Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/afd23c37-4c24-49ac-baf6-1c3a9a2d0512.roa
File: afd23c37-4c24-49ac-baf6-1c3a9a2d0512.roa (raw, json)
Hash identifier: lsbgd7zWo2LHOxZovpHryTQwQ7CT7TzXq4DRAw2s/ms=
Subject key identifier: 23:09:4E:EA:91:8B:CC:63:05:3F:71:E7:59:4F:98:C4:5B:44:7C:C1
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 33F6AF2F91F7C013CFAB630808B9D87CF748F7CA
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/afd23c37-4c24-49ac-baf6-1c3a9a2d0512.roa
Signing time: Sat 18 Oct 2025 04:30:19 +0000
ROA not before: Sat 18 Oct 2025 04:30:19 +0000
ROA not after: Sat 22 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d035:9000::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 21 Oct 2025 09:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
33:f6:af:2f:91:f7:c0:13:cf:ab:63:08:08:b9:d8:7c:f7:48:f7:ca
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Oct 18 04:30:19 2025 GMT
Not After : Nov 22 23:59:59 2025 GMT
Subject: serialNumber=f971a1ee5cc7112333cea0bf8e7cb55ab3f78dd4ace7ba91424dd9afb7b0696b, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8c:51:76:d2:d9:63:33:81:86:ed:d7:05:48:5c:
9c:9f:5f:a4:34:ad:e4:78:2d:2c:b1:0d:69:e1:56:
77:44:12:77:a8:45:b8:b0:4d:99:37:b9:15:cf:43:
f6:ff:ac:2d:b4:f4:79:56:9f:0d:59:67:78:2c:50:
b4:4f:1f:a1:4e:d8:47:90:04:10:e2:e1:f3:7e:02:
f4:16:f7:01:db:84:8c:c4:5e:74:9f:75:dc:64:0a:
b7:ef:4a:33:5b:56:56:3d:da:9c:ff:b9:88:50:37:
a5:1c:6b:38:dd:93:fe:b8:26:98:73:9f:46:b1:43:
f8:2c:0c:f5:00:8d:00:e3:61:3d:c5:3d:c7:7a:23:
1a:28:af:56:50:91:4d:d1:1f:39:1a:6d:bc:4e:1c:
6f:6e:31:0c:53:62:b2:7c:4b:98:4b:f1:80:4b:38:
2d:58:aa:ba:24:d9:a2:9d:fd:64:ec:48:56:30:31:
5c:b5:90:8e:fe:bd:fa:6c:19:87:95:79:1d:d4:f1:
44:5a:90:72:27:69:98:41:f0:ab:c0:1b:fb:8e:4b:
d5:8d:80:1f:88:d9:4e:5a:19:0b:8c:30:72:f4:9b:
27:36:4e:86:c0:4c:aa:77:8b:84:e6:9b:f1:65:63:
37:69:1a:6a:f8:46:27:e4:43:e9:d0:31:d2:da:8c:
ef:17
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
23:09:4E:EA:91:8B:CC:63:05:3F:71:E7:59:4F:98:C4:5B:44:7C:C1
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/afd23c37-4c24-49ac-baf6-1c3a9a2d0512.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d035:9000::/40
Signature Algorithm: sha256WithRSAEncryption
1e:3a:35:72:61:3f:ba:94:61:b2:d5:21:0d:4b:73:21:b1:89:
54:7c:ec:92:fd:90:a3:be:b8:c2:f3:2a:1b:8c:ec:e9:8a:fe:
60:40:8d:95:e6:b5:83:79:37:60:05:af:64:3c:ab:90:56:96:
89:71:7c:7e:e3:0f:6a:dc:8d:b7:7f:46:56:c7:ff:e3:1a:5c:
df:2c:3e:84:3f:6c:44:04:72:09:a0:66:87:81:37:84:0d:41:
e6:a7:eb:39:0f:85:c6:cf:2c:98:8b:9a:cf:f5:9b:2d:46:d9:
94:e2:20:12:e7:e3:1b:82:20:c8:ee:a0:36:4d:e2:e9:5d:97:
64:30:4c:03:64:47:9d:73:88:4e:4b:37:46:3e:b3:da:c4:cc:
35:51:9c:00:62:b3:4a:f4:9a:8a:81:bf:93:6e:86:27:c3:8a:
fc:74:02:f1:bd:17:84:53:8f:f4:be:36:6f:20:fb:2c:e6:7b:
6b:fe:a0:04:e0:5c:50:82:f7:3b:bb:b4:12:8b:2f:f5:64:61:
56:13:b4:79:fd:3a:72:e3:56:a1:59:af:8b:e2:aa:4a:58:9d:
38:22:20:a2:c7:12:5f:62:f7:a8:e5:88:01:96:6d:78:52:c7:
e7:dd:4f:f3:ad:86:c2:56:dc:16:07:4f:4d:90:1e:48:98:ea:
c5:de:3e:c3
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUM/avL5H3wBPPq2MICLnYfPdI98owDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMTgwNDMwMTlaFw0yNTExMjIyMzU5NTlaMHoxSTBHBgNV
BAUTQGY5NzFhMWVlNWNjNzExMjMzM2NlYTBiZjhlN2NiNTVhYjNmNzhkZDRhY2U3
YmE5MTQyNGRkOWFmYjdiMDY5NmIxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAIxRdtLZYzOBhu3XBUhcnJ9fpDSt5HgtLLENaeFWd0QSd6hFuLBNmTe5Fc9D
9v+sLbT0eVafDVlneCxQtE8foU7YR5AEEOLh834C9Bb3AduEjMRedJ913GQKt+9K
M1tWVj3anP+5iFA3pRxrON2T/rgmmHOfRrFD+CwM9QCNAONhPcU9x3ojGiivVlCR
TdEfORptvE4cb24xDFNisnxLmEvxgEs4LViquiTZop39ZOxIVjAxXLWQjv69+mwZ
h5V5HdTxRFqQcidpmEHwq8Ab+45L1Y2AH4jZTloZC4wwcvSbJzZOhsBMqneLhOab
8WVjN2kaavhGJ+RD6dAx0tqM7xcCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBQjCU7q
kYvMYwU/cedZT5jEW0R8wTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
YWZkMjNjMzctNGMyNC00OWFjLWJhZjYtMWMzYTlhMmQwNTEyLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0DWQ
MA0GCSqGSIb3DQEBCwUAA4IBAQAeOjVyYT+6lGGy1SENS3MhsYlUfOyS/ZCjvrjC
8yobjOzpiv5gQI2V5rWDeTdgBa9kPKuQVpaJcXx+4w9q3I23f0ZWx//jGlzfLD6E
P2xEBHIJoGaHgTeEDUHmp+s5D4XGzyyYi5rP9ZstRtmU4iAS5+MbgiDI7qA2TeLp
XZdkMEwDZEedc4hOSzdGPrPaxMw1UZwAYrNK9JqKgb+TboYnw4r8dALxvReEU4/0
vjZvIPss5ntr/qAE4FxQgvc7u7QSiy/1ZGFWE7R5/Tpy41ahWa+L4qpKWJ04IiCi
xxJfYveo5YgBlm14Usfn3U/zrYbCVtwWB09NkB5ImOrF3j7D
-----END CERTIFICATE-----
Generated at Mon Oct 20 12:53:03 2025 by rpki-client