Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/36e6bf1a-660d-40a9-a561-406ff743fc37.roa
File: 36e6bf1a-660d-40a9-a561-406ff743fc37.roa (raw, json)
Hash identifier: u8UqTk+QjwS78bQllYMGpG0C1hdXKNu1/5eOnnfIW2c=
Subject key identifier: B9:B4:6A:99:E3:59:67:CD:A9:DB:74:23:26:3F:24:F5:CC:DE:68:F8
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 5EC449B0899033A77C1167C140C4AA20E01C1A38
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/36e6bf1a-660d-40a9-a561-406ff743fc37.roa
Signing time: Fri 26 Sep 2025 19:40:40 +0000
ROA not before: Fri 26 Sep 2025 19:40:40 +0000
ROA not after: Fri 31 Oct 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d03a:1000::/40 maxlen: 40
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 21 Oct 2025 09:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
5e:c4:49:b0:89:90:33:a7:7c:11:67:c1:40:c4:aa:20:e0:1c:1a:38
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Sep 26 19:40:40 2025 GMT
Not After : Oct 31 23:59:59 2025 GMT
Subject: serialNumber=c6dc105fc3e74207c548280273822516e7e73593c91c8968393e2f89251e6323, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c2:59:6b:53:74:1c:56:4b:49:ac:74:64:68:21:
df:e4:47:dc:37:bc:94:b1:ee:8b:74:00:d6:8b:c7:
b7:36:bc:9b:68:45:98:b3:91:1a:6e:b2:e2:df:47:
cf:fe:18:d7:e6:19:a4:73:df:67:76:0d:44:02:92:
c5:2e:eb:df:57:d3:ad:5a:8b:78:d9:3d:6f:bf:be:
23:31:0d:5e:00:6d:a7:4f:b7:b6:e9:c3:74:ec:58:
8f:fc:99:28:c2:54:ba:8c:50:53:41:c4:ba:5b:7b:
68:d8:39:53:79:34:1d:3f:42:79:ce:8f:03:5a:59:
36:1f:1d:e6:6a:a7:f9:0c:c8:47:f8:1f:48:72:de:
f4:fa:3e:a3:cb:57:84:f4:d2:a5:3a:8f:19:f2:36:
74:97:af:55:a3:09:06:13:90:31:6b:a6:94:42:60:
bd:79:da:24:53:36:cd:6b:4c:f2:1c:6f:d6:0c:fb:
4a:9b:58:2b:e7:50:31:12:f5:94:c4:7d:eb:c7:a9:
26:dc:47:a6:6f:dc:77:eb:cf:27:e7:19:91:55:a9:
b5:af:26:af:a3:c1:be:65:4d:c8:68:86:c5:56:88:
aa:99:4c:8c:8a:49:5c:99:76:78:ee:bd:72:eb:61:
88:1e:76:93:25:a7:59:ba:49:e5:17:78:09:dc:65:
ee:95
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B9:B4:6A:99:E3:59:67:CD:A9:DB:74:23:26:3F:24:F5:CC:DE:68:F8
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/36e6bf1a-660d-40a9-a561-406ff743fc37.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d03a:1000::/40
Signature Algorithm: sha256WithRSAEncryption
49:73:0a:ae:92:d0:51:4f:2a:71:7f:0a:94:58:c4:34:a3:86:
21:0a:74:e3:ce:e3:9f:77:3a:73:49:b2:19:56:32:d5:9b:60:
4a:0f:6d:22:7a:a4:2c:db:8e:0c:93:4d:24:96:00:0c:05:86:
41:d2:f7:8b:d2:ae:27:a4:38:9b:2d:62:9b:ae:24:10:bd:ce:
1e:27:85:ad:b7:da:6e:33:c1:02:12:e7:54:53:cb:3b:c2:b2:
fc:98:51:f0:0b:f7:cb:50:34:7e:b7:90:34:78:51:79:b5:32:
38:6c:25:41:76:2e:2c:41:af:c6:bd:d3:26:81:05:96:b2:ce:
db:fe:5b:27:d2:c4:15:d5:b1:78:57:00:c6:1a:00:d7:92:94:
74:9c:5c:c6:5c:f8:02:c6:de:be:10:95:7b:70:69:34:2d:b3:
f4:90:b6:98:5f:ec:48:6d:fa:d1:57:6a:b9:e8:2c:cd:ff:bb:
cf:52:e1:e7:20:e4:08:82:38:e8:cc:69:70:d5:d4:84:7b:26:
8f:0b:d9:17:b8:9c:a4:fe:95:29:06:78:2a:1e:8b:a9:ed:1f:
2c:46:cf:c9:34:48:ca:ce:9a:5a:10:ef:15:3e:9b:2e:e3:f1:
4d:a5:3b:7a:d0:20:ca:01:a1:69:ca:c9:5f:05:28:db:17:f9:
f3:ff:75:b3
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUXsRJsImQM6d8EWfBQMSqIOAcGjgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MjYxOTQwNDBaFw0yNTEwMzEyMzU5NTlaMHoxSTBHBgNV
BAUTQGM2ZGMxMDVmYzNlNzQyMDdjNTQ4MjgwMjczODIyNTE2ZTdlNzM1OTNjOTFj
ODk2ODM5M2UyZjg5MjUxZTYzMjMxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMJZa1N0HFZLSax0ZGgh3+RH3De8lLHui3QA1ovHtza8m2hFmLORGm6y4t9H
z/4Y1+YZpHPfZ3YNRAKSxS7r31fTrVqLeNk9b7++IzENXgBtp0+3tunDdOxYj/yZ
KMJUuoxQU0HEult7aNg5U3k0HT9Cec6PA1pZNh8d5mqn+QzIR/gfSHLe9Po+o8tX
hPTSpTqPGfI2dJevVaMJBhOQMWumlEJgvXnaJFM2zWtM8hxv1gz7SptYK+dQMRL1
lMR968epJtxHpm/cd+vPJ+cZkVWpta8mr6PBvmVNyGiGxVaIqplMjIpJXJl2eO69
cuthiB52kyWnWbpJ5Rd4Cdxl7pUCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBS5tGqZ
41lnzanbdCMmPyT1zN5o+DAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MzZlNmJmMWEtNjYwZC00MGE5LWE1NjEtNDA2ZmY3NDNmYzM3LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0DoQ
MA0GCSqGSIb3DQEBCwUAA4IBAQBJcwquktBRTypxfwqUWMQ0o4YhCnTjzuOfdzpz
SbIZVjLVm2BKD20ieqQs244Mk00klgAMBYZB0veL0q4npDibLWKbriQQvc4eJ4Wt
t9puM8ECEudUU8s7wrL8mFHwC/fLUDR+t5A0eFF5tTI4bCVBdi4sQa/GvdMmgQWW
ss7b/lsn0sQV1bF4VwDGGgDXkpR0nFzGXPgCxt6+EJV7cGk0LbP0kLaYX+xIbfrR
V2q56CzN/7vPUuHnIOQIgjjozGlw1dSEeyaPC9kXuJyk/pUpBngqHoup7R8sRs/J
NEjKzppaEO8VPpsu4/FNpTt60CDKAaFpyslfBSjbF/nz/3Wz
-----END CERTIFICATE-----
Generated at Mon Oct 20 12:52:56 2025 by rpki-client