Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/1a8757a3-5b0e-4473-9a3b-876cc134e2bd.roa
File: 1a8757a3-5b0e-4473-9a3b-876cc134e2bd.roa (raw, json)
Hash identifier: v+sgOSqnrzlYTe4llZ8xBpdDYT+BUc7wPsp9ECfhl/M=
Subject key identifier: 37:A0:B6:45:65:9C:58:A1:99:85:EC:38:1A:E3:1B:EC:F2:82:39:EA
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 28BFB0437D525E5E8BF4188E1A5A0A8480EC5859
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/1a8757a3-5b0e-4473-9a3b-876cc134e2bd.roa
Signing time: Mon 01 Sep 2025 20:21:33 +0000
ROA not before: Mon 01 Sep 2025 20:21:33 +0000
ROA not after: Mon 06 Oct 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d000:e000::/40 maxlen: 40
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 09 Sep 2025 10:00:23 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
28:bf:b0:43:7d:52:5e:5e:8b:f4:18:8e:1a:5a:0a:84:80:ec:58:59
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Sep 1 20:21:33 2025 GMT
Not After : Oct 6 23:59:59 2025 GMT
Subject: serialNumber=fe72f1c8747f205d827531ea434dfe8642aaf0b1b8c3e2ebd1399aabd1a675df, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c9:98:15:08:a9:62:4f:4d:5f:3b:ab:6d:a3:fe:
f4:65:e9:49:5d:2d:53:6c:8d:ff:76:e0:96:99:c9:
6d:62:b9:60:b8:91:7a:bf:55:e9:9c:05:e0:54:2a:
c0:bb:52:6b:e6:ee:5a:63:80:06:3c:b9:a3:92:17:
89:f4:88:26:a6:c3:7b:11:4b:e9:92:3f:84:5b:83:
7c:d5:e3:2c:f1:d4:c3:4b:a1:c5:e0:13:c9:77:bf:
45:66:cc:39:ac:a2:e4:e5:29:50:35:bf:bb:61:89:
2a:a4:0b:b3:0e:f0:79:42:06:2f:01:7d:f4:99:9a:
40:d2:f9:68:2e:4b:92:11:fe:8f:74:4b:3a:57:02:
ea:ba:6b:7e:a9:c2:83:7b:15:b7:14:ec:ef:b8:f8:
3c:ae:36:b4:aa:42:54:b5:eb:37:53:08:02:ae:e4:
b5:4c:8a:73:1c:b7:46:96:8a:d4:9c:25:02:ff:c7:
3d:b4:f0:cb:e6:5b:42:fd:dd:c2:54:5f:19:41:46:
25:66:33:77:14:24:b4:ff:34:86:fb:07:bb:c7:36:
c2:c6:fe:df:7d:2d:85:45:d8:f9:79:f9:10:de:d7:
a2:07:1d:24:b2:e5:09:e0:a7:04:e6:87:1a:65:14:
17:60:3a:4b:45:4c:fe:5a:b5:bd:93:a8:40:62:8c:
77:f3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
37:A0:B6:45:65:9C:58:A1:99:85:EC:38:1A:E3:1B:EC:F2:82:39:EA
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/1a8757a3-5b0e-4473-9a3b-876cc134e2bd.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d000:e000::/40
Signature Algorithm: sha256WithRSAEncryption
7f:eb:a0:02:7a:b8:42:3d:fa:15:65:ff:a1:db:e8:0d:82:6a:
12:69:b0:5f:51:4f:59:10:29:d9:1d:a8:d0:77:2a:ae:0b:a5:
61:ea:02:db:be:7b:7c:26:f9:33:24:79:b6:0d:74:17:f4:bf:
56:5b:be:d1:4c:63:80:9d:01:87:f3:68:05:c4:ec:61:1e:29:
4b:a2:d8:98:b4:2b:13:33:56:da:ac:3a:df:68:12:73:59:3a:
48:aa:f0:a6:4d:eb:b0:28:fd:48:e0:62:c9:17:e2:d2:02:d0:
09:35:71:00:68:78:7f:05:bc:b2:ec:a7:ed:e0:5c:2f:8f:12:
2f:49:d6:e3:c2:d4:78:29:17:80:2c:0e:14:dc:f3:ec:fd:97:
69:6f:54:89:b8:1e:c5:f4:4c:70:83:f3:6b:5a:04:71:c6:63:
97:6c:9d:a8:06:f7:68:83:16:4f:3c:86:d9:ca:81:7d:ab:71:
ea:89:3a:da:ee:83:4e:87:af:1e:80:97:5f:3b:ce:7d:02:d1:
6f:bb:16:41:8b:12:7d:28:30:5b:0a:f7:3f:0e:f9:27:42:c5:
78:87:6d:01:46:fe:50:7a:49:bd:45:65:d8:42:d8:73:fb:58:
78:d1:f9:87:43:a0:04:a5:65:37:78:c5:4a:c5:b2:d5:6f:22:
84:88:2c:e5
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUKL+wQ31SXl6L9BiOGloKhIDsWFkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MDEyMDIxMzNaFw0yNTEwMDYyMzU5NTlaMHoxSTBHBgNV
BAUTQGZlNzJmMWM4NzQ3ZjIwNWQ4Mjc1MzFlYTQzNGRmZTg2NDJhYWYwYjFiOGMz
ZTJlYmQxMzk5YWFiZDFhNjc1ZGYxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMmYFQipYk9NXzurbaP+9GXpSV0tU2yN/3bglpnJbWK5YLiRer9V6ZwF4FQq
wLtSa+buWmOABjy5o5IXifSIJqbDexFL6ZI/hFuDfNXjLPHUw0uhxeATyXe/RWbM
Oayi5OUpUDW/u2GJKqQLsw7weUIGLwF99JmaQNL5aC5LkhH+j3RLOlcC6rprfqnC
g3sVtxTs77j4PK42tKpCVLXrN1MIAq7ktUyKcxy3RpaK1JwlAv/HPbTwy+ZbQv3d
wlRfGUFGJWYzdxQktP80hvsHu8c2wsb+330thUXY+Xn5EN7XogcdJLLlCeCnBOaH
GmUUF2A6S0VM/lq1vZOoQGKMd/MCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBQ3oLZF
ZZxYoZmF7Dga4xvs8oI56jAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MWE4NzU3YTMtNWIwZS00NDczLTlhM2ItODc2Y2MxMzRlMmJkLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0ADg
MA0GCSqGSIb3DQEBCwUAA4IBAQB/66ACerhCPfoVZf+h2+gNgmoSabBfUU9ZECnZ
HajQdyquC6Vh6gLbvnt8JvkzJHm2DXQX9L9WW77RTGOAnQGH82gFxOxhHilLotiY
tCsTM1barDrfaBJzWTpIqvCmTeuwKP1I4GLJF+LSAtAJNXEAaHh/Bbyy7Kft4Fwv
jxIvSdbjwtR4KReALA4U3PPs/Zdpb1SJuB7F9Exwg/NrWgRxxmOXbJ2oBvdogxZP
PIbZyoF9q3HqiTra7oNOh68egJdfO859AtFvuxZBixJ9KDBbCvc/DvknQsV4h20B
Rv5Qekm9RWXYQthz+1h40fmHQ6AEpWU3eMVKxbLVbyKEiCzl
-----END CERTIFICATE-----
Generated at Mon Sep 8 12:13:28 2025 by rpki-client