Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/1d9a8425-e89b-4598-a680-84c5b341edfd.roa
File: 1d9a8425-e89b-4598-a680-84c5b341edfd.roa (raw, json)
Hash identifier: db3VunyPnUlWVYLsqgfL985cbB/508H9OHWOLxf3X6s=
Subject key identifier: 63:CD:17:9F:8D:AD:0F:FC:C5:D5:3A:3A:61:6F:13:F2:AA:59:06:99
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 43F17D28D234626A2F85F6468FD6522488071ACC
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/1d9a8425-e89b-4598-a680-84c5b341edfd.roa
Signing time: Tue 05 Aug 2025 19:41:12 +0000
ROA not before: Tue 05 Aug 2025 19:41:12 +0000
ROA not after: Tue 09 Sep 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d050:2000::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 21 Aug 2025 08:01:00 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
43:f1:7d:28:d2:34:62:6a:2f:85:f6:46:8f:d6:52:24:88:07:1a:cc
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Aug 5 19:41:12 2025 GMT
Not After : Sep 9 23:59:59 2025 GMT
Subject: serialNumber=7e38fe31e9b2368377f335830917583cf0b2f80736f26cc77c94bd76a1a070de, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b8:22:c1:03:4d:4f:27:d7:28:41:44:ee:0c:fc:
f7:7f:f5:be:f8:38:2e:63:51:38:ae:12:3b:88:37:
37:63:d6:dd:58:5f:7d:ec:54:7a:30:69:30:53:51:
20:b7:61:fe:5d:1f:3c:fc:81:08:a5:82:50:c6:7e:
8b:66:65:d0:a8:24:28:6a:dd:c8:4c:b7:42:e9:c2:
cb:ab:0a:cb:90:a0:89:b9:37:fe:ee:b2:9e:85:77:
ea:37:10:a9:6c:f4:27:f9:b6:82:f9:a5:e0:d6:a4:
31:d9:fe:d3:fb:e6:4e:c5:5a:ec:34:32:99:af:df:
71:c1:71:27:3e:a0:2a:be:f5:90:fc:d2:fe:d3:ca:
8f:1f:80:a2:fa:06:5c:2e:ed:c1:6e:97:58:a6:a9:
99:df:62:8e:a6:49:9a:c1:23:7e:e5:d1:1d:52:a4:
cb:53:09:16:a1:70:04:71:ab:86:b3:50:ca:5c:ea:
7c:fd:83:77:b8:aa:e5:70:c3:0b:9e:93:97:e4:36:
94:ba:07:68:ed:bb:f1:90:26:65:00:1e:41:38:f0:
a6:bc:9b:5d:ca:43:ee:89:1e:e1:c3:39:cd:99:c3:
71:8b:f5:0b:99:05:ca:db:28:88:f0:2c:f4:24:50:
3b:ee:1a:ba:f0:66:31:17:ad:79:03:69:b4:08:8d:
f3:eb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
63:CD:17:9F:8D:AD:0F:FC:C5:D5:3A:3A:61:6F:13:F2:AA:59:06:99
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/1d9a8425-e89b-4598-a680-84c5b341edfd.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d050:2000::/40
Signature Algorithm: sha256WithRSAEncryption
54:f5:68:e9:cf:f1:da:49:51:d0:ca:45:6e:a8:fb:be:eb:26:
59:0d:8d:fb:99:fd:67:7e:bc:c7:95:47:c4:47:1b:fe:08:01:
d8:19:0c:a7:a7:72:b2:33:c3:96:c9:d2:d9:ca:d4:d4:b0:38:
a7:6c:e3:33:bf:28:50:b6:d7:c7:52:44:49:df:64:27:69:44:
63:59:0f:f5:8f:f3:8f:66:76:a0:7d:e3:66:59:0d:13:9e:ea:
f6:5a:0a:aa:08:af:62:36:30:8c:c1:ba:e3:74:80:88:5a:39:
5e:05:4d:b3:9c:5a:82:5d:d7:a8:e1:1a:90:cb:a7:b0:17:6b:
a7:21:08:96:cf:8a:f9:8a:bc:0a:07:f3:15:40:72:13:ea:49:
dc:21:e0:b6:28:e2:44:66:5a:01:66:11:e4:ed:91:b2:e7:e9:
59:23:a6:c4:4f:04:13:70:b3:c7:39:7f:3d:00:67:95:ff:a1:
01:4f:4b:71:2f:5d:3f:17:1c:12:4a:4d:fd:c1:1a:5e:be:22:
72:9c:8d:5a:6c:30:85:07:7c:a2:43:59:43:51:6f:36:72:fe:
b6:0a:db:91:fc:da:a0:b8:15:e9:4e:42:c9:4a:3c:1b:b1:c5:
d3:a5:9d:68:3d:11:46:b7:7d:0e:74:58:1b:62:9e:2e:09:3f:
e8:6f:87:56
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUQ/F9KNI0YmovhfZGj9ZSJIgHGswwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA4MDUxOTQxMTJaFw0yNTA5MDkyMzU5NTlaMHoxSTBHBgNV
BAUTQDdlMzhmZTMxZTliMjM2ODM3N2YzMzU4MzA5MTc1ODNjZjBiMmY4MDczNmYy
NmNjNzdjOTRiZDc2YTFhMDcwZGUxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALgiwQNNTyfXKEFE7gz893/1vvg4LmNROK4SO4g3N2PW3VhffexUejBpMFNR
ILdh/l0fPPyBCKWCUMZ+i2Zl0KgkKGrdyEy3QunCy6sKy5Cgibk3/u6ynoV36jcQ
qWz0J/m2gvml4NakMdn+0/vmTsVa7DQyma/fccFxJz6gKr71kPzS/tPKjx+AovoG
XC7twW6XWKapmd9ijqZJmsEjfuXRHVKky1MJFqFwBHGrhrNQylzqfP2Dd7iq5XDD
C56Tl+Q2lLoHaO278ZAmZQAeQTjwprybXcpD7oke4cM5zZnDcYv1C5kFytsoiPAs
9CRQO+4auvBmMReteQNptAiN8+sCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBRjzRef
ja0P/MXVOjphbxPyqlkGmTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MWQ5YTg0MjUtZTg5Yi00NTk4LWE2ODAtODRjNWIzNDFlZGZkLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0FAg
MA0GCSqGSIb3DQEBCwUAA4IBAQBU9Wjpz/HaSVHQykVuqPu+6yZZDY37mf1nfrzH
lUfERxv+CAHYGQynp3KyM8OWydLZytTUsDinbOMzvyhQttfHUkRJ32QnaURjWQ/1
j/OPZnagfeNmWQ0Tnur2WgqqCK9iNjCMwbrjdICIWjleBU2znFqCXdeo4RqQy6ew
F2unIQiWz4r5irwKB/MVQHIT6kncIeC2KOJEZloBZhHk7ZGy5+lZI6bETwQTcLPH
OX89AGeV/6EBT0txL10/FxwSSk39wRpeviJynI1abDCFB3yiQ1lDUW82cv62CtuR
/NqguBXpTkLJSjwbscXTpZ1oPRFGt30OdFgbYp4uCT/ob4dW
-----END CERTIFICATE-----
Generated at Wed Aug 20 10:38:13 2025 by rpki-client