Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/5c57a644-0d1c-4126-9684-e345f93c1560.roa
File: 5c57a644-0d1c-4126-9684-e345f93c1560.roa (raw, json)
Hash identifier: 5fDsu5o5aFwf5gcLiGUS+CokYHRmHE3kgbOyNnAw9As=
Subject key identifier: E8:E9:ED:EB:FB:BF:F9:60:A4:EC:02:C7:8D:6E:04:16:D5:C6:1D:DA
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 553ED15DF80237AE412EA85B8F96D9BB2DB61725
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/5c57a644-0d1c-4126-9684-e345f93c1560.roa
Signing time: Fri 26 Sep 2025 19:01:39 +0000
ROA not before: Fri 26 Sep 2025 19:01:39 +0000
ROA not after: Fri 31 Oct 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d072:9040::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 21 Oct 2025 09:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
55:3e:d1:5d:f8:02:37:ae:41:2e:a8:5b:8f:96:d9:bb:2d:b6:17:25
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Sep 26 19:01:39 2025 GMT
Not After : Oct 31 23:59:59 2025 GMT
Subject: serialNumber=cf8817bb8efb7e01956ac2baf9980b77bad3ecd6bcba64bdbcacc126cd2cafa7, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cb:86:c1:db:e0:c1:f2:25:a7:8e:be:7e:5b:01:
59:df:df:e6:23:c0:9f:57:3e:95:c4:61:b3:31:07:
05:07:2d:80:e8:33:22:a5:e6:cd:90:59:77:55:2b:
99:19:db:37:0e:9a:0c:b7:aa:3d:ce:45:6e:53:13:
4d:81:7b:06:8c:02:f9:bc:f0:5b:ad:5e:85:1b:95:
23:1d:8f:b2:4c:5c:c7:09:ee:0d:ba:2e:1b:18:86:
64:3e:85:68:c4:55:4e:94:65:74:2c:cb:16:a1:e8:
15:7d:46:8b:ab:95:2e:ce:9c:d6:7c:2b:0b:c1:f9:
7b:f4:02:20:05:83:ab:c4:b5:b8:8f:26:41:fe:ab:
e0:a2:ed:7e:e4:62:77:de:f8:10:38:38:7f:66:6e:
82:30:ea:97:f1:81:c5:c4:18:34:10:06:52:cb:f3:
81:c4:33:11:52:62:b5:c2:5a:ca:c4:7e:da:ef:cc:
f0:87:20:6d:2e:70:f2:ed:14:d4:fe:53:b6:28:4f:
e0:fa:37:7c:b2:85:b2:ff:18:aa:6f:cf:8a:5c:4d:
6e:11:ec:4f:85:f4:f2:72:42:82:4f:03:7f:d4:a4:
af:9f:83:e9:80:0a:c2:95:13:b7:df:67:53:0a:2c:
ed:1e:ac:81:5f:0e:0f:2f:45:56:c4:44:d2:3f:97:
2b:ff
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E8:E9:ED:EB:FB:BF:F9:60:A4:EC:02:C7:8D:6E:04:16:D5:C6:1D:DA
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/5c57a644-0d1c-4126-9684-e345f93c1560.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d072:9040::/48
Signature Algorithm: sha256WithRSAEncryption
3c:af:dd:2b:a3:8d:a8:f6:98:22:22:76:5e:a1:3a:07:e8:59:
c8:9e:0a:44:41:aa:4d:e1:21:ed:ed:8f:69:03:c2:31:f9:2b:
bd:11:21:6e:3c:31:16:89:fe:df:9c:c8:0e:bc:0b:1c:c9:9c:
4f:79:ea:1d:9c:74:58:d9:a8:57:be:7b:40:b2:e3:d1:fa:00:
c5:c3:3d:a8:41:04:a3:ce:3a:09:e0:36:ee:cc:26:2b:49:6e:
09:1a:a3:ec:10:e4:4e:75:55:52:93:82:17:8c:7c:dd:3c:28:
00:42:9c:67:49:68:ea:ab:1d:63:84:d0:77:2c:87:30:a7:8e:
76:d6:96:20:20:76:dd:73:be:23:91:da:33:15:58:ba:8a:91:
8a:9a:94:0d:eb:a6:ba:e5:a1:23:0d:96:a9:ab:cf:5b:ca:66:
7c:eb:bc:7b:93:48:46:25:37:1d:15:6b:79:ea:50:70:b6:b5:
d1:b6:c0:56:fe:13:59:35:42:6b:37:05:be:6e:f0:46:31:4f:
ac:25:2c:cc:fa:ed:ff:76:bb:29:6c:99:2b:ff:69:21:a5:79:
be:b7:49:40:f0:0b:17:a8:72:ab:13:ad:48:2f:21:42:ab:48:
d7:ba:22:e1:09:f6:b5:9d:51:83:d3:da:11:35:1a:95:cb:77:
c6:33:f9:af
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUVT7RXfgCN65BLqhbj5bZuy22FyUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MjYxOTAxMzlaFw0yNTEwMzEyMzU5NTlaMHoxSTBHBgNV
BAUTQGNmODgxN2JiOGVmYjdlMDE5NTZhYzJiYWY5OTgwYjc3YmFkM2VjZDZiY2Jh
NjRiZGJjYWNjMTI2Y2QyY2FmYTcxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMuGwdvgwfIlp46+flsBWd/f5iPAn1c+lcRhszEHBQctgOgzIqXmzZBZd1Ur
mRnbNw6aDLeqPc5FblMTTYF7BowC+bzwW61ehRuVIx2PskxcxwnuDbouGxiGZD6F
aMRVTpRldCzLFqHoFX1Gi6uVLs6c1nwrC8H5e/QCIAWDq8S1uI8mQf6r4KLtfuRi
d974EDg4f2ZugjDql/GBxcQYNBAGUsvzgcQzEVJitcJaysR+2u/M8IcgbS5w8u0U
1P5TtihP4Po3fLKFsv8Yqm/PilxNbhHsT4X08nJCgk8Df9Skr5+D6YAKwpUTt99n
Uwos7R6sgV8ODy9FVsRE0j+XK/8CAwEAAaOCAiQwggIgMB0GA1UdDgQWBBTo6e3r
+7/5YKTsAseNbgQW1cYd2jAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NWM1N2E2NDQtMGQxYy00MTI2LTk2ODQtZTM0NWY5M2MxNTYwLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0HKQ
QDANBgkqhkiG9w0BAQsFAAOCAQEAPK/dK6ONqPaYIiJ2XqE6B+hZyJ4KREGqTeEh
7e2PaQPCMfkrvREhbjwxFon+35zIDrwLHMmcT3nqHZx0WNmoV757QLLj0foAxcM9
qEEEo846CeA27swmK0luCRqj7BDkTnVVUpOCF4x83TwoAEKcZ0lo6qsdY4TQdyyH
MKeOdtaWICB23XO+I5HaMxVYuoqRipqUDeumuuWhIw2WqavPW8pmfOu8e5NIRiU3
HRVreepQcLa10bbAVv4TWTVCazcFvm7wRjFPrCUszPrt/3a7KWyZK/9pIaV5vrdJ
QPALF6hyqxOtSC8hQqtI17oi4Qn2tZ1Rg9PaETUalct3xjP5rw==
-----END CERTIFICATE-----
Generated at Mon Oct 20 13:47:28 2025 by rpki-client