Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/c2cd4ddf-9a38-425a-8021-c45ed96c50ea.roa
File: c2cd4ddf-9a38-425a-8021-c45ed96c50ea.roa (raw, json)
Hash identifier: OIJUlg2aquxKZz5mYVg1eaFIVUAt3a4MAdB2qxhOr1M=
Subject key identifier: D9:82:78:62:23:A9:D4:AE:AC:91:A6:71:71:E1:F5:2D:1D:CF:90:F7
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 126DA9CE6D0AE0B643D63AF4F8E10B338F450A01
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/c2cd4ddf-9a38-425a-8021-c45ed96c50ea.roa
Signing time: Mon 13 Oct 2025 17:56:14 +0000
ROA not before: Mon 13 Oct 2025 17:56:14 +0000
ROA not after: Mon 17 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 176.34.128.0/20 maxlen: 20
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 21 Oct 2025 09:00:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
12:6d:a9:ce:6d:0a:e0:b6:43:d6:3a:f4:f8:e1:0b:33:8f:45:0a:01
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Oct 13 17:56:14 2025 GMT
Not After : Nov 17 23:59:59 2025 GMT
Subject: serialNumber=27e90c763da70c7e62834ea355dd8f62b6c6f737bbf9de5d623b34dd20eff7d4, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a5:6f:45:ee:63:cc:80:dc:02:c5:3f:bd:d7:ce:
db:61:07:2a:a9:4e:d4:c3:1e:9f:ac:84:01:31:b5:
44:27:2c:f4:a5:44:69:b8:5e:8f:d1:0c:52:01:70:
24:70:28:3e:90:29:c4:db:ed:4a:2e:e3:86:f5:a7:
3e:d9:ee:f7:6f:76:6c:20:49:a3:54:26:c9:cf:93:
e5:21:ed:bb:50:1b:6a:00:1b:6b:af:0c:2a:73:94:
3c:9c:9f:bf:71:ab:9a:1c:e0:34:0b:47:25:eb:a0:
a4:f1:7a:b6:54:31:b6:93:97:16:4e:c4:f8:01:c3:
a6:b8:0d:79:cb:70:1c:b3:aa:83:ac:6f:25:c1:ff:
ff:6d:31:1a:f0:e9:fe:6a:bd:e7:fc:f7:79:6b:12:
ca:19:c1:b7:b5:b4:39:e4:d8:e6:b9:31:06:d9:f5:
01:9e:cd:ea:8f:a5:de:7b:47:5c:67:5d:b8:91:b5:
b1:cf:9b:2e:63:1d:2e:a3:5a:a3:e6:2e:f6:05:a3:
b8:55:1e:df:3c:7c:6d:b7:9c:24:ba:4f:f3:e6:a8:
f3:f1:2b:57:47:8f:a7:b4:b6:b5:eb:a2:4c:e3:47:
6d:32:46:b1:e8:12:d6:44:99:2d:2a:ef:39:22:43:
d5:e1:42:c9:16:6d:cd:5a:93:3d:33:e1:ad:7a:bf:
11:07
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D9:82:78:62:23:A9:D4:AE:AC:91:A6:71:71:E1:F5:2D:1D:CF:90:F7
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/c2cd4ddf-9a38-425a-8021-c45ed96c50ea.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
176.34.128.0/20
Signature Algorithm: sha256WithRSAEncryption
2d:21:f2:fb:13:46:fe:df:47:c5:aa:a0:48:d1:91:38:e7:b8:
00:ec:a8:e5:96:d4:a7:24:cc:5b:4f:d8:4e:2d:dd:00:b8:b8:
5d:a1:20:c4:a9:12:a4:dc:61:69:c8:0a:bc:ff:a6:ec:15:72:
1f:f4:e2:10:f0:4c:79:77:c6:7d:0b:96:33:c9:fc:bf:66:a3:
a2:19:01:7e:69:f7:e8:fa:6f:05:64:ee:dc:90:e2:a6:f1:be:
f1:42:54:c7:fb:d9:22:17:34:6b:3f:16:34:ee:69:d6:b7:f1:
cb:a7:ee:55:f4:92:f3:4a:b5:ab:ae:e6:8b:98:47:b8:d8:88:
a5:eb:0d:47:25:ad:5b:0b:f2:4d:f8:3c:f9:a6:e0:cc:1a:c0:
0e:39:38:c0:04:21:64:3f:e9:89:87:bc:23:ad:59:96:6a:d6:
9c:4e:bd:20:1d:99:b7:81:e3:b7:cb:49:5b:a8:3e:7c:69:ae:
17:e4:74:da:70:1c:48:11:27:89:51:68:1e:8d:b5:a2:ca:f3:
0f:eb:e2:e1:40:e9:2b:71:e9:84:c8:2a:22:85:aa:ee:db:e9:
e2:68:de:42:ae:31:d3:20:67:85:88:e7:f1:34:21:79:86:66:
c2:15:a0:72:bd:5a:e4:8d:43:8f:b4:c3:ee:fd:86:23:bb:bf:
64:35:41:85
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUEm2pzm0K4LZD1jr0+OELM49FCgEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMTMxNzU2MTRaFw0yNTExMTcyMzU5NTlaMHoxSTBHBgNV
BAUTQDI3ZTkwYzc2M2RhNzBjN2U2MjgzNGVhMzU1ZGQ4ZjYyYjZjNmY3MzdiYmY5
ZGU1ZDYyM2IzNGRkMjBlZmY3ZDQxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKVvRe5jzIDcAsU/vdfO22EHKqlO1MMen6yEATG1RCcs9KVEabhej9EMUgFw
JHAoPpApxNvtSi7jhvWnPtnu9292bCBJo1Qmyc+T5SHtu1AbagAba68MKnOUPJyf
v3GrmhzgNAtHJeugpPF6tlQxtpOXFk7E+AHDprgNectwHLOqg6xvJcH//20xGvDp
/mq95/z3eWsSyhnBt7W0OeTY5rkxBtn1AZ7N6o+l3ntHXGdduJG1sc+bLmMdLqNa
o+Yu9gWjuFUe3zx8bbecJLpP8+ao8/ErV0ePp7S2teuiTONHbTJGsegS1kSZLSrv
OSJD1eFCyRZtzVqTPTPhrXq/EQcCAwEAAaOCAiEwggIdMB0GA1UdDgQWBBTZgnhi
I6nUrqyRpnFx4fUtHc+Q9zAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
YzJjZDRkZGYtOWEzOC00MjVhLTgwMjEtYzQ1ZWQ5NmM1MGVhLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEBLAigDAN
BgkqhkiG9w0BAQsFAAOCAQEALSHy+xNG/t9HxaqgSNGROOe4AOyo5ZbUpyTMW0/Y
Ti3dALi4XaEgxKkSpNxhacgKvP+m7BVyH/TiEPBMeXfGfQuWM8n8v2ajohkBfmn3
6PpvBWTu3JDipvG+8UJUx/vZIhc0az8WNO5p1rfxy6fuVfSS80q1q67mi5hHuNiI
pesNRyWtWwvyTfg8+abgzBrADjk4wAQhZD/piYe8I61ZlmrWnE69IB2Zt4Hjt8tJ
W6g+fGmuF+R02nAcSBEniVFoHo21osrzD+vi4UDpK3HphMgqIoWq7tvp4mjeQq4x
0yBnhYjn8TQheYZmwhWgcr1a5I1Dj7TD7v2GI7u/ZDVBhQ==
-----END CERTIFICATE-----
Generated at Mon Oct 20 12:52:16 2025 by rpki-client