Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/9386a656-dfeb-4ebf-847d-bd931e09dd13.roa
File: 9386a656-dfeb-4ebf-847d-bd931e09dd13.roa (raw, json)
Hash identifier: tt9pXwEjAQF0s6JdVijMExx2ADT3JG033btbC1ovRmE=
Subject key identifier: 42:7B:00:4E:85:91:6D:E5:59:96:93:5D:6A:45:22:60:B3:69:6F:2D
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 4479E814F265993073BC0469F609C7AE14E8E031
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/9386a656-dfeb-4ebf-847d-bd931e09dd13.roa
Signing time: Fri 26 Sep 2025 18:20:53 +0000
ROA not before: Fri 26 Sep 2025 18:20:53 +0000
ROA not after: Fri 31 Oct 2025 23:59:59 +0000
asID: 16509
IP address blocks: 176.32.96.0/21 maxlen: 24
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 21 Oct 2025 22:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
44:79:e8:14:f2:65:99:30:73:bc:04:69:f6:09:c7:ae:14:e8:e0:31
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Sep 26 18:20:53 2025 GMT
Not After : Oct 31 23:59:59 2025 GMT
Subject: serialNumber=f66ceaadb6840754bf5353fef2133fb93ad7a57c7129fa2fcd8e4b82fe08759b, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8a:60:fa:87:cd:6e:a3:84:b8:7c:0a:7c:4a:ee:
e3:22:4f:b4:69:81:e1:17:aa:cd:43:5b:71:4f:a6:
0c:bf:a2:c0:43:9f:bb:9a:e4:88:18:c1:e7:33:a3:
97:cd:d3:8f:27:e2:05:3f:d4:cf:f6:5b:d5:e7:f3:
f6:3e:d7:ff:b2:3a:32:29:e6:36:19:ed:e8:ad:34:
6f:20:fd:d7:7e:63:fa:c8:0a:15:07:42:1d:8b:3d:
2d:dc:fc:94:29:38:8e:20:cb:36:c7:1d:0e:74:16:
77:03:e6:ac:2b:10:04:b1:e4:ca:e7:f5:1a:d3:10:
9e:83:6e:f3:1d:6f:27:ef:05:d0:82:99:66:c1:ee:
cf:8c:4e:65:b4:9e:a3:c0:1b:9b:92:77:cc:99:7e:
8a:0c:59:a5:45:b5:a3:0c:e3:0e:14:e6:4b:06:ce:
10:f6:56:84:99:5f:14:d5:10:37:2e:f9:8f:13:2d:
4c:b6:15:1c:56:f4:02:13:52:df:d2:7e:54:23:ee:
64:3c:a7:21:ff:12:dd:18:4e:9d:f8:07:52:ea:41:
a0:ae:cd:c8:55:86:f2:c8:e5:f1:53:92:52:28:01:
1c:83:9e:79:59:7e:5c:b6:07:12:04:85:40:f8:42:
3d:b0:34:02:bd:69:56:e3:6e:e5:ca:6e:36:5a:e0:
03:37
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
42:7B:00:4E:85:91:6D:E5:59:96:93:5D:6A:45:22:60:B3:69:6F:2D
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/9386a656-dfeb-4ebf-847d-bd931e09dd13.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
176.32.96.0/21
Signature Algorithm: sha256WithRSAEncryption
ca:1d:a6:16:78:5a:f6:5d:57:26:92:2d:59:59:d9:9b:f6:7a:
8a:4a:01:69:3d:d3:2f:75:40:68:b5:66:2d:70:1c:cf:36:d1:
92:76:fa:fe:8f:c7:60:a9:5b:03:e7:fd:d2:51:0b:db:65:7f:
c6:4f:45:04:c7:c4:55:0a:62:a9:94:c1:49:24:07:87:f8:6a:
90:fb:b9:3e:12:1e:02:76:ee:2e:2f:62:af:aa:0e:15:bb:42:
ed:29:be:74:98:f3:6e:50:ab:b3:2c:92:e5:e8:0d:b9:34:c3:
95:ea:28:1a:05:10:ba:d7:ab:11:de:be:08:11:a5:0b:61:a3:
85:04:f1:97:87:a5:2c:30:a2:87:1c:f3:fa:7b:a4:f6:49:84:
72:f7:30:d0:e2:6c:70:9b:4c:82:00:76:f5:53:98:10:70:c1:
93:6d:b9:2b:e9:36:bb:eb:dd:1d:1d:09:15:c8:7a:ea:db:7a:
f8:f7:09:67:89:38:82:88:fe:47:f4:f1:a8:a7:9d:60:0b:ac:
90:5c:51:f3:cf:53:f5:db:b1:4e:e1:2b:e2:21:be:91:f1:69:
42:95:8b:cc:4c:6f:8b:48:50:b9:d4:27:62:dd:14:8d:91:a5:
9a:01:3a:b5:75:d4:db:dc:59:fd:56:84:7b:f5:81:6c:c5:68:
9f:b0:bc:ea
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIURHnoFPJlmTBzvARp9gnHrhTo4DEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MjYxODIwNTNaFw0yNTEwMzEyMzU5NTlaMHoxSTBHBgNV
BAUTQGY2NmNlYWFkYjY4NDA3NTRiZjUzNTNmZWYyMTMzZmI5M2FkN2E1N2M3MTI5
ZmEyZmNkOGU0YjgyZmUwODc1OWIxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAIpg+ofNbqOEuHwKfEru4yJPtGmB4ReqzUNbcU+mDL+iwEOfu5rkiBjB5zOj
l83TjyfiBT/Uz/Zb1efz9j7X/7I6MinmNhnt6K00byD9135j+sgKFQdCHYs9Ldz8
lCk4jiDLNscdDnQWdwPmrCsQBLHkyuf1GtMQnoNu8x1vJ+8F0IKZZsHuz4xOZbSe
o8Abm5J3zJl+igxZpUW1owzjDhTmSwbOEPZWhJlfFNUQNy75jxMtTLYVHFb0AhNS
39J+VCPuZDynIf8S3RhOnfgHUupBoK7NyFWG8sjl8VOSUigBHIOeeVl+XLYHEgSF
QPhCPbA0Ar1pVuNu5cpuNlrgAzcCAwEAAaOCAiEwggIdMB0GA1UdDgQWBBRCewBO
hZFt5VmWk11qRSJgs2lvLTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
OTM4NmE2NTYtZGZlYi00ZWJmLTg0N2QtYmQ5MzFlMDlkZDEzLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEA7AgYDAN
BgkqhkiG9w0BAQsFAAOCAQEAyh2mFnha9l1XJpItWVnZm/Z6ikoBaT3TL3VAaLVm
LXAczzbRknb6/o/HYKlbA+f90lEL22V/xk9FBMfEVQpiqZTBSSQHh/hqkPu5PhIe
AnbuLi9ir6oOFbtC7Sm+dJjzblCrsyyS5egNuTTDleooGgUQuterEd6+CBGlC2Gj
hQTxl4elLDCihxzz+nuk9kmEcvcw0OJscJtMggB29VOYEHDBk225K+k2u+vdHR0J
Fch66tt6+PcJZ4k4goj+R/TxqKedYAuskFxR889T9duxTuEr4iG+kfFpQpWLzExv
i0hQudQnYt0UjZGlmgE6tXXU29xZ/VaEe/WBbMVon7C86g==
-----END CERTIFICATE-----
Generated at Tue Oct 21 04:15:59 2025 by rpki-client