Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/0b28278f-4fad-45f4-a194-c2e785f1c443.roa
File: 0b28278f-4fad-45f4-a194-c2e785f1c443.roa (raw, json)
Hash identifier: aniieTMS6Nz16So1oyG44iirtk0Av4zg6fDFxVu0LUM=
Subject key identifier: 2F:14:4E:72:BD:59:27:F0:B5:0F:5A:D9:76:34:72:72:C6:2C:04:5A
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 6A8EA223D6C0F293B776FB031E9E1A2BF82B56F2
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/0b28278f-4fad-45f4-a194-c2e785f1c443.roa
Signing time: Mon 01 Sep 2025 21:01:19 +0000
ROA not before: Mon 01 Sep 2025 21:01:19 +0000
ROA not after: Mon 06 Oct 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d019:800::/38 maxlen: 38
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 09 Sep 2025 10:00:23 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
6a:8e:a2:23:d6:c0:f2:93:b7:76:fb:03:1e:9e:1a:2b:f8:2b:56:f2
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Sep 1 21:01:19 2025 GMT
Not After : Oct 6 23:59:59 2025 GMT
Subject: serialNumber=23e483a28ef1a5d1d2a70695c76bbd9ee6af76843fa1c7f0ff404d5d01bb6a1a, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8b:56:0e:49:c1:c1:32:f4:f7:50:5f:6b:aa:ec:
65:ca:da:70:d8:4a:c5:d0:24:cc:ed:e9:7a:98:fc:
2a:52:2c:d3:d8:34:33:1b:8a:9a:c0:7d:8c:4f:49:
63:55:2e:21:dc:c5:fd:b1:89:4b:1f:55:ff:13:39:
99:8d:c2:48:53:ce:bb:38:4b:37:89:0c:6e:d6:69:
53:46:6a:bf:a1:82:5c:2a:c9:b2:f4:ce:e8:84:ca:
29:82:c7:41:60:65:87:99:1c:8c:e9:af:9e:5f:85:
1c:86:5a:23:5c:22:15:1d:1d:5d:5f:38:82:09:c1:
80:55:4c:44:74:13:ba:b6:13:8b:7b:21:6b:a2:b7:
c5:56:89:86:31:a0:cf:ab:5e:53:cd:27:df:01:e0:
8c:87:a8:f8:4d:c2:39:82:83:60:51:2f:a1:8a:4f:
75:04:b6:b8:bd:de:7c:df:9f:82:45:da:b8:a1:29:
3b:38:9e:b4:22:86:c7:a9:3b:8e:55:92:21:64:c7:
b6:0d:b8:bb:cf:e4:db:b9:ee:46:af:29:e9:da:31:
88:c7:c8:90:7f:4e:35:16:d6:93:b6:05:e5:3b:0b:
e7:f7:13:f7:10:2a:16:29:82:ac:39:7b:f9:22:8d:
9d:ef:91:5c:9e:30:8e:9b:a5:24:e5:36:18:05:45:
75:1d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2F:14:4E:72:BD:59:27:F0:B5:0F:5A:D9:76:34:72:72:C6:2C:04:5A
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/0b28278f-4fad-45f4-a194-c2e785f1c443.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d019:800::/38
Signature Algorithm: sha256WithRSAEncryption
21:7a:e8:26:32:e1:66:ad:7f:3c:e6:ce:ff:51:1f:7b:e9:2b:
75:eb:a4:f3:f4:b3:0b:b3:c2:ef:3f:ca:2e:29:fd:98:f3:91:
a4:e4:55:4e:a3:55:8f:a2:aa:c4:8b:48:e5:52:c0:3b:ce:cd:
88:15:a5:8c:68:12:22:82:c1:e2:05:b6:3d:27:ab:09:a0:28:
ac:4b:74:53:a0:e5:7c:91:6f:07:7e:c1:56:dc:f2:20:b1:54:
93:b7:90:d0:ba:15:24:0b:39:b8:b4:60:00:ca:5b:c0:40:44:
b9:a7:dd:eb:4f:e4:c2:16:3c:73:56:09:d3:c2:e5:60:bc:1b:
11:bb:d0:a3:9d:11:f8:5e:b6:a5:6d:91:48:55:60:87:bb:c9:
00:9b:a2:cf:be:8e:9a:d2:76:1a:ac:87:a0:af:ec:5b:a0:df:
61:b1:c3:8f:26:94:80:a2:eb:8e:18:c7:dd:fb:dc:7d:fd:70:
50:a6:99:38:48:66:11:1a:cd:01:6c:c0:5d:a2:13:83:3b:8d:
18:b6:35:3e:11:00:88:79:20:27:80:f6:01:31:d5:54:87:e4:
db:1f:b4:79:2f:c4:1f:62:67:03:f6:43:ba:54:cb:bb:b7:82:
9f:cd:76:fd:11:15:ca:f7:e4:39:fd:97:93:4a:d4:c4:74:43:
f9:16:aa:3f
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUao6iI9bA8pO3dvsDHp4aK/grVvIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MDEyMTAxMTlaFw0yNTEwMDYyMzU5NTlaMHoxSTBHBgNV
BAUTQDIzZTQ4M2EyOGVmMWE1ZDFkMmE3MDY5NWM3NmJiZDllZTZhZjc2ODQzZmEx
YzdmMGZmNDA0ZDVkMDFiYjZhMWExLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAItWDknBwTL091Bfa6rsZcracNhKxdAkzO3pepj8KlIs09g0MxuKmsB9jE9J
Y1UuIdzF/bGJSx9V/xM5mY3CSFPOuzhLN4kMbtZpU0Zqv6GCXCrJsvTO6ITKKYLH
QWBlh5kcjOmvnl+FHIZaI1wiFR0dXV84ggnBgFVMRHQTurYTi3sha6K3xVaJhjGg
z6teU80n3wHgjIeo+E3COYKDYFEvoYpPdQS2uL3efN+fgkXauKEpOzietCKGx6k7
jlWSIWTHtg24u8/k27nuRq8p6doxiMfIkH9ONRbWk7YF5TsL5/cT9xAqFimCrDl7
+SKNne+RXJ4wjpulJOU2GAVFdR0CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBQvFE5y
vVkn8LUPWtl2NHJyxiwEWjAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MGIyODI3OGYtNGZhZC00NWY0LWExOTQtYzJlNzg1ZjFjNDQzLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGAioF0BkI
MA0GCSqGSIb3DQEBCwUAA4IBAQAheugmMuFmrX885s7/UR976St166Tz9LMLs8Lv
P8ouKf2Y85Gk5FVOo1WPoqrEi0jlUsA7zs2IFaWMaBIigsHiBbY9J6sJoCisS3RT
oOV8kW8HfsFW3PIgsVSTt5DQuhUkCzm4tGAAylvAQES5p93rT+TCFjxzVgnTwuVg
vBsRu9CjnRH4XralbZFIVWCHu8kAm6LPvo6a0nYarIegr+xboN9hscOPJpSAouuO
GMfd+9x9/XBQppk4SGYRGs0BbMBdohODO40YtjU+EQCIeSAngPYBMdVUh+TbH7R5
L8QfYmcD9kO6VMu7t4KfzXb9ERXK9+Q5/ZeTStTEdEP5Fqo/
-----END CERTIFICATE-----
Generated at Mon Sep 8 12:18:30 2025 by rpki-client