Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/b89b3c5d-e121-4769-9f3e-0d4c4f0780db.roa
File: b89b3c5d-e121-4769-9f3e-0d4c4f0780db.roa (raw, json)
Hash identifier: B2PJ8gI8IuMaVM73wV0JgQSmhwuZRnWNfG6Xsw/CABw=
Subject key identifier: E4:80:95:EC:75:66:F9:95:81:79:ED:DE:D5:03:5A:24:9B:37:B2:A9
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 3E68BDCA7EFBAA59D8D2C557C8FCBAD02404A288
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/b89b3c5d-e121-4769-9f3e-0d4c4f0780db.roa
Signing time: Fri 10 Oct 2025 17:04:57 +0000
ROA not before: Fri 10 Oct 2025 17:04:57 +0000
ROA not after: Fri 14 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d059:6000::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 21 Oct 2025 09:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
3e:68:bd:ca:7e:fb:aa:59:d8:d2:c5:57:c8:fc:ba:d0:24:04:a2:88
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Oct 10 17:04:57 2025 GMT
Not After : Nov 14 23:59:59 2025 GMT
Subject: serialNumber=1e586ca4d9ef9ea630420e889128e019e3ca9865bf662f2d3aea9fa1fdd3d013, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:be:f5:49:20:01:ac:38:60:2a:60:4e:f4:a8:5c:
6d:86:89:0c:4b:ff:9f:85:a6:f8:b5:1b:2d:7a:bb:
fe:05:35:48:38:a2:1b:2f:ae:92:02:30:f6:5e:b7:
4f:69:e4:b7:a1:bf:1b:a7:91:53:3f:23:b4:e3:48:
11:b7:6a:a5:19:3e:28:02:38:8b:05:cc:16:82:71:
31:3e:cc:64:fe:e3:52:5a:a5:de:00:60:b7:a8:08:
e8:26:fe:ca:16:f5:2c:68:e5:50:07:6a:04:a6:5a:
d4:26:39:52:9e:b9:3e:69:37:3f:f7:af:b1:d9:86:
6f:b1:a9:98:fb:0c:fc:b6:e0:64:93:fc:74:1e:ae:
50:0c:bd:24:98:d7:b8:62:30:6a:bd:c2:eb:37:f2:
66:4b:d6:97:03:77:1c:a6:be:b3:81:72:23:82:a7:
55:9f:cb:10:6f:d5:16:4f:d4:f0:01:21:4c:ad:46:
ec:ba:1f:22:2e:2d:f8:16:10:7e:c2:60:02:be:f3:
23:72:91:6c:c0:2f:14:9d:f4:a0:92:cb:62:47:7c:
79:a0:9a:f1:b8:35:79:4d:54:2e:64:7f:ac:5f:ea:
96:4d:f8:f9:88:3e:fb:08:70:97:c4:9d:b5:f7:cd:
fc:33:db:3d:be:6b:da:d9:24:e0:64:ad:a8:54:08:
58:9b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E4:80:95:EC:75:66:F9:95:81:79:ED:DE:D5:03:5A:24:9B:37:B2:A9
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/b89b3c5d-e121-4769-9f3e-0d4c4f0780db.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d059:6000::/40
Signature Algorithm: sha256WithRSAEncryption
c5:e0:60:a9:8c:44:8f:89:a5:c9:9e:c0:30:c3:a8:47:41:e0:
96:53:51:18:ab:59:c4:89:27:be:a8:08:dd:a7:fb:7c:2c:97:
1a:32:b4:d9:c6:02:ce:63:7c:88:4c:d9:12:a6:7a:3a:bb:b5:
f9:ea:38:cf:ee:33:f1:3e:fb:38:dc:3b:65:0d:29:c4:bb:13:
8a:4f:de:e0:0a:d9:c2:bc:9f:99:e1:04:5e:cc:98:53:9b:02:
67:3e:a4:53:d5:21:94:0f:0f:b3:9d:ba:76:d3:e8:ba:71:4f:
94:f9:3e:81:b9:bc:95:81:90:4b:d8:cb:38:d5:97:e4:88:27:
fa:25:68:25:c2:b2:a7:56:86:bd:25:f9:3d:e6:31:22:bd:b3:
40:65:68:1f:e0:89:ba:58:a8:99:ef:8b:9c:2c:db:03:99:37:
63:bf:28:ed:96:9f:fe:b6:7b:39:0e:2b:a1:69:9e:75:cd:72:
7e:8c:ec:40:7e:00:70:73:91:9f:e7:94:b1:d0:bf:f1:5c:3a:
5d:e2:5b:e2:ff:56:07:44:68:41:e4:6e:2f:0b:c3:bf:0c:b1:
9d:c1:f4:66:d8:eb:89:ed:6b:f2:df:e5:95:ee:15:30:bb:a0:
f5:62:3f:c6:65:f4:64:d1:ab:79:8e:03:ed:4f:56:4e:36:7e:
3c:15:38:0d
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUPmi9yn77qlnY0sVXyPy60CQEoogwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMTAxNzA0NTdaFw0yNTExMTQyMzU5NTlaMHoxSTBHBgNV
BAUTQDFlNTg2Y2E0ZDllZjllYTYzMDQyMGU4ODkxMjhlMDE5ZTNjYTk4NjViZjY2
MmYyZDNhZWE5ZmExZmRkM2QwMTMxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAL71SSABrDhgKmBO9KhcbYaJDEv/n4Wm+LUbLXq7/gU1SDiiGy+ukgIw9l63
T2nkt6G/G6eRUz8jtONIEbdqpRk+KAI4iwXMFoJxMT7MZP7jUlql3gBgt6gI6Cb+
yhb1LGjlUAdqBKZa1CY5Up65Pmk3P/evsdmGb7GpmPsM/LbgZJP8dB6uUAy9JJjX
uGIwar3C6zfyZkvWlwN3HKa+s4FyI4KnVZ/LEG/VFk/U8AEhTK1G7LofIi4t+BYQ
fsJgAr7zI3KRbMAvFJ30oJLLYkd8eaCa8bg1eU1ULmR/rF/qlk34+Yg++whwl8Sd
tffN/DPbPb5r2tkk4GStqFQIWJsCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBTkgJXs
dWb5lYF57d7VA1okmzeyqTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
Yjg5YjNjNWQtZTEyMS00NzY5LTlmM2UtMGQ0YzRmMDc4MGRiLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0Flg
MA0GCSqGSIb3DQEBCwUAA4IBAQDF4GCpjESPiaXJnsAww6hHQeCWU1EYq1nEiSe+
qAjdp/t8LJcaMrTZxgLOY3yITNkSpno6u7X56jjP7jPxPvs43DtlDSnEuxOKT97g
CtnCvJ+Z4QRezJhTmwJnPqRT1SGUDw+znbp20+i6cU+U+T6BubyVgZBL2Ms41Zfk
iCf6JWglwrKnVoa9Jfk95jEivbNAZWgf4Im6WKiZ74ucLNsDmTdjvyjtlp/+tns5
DiuhaZ51zXJ+jOxAfgBwc5Gf55Sx0L/xXDpd4lvi/1YHRGhB5G4vC8O/DLGdwfRm
2OuJ7Wvy3+WV7hUwu6D1Yj/GZfRk0at5jgPtT1ZONn48FTgN
-----END CERTIFICATE-----
Generated at Mon Oct 20 13:47:19 2025 by rpki-client