Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/4cdfefba-9573-485f-8040-202e038ebf78.roa
File: 4cdfefba-9573-485f-8040-202e038ebf78.roa (raw, json)
Hash identifier: wlnGoRlP/dwRDprSk061xI8Ar2M0+7XVZmIKbSqqEAw=
Subject key identifier: A8:41:3C:58:26:09:D5:15:27:EA:65:75:F9:1F:DA:63:82:8D:9D:13
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 27DEF3F9B6FE22D272EEDAB24743157025C189D5
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/4cdfefba-9573-485f-8040-202e038ebf78.roa
Signing time: Fri 26 Sep 2025 20:11:01 +0000
ROA not before: Fri 26 Sep 2025 20:11:01 +0000
ROA not after: Fri 31 Oct 2025 23:59:59 +0000
asID: 16509
IP address blocks: 79.125.8.0/21 maxlen: 21
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 21 Oct 2025 00:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
27:de:f3:f9:b6:fe:22:d2:72:ee:da:b2:47:43:15:70:25:c1:89:d5
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Sep 26 20:11:01 2025 GMT
Not After : Oct 31 23:59:59 2025 GMT
Subject: serialNumber=9489ec7efc99b0736c5ff6f3eea8382b97ce589e7b1d0ce4fab36696fa349234, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e2:c6:02:37:63:de:0f:02:87:e3:24:94:b9:3d:
60:f1:fa:ab:73:88:48:5c:0d:7c:2d:ec:e5:a2:7a:
35:2d:95:61:fd:7d:e9:be:db:2b:16:43:18:02:9e:
fd:6e:80:66:6f:27:f7:0b:46:a8:ed:b5:38:48:ab:
52:3a:25:94:47:d6:d3:65:38:03:44:07:8f:16:35:
8e:36:ee:58:3c:96:42:e7:f9:d5:d3:5c:a0:d6:94:
bc:bf:1d:14:92:f3:f1:87:11:fd:c6:1d:45:6b:83:
64:df:20:2e:4c:f1:a8:ad:d9:45:19:09:a1:c3:32:
ea:8f:08:12:31:26:54:95:93:33:e4:14:0e:61:71:
5f:b0:bb:54:27:74:c2:99:f3:4a:ae:65:25:73:ae:
84:ed:3d:36:d8:e7:12:71:56:97:93:8e:5d:a4:8f:
3e:d9:e9:a7:79:0d:ec:7b:a0:d4:89:60:70:75:3a:
3c:0a:47:e4:91:4f:fb:9b:eb:b5:83:ed:9c:5f:3b:
b9:9a:cd:88:28:5c:62:39:90:d4:14:b8:69:3d:eb:
ee:8c:29:b1:d7:45:24:94:86:e1:86:d5:7c:0c:16:
31:ed:59:72:ff:d1:85:f9:66:96:5b:bc:f6:87:95:
14:6d:5d:d4:0e:5a:1c:85:94:07:cd:2c:08:54:2a:
1a:99
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A8:41:3C:58:26:09:D5:15:27:EA:65:75:F9:1F:DA:63:82:8D:9D:13
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/4cdfefba-9573-485f-8040-202e038ebf78.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
79.125.8.0/21
Signature Algorithm: sha256WithRSAEncryption
59:68:c4:39:3c:14:9f:bc:15:df:33:74:92:7f:57:87:31:60:
77:13:39:3c:b3:51:95:e7:bc:e7:aa:45:3d:b8:9d:e8:00:9f:
b3:7b:c8:7e:58:c3:e8:7b:80:ff:1d:85:09:d5:11:18:34:ff:
45:13:04:97:a5:51:e2:59:ce:3d:82:ef:b6:ee:1e:cd:53:d5:
23:3c:ca:5b:b5:0d:78:0a:f2:4e:91:62:77:67:79:5e:4a:30:
b7:57:a2:67:fa:49:52:51:cf:d5:bc:66:08:58:d6:99:30:2a:
6f:12:69:25:75:03:12:3f:e8:c6:43:d8:c3:00:88:d6:69:b1:
17:51:7b:c1:12:f5:2e:d1:ef:82:a2:b6:33:7b:af:86:dd:60:
c1:ae:fc:06:67:47:27:71:b7:e7:d3:f2:69:d2:31:4f:15:2a:
2f:1c:f1:19:85:de:53:6e:fa:5b:a7:92:2c:a7:bf:c5:a2:9e:
a6:a9:9e:81:7f:e9:9c:cc:2a:26:cc:ec:f0:bf:8d:5c:10:cf:
8b:42:cc:75:0a:33:1f:31:eb:92:77:21:ef:b0:1a:c2:9f:25:
97:b2:11:2a:19:46:d6:ec:7b:45:2f:93:09:aa:e6:e3:04:e1:
44:e1:4b:c0:a1:7d:0b:94:d1:35:db:06:aa:ae:27:49:4a:34:
88:34:6d:05
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUJ97z+bb+ItJy7tqyR0MVcCXBidUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MjYyMDExMDFaFw0yNTEwMzEyMzU5NTlaMHoxSTBHBgNV
BAUTQDk0ODllYzdlZmM5OWIwNzM2YzVmZjZmM2VlYTgzODJiOTdjZTU4OWU3YjFk
MGNlNGZhYjM2Njk2ZmEzNDkyMzQxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAOLGAjdj3g8Ch+MklLk9YPH6q3OISFwNfC3s5aJ6NS2VYf196b7bKxZDGAKe
/W6AZm8n9wtGqO21OEirUjollEfW02U4A0QHjxY1jjbuWDyWQuf51dNcoNaUvL8d
FJLz8YcR/cYdRWuDZN8gLkzxqK3ZRRkJocMy6o8IEjEmVJWTM+QUDmFxX7C7VCd0
wpnzSq5lJXOuhO09NtjnEnFWl5OOXaSPPtnpp3kN7Hug1IlgcHU6PApH5JFP+5vr
tYPtnF87uZrNiChcYjmQ1BS4aT3r7owpsddFJJSG4YbVfAwWMe1Zcv/Rhflmllu8
9oeVFG1d1A5aHIWUB80sCFQqGpkCAwEAAaOCAiEwggIdMB0GA1UdDgQWBBSoQTxY
JgnVFSfqZXX5H9pjgo2dEzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NGNkZmVmYmEtOTU3My00ODVmLTgwNDAtMjAyZTAzOGViZjc4LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEA099CDAN
BgkqhkiG9w0BAQsFAAOCAQEAWWjEOTwUn7wV3zN0kn9XhzFgdxM5PLNRlee856pF
Pbid6ACfs3vIfljD6HuA/x2FCdURGDT/RRMEl6VR4lnOPYLvtu4ezVPVIzzKW7UN
eAryTpFid2d5Xkowt1eiZ/pJUlHP1bxmCFjWmTAqbxJpJXUDEj/oxkPYwwCI1mmx
F1F7wRL1LtHvgqK2M3uvht1gwa78BmdHJ3G359PyadIxTxUqLxzxGYXeU276W6eS
LKe/xaKepqmegX/pnMwqJszs8L+NXBDPi0LMdQozHzHrknch77Aawp8ll7IRKhlG
1ux7RS+TCarm4wThROFLwKF9C5TRNdsGqq4nSUo0iDRtBQ==
-----END CERTIFICATE-----
Generated at Mon Oct 20 08:52:09 2025 by rpki-client