Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/bc69f8f6-03c8-4468-a98a-f23fe40eeaef.roa
File: bc69f8f6-03c8-4468-a98a-f23fe40eeaef.roa (raw, json)
Hash identifier: zgDxaGkAdg8WnLtYZTcoh1rM3WSB8EwH7pTfwucJo34=
Subject key identifier: 89:C2:74:E4:A5:0B:DF:0B:93:7C:D3:25:5E:89:46:02:99:40:AA:A9
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 3493B015B2B52FA7EACDD3DB2A388D7F5316A130
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/bc69f8f6-03c8-4468-a98a-f23fe40eeaef.roa
Signing time: Fri 26 Sep 2025 19:40:53 +0000
ROA not before: Fri 26 Sep 2025 19:40:53 +0000
ROA not after: Fri 31 Oct 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d071:5000::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 21 Oct 2025 09:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
34:93:b0:15:b2:b5:2f:a7:ea:cd:d3:db:2a:38:8d:7f:53:16:a1:30
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Sep 26 19:40:53 2025 GMT
Not After : Oct 31 23:59:59 2025 GMT
Subject: serialNumber=996b09b7b3d5cc36022a401592de0b76ffd3a9cb44e9c9366b74cf92bae3830a, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9a:36:e5:96:14:92:03:cf:19:16:7c:15:9c:f1:
8b:ed:13:76:f7:a9:1b:b6:4c:ed:b6:39:85:59:b1:
95:38:f1:7a:70:a6:5a:df:c7:bb:cf:e4:62:fc:4e:
03:f5:25:5f:1c:1d:5e:e8:81:54:8e:48:36:c6:49:
e5:d8:30:b1:25:5d:e7:bd:21:68:cc:41:3d:27:5a:
ae:07:70:9c:cd:62:75:96:d0:4a:b8:d7:1e:3a:78:
f2:9f:21:b3:b0:1c:87:cb:64:1b:2b:29:a8:f5:d0:
9b:b2:e8:9e:43:30:2f:d3:2f:c4:93:8f:7b:d2:ce:
d7:15:52:0f:9c:87:59:5c:6c:77:be:b0:02:bf:92:
f8:48:bc:f4:56:2b:1a:b9:de:d0:1f:3f:ff:62:80:
91:ab:e8:f4:25:01:1b:81:58:75:1a:47:58:b6:1e:
27:02:14:b2:40:78:de:9f:05:79:18:26:33:a5:04:
dc:41:a8:7e:b7:21:36:89:12:33:cd:ac:90:af:b1:
a3:c1:59:ca:f2:26:6d:24:67:a3:4f:84:77:cc:13:
bd:50:74:4e:d4:47:59:b7:ee:e8:d9:a6:3a:01:08:
82:63:c6:33:9c:32:e7:10:5f:12:29:6b:62:f0:a1:
ee:95:2f:6e:5f:c9:7b:37:43:99:5a:49:db:68:7b:
26:01
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
89:C2:74:E4:A5:0B:DF:0B:93:7C:D3:25:5E:89:46:02:99:40:AA:A9
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/bc69f8f6-03c8-4468-a98a-f23fe40eeaef.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d071:5000::/40
Signature Algorithm: sha256WithRSAEncryption
ac:0a:03:dd:2e:f3:4c:1b:99:42:3b:b0:1e:61:3b:79:e7:b0:
62:49:39:0c:24:07:9d:74:0f:46:b1:37:37:aa:67:7d:37:96:
a6:1c:2b:73:cc:56:17:e7:3e:66:ae:63:99:63:46:df:34:c3:
7f:7e:2c:13:a8:bf:1c:20:d6:48:e7:52:fe:b1:82:e2:7a:d0:
93:eb:fc:81:d6:80:3d:6f:11:01:21:aa:a4:5a:3d:ed:03:9d:
57:56:44:9c:7d:c1:9b:bd:10:7c:3f:07:ee:f0:fd:39:08:a1:
3a:0e:0d:f6:06:d3:63:73:e1:7a:a8:81:da:2e:87:79:f1:e9:
12:93:4d:b3:5e:2e:b5:36:71:bd:52:52:58:22:47:a8:cf:08:
48:75:87:33:d6:ee:e5:9e:15:7e:70:a5:e3:3e:42:44:8d:4c:
c5:dd:94:90:1b:34:2a:d7:03:91:56:0b:60:d9:96:3b:c2:87:
d7:92:3c:a1:11:74:36:25:4c:b7:8f:81:c0:78:5c:aa:28:c9:
8c:b0:9f:ad:d7:0a:25:c6:6e:7a:e0:03:4d:79:ed:a8:b4:7a:
82:d3:69:7f:26:68:8f:a3:71:11:5a:d9:3a:b8:14:4d:be:60:
9d:14:3b:2f:45:48:ca:98:f0:0e:fd:7d:1c:4c:17:96:a4:b1:
2e:d4:0b:c9
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUNJOwFbK1L6fqzdPbKjiNf1MWoTAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MjYxOTQwNTNaFw0yNTEwMzEyMzU5NTlaMHoxSTBHBgNV
BAUTQDk5NmIwOWI3YjNkNWNjMzYwMjJhNDAxNTkyZGUwYjc2ZmZkM2E5Y2I0NGU5
YzkzNjZiNzRjZjkyYmFlMzgzMGExLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJo25ZYUkgPPGRZ8FZzxi+0TdvepG7ZM7bY5hVmxlTjxenCmWt/Hu8/kYvxO
A/UlXxwdXuiBVI5INsZJ5dgwsSVd570haMxBPSdargdwnM1idZbQSrjXHjp48p8h
s7Ach8tkGyspqPXQm7LonkMwL9MvxJOPe9LO1xVSD5yHWVxsd76wAr+S+Ei89FYr
Grne0B8//2KAkavo9CUBG4FYdRpHWLYeJwIUskB43p8FeRgmM6UE3EGofrchNokS
M82skK+xo8FZyvImbSRno0+Ed8wTvVB0TtRHWbfu6NmmOgEIgmPGM5wy5xBfEilr
YvCh7pUvbl/JezdDmVpJ22h7JgECAwEAAaOCAiMwggIfMB0GA1UdDgQWBBSJwnTk
pQvfC5N80yVeiUYCmUCqqTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
YmM2OWY4ZjYtMDNjOC00NDY4LWE5OGEtZjIzZmU0MGVlYWVmLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0HFQ
MA0GCSqGSIb3DQEBCwUAA4IBAQCsCgPdLvNMG5lCO7AeYTt557BiSTkMJAeddA9G
sTc3qmd9N5amHCtzzFYX5z5mrmOZY0bfNMN/fiwTqL8cINZI51L+sYLietCT6/yB
1oA9bxEBIaqkWj3tA51XVkScfcGbvRB8Pwfu8P05CKE6Dg32BtNjc+F6qIHaLod5
8ekSk02zXi61NnG9UlJYIkeozwhIdYcz1u7lnhV+cKXjPkJEjUzF3ZSQGzQq1wOR
Vgtg2ZY7wofXkjyhEXQ2JUy3j4HAeFyqKMmMsJ+t1wolxm564ANNee2otHqC02l/
JmiPo3ERWtk6uBRNvmCdFDsvRUjKmPAO/X0cTBeWpLEu1AvJ
-----END CERTIFICATE-----
Generated at Mon Oct 20 13:47:43 2025 by rpki-client