Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/bfae711e-b0c4-404f-be1f-a99990818ac6.roa
File: bfae711e-b0c4-404f-be1f-a99990818ac6.roa (raw, json)
Hash identifier: BUqAd/H6BLVBG3bTI03IFXUXQ5rp9QitOYkMSok2rsM=
Subject key identifier: 02:F7:97:6B:A5:06:C0:98:25:48:E9:99:B2:17:64:B0:78:F7:95:07
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 322A6DC610A2E0772357F41B4365CBF06243B61A
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/bfae711e-b0c4-404f-be1f-a99990818ac6.roa
Signing time: Fri 26 Sep 2025 20:10:23 +0000
ROA not before: Fri 26 Sep 2025 20:10:23 +0000
ROA not after: Fri 31 Oct 2025 23:59:59 +0000
asID: 16509
IP address blocks: 79.125.0.0/23 maxlen: 23
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 21 Oct 2025 09:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
32:2a:6d:c6:10:a2:e0:77:23:57:f4:1b:43:65:cb:f0:62:43:b6:1a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Sep 26 20:10:23 2025 GMT
Not After : Oct 31 23:59:59 2025 GMT
Subject: serialNumber=2795c65a233dfb98eb5088b377958d34de0ae6cdfb47f3625950e650f62d2607, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a8:bd:50:ba:97:8a:f7:7f:80:23:48:f4:90:65:
d6:eb:af:31:be:98:3c:96:7d:8e:04:62:58:54:b8:
2c:1b:76:88:35:72:f0:4b:7d:17:73:32:c5:7b:06:
0c:b5:e2:56:7f:a1:36:4b:8a:33:5d:ff:ba:d9:ff:
ef:8f:c1:35:11:75:62:96:b0:c2:ec:3a:56:4e:c6:
70:b6:9a:38:ed:23:90:3b:52:9f:70:c9:b6:60:72:
d3:2c:72:62:ff:46:e7:fc:98:4e:1f:5e:75:69:9b:
bd:bf:0d:00:4b:8e:14:f6:82:2c:ce:94:bf:c9:7f:
6f:10:bd:8d:7d:96:fc:b0:1b:1c:8f:84:61:21:78:
ab:09:dd:34:80:18:52:f3:74:d8:b3:c4:f0:91:69:
29:14:78:67:55:8c:d1:65:94:ea:67:50:24:a8:43:
84:30:2d:de:1c:fa:74:c0:28:ce:73:9c:b2:10:06:
e5:15:d8:73:fb:53:86:be:d5:2a:8e:1d:49:66:39:
11:b5:b3:23:7b:02:d6:5f:7c:87:54:de:30:d1:8a:
9c:d2:b8:9d:07:20:aa:84:b0:63:41:e4:0e:56:e3:
7c:bc:39:63:06:c7:ee:f0:21:dc:37:91:1c:1f:2d:
22:c8:2e:43:b2:5e:1f:d1:05:65:5b:36:c3:33:7e:
16:35
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
02:F7:97:6B:A5:06:C0:98:25:48:E9:99:B2:17:64:B0:78:F7:95:07
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/bfae711e-b0c4-404f-be1f-a99990818ac6.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
79.125.0.0/23
Signature Algorithm: sha256WithRSAEncryption
17:7a:36:61:cd:38:09:ea:8f:f6:98:fe:93:f4:45:98:e3:23:
ba:d5:40:89:4f:74:9c:42:af:37:69:ed:76:6f:16:dd:b1:05:
c0:60:51:67:c0:7a:10:bc:80:4d:72:73:41:f5:10:bb:75:fb:
bd:23:67:0d:3c:e5:b2:dc:78:1b:46:13:cd:a2:bf:e9:31:2b:
87:62:4d:88:d9:e7:31:fc:21:1c:6d:e9:45:4b:09:7f:12:08:
5b:7d:96:c8:80:2e:03:61:0a:0c:16:89:26:90:42:91:20:86:
9e:1b:57:7a:f6:97:a4:10:24:47:53:1f:e6:50:c6:e1:3c:fe:
fa:f0:7a:41:69:f5:06:21:3d:c2:09:59:f0:b0:ed:20:8d:db:
f2:21:7e:ec:be:68:f7:95:f9:e7:a0:c8:b5:82:98:3e:05:20:
fc:a9:4d:dc:20:3d:48:23:b5:51:8c:3a:2d:b4:82:c7:57:6e:
11:61:f5:86:c2:29:65:42:b7:fc:35:47:3f:8a:fa:4b:93:30:
53:37:a8:af:65:49:9c:31:f4:0a:3a:83:83:23:c4:0a:08:e8:
a0:b4:0b:cc:e9:8e:35:df:8f:67:ef:c5:2d:b0:da:6a:57:cb:
f3:5b:43:8e:a4:44:0b:9c:f2:5c:83:b8:82:b6:b3:1c:2a:18:
8b:69:f6:09
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUMiptxhCi4HcjV/QbQ2XL8GJDthowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MjYyMDEwMjNaFw0yNTEwMzEyMzU5NTlaMHoxSTBHBgNV
BAUTQDI3OTVjNjVhMjMzZGZiOThlYjUwODhiMzc3OTU4ZDM0ZGUwYWU2Y2RmYjQ3
ZjM2MjU5NTBlNjUwZjYyZDI2MDcxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKi9ULqXivd/gCNI9JBl1uuvMb6YPJZ9jgRiWFS4LBt2iDVy8Et9F3MyxXsG
DLXiVn+hNkuKM13/utn/74/BNRF1Ypawwuw6Vk7GcLaaOO0jkDtSn3DJtmBy0yxy
Yv9G5/yYTh9edWmbvb8NAEuOFPaCLM6Uv8l/bxC9jX2W/LAbHI+EYSF4qwndNIAY
UvN02LPE8JFpKRR4Z1WM0WWU6mdQJKhDhDAt3hz6dMAoznOcshAG5RXYc/tThr7V
Ko4dSWY5EbWzI3sC1l98h1TeMNGKnNK4nQcgqoSwY0HkDlbjfLw5YwbH7vAh3DeR
HB8tIsguQ7JeH9EFZVs2wzN+FjUCAwEAAaOCAiEwggIdMB0GA1UdDgQWBBQC95dr
pQbAmCVI6ZmyF2SwePeVBzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
YmZhZTcxMWUtYjBjNC00MDRmLWJlMWYtYTk5OTkwODE4YWM2LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAU99ADAN
BgkqhkiG9w0BAQsFAAOCAQEAF3o2Yc04CeqP9pj+k/RFmOMjutVAiU90nEKvN2nt
dm8W3bEFwGBRZ8B6ELyATXJzQfUQu3X7vSNnDTzlstx4G0YTzaK/6TErh2JNiNnn
MfwhHG3pRUsJfxIIW32WyIAuA2EKDBaJJpBCkSCGnhtXevaXpBAkR1Mf5lDG4Tz+
+vB6QWn1BiE9wglZ8LDtII3b8iF+7L5o95X556DItYKYPgUg/KlN3CA9SCO1UYw6
LbSCx1duEWH1hsIpZUK3/DVHP4r6S5MwUzeor2VJnDH0CjqDgyPECgjooLQLzOmO
Nd+PZ+/FLbDaalfL81tDjqREC5zyXIO4grazHCoYi2n2CQ==
-----END CERTIFICATE-----
Generated at Mon Oct 20 12:53:13 2025 by rpki-client