Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/cbd21b9e-7627-4ebc-a1f8-63890b5d4144.roa
File: cbd21b9e-7627-4ebc-a1f8-63890b5d4144.roa (raw, json)
Hash identifier: oLzzg8i0ksArPgyDSaRAXadtbgEnRahSUNs2RBTHnzM=
Subject key identifier: C5:DD:0E:6A:47:C6:B6:B9:E5:A8:4D:F2:E1:FF:18:22:F0:0F:04:81
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 61A4103E312AB978DE36C1CF4B5EC0BEB8AC64D8
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/cbd21b9e-7627-4ebc-a1f8-63890b5d4144.roa
Signing time: Tue 04 Nov 2025 02:50:59 +0000
ROA not before: Tue 04 Nov 2025 02:50:59 +0000
ROA not after: Tue 09 Dec 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d059:800::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 06 Nov 2025 12:00:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
61:a4:10:3e:31:2a:b9:78:de:36:c1:cf:4b:5e:c0:be:b8:ac:64:d8
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Nov 4 02:50:59 2025 GMT
Not After : Dec 9 23:59:59 2025 GMT
Subject: serialNumber=32c0fdb675a712efe52a0c1bf8727c54f7f4d1a19f1638d0513f75e298c9ba75, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d2:26:c9:e1:37:dc:6b:38:d4:a6:a1:ab:60:f2:
cd:90:e3:58:d9:22:df:9e:40:b1:14:63:7b:29:e0:
34:d3:c6:dc:ca:57:54:2c:0b:90:27:ae:b3:3e:0a:
c1:86:03:88:09:2d:5c:62:ab:89:cc:f8:2a:25:55:
20:78:08:77:b1:20:a8:97:af:78:22:1b:3d:d5:6b:
6b:38:2d:04:a5:81:a4:9c:dc:73:14:97:dc:43:c2:
19:f7:8d:ed:cc:9a:67:0f:66:a3:7c:22:76:bc:17:
d4:57:7e:01:2a:f4:87:54:b2:d9:53:fd:08:5d:5f:
0b:4e:48:4d:fa:62:ab:89:67:ef:f4:1e:08:c6:6e:
e6:74:4b:c6:ac:ff:7d:87:d1:fb:76:67:3b:cf:d9:
9d:8e:c4:31:20:af:20:80:69:df:e5:9e:f6:44:db:
dd:da:87:0c:ab:2a:e0:a4:a7:a8:86:7c:f0:55:aa:
e5:f0:b1:cc:f7:66:a7:e0:1c:2c:ec:85:fc:1b:cb:
21:e1:cb:f3:2d:b7:a7:73:08:fd:3c:56:18:e6:96:
82:45:de:11:64:8b:e7:a1:be:7f:62:84:c3:d9:f4:
f6:3d:bc:cb:5b:dc:83:24:c9:d3:a0:2c:f7:5c:f5:
0f:d6:6d:1c:f5:46:c5:b3:3a:20:3d:21:f0:8a:b2:
88:5f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C5:DD:0E:6A:47:C6:B6:B9:E5:A8:4D:F2:E1:FF:18:22:F0:0F:04:81
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/cbd21b9e-7627-4ebc-a1f8-63890b5d4144.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d059:800::/40
Signature Algorithm: sha256WithRSAEncryption
82:6a:be:0e:7b:e0:5f:65:77:4b:34:4d:b3:97:b5:c0:81:93:
bb:1b:38:b2:f0:01:8b:16:d8:8a:e8:f6:38:04:4f:4f:28:cb:
94:5d:b2:a8:20:22:08:10:55:58:91:af:0e:cb:d4:fa:c5:43:
e5:3e:45:63:e1:f6:28:ba:0f:8b:61:d3:d9:93:e7:64:71:62:
4b:fd:89:6f:57:96:2c:6b:3d:ce:4a:a7:f2:a2:e5:05:9d:79:
ec:50:b2:b5:45:1a:c0:ee:96:25:57:53:41:2a:ac:a2:84:61:
1c:65:16:dc:40:40:7a:f6:1b:25:d1:86:50:ce:6f:dd:22:a4:
3b:18:d6:e2:2c:d4:a8:15:9f:dd:26:a6:ff:72:77:c8:03:32:
33:68:64:59:81:86:3d:bf:85:f3:a2:83:6e:ac:e8:d7:06:3b:
fd:d4:c7:72:a3:b4:0f:a5:4f:6a:cf:5a:c8:31:8e:c5:45:98:
bf:ac:a7:1e:15:55:1b:6e:34:23:fb:32:68:01:01:99:04:7d:
ff:d5:53:85:9d:6c:13:6d:5b:99:d1:24:56:30:02:51:28:e5:
2e:22:6e:64:c0:89:31:80:95:41:27:fc:1e:ba:23:1f:d0:30:
ae:02:1d:af:dd:eb:e1:59:55:bf:bf:30:f3:21:67:39:47:85:
09:29:41:38
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUYaQQPjEquXjeNsHPS17AvrisZNgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTExMDQwMjUwNTlaFw0yNTEyMDkyMzU5NTlaMHoxSTBHBgNV
BAUTQDMyYzBmZGI2NzVhNzEyZWZlNTJhMGMxYmY4NzI3YzU0ZjdmNGQxYTE5ZjE2
MzhkMDUxM2Y3NWUyOThjOWJhNzUxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANImyeE33Gs41Kahq2DyzZDjWNki355AsRRjeyngNNPG3MpXVCwLkCeusz4K
wYYDiAktXGKricz4KiVVIHgId7EgqJeveCIbPdVrazgtBKWBpJzccxSX3EPCGfeN
7cyaZw9mo3widrwX1Fd+ASr0h1Sy2VP9CF1fC05ITfpiq4ln7/QeCMZu5nRLxqz/
fYfR+3ZnO8/ZnY7EMSCvIIBp3+We9kTb3dqHDKsq4KSnqIZ88FWq5fCxzPdmp+Ac
LOyF/BvLIeHL8y23p3MI/TxWGOaWgkXeEWSL56G+f2KEw9n09j28y1vcgyTJ06As
91z1D9ZtHPVGxbM6ID0h8IqyiF8CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBTF3Q5q
R8a2ueWoTfLh/xgi8A8EgTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
Y2JkMjFiOWUtNzYyNy00ZWJjLWExZjgtNjM4OTBiNWQ0MTQ0LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0FkI
MA0GCSqGSIb3DQEBCwUAA4IBAQCCar4Oe+BfZXdLNE2zl7XAgZO7Gziy8AGLFtiK
6PY4BE9PKMuUXbKoICIIEFVYka8Oy9T6xUPlPkVj4fYoug+LYdPZk+dkcWJL/Ylv
V5Ysaz3OSqfyouUFnXnsULK1RRrA7pYlV1NBKqyihGEcZRbcQEB69hsl0YZQzm/d
IqQ7GNbiLNSoFZ/dJqb/cnfIAzIzaGRZgYY9v4XzooNurOjXBjv91Mdyo7QPpU9q
z1rIMY7FRZi/rKceFVUbbjQj+zJoAQGZBH3/1VOFnWwTbVuZ0SRWMAJRKOUuIm5k
wIkxgJVBJ/weuiMf0DCuAh2v3evhWVW/vzDzIWc5R4UJKUE4
-----END CERTIFICATE-----
Generated at Wed Nov 5 14:53:27 2025 by rpki-client