Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/5238c13f-b2a5-43d9-9624-d2e714a9bf53.roa
File: 5238c13f-b2a5-43d9-9624-d2e714a9bf53.roa (raw, json)
Hash identifier: L/8YkPpE/S0C48M8bRBwOxPFYMdWf58EYsohyCdpNHo=
Subject key identifier: 36:7E:43:95:41:7F:52:69:19:C0:3A:1E:67:00:44:3C:4B:88:EF:C8
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 7FB3F0172D6E9DEE4596232817852248A45C26CA
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/5238c13f-b2a5-43d9-9624-d2e714a9bf53.roa
Signing time: Mon 29 Sep 2025 15:24:38 +0000
ROA not before: Mon 29 Sep 2025 15:24:38 +0000
ROA not after: Mon 03 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d02f:800::/37 maxlen: 37
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 21 Oct 2025 09:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
7f:b3:f0:17:2d:6e:9d:ee:45:96:23:28:17:85:22:48:a4:5c:26:ca
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Sep 29 15:24:38 2025 GMT
Not After : Nov 3 23:59:59 2025 GMT
Subject: serialNumber=67789cb972a3bd78a55b7e85bdcb8c1dee7b9b5d4146123d075711d8395aabd0, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9e:a8:25:79:49:a0:23:8a:49:3b:7c:59:6c:05:
87:78:10:6f:9d:a8:1c:66:93:bb:57:ec:0e:79:9e:
d8:02:c3:97:67:68:24:b7:76:dd:0b:f0:bf:74:e5:
f9:06:12:59:d2:de:17:11:55:c0:e4:d4:3a:49:b1:
0c:db:93:ba:f2:85:42:05:ad:af:a5:83:36:a1:b2:
5b:5a:19:c5:97:93:0c:31:a4:a7:8a:28:83:8d:d0:
d0:86:93:51:5e:55:e5:d5:25:fb:b7:95:c9:c4:27:
5a:1a:4d:d1:78:8e:c2:d5:4f:38:30:7c:37:92:64:
3c:c1:77:13:87:93:29:29:8c:68:fc:c8:53:df:5b:
fa:1b:7d:9a:5f:81:71:a9:d4:70:63:59:90:57:e5:
72:3c:ce:b1:ba:3f:ba:3e:3a:04:ce:b5:fc:a4:57:
f1:66:f1:aa:78:c4:84:71:cf:f8:0c:63:f8:e2:b4:
9e:a4:5d:30:e6:36:ba:42:c8:d6:16:62:7b:8b:0b:
c8:79:99:21:a7:2d:56:b3:3e:38:e0:37:46:40:d6:
e1:42:f8:f0:cc:be:b7:54:0a:aa:68:1b:f7:c7:ea:
2f:4f:33:39:a2:bf:5c:d1:57:72:d9:ea:f4:e9:62:
a8:c3:9e:69:5d:76:8f:bf:d4:9c:17:f5:b5:59:40:
ab:03
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
36:7E:43:95:41:7F:52:69:19:C0:3A:1E:67:00:44:3C:4B:88:EF:C8
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/5238c13f-b2a5-43d9-9624-d2e714a9bf53.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d02f:800::/37
Signature Algorithm: sha256WithRSAEncryption
1a:43:76:e7:91:12:ac:f1:f8:50:4d:c0:a0:dc:38:92:70:07:
6b:50:2f:5d:e4:c6:c2:f2:39:42:93:01:38:5b:44:9d:ea:2b:
5e:7d:36:a0:11:89:4b:8d:b4:29:e1:54:31:c8:dc:3e:a0:93:
c0:80:81:d6:e7:f1:19:78:11:8d:9b:c5:f6:31:87:48:63:cc:
3e:de:cf:87:47:3c:aa:fe:9d:ea:90:24:fb:5c:f4:8d:41:24:
b9:7c:c8:8b:92:6f:7a:e2:58:29:56:b4:c7:8b:84:b8:e8:be:
c9:a6:bc:5d:6e:f6:2d:aa:08:63:01:8c:51:cc:fb:ec:7f:a4:
ce:3d:f9:78:3f:52:33:46:8d:41:04:3f:ff:26:a5:92:6d:82:
84:54:fd:72:ba:b3:91:2c:01:e3:d8:7a:8c:d6:3e:f2:15:3e:
53:c1:f9:9f:87:fd:9d:e2:60:9b:07:93:12:7e:15:36:2d:73:
38:a2:5b:44:4c:e0:1e:17:5b:25:57:2a:ba:a8:7c:d5:4e:5d:
dc:dc:49:be:c3:6b:9f:4b:b7:01:bf:7c:50:0c:8c:6b:3d:c2:
74:18:50:17:3a:39:a0:be:42:e6:2a:6c:40:17:f6:98:c9:cb:
dd:fd:21:b8:e7:e8:a5:40:f6:97:bb:d1:6e:81:da:a1:e6:d5:
42:4d:de:2c
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUf7PwFy1une5FliMoF4UiSKRcJsowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MjkxNTI0MzhaFw0yNTExMDMyMzU5NTlaMHoxSTBHBgNV
BAUTQDY3Nzg5Y2I5NzJhM2JkNzhhNTViN2U4NWJkY2I4YzFkZWU3YjliNWQ0MTQ2
MTIzZDA3NTcxMWQ4Mzk1YWFiZDAxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJ6oJXlJoCOKSTt8WWwFh3gQb52oHGaTu1fsDnme2ALDl2doJLd23Qvwv3Tl
+QYSWdLeFxFVwOTUOkmxDNuTuvKFQgWtr6WDNqGyW1oZxZeTDDGkp4oog43Q0IaT
UV5V5dUl+7eVycQnWhpN0XiOwtVPODB8N5JkPMF3E4eTKSmMaPzIU99b+ht9ml+B
canUcGNZkFflcjzOsbo/uj46BM61/KRX8WbxqnjEhHHP+Axj+OK0nqRdMOY2ukLI
1hZie4sLyHmZIactVrM+OOA3RkDW4UL48My+t1QKqmgb98fqL08zOaK/XNFXctnq
9OliqMOeaV12j7/UnBf1tVlAqwMCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBQ2fkOV
QX9SaRnAOh5nAEQ8S4jvyDAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NTIzOGMxM2YtYjJhNS00M2Q5LTk2MjQtZDJlNzE0YTliZjUzLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGAyoF0C8I
MA0GCSqGSIb3DQEBCwUAA4IBAQAaQ3bnkRKs8fhQTcCg3DiScAdrUC9d5MbC8jlC
kwE4W0Sd6itefTagEYlLjbQp4VQxyNw+oJPAgIHW5/EZeBGNm8X2MYdIY8w+3s+H
Rzyq/p3qkCT7XPSNQSS5fMiLkm964lgpVrTHi4S46L7JprxdbvYtqghjAYxRzPvs
f6TOPfl4P1IzRo1BBD//JqWSbYKEVP1yurORLAHj2HqM1j7yFT5Twfmfh/2d4mCb
B5MSfhU2LXM4oltETOAeF1slVyq6qHzVTl3c3Em+w2ufS7cBv3xQDIxrPcJ0GFAX
OjmgvkLmKmxAF/aYycvd/SG45+ilQPaXu9Fugdqh5tVCTd4s
-----END CERTIFICATE-----
Generated at Mon Oct 20 12:52:26 2025 by rpki-client