Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/cf78b714-ce6c-4a9d-a72e-d30a3470f002.roa
File: cf78b714-ce6c-4a9d-a72e-d30a3470f002.roa (raw, json)
Hash identifier: hS3KWy+vhf2Z2dtE6li5prthMUyi4qkPlysjzNGfXIw=
Subject key identifier: C4:5B:00:60:7C:BF:7E:AF:22:C4:82:54:AA:F2:E3:19:BC:25:5B:BC
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 5B518F713BE0ADB739B1042AA097C398E2F0D8EF
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/cf78b714-ce6c-4a9d-a72e-d30a3470f002.roa
Signing time: Fri 17 Oct 2025 21:40:17 +0000
ROA not before: Fri 17 Oct 2025 21:40:17 +0000
ROA not after: Fri 21 Nov 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d076:5000::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 21 Oct 2025 13:42:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
5b:51:8f:71:3b:e0:ad:b7:39:b1:04:2a:a0:97:c3:98:e2:f0:d8:ef
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Oct 17 21:40:17 2025 GMT
Not After : Nov 21 23:59:59 2025 GMT
Subject: serialNumber=209a6cc2faa1620df8ff8b4439818f967fbcad7769d5f2b9766a97415612906c, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:af:83:29:b5:ad:d3:03:20:42:32:62:9b:d2:97:
30:ba:68:d1:ce:d5:43:cc:db:b4:83:77:7c:88:dd:
78:2e:a0:2b:81:f7:51:77:5a:ac:cf:65:01:e8:c2:
80:96:0a:d2:03:14:63:24:4f:c5:9a:da:12:a2:a9:
67:06:82:c6:59:b4:8a:10:9e:c4:0d:24:32:0f:da:
ae:ca:be:aa:18:73:b0:81:cb:94:fd:f1:60:a9:7f:
5c:e3:b5:e5:ea:39:06:c5:ef:a2:0f:50:dc:be:88:
9c:66:42:4b:fd:41:49:d0:dd:9a:cd:66:c0:45:2b:
52:2f:c3:44:1c:86:82:cf:56:2c:07:4e:be:a3:eb:
4d:15:99:11:aa:4b:3e:bf:fc:85:a1:4c:db:b7:5a:
48:58:02:d0:36:09:3f:71:3e:65:d0:e6:32:ea:cc:
ff:b7:89:e8:30:6b:5a:ca:c7:da:b4:d8:74:32:66:
23:23:67:db:78:3b:88:b6:1b:c7:d2:9f:c8:80:d6:
1f:b4:e9:c2:54:aa:11:42:e7:b0:e8:9b:15:52:53:
7b:32:70:be:83:3c:17:57:d4:9a:98:03:e5:c7:25:
80:3c:c5:89:66:2b:65:75:5a:e7:1e:4e:9c:cf:88:
aa:29:0d:2e:12:47:6d:d1:9b:8d:6a:ea:fd:78:09:
59:f5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C4:5B:00:60:7C:BF:7E:AF:22:C4:82:54:AA:F2:E3:19:BC:25:5B:BC
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/cf78b714-ce6c-4a9d-a72e-d30a3470f002.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d076:5000::/48
Signature Algorithm: sha256WithRSAEncryption
3a:d2:83:8c:22:a5:13:6c:1e:5e:db:1b:ce:ce:dc:23:ee:38:
d5:e4:38:2f:26:5c:de:b5:29:c9:ef:38:df:d9:d5:54:89:78:
31:a0:a9:cb:9f:26:97:46:6f:70:f8:87:49:6e:11:89:36:e0:
45:58:01:93:08:f2:fd:44:13:57:bd:44:38:63:c0:10:ca:b1:
ee:cc:16:25:c5:58:3c:d2:b1:57:17:04:ab:de:af:33:81:16:
e7:94:a7:22:e8:b8:b4:af:20:37:ec:be:a7:c0:38:30:ae:cf:
2d:ce:04:0a:f1:35:e6:9c:70:6a:28:8b:5c:2d:eb:66:95:3d:
40:6d:2d:22:81:1e:2e:2c:eb:9c:7d:ee:29:ab:3a:64:b4:2e:
d2:e7:1c:8b:59:b5:01:70:d8:70:e1:7f:1c:f1:2b:1b:e1:53:
d4:3d:49:e4:ae:b1:f7:2f:ea:fb:f4:f6:b8:32:a1:56:d9:07:
08:c6:36:a4:15:ba:ab:0b:27:e6:b5:4b:2b:9c:ef:4e:20:05:
80:c1:8d:45:d4:0f:e4:ff:06:95:29:26:eb:77:57:bc:9e:11:
49:fe:b4:da:e6:05:d0:70:c2:63:cc:80:03:6c:ba:ff:01:0c:
9b:cf:b7:5a:59:12:7e:52:ad:5b:44:a7:b0:1e:32:c1:2d:2f:
f8:f1:12:71
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUW1GPcTvgrbc5sQQqoJfDmOLw2O8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTEwMTcyMTQwMTdaFw0yNTExMjEyMzU5NTlaMHoxSTBHBgNV
BAUTQDIwOWE2Y2MyZmFhMTYyMGRmOGZmOGI0NDM5ODE4Zjk2N2ZiY2FkNzc2OWQ1
ZjJiOTc2NmE5NzQxNTYxMjkwNmMxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAK+DKbWt0wMgQjJim9KXMLpo0c7VQ8zbtIN3fIjdeC6gK4H3UXdarM9lAejC
gJYK0gMUYyRPxZraEqKpZwaCxlm0ihCexA0kMg/arsq+qhhzsIHLlP3xYKl/XOO1
5eo5BsXvog9Q3L6InGZCS/1BSdDdms1mwEUrUi/DRByGgs9WLAdOvqPrTRWZEapL
Pr/8haFM27daSFgC0DYJP3E+ZdDmMurM/7eJ6DBrWsrH2rTYdDJmIyNn23g7iLYb
x9KfyIDWH7TpwlSqEULnsOibFVJTezJwvoM8F1fUmpgD5cclgDzFiWYrZXVa5x5O
nM+IqikNLhJHbdGbjWrq/XgJWfUCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBTEWwBg
fL9+ryLEglSq8uMZvCVbvDAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
Y2Y3OGI3MTQtY2U2Yy00YTlkLWE3MmUtZDMwYTM0NzBmMDAyLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0HZQ
ADANBgkqhkiG9w0BAQsFAAOCAQEAOtKDjCKlE2weXtsbzs7cI+441eQ4LyZc3rUp
ye8439nVVIl4MaCpy58ml0ZvcPiHSW4RiTbgRVgBkwjy/UQTV71EOGPAEMqx7swW
JcVYPNKxVxcEq96vM4EW55SnIui4tK8gN+y+p8A4MK7PLc4ECvE15pxwaiiLXC3r
ZpU9QG0tIoEeLizrnH3uKas6ZLQu0ucci1m1AXDYcOF/HPErG+FT1D1J5K6x9y/q
+/T2uDKhVtkHCMY2pBW6qwsn5rVLK5zvTiAFgMGNRdQP5P8GlSkm63dXvJ4RSf60
2uYF0HDCY8yAA2y6/wEMm8+3WlkSflKtW0SnsB4ywS0v+PEScQ==
-----END CERTIFICATE-----
Generated at Mon Oct 20 23:29:35 2025 by rpki-client