Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/3401cced-770c-4585-9f39-cb17444bbb38.roa
File: 3401cced-770c-4585-9f39-cb17444bbb38.roa (raw, json)
Hash identifier: zR13SwSLXIEGJj/4cJ1A7Y9x+59xLC8wrAKUTSeEIO4=
Subject key identifier: CE:1D:A0:F3:9D:94:31:59:93:DF:3A:52:7B:10:41:82:ED:E6:2F:BC
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 72BC1267D98ECC985370B8F30FEF1F0993691776
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/3401cced-770c-4585-9f39-cb17444bbb38.roa
Signing time: Mon 06 Oct 2025 18:10:05 +0000
ROA not before: Mon 06 Oct 2025 18:10:05 +0000
ROA not after: Mon 10 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d032::/32 maxlen: 32
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 21 Oct 2025 00:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
72:bc:12:67:d9:8e:cc:98:53:70:b8:f3:0f:ef:1f:09:93:69:17:76
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Oct 6 18:10:05 2025 GMT
Not After : Nov 10 23:59:59 2025 GMT
Subject: serialNumber=dfa3054e585000efa5fde1ee9427cf687cda0251508a47b9e7fcc48c90100734, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cc:32:4f:f3:05:d3:63:9a:23:a4:8b:33:4c:8a:
67:27:72:a1:cc:ee:57:81:e6:41:94:a0:44:a6:b5:
e1:76:27:2c:40:e8:db:74:05:e3:8a:a4:72:12:3b:
80:64:4a:d6:e9:37:47:c8:ee:6e:93:c6:32:d6:ef:
1c:88:a8:57:e3:dc:73:f6:25:8f:08:86:e7:dc:e6:
a0:ac:47:2f:ee:a4:40:df:86:66:b4:54:6e:fb:40:
18:e2:5c:17:b9:02:76:29:5e:ec:47:7b:3f:94:2f:
9a:f5:0b:20:af:13:55:c9:e6:1e:36:86:bc:f8:49:
41:4c:cd:da:7b:7b:d0:a5:ca:ca:19:39:6d:cf:ca:
dd:2b:10:64:8f:62:3d:1b:f5:f5:e7:7c:db:79:19:
ea:ea:d1:96:8d:9c:be:02:3d:84:00:15:3f:9d:87:
52:ba:3b:d2:36:96:1a:24:a6:a9:97:9a:fb:fd:c0:
f7:6c:2c:57:d4:43:88:23:4f:75:d8:77:78:0a:66:
3b:61:f4:35:81:9c:53:0e:2b:34:a6:56:30:7e:0e:
fb:ce:32:a6:3f:40:80:6f:94:d0:37:e4:95:e1:59:
e3:98:37:e1:6b:26:c2:f6:64:2e:9f:77:9d:16:d2:
4d:9c:8d:9b:d3:1c:99:9e:fe:df:74:02:2c:1f:40:
f2:4d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CE:1D:A0:F3:9D:94:31:59:93:DF:3A:52:7B:10:41:82:ED:E6:2F:BC
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/3401cced-770c-4585-9f39-cb17444bbb38.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d032::/32
Signature Algorithm: sha256WithRSAEncryption
c2:2e:ec:8d:0e:76:a6:bd:a4:67:46:4b:9a:7b:d4:a7:5c:aa:
dd:c7:5a:e8:1a:bd:13:bc:1f:d0:73:13:0e:9b:76:0a:18:35:
ec:62:8c:f4:c9:39:31:8e:ea:f5:d8:3c:69:95:c9:4b:fe:b2:
39:f7:20:80:8f:00:bb:9f:9f:44:1f:9c:72:e1:ed:24:17:5f:
a2:73:2c:1d:1b:bf:98:95:e1:bd:b1:99:4d:32:69:b1:f8:a2:
38:1c:0f:bb:86:00:7e:6f:2c:d7:22:51:15:12:dc:51:f8:0e:
f6:14:8e:b3:9e:d0:b4:a1:a2:59:d6:1c:30:ee:2a:6b:88:32:
c6:0f:5a:82:c8:74:86:99:e1:fe:6e:d5:aa:6e:ca:5c:d9:f7:
55:49:c4:f0:84:78:03:11:26:30:a5:61:25:5c:dd:ec:34:b0:
17:57:c7:96:58:dc:8f:84:66:a3:e5:79:64:9d:3f:12:da:e2:
7d:f2:04:1f:fb:ba:35:31:0b:88:14:f3:95:bd:f2:09:69:37:
40:b2:61:f2:40:51:2b:f4:92:b7:6f:bf:a6:39:b5:f5:83:db:
a1:21:b3:08:46:5d:b4:58:f2:b3:0a:24:90:00:3b:fe:cd:f4:
fd:b0:2d:91:88:17:00:5d:f8:ac:71:58:c5:f6:d9:c9:19:bd:
42:8d:27:23
-----BEGIN CERTIFICATE-----
MIIFXzCCBEegAwIBAgIUcrwSZ9mOzJhTcLjzD+8fCZNpF3YwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMDYxODEwMDVaFw0yNTExMTAyMzU5NTlaMHoxSTBHBgNV
BAUTQGRmYTMwNTRlNTg1MDAwZWZhNWZkZTFlZTk0MjdjZjY4N2NkYTAyNTE1MDhh
NDdiOWU3ZmNjNDhjOTAxMDA3MzQxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMwyT/MF02OaI6SLM0yKZydyoczuV4HmQZSgRKa14XYnLEDo23QF44qkchI7
gGRK1uk3R8jubpPGMtbvHIioV+Pcc/YljwiG59zmoKxHL+6kQN+GZrRUbvtAGOJc
F7kCdile7Ed7P5QvmvULIK8TVcnmHjaGvPhJQUzN2nt70KXKyhk5bc/K3SsQZI9i
PRv19ed823kZ6urRlo2cvgI9hAAVP52HUro70jaWGiSmqZea+/3A92wsV9RDiCNP
ddh3eApmO2H0NYGcUw4rNKZWMH4O+84ypj9AgG+U0DfkleFZ45g34WsmwvZkLp93
nRbSTZyNm9McmZ7+33QCLB9A8k0CAwEAAaOCAiIwggIeMB0GA1UdDgQWBBTOHaDz
nZQxWZPfOlJ7EEGC7eYvvDAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MzQwMWNjZWQtNzcwYy00NTg1LTlmMzktY2IxNzQ0NGJiYjM4LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACoF0DIw
DQYJKoZIhvcNAQELBQADggEBAMIu7I0Odqa9pGdGS5p71Kdcqt3HWugavRO8H9Bz
Ew6bdgoYNexijPTJOTGO6vXYPGmVyUv+sjn3IICPALufn0QfnHLh7SQXX6JzLB0b
v5iV4b2xmU0yabH4ojgcD7uGAH5vLNciURUS3FH4DvYUjrOe0LSholnWHDDuKmuI
MsYPWoLIdIaZ4f5u1apuylzZ91VJxPCEeAMRJjClYSVc3ew0sBdXx5ZY3I+EZqPl
eWSdPxLa4n3yBB/7ujUxC4gU85W98glpN0CyYfJAUSv0krdvv6Y5tfWD26EhswhG
XbRY8rMKJJAAO/7N9P2wLZGIFwBd+KxxWMX22ckZvUKNJyM=
-----END CERTIFICATE-----
Generated at Mon Oct 20 08:52:38 2025 by rpki-client