Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/2678e5d7-5995-4791-9318-f087e83654a9.roa
File: 2678e5d7-5995-4791-9318-f087e83654a9.roa (raw, json)
Hash identifier: K29j0GXQNVVijBYAee+axFsLlKSNGLGu1L74MOpdpSA=
Subject key identifier: F6:3E:1D:BE:4A:3C:0F:39:68:95:3C:AE:BB:92:78:AA:04:E9:7E:67
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 2F2BA1BA5151AEA7C25221B3AE2347CF790E91B4
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/2678e5d7-5995-4791-9318-f087e83654a9.roa
Signing time: Mon 25 Aug 2025 19:00:20 +0000
ROA not before: Mon 25 Aug 2025 19:00:20 +0000
ROA not after: Mon 29 Sep 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d076:e000::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 09 Sep 2025 10:00:23 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
2f:2b:a1:ba:51:51:ae:a7:c2:52:21:b3:ae:23:47:cf:79:0e:91:b4
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Aug 25 19:00:20 2025 GMT
Not After : Sep 29 23:59:59 2025 GMT
Subject: serialNumber=067311cbd5dff6b64a3c9032791f943b77a52be2f4dea3d3a84f905e1bd859c3, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c2:05:bd:19:dd:4b:c3:72:b4:af:53:db:5d:03:
67:d1:56:6d:ad:57:5d:6c:db:88:3e:9f:61:d8:b8:
3a:0f:ca:43:73:f1:2e:28:82:fb:89:b2:8f:77:d6:
fc:35:a6:19:1b:9c:b9:40:bf:f0:98:e2:50:16:39:
de:ee:4a:e0:5b:a1:74:0f:86:5c:51:55:2d:06:14:
ad:4a:cc:59:67:66:6e:16:d3:be:a1:f3:c3:08:8f:
47:44:ef:36:83:56:f6:7e:6b:8f:18:09:a2:16:1f:
a8:c4:84:fd:14:ad:f2:cb:02:a4:c8:1c:67:ef:c7:
eb:57:cb:6c:f3:ab:e3:09:39:4a:0a:b3:dc:08:2e:
60:dd:69:cc:35:df:73:3e:2a:09:b1:2c:ff:ae:18:
ce:2a:ae:29:97:11:23:69:e8:d1:db:41:69:c5:62:
75:78:15:82:96:b2:4a:fe:ba:3a:4d:81:d0:f0:df:
93:8a:84:fd:c8:81:51:cc:56:73:b2:0f:9e:08:24:
a6:31:b1:22:b9:89:dd:69:df:1c:a4:c0:a9:7f:4c:
13:d7:7d:9c:5e:ff:b7:f6:5f:03:54:78:b0:5f:27:
cd:06:bf:a1:f5:ac:76:26:b1:b5:73:94:8a:a3:8e:
fd:30:9c:f9:ff:22:fc:18:bb:f8:37:49:af:cf:9e:
8a:41
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F6:3E:1D:BE:4A:3C:0F:39:68:95:3C:AE:BB:92:78:AA:04:E9:7E:67
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/2678e5d7-5995-4791-9318-f087e83654a9.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d076:e000::/48
Signature Algorithm: sha256WithRSAEncryption
76:8b:10:8d:01:a7:78:f2:52:91:6e:7a:55:77:65:02:f8:b0:
a8:31:64:bc:70:87:a2:ab:30:50:a8:ed:42:70:31:b2:32:8f:
8c:bf:02:23:3f:4a:a1:4d:c2:98:b1:bd:51:06:37:ad:ef:84:
87:a1:8c:0c:a3:1c:5f:b7:70:d4:60:18:75:8b:cd:88:62:63:
83:53:13:91:37:e9:06:59:07:40:7a:e7:84:08:e3:7f:04:67:
77:64:73:49:15:7c:3c:ba:3b:6d:b3:f4:a2:41:db:8e:eb:2b:
8f:7e:47:a7:2e:17:37:89:6b:d9:2a:9d:9d:a8:40:90:26:92:
6a:be:6e:f0:d9:a8:99:93:e6:03:b8:16:53:31:d6:46:1a:5f:
a2:06:44:e1:97:63:ed:4f:f5:c4:69:71:a4:1a:d1:0d:bb:84:
f5:02:d6:e6:f4:27:55:f4:c5:31:0f:f6:79:d5:68:1f:e5:fa:
50:31:33:1c:f1:58:f6:af:37:fb:dd:0f:e1:7d:e8:50:f9:79:
d2:ab:b7:2f:9f:9c:df:ad:38:0e:48:3a:0b:a3:09:de:c5:0e:
c8:ab:ee:5d:32:a1:83:d3:cc:76:1a:62:95:5f:3e:d9:94:39:
cc:fe:1b:2a:6c:0b:ea:56:4d:62:f7:bb:63:0a:08:8e:f3:fb:
dc:52:5c:14
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIULyuhulFRrqfCUiGzriNHz3kOkbQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA4MjUxOTAwMjBaFw0yNTA5MjkyMzU5NTlaMHoxSTBHBgNV
BAUTQDA2NzMxMWNiZDVkZmY2YjY0YTNjOTAzMjc5MWY5NDNiNzdhNTJiZTJmNGRl
YTNkM2E4NGY5MDVlMWJkODU5YzMxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMIFvRndS8NytK9T210DZ9FWba1XXWzbiD6fYdi4Og/KQ3PxLiiC+4myj3fW
/DWmGRucuUC/8JjiUBY53u5K4FuhdA+GXFFVLQYUrUrMWWdmbhbTvqHzwwiPR0Tv
NoNW9n5rjxgJohYfqMSE/RSt8ssCpMgcZ+/H61fLbPOr4wk5Sgqz3AguYN1pzDXf
cz4qCbEs/64YziquKZcRI2no0dtBacVidXgVgpaySv66Ok2B0PDfk4qE/ciBUcxW
c7IPnggkpjGxIrmJ3WnfHKTAqX9ME9d9nF7/t/ZfA1R4sF8nzQa/ofWsdiaxtXOU
iqOO/TCc+f8i/Bi7+DdJr8+eikECAwEAAaOCAiQwggIgMB0GA1UdDgQWBBT2Ph2+
SjwPOWiVPK67kniqBOl+ZzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MjY3OGU1ZDctNTk5NS00NzkxLTkzMTgtZjA4N2U4MzY1NGE5LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0Hbg
ADANBgkqhkiG9w0BAQsFAAOCAQEAdosQjQGnePJSkW56VXdlAviwqDFkvHCHoqsw
UKjtQnAxsjKPjL8CIz9KoU3CmLG9UQY3re+Eh6GMDKMcX7dw1GAYdYvNiGJjg1MT
kTfpBlkHQHrnhAjjfwRnd2RzSRV8PLo7bbP0okHbjusrj35Hpy4XN4lr2SqdnahA
kCaSar5u8NmomZPmA7gWUzHWRhpfogZE4Zdj7U/1xGlxpBrRDbuE9QLW5vQnVfTF
MQ/2edVoH+X6UDEzHPFY9q83+90P4X3oUPl50qu3L5+c3604Dkg6C6MJ3sUOyKvu
XTKhg9PMdhpilV8+2ZQ5zP4bKmwL6lZNYve7YwoIjvP73FJcFA==
-----END CERTIFICATE-----
Generated at Mon Sep 8 12:14:49 2025 by rpki-client