:25:e3:29:c3:
42:44:99:48:bd:36:ad:90:82:88:7e:6a:56:17:77:ca:4c:f1:
3e:35:7b:5a:4e:91:70:2b:b6:57:ca:fb:94:e4:e1:f9:09:52:
8f:83:3c:67:e8:eb:86:30:d9:f7:2a:58:75:02:2e:42:e6:69:
b0:66:88:b9:71:98:94:14:2b:aa:98:50:8b:a2:56:7e:c5:7b:
b8:e1:64:27
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUNUWd1U91FFPEJqUayQbSBDWIhZgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MjYxOTQxNTBaFw0yNTEwMzEyMzU5NTlaMHoxSTBHBgNV
BAUTQGI5Y2EwODhkNGU2NWI3ZWM5N2IzNTVlNTIzMTcwYjE3OWJjYjg3ZmViOTdj
MDQyNjIxMWY1OTJjNjRmOTBiN2MxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKvrVY/ArInk9bVDCFff9ULIQAhH1U0FFGPvcC1TQPfcR6/5rUMG8+2cEW8J
IznCwKoLdrcB2P79x82gI3nUZjAsHZ2gPRh1ZqMfWVE2IcmoMfVl1J2G23qlyfr3
uxwfr7p8rf4XuLqDX1FunwYLm0Wz4YeITnne+rcVnRVxYEwKjphQHbZUUnbyNIIm
T66Z0TsTYNrNfPcihN2GcYq2m3JyoKzvLdyaDAPYUaswJcLeCyhRzcY4orXyYTf5
n9sXQ9jdTkJBbsv1d6l1vqm8PzO4ynTCjFOu3UNhwPfMZWM10t/kHrWSbYGGHqrI
i1Che3w59mDjyKPDiXxFsEKAUgUCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBTFBcFN
6CF1d3WCurVF8iexJDG/NzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MjFlMmY1YzgtZTAxMi00NGQwLWE2ZjItYzRhMDY1YjNiOTU0LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0DRA
MA0GCSqGSIb3DQEBCwUAA4IBAQCEXNo0GgtshSjmTMe8r1Ff+Y3x5JLKdzhAVZM+
ivfGpCR00YAs+p4N6iQ+t7EHtkoOMUXJ0wYFm7nmS8oQE+GBVGt0ZgWmVavBrii2
IajdLn5UGOut2RW7Oni9uHCDHG4L/Tk43oePbRnjVBotlk6sDhlNwoIQ+lpGJ9/H
215pZctQpKrSrbCtqUXb3v0kLiZQDAr8foBaCARLxfsV/7+HOdHhdR0Wsw4EF5cc
OiQfEyXjKcNCRJlIvTatkIKIfmpWF3fKTPE+NXtaTpFwK7ZXyvuU5OH5CVKPgzxn
6OuGMNn3Klh1Ai5C5mmwZoi5cZiUFCuqmFCLolZ+xXu44WQn
-----END CERTIFICATE-----
Generated at Mon Oct 20 23:29:27 2025 by rpki-client