Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/0cadec3e-a35e-4321-b172-825de7a521d7.roa
File: 0cadec3e-a35e-4321-b172-825de7a521d7.roa (raw, json)
Hash identifier: uFphKHoMzUQwWMrW+spwWK6lipnIZFB4iWyx8W9iUT4=
Subject key identifier: 6E:B2:F7:F0:8D:2F:17:AE:B6:AF:AE:D2:19:08:18:38:E2:CA:71:34
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 1B8E4B07A41589FB2601484E7FC13DD1A530A49E
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/0cadec3e-a35e-4321-b172-825de7a521d7.roa
Signing time: Mon 01 Sep 2025 19:50:58 +0000
ROA not before: Mon 01 Sep 2025 19:50:58 +0000
ROA not after: Mon 06 Oct 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d031:90c0::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 09 Sep 2025 10:00:23 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
1b:8e:4b:07:a4:15:89:fb:26:01:48:4e:7f:c1:3d:d1:a5:30:a4:9e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Sep 1 19:50:58 2025 GMT
Not After : Oct 6 23:59:59 2025 GMT
Subject: serialNumber=4bc498be51f89fee87a962c1f8a2f6bbb971c01d8a0fa0f3cfc79c8b4692e0b5, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:db:28:b1:8c:af:e0:57:68:64:ec:f6:08:6c:95:
e9:d3:05:a3:90:4d:db:22:f2:d0:e4:2b:e5:f6:51:
be:e9:79:36:02:32:50:fe:e6:ba:c3:b4:b8:dc:61:
42:c1:5c:6b:9a:d7:f4:0a:fd:2f:cf:be:8d:17:39:
9c:25:c4:39:70:46:f7:0b:a5:76:ca:b5:2c:e2:c9:
1a:4e:da:ed:ee:0e:d0:d0:f0:06:ff:8c:71:12:77:
83:d9:98:66:f3:30:34:cc:f3:fb:a2:2b:bb:85:2a:
32:ee:8c:22:76:7d:61:12:ec:2f:e0:fd:b0:23:4a:
37:0b:e8:43:44:3d:8c:44:7f:6f:90:61:4f:62:19:
26:1c:0b:39:58:c4:d0:de:b4:5e:b2:ea:28:3a:6e:
59:58:3a:bd:b9:2a:14:e5:02:57:d0:e9:58:9f:9c:
58:09:85:38:cb:f1:88:fa:f8:57:8e:e3:bd:e8:b5:
70:bb:bb:26:db:02:33:12:ac:4f:4b:9e:42:0c:15:
c4:93:d6:e7:46:a7:95:f0:ef:c0:4f:81:c4:de:22:
23:fb:f2:3c:05:35:e0:94:75:13:5f:ed:6c:fe:48:
2b:f6:aa:e9:9b:d7:55:e3:76:f5:08:e9:c6:15:55:
1f:c9:70:da:71:60:0c:b0:e7:92:9d:66:a5:40:82:
f0:89
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6E:B2:F7:F0:8D:2F:17:AE:B6:AF:AE:D2:19:08:18:38:E2:CA:71:34
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/0cadec3e-a35e-4321-b172-825de7a521d7.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d031:90c0::/48
Signature Algorithm: sha256WithRSAEncryption
91:01:04:7f:ae:38:9b:48:2e:c2:00:30:1b:f5:55:17:82:8c:
ab:3d:72:69:ac:40:d8:1c:7f:01:71:7f:63:17:c3:a7:ed:6c:
60:86:d9:27:fb:b4:05:f3:5d:8e:5a:e1:ea:d2:b4:22:6b:57:
fb:a5:b5:65:76:f5:f0:5f:3f:81:45:3d:c4:0c:14:eb:27:dd:
b9:21:fd:14:57:bf:7e:6e:f2:99:b2:71:78:aa:97:b1:15:23:
2f:ef:9f:75:7d:aa:2e:93:19:d8:ef:43:66:cc:10:7c:e9:8c:
06:17:65:e7:cd:d4:a8:b4:9c:79:3b:dc:e7:e4:c7:c8:92:54:
82:c8:1a:c0:82:00:6b:17:cb:35:bf:84:91:37:b2:97:91:d1:
28:b8:8e:fd:e8:d7:f6:08:13:3b:e5:22:09:09:81:b2:62:56:
d2:d4:70:fa:1f:bd:fe:8c:cf:25:17:33:e2:2a:0e:c8:e9:b5:
02:1a:1d:d3:e4:d5:8a:fa:7e:79:a9:7e:77:dc:fe:14:7f:c0:
2e:6f:21:af:4a:71:1f:06:b9:c9:c1:1e:c8:11:43:db:c2:b5:
6e:19:a2:d2:c0:07:fb:47:f8:00:78:a4:e3:a9:19:49:54:af:
4d:75:a4:cf:f2:ad:bc:c4:0b:e6:cb:99:02:ea:46:f9:29:7a:
6f:05:7e:5d
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUG45LB6QVifsmAUhOf8E90aUwpJ4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MDExOTUwNThaFw0yNTEwMDYyMzU5NTlaMHoxSTBHBgNV
BAUTQDRiYzQ5OGJlNTFmODlmZWU4N2E5NjJjMWY4YTJmNmJiYjk3MWMwMWQ4YTBm
YTBmM2NmYzc5YzhiNDY5MmUwYjUxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANsosYyv4FdoZOz2CGyV6dMFo5BN2yLy0OQr5fZRvul5NgIyUP7musO0uNxh
QsFca5rX9Ar9L8++jRc5nCXEOXBG9wuldsq1LOLJGk7a7e4O0NDwBv+McRJ3g9mY
ZvMwNMzz+6Iru4UqMu6MInZ9YRLsL+D9sCNKNwvoQ0Q9jER/b5BhT2IZJhwLOVjE
0N60XrLqKDpuWVg6vbkqFOUCV9DpWJ+cWAmFOMvxiPr4V47jvei1cLu7JtsCMxKs
T0ueQgwVxJPW50anlfDvwE+BxN4iI/vyPAU14JR1E1/tbP5IK/aq6ZvXVeN29Qjp
xhVVH8lw2nFgDLDnkp1mpUCC8IkCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBRusvfw
jS8XrravrtIZCBg44spxNDAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MGNhZGVjM2UtYTM1ZS00MzIxLWIxNzItODI1ZGU3YTUyMWQ3LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0DGQ
wDANBgkqhkiG9w0BAQsFAAOCAQEAkQEEf644m0guwgAwG/VVF4KMqz1yaaxA2Bx/
AXF/YxfDp+1sYIbZJ/u0BfNdjlrh6tK0ImtX+6W1ZXb18F8/gUU9xAwU6yfduSH9
FFe/fm7ymbJxeKqXsRUjL++fdX2qLpMZ2O9DZswQfOmMBhdl583UqLSceTvc5+TH
yJJUgsgawIIAaxfLNb+EkTeyl5HRKLiO/ejX9ggTO+UiCQmBsmJW0tRw+h+9/ozP
JRcz4ioOyOm1Ahod0+TVivp+eal+d9z+FH/ALm8hr0pxHwa5ycEeyBFD28K1bhmi
0sAH+0f4AHik46kZSVSvTXWkz/KtvMQL5suZAupG+Sl6bwV+XQ==
-----END CERTIFICATE-----
Generated at Mon Sep 8 12:17:09 2025 by rpki-client