Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/5f28c807-572d-4641-be39-53109963f4c3.roa
File: 5f28c807-572d-4641-be39-53109963f4c3.roa (raw, json)
Hash identifier: ALO2qUuMRrdzwyhQvK7nkhT1QqbT7+6bvvjIIf3NO7A=
Subject key identifier: E2:23:C9:41:CD:35:68:61:3E:AE:AE:CA:6C:36:90:B2:B6:7B:DC:59
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 51A61D6607F8E66C1727366655F3788D4F10DD1A
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/5f28c807-572d-4641-be39-53109963f4c3.roa
Signing time: Fri 26 Sep 2025 19:11:14 +0000
ROA not before: Fri 26 Sep 2025 19:11:14 +0000
ROA not after: Fri 31 Oct 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d036:a000::/40 maxlen: 40
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 21 Oct 2025 00:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
51:a6:1d:66:07:f8:e6:6c:17:27:36:66:55:f3:78:8d:4f:10:dd:1a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Sep 26 19:11:14 2025 GMT
Not After : Oct 31 23:59:59 2025 GMT
Subject: serialNumber=37edb272d76fd195c45c7d299309712c4746d35a214ec5c4bf779df42385defd, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e9:68:c7:2b:b9:de:b2:28:67:9c:63:bb:14:b9:
35:b2:4a:90:17:14:4c:fd:46:49:01:e9:b0:2f:82:
e4:ef:db:f2:5e:44:87:5d:8f:aa:e9:e5:b4:5b:f7:
42:7c:e8:dd:f8:38:db:7e:0d:c2:89:12:85:65:71:
6e:e6:21:03:c8:89:8a:ff:00:3d:23:fd:e1:55:46:
ce:51:82:8a:86:8f:a2:59:82:a0:ef:f9:bf:e4:b6:
8a:0c:72:47:37:20:b6:84:06:8f:f3:ca:d0:86:ad:
a9:9b:69:cb:0c:10:02:aa:81:b1:69:d9:73:4f:09:
fc:98:f8:12:94:ec:16:2d:a9:e9:e5:fb:03:23:b4:
54:ca:64:5c:19:4c:3e:19:17:c7:6a:2e:6b:d5:6d:
f4:e1:0d:d0:ef:89:1c:7d:7f:65:0d:d0:cd:9c:4c:
3b:f5:78:ea:86:60:01:67:2a:c3:39:2f:46:6b:96:
31:5a:7f:42:1e:41:d6:19:54:44:2b:8c:de:d5:e3:
6f:a7:23:ee:ea:29:8a:c3:eb:46:fa:f2:ab:34:dc:
3e:fc:c4:e5:37:8f:56:00:70:25:aa:a4:26:0b:ec:
25:63:2e:71:9a:b6:90:d6:0e:ee:e3:72:79:2f:38:
4b:e6:6b:fd:96:ef:eb:5f:a7:cd:bc:d3:e2:48:bd:
a1:99
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E2:23:C9:41:CD:35:68:61:3E:AE:AE:CA:6C:36:90:B2:B6:7B:DC:59
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/5f28c807-572d-4641-be39-53109963f4c3.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d036:a000::/40
Signature Algorithm: sha256WithRSAEncryption
a8:81:36:2f:4b:63:91:6a:b3:3a:ba:04:c9:60:73:20:0b:38:
34:1b:07:1d:d8:1b:7a:36:88:8e:05:14:a2:86:f5:69:11:b4:
11:b6:68:b8:47:f8:01:ea:1f:4d:eb:e4:db:8a:46:ce:ba:4c:
08:ac:cf:66:83:60:78:56:55:5f:93:1e:58:7f:64:a3:26:71:
3b:47:f7:a3:2c:d9:f1:1b:5e:aa:f3:09:58:05:db:b3:53:1e:
aa:fb:98:9d:85:06:f8:02:bf:6b:b8:35:66:51:73:1d:8b:12:
23:83:5b:c1:fb:d7:e6:68:60:42:b8:b0:e4:47:1c:09:69:1d:
69:20:a2:ac:fd:a0:05:da:f6:b3:4c:a3:ab:20:9f:e9:5c:8d:
df:d6:e3:66:77:de:0c:df:6f:a7:64:f2:a7:9e:a8:4d:65:8b:
47:d7:48:c8:61:79:44:21:df:97:c7:80:14:6c:2d:ae:d9:2f:
9d:4e:20:9c:0d:ad:24:35:e8:e4:02:27:3c:a8:a3:89:c4:3b:
7a:aa:51:d7:af:6e:d6:89:4c:e4:48:c2:4b:2b:0e:dc:f6:5d:
32:74:47:ce:3a:27:89:29:47:ef:1a:3f:37:a8:f3:f8:f6:0d:
88:ef:4a:0e:12:24:1d:95:7d:39:dd:2d:53:64:66:ae:7c:69:
a0:a3:e4:c5
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUUaYdZgf45mwXJzZmVfN4jU8Q3RowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MjYxOTExMTRaFw0yNTEwMzEyMzU5NTlaMHoxSTBHBgNV
BAUTQDM3ZWRiMjcyZDc2ZmQxOTVjNDVjN2QyOTkzMDk3MTJjNDc0NmQzNWEyMTRl
YzVjNGJmNzc5ZGY0MjM4NWRlZmQxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAOloxyu53rIoZ5xjuxS5NbJKkBcUTP1GSQHpsC+C5O/b8l5Eh12PqunltFv3
Qnzo3fg4234NwokShWVxbuYhA8iJiv8APSP94VVGzlGCioaPolmCoO/5v+S2igxy
RzcgtoQGj/PK0IatqZtpywwQAqqBsWnZc08J/Jj4EpTsFi2p6eX7AyO0VMpkXBlM
PhkXx2oua9Vt9OEN0O+JHH1/ZQ3QzZxMO/V46oZgAWcqwzkvRmuWMVp/Qh5B1hlU
RCuM3tXjb6cj7uopisPrRvryqzTcPvzE5TePVgBwJaqkJgvsJWMucZq2kNYO7uNy
eS84S+Zr/Zbv61+nzbzT4ki9oZkCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBTiI8lB
zTVoYT6urspsNpCytnvcWTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NWYyOGM4MDctNTcyZC00NjQxLWJlMzktNTMxMDk5NjNmNGMzLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0Dag
MA0GCSqGSIb3DQEBCwUAA4IBAQCogTYvS2ORarM6ugTJYHMgCzg0Gwcd2Bt6NoiO
BRSihvVpEbQRtmi4R/gB6h9N6+TbikbOukwIrM9mg2B4VlVfkx5Yf2SjJnE7R/ej
LNnxG16q8wlYBduzUx6q+5idhQb4Ar9ruDVmUXMdixIjg1vB+9fmaGBCuLDkRxwJ
aR1pIKKs/aAF2vazTKOrIJ/pXI3f1uNmd94M32+nZPKnnqhNZYtH10jIYXlEId+X
x4AUbC2u2S+dTiCcDa0kNejkAic8qKOJxDt6qlHXr27WiUzkSMJLKw7c9l0ydEfO
OieJKUfvGj83qPP49g2I70oOEiQdlX053S1TZGaufGmgo+TF
-----END CERTIFICATE-----
Generated at Mon Oct 20 08:53:13 2025 by rpki-client