Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/10aa39be-4f99-4b39-b428-f034a0b57d69.roa
File: 10aa39be-4f99-4b39-b428-f034a0b57d69.roa (raw, json)
Hash identifier: Lg4aSz68W06K2dkSTla9wbCwKZe7EHAIC/BDsnISQdI=
Subject key identifier: 4D:28:FE:FF:9B:5D:54:80:B0:8D:1B:8B:0C:AA:F8:5C:7A:D1:2D:91
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 3D56E39BB4C7761C21FF31A9058BB9B9ED5A55F0
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/10aa39be-4f99-4b39-b428-f034a0b57d69.roa
Signing time: Mon 01 Sep 2025 20:41:23 +0000
ROA not before: Mon 01 Sep 2025 20:41:23 +0000
ROA not after: Mon 06 Oct 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d000:b000::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 09 Sep 2025 10:00:23 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
3d:56:e3:9b:b4:c7:76:1c:21:ff:31:a9:05:8b:b9:b9:ed:5a:55:f0
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Sep 1 20:41:23 2025 GMT
Not After : Oct 6 23:59:59 2025 GMT
Subject: serialNumber=27b63e129a138f5a8a5d7d06c91888824974ef64e1db573aabf563b31d74c193, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e2:8c:14:c4:bf:03:19:fc:de:11:8e:a9:49:0f:
f4:d3:2d:80:43:84:64:49:a6:14:bb:6d:88:ef:74:
5c:96:b1:0c:91:fb:59:db:fb:8f:dc:47:80:54:a6:
4b:7f:ca:f7:8a:54:f4:7a:dc:66:75:fa:67:db:2b:
8d:c8:b7:ba:d2:73:5e:11:8e:51:fb:13:7f:1e:71:
44:60:fd:6d:7b:3a:ef:d2:63:ea:c6:30:44:06:f3:
34:e0:07:0a:c6:6f:80:c6:66:74:b0:cf:e0:32:f4:
8a:36:61:01:53:19:6a:54:2f:82:d6:5c:7d:3d:4e:
e0:bc:85:6b:41:b7:bc:7a:89:bd:0c:44:73:95:0b:
eb:4b:39:d9:db:5e:d1:be:7c:23:bf:5e:f2:bc:41:
7b:46:ca:94:d4:be:fb:05:56:b7:b6:8f:64:52:20:
4d:ad:6a:a2:6c:f7:aa:eb:39:a4:18:a6:2a:d3:bf:
05:cb:4c:97:2f:26:bf:47:ff:c3:ba:61:97:0e:04:
ef:56:ac:b0:e9:43:67:16:a8:74:e8:7e:ca:c2:83:
0a:c4:9b:96:5d:62:17:dc:65:cc:f7:da:16:9d:44:
21:62:b4:61:67:ef:36:e4:e1:54:bb:cc:61:5b:12:
d9:b3:33:6e:05:63:54:a0:60:61:bd:50:a1:3a:e4:
4f:fb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4D:28:FE:FF:9B:5D:54:80:B0:8D:1B:8B:0C:AA:F8:5C:7A:D1:2D:91
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/10aa39be-4f99-4b39-b428-f034a0b57d69.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d000:b000::/40
Signature Algorithm: sha256WithRSAEncryption
73:ab:45:69:eb:a8:1d:06:77:47:de:fd:cd:88:fb:da:d7:b1:
1d:09:0d:ea:7e:3b:59:ca:46:91:dc:33:36:1a:07:1c:e8:65:
27:16:33:57:ce:d9:b8:da:14:93:09:37:09:6e:1b:82:07:bb:
94:97:3a:bd:d0:21:b5:b5:df:3c:8f:bb:eb:01:a8:41:dd:c2:
97:d0:d0:af:5a:aa:e4:54:29:30:a5:05:a9:fe:39:a8:29:ad:
ca:d6:4b:8c:84:15:44:81:d3:6b:74:ef:c0:e2:19:60:54:65:
c0:50:68:61:7e:59:65:c2:b4:34:9f:23:c8:d4:6e:ac:d9:f9:
82:f1:0c:6a:82:86:be:7e:b4:d0:cd:57:6b:8b:af:52:87:86:
c5:cf:f4:58:7c:23:8b:5f:1d:c3:e0:dc:ad:ce:2b:ef:a8:e8:
be:a4:61:3b:1f:ba:f2:6a:f9:9c:72:8a:55:32:70:c1:4f:8a:
1b:96:9c:64:6d:c3:54:08:43:a6:d2:85:26:5d:e3:11:7a:cc:
61:51:8a:e4:ac:e3:e6:04:f8:db:2c:dd:81:00:59:95:ea:9a:
ab:5b:74:77:5b:ca:dd:59:8b:43:7d:53:61:14:e7:d8:de:22:
aa:40:af:d1:d0:b7:e1:33:b0:e7:61:13:14:fc:fb:24:66:8f:
3c:ee:00:90
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUPVbjm7THdhwh/zGpBYu5ue1aVfAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MDEyMDQxMjNaFw0yNTEwMDYyMzU5NTlaMHoxSTBHBgNV
BAUTQDI3YjYzZTEyOWExMzhmNWE4YTVkN2QwNmM5MTg4ODgyNDk3NGVmNjRlMWRi
NTczYWFiZjU2M2IzMWQ3NGMxOTMxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAOKMFMS/Axn83hGOqUkP9NMtgEOEZEmmFLttiO90XJaxDJH7Wdv7j9xHgFSm
S3/K94pU9HrcZnX6Z9srjci3utJzXhGOUfsTfx5xRGD9bXs679Jj6sYwRAbzNOAH
CsZvgMZmdLDP4DL0ijZhAVMZalQvgtZcfT1O4LyFa0G3vHqJvQxEc5UL60s52dte
0b58I79e8rxBe0bKlNS++wVWt7aPZFIgTa1qomz3qus5pBimKtO/BctMly8mv0f/
w7phlw4E71assOlDZxaodOh+ysKDCsSbll1iF9xlzPfaFp1EIWK0YWfvNuThVLvM
YVsS2bMzbgVjVKBgYb1QoTrkT/sCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBRNKP7/
m11UgLCNG4sMqvhcetEtkTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MTBhYTM5YmUtNGY5OS00YjM5LWI0MjgtZjAzNGEwYjU3ZDY5LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0ACw
MA0GCSqGSIb3DQEBCwUAA4IBAQBzq0Vp66gdBndH3v3NiPva17EdCQ3qfjtZykaR
3DM2Ggcc6GUnFjNXztm42hSTCTcJbhuCB7uUlzq90CG1td88j7vrAahB3cKX0NCv
WqrkVCkwpQWp/jmoKa3K1kuMhBVEgdNrdO/A4hlgVGXAUGhhflllwrQ0nyPI1G6s
2fmC8Qxqgoa+frTQzVdri69Sh4bFz/RYfCOLXx3D4NytzivvqOi+pGE7H7ryavmc
copVMnDBT4oblpxkbcNUCEOm0oUmXeMResxhUYrkrOPmBPjbLN2BAFmV6pqrW3R3
W8rdWYtDfVNhFOfY3iKqQK/R0LfhM7DnYRMU/PskZo887gCQ
-----END CERTIFICATE-----
Generated at Mon Sep 8 12:07:07 2025 by rpki-client