Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/0f3fbd71-85b4-48a7-8479-e942c9578262.roa
File: 0f3fbd71-85b4-48a7-8479-e942c9578262.roa (raw, json)
Hash identifier: 7a/zJhIk/m9fB952re/xV/HOgkD3xOMr0dz41r5uSl0=
Subject key identifier: BA:B3:E3:FB:9C:CE:88:4F:B3:4F:09:B5:1D:61:50:69:C5:C7:BF:75
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 763A6F69699650A318FFA08B256B2374240C793D
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/0f3fbd71-85b4-48a7-8479-e942c9578262.roa
Signing time: Mon 01 Sep 2025 20:51:02 +0000
ROA not before: Mon 01 Sep 2025 20:51:02 +0000
ROA not after: Mon 06 Oct 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d071:1000::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 09 Sep 2025 10:00:23 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
76:3a:6f:69:69:96:50:a3:18:ff:a0:8b:25:6b:23:74:24:0c:79:3d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Sep 1 20:51:02 2025 GMT
Not After : Oct 6 23:59:59 2025 GMT
Subject: serialNumber=0fcd30680f16925474b976f0439848753a7113ca297556355266e0ccce185706, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d4:10:cf:43:b9:df:34:c5:9c:8d:62:57:d4:fe:
64:d2:2e:1c:a0:c6:20:84:05:1e:fe:14:50:ba:8f:
68:d6:89:64:84:9a:d4:49:83:77:d3:8d:43:c2:dc:
49:fb:b8:f8:9d:bf:6b:ee:a7:8c:73:09:07:f1:21:
79:b0:d6:74:06:69:13:c9:0a:c7:73:f1:1e:81:1d:
04:55:c2:70:3c:57:fc:b7:bf:30:bb:84:01:2f:45:
fe:1f:07:58:10:4d:84:29:3b:7b:b5:b6:a2:9c:78:
75:f0:d0:f9:64:d0:1b:56:e8:fe:ff:1d:53:ed:c6:
c4:18:c9:3a:21:78:ef:99:bc:c9:e5:2c:4e:a4:29:
38:94:92:69:8a:07:9a:8c:b5:31:6b:e3:b5:19:44:
3f:3c:e5:c6:98:65:12:2a:6d:7e:dc:a6:32:b6:eb:
69:07:3f:1c:56:2d:f5:fb:4e:80:00:60:32:27:47:
fb:1b:e7:a2:db:0d:f2:51:ff:32:25:0a:c8:4f:28:
f8:e0:2a:2b:97:60:33:7f:42:e8:5d:c3:93:8e:1d:
70:33:51:4e:74:eb:c9:9b:d6:11:11:41:cd:68:5c:
a2:1f:92:5a:9e:a9:04:bc:ac:a3:04:f7:ee:37:b4:
d5:c6:25:77:3e:51:6a:29:af:8b:74:63:93:70:38:
95:9f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BA:B3:E3:FB:9C:CE:88:4F:B3:4F:09:B5:1D:61:50:69:C5:C7:BF:75
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/0f3fbd71-85b4-48a7-8479-e942c9578262.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d071:1000::/40
Signature Algorithm: sha256WithRSAEncryption
b8:53:bc:17:56:8b:7c:06:60:52:55:80:7f:59:c1:5c:b4:ab:
f9:90:9c:2c:13:8e:aa:94:fb:2b:05:ab:95:6d:f5:17:32:a8:
99:46:a8:fe:fb:92:88:60:9a:f2:71:ae:8d:08:61:6c:5b:f0:
b9:2f:ae:af:3f:f9:d0:47:45:32:05:a6:53:31:04:e5:d1:fc:
cb:bc:62:d6:b9:49:df:52:8f:cc:82:f7:2e:ad:55:49:d2:87:
34:69:1b:03:90:eb:5f:39:4c:3c:2b:55:9e:e4:58:bd:ce:e0:
48:c8:5e:0b:20:ab:9e:e9:27:cb:46:12:a3:96:9a:e7:54:5b:
3b:17:d4:f0:60:60:bb:94:3a:02:ce:b6:93:77:2e:c8:a7:3f:
bf:d5:40:37:3b:a3:44:c1:51:31:40:bb:05:1f:92:d6:2a:c3:
2a:e2:a3:ab:b2:ca:d3:f0:a2:15:ba:90:f1:45:29:09:bf:62:
be:76:16:3f:dd:6f:40:62:3a:ea:5d:f2:0f:3a:36:d3:a3:3f:
6c:d7:ee:73:d2:7c:a3:37:a1:ac:28:8e:36:1e:47:96:dd:a8:
25:33:49:e5:4e:c9:41:3b:68:b4:06:7d:d1:0a:8e:46:6b:e2:
88:be:e8:84:9d:9e:7e:31:7d:cd:69:39:de:3d:70:67:09:be:
5c:5d:13:66
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUdjpvaWmWUKMY/6CLJWsjdCQMeT0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MDEyMDUxMDJaFw0yNTEwMDYyMzU5NTlaMHoxSTBHBgNV
BAUTQDBmY2QzMDY4MGYxNjkyNTQ3NGI5NzZmMDQzOTg0ODc1M2E3MTEzY2EyOTc1
NTYzNTUyNjZlMGNjY2UxODU3MDYxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANQQz0O53zTFnI1iV9T+ZNIuHKDGIIQFHv4UULqPaNaJZISa1EmDd9ONQ8Lc
Sfu4+J2/a+6njHMJB/EhebDWdAZpE8kKx3PxHoEdBFXCcDxX/Le/MLuEAS9F/h8H
WBBNhCk7e7W2opx4dfDQ+WTQG1bo/v8dU+3GxBjJOiF475m8yeUsTqQpOJSSaYoH
moy1MWvjtRlEPzzlxphlEiptftymMrbraQc/HFYt9ftOgABgMidH+xvnotsN8lH/
MiUKyE8o+OAqK5dgM39C6F3Dk44dcDNRTnTryZvWERFBzWhcoh+SWp6pBLysowT3
7je01cYldz5Raimvi3Rjk3A4lZ8CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBS6s+P7
nM6IT7NPCbUdYVBpxce/dTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MGYzZmJkNzEtODViNC00OGE3LTg0NzktZTk0MmM5NTc4MjYyLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0HEQ
MA0GCSqGSIb3DQEBCwUAA4IBAQC4U7wXVot8BmBSVYB/WcFctKv5kJwsE46qlPsr
BauVbfUXMqiZRqj++5KIYJryca6NCGFsW/C5L66vP/nQR0UyBaZTMQTl0fzLvGLW
uUnfUo/MgvcurVVJ0oc0aRsDkOtfOUw8K1We5Fi9zuBIyF4LIKue6SfLRhKjlprn
VFs7F9TwYGC7lDoCzraTdy7Ipz+/1UA3O6NEwVExQLsFH5LWKsMq4qOrssrT8KIV
upDxRSkJv2K+dhY/3W9AYjrqXfIPOjbToz9s1+5z0nyjN6GsKI42HkeW3aglM0nl
TslBO2i0Bn3RCo5Ga+KIvuiEnZ5+MX3NaTnePXBnCb5cXRNm
-----END CERTIFICATE-----
Generated at Mon Sep 8 12:18:36 2025 by rpki-client