Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/33f442e1-766e-461d-a3b9-2b0fd01b08cc.roa
File: 33f442e1-766e-461d-a3b9-2b0fd01b08cc.roa (raw, json)
Hash identifier: cYiwU0gvpzOSNNEl69lcZw8n5+aVm0JC4Yc1XiI9MY0=
Subject key identifier: 40:5F:0C:1B:5D:91:7D:34:58:61:83:50:89:D2:37:B5:82:56:69:CF
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 539C6B1B90385BF1BA99C8ECE975355F4345A846
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/33f442e1-766e-461d-a3b9-2b0fd01b08cc.roa
Signing time: Tue 05 Aug 2025 19:40:18 +0000
ROA not before: Tue 05 Aug 2025 19:40:18 +0000
ROA not after: Tue 09 Sep 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d078:6000::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 21 Aug 2025 08:01:00 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
53:9c:6b:1b:90:38:5b:f1:ba:99:c8:ec:e9:75:35:5f:43:45:a8:46
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Aug 5 19:40:18 2025 GMT
Not After : Sep 9 23:59:59 2025 GMT
Subject: serialNumber=36a282699c6723890c9d0d90f6c3d424a367af8ce25c4ad5b8d22c97fbea22eb, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ab:df:77:2c:b2:8b:8f:b1:5a:e2:60:fa:0e:28:
5c:9c:de:fc:0e:c2:29:a7:08:19:76:6b:ae:ff:10:
57:8e:88:10:a2:71:1b:86:a6:b8:d3:3c:a8:75:59:
ca:42:3c:c0:8d:4c:7f:bf:34:09:6e:d9:9c:f0:75:
c1:94:4f:2b:90:3b:fd:6e:83:b8:22:65:d7:e9:0c:
72:65:b5:bc:07:e9:48:18:11:af:f0:01:3c:70:95:
62:e2:d5:31:37:23:d0:57:d0:3f:19:7c:2a:4b:fd:
4d:93:0f:1f:1b:09:81:2a:08:e2:75:e4:c1:50:27:
08:5f:81:a7:b1:05:17:05:d9:d2:c6:fa:b8:fc:28:
10:c8:b2:01:38:a3:c9:19:ae:44:4c:02:c1:2e:ce:
17:df:c9:f1:ea:7f:d5:7b:4c:8c:e0:d1:41:5f:40:
53:3d:ea:25:12:bd:5f:1a:50:1f:01:8d:f8:c9:9a:
ed:07:92:92:bd:9b:f7:30:37:ee:c8:a2:97:ad:8d:
14:5c:e7:db:eb:d9:69:d8:89:f8:a1:57:ce:c9:ee:
49:27:b2:74:76:bb:2b:5b:09:90:e6:c1:17:fd:eb:
ec:d6:8e:48:d2:38:b2:f1:47:bb:fe:94:ae:ed:f4:
99:58:26:2c:ff:4a:93:1d:f4:1a:2c:a5:ed:73:7e:
fc:b3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
40:5F:0C:1B:5D:91:7D:34:58:61:83:50:89:D2:37:B5:82:56:69:CF
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/33f442e1-766e-461d-a3b9-2b0fd01b08cc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d078:6000::/40
Signature Algorithm: sha256WithRSAEncryption
48:6c:7e:f6:4f:7f:cd:7d:25:ef:6b:ef:ec:2e:4b:2f:f6:d7:
00:bc:48:3f:d7:49:ae:88:18:96:21:d8:4f:9d:b8:92:39:53:
bf:63:ef:88:1b:78:42:79:73:6c:15:a9:ee:95:49:a5:8e:02:
c5:2a:1b:0c:03:32:67:72:15:c0:b8:35:be:98:1f:4b:52:0e:
18:8d:4f:48:ee:02:b1:3a:1f:25:9a:fa:b8:65:c3:b5:aa:d1:
3b:e8:71:8c:b1:e3:9f:57:cd:3f:5e:7c:c9:97:ac:f7:59:4d:
d5:a9:53:b1:a2:fb:ba:2e:96:eb:94:0a:75:66:e7:71:a5:5c:
a0:43:18:ef:b2:d4:53:6c:b0:f9:80:7d:52:7f:db:3f:63:ef:
6e:ab:9c:0f:02:98:a3:3f:fd:4b:43:bc:79:e5:29:7c:2f:61:
a4:b1:cf:c8:97:93:85:b9:83:5c:4e:c8:19:88:0e:97:34:20:
49:14:a4:f3:8b:11:cf:e9:8c:a4:9d:34:a2:30:03:57:a3:8a:
a5:40:6c:99:e3:df:86:da:97:e6:44:66:64:0b:95:64:86:37:
f7:b6:a4:87:7e:a3:87:c0:4f:1e:27:95:91:25:52:14:f4:90:
f1:52:75:56:1e:b5:86:23:88:c8:ef:29:be:85:1f:01:ad:54:
2f:7c:3f:63
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUU5xrG5A4W/G6mcjs6XU1X0NFqEYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA4MDUxOTQwMThaFw0yNTA5MDkyMzU5NTlaMHoxSTBHBgNV
BAUTQDM2YTI4MjY5OWM2NzIzODkwYzlkMGQ5MGY2YzNkNDI0YTM2N2FmOGNlMjVj
NGFkNWI4ZDIyYzk3ZmJlYTIyZWIxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKvfdyyyi4+xWuJg+g4oXJze/A7CKacIGXZrrv8QV46IEKJxG4amuNM8qHVZ
ykI8wI1Mf780CW7ZnPB1wZRPK5A7/W6DuCJl1+kMcmW1vAfpSBgRr/ABPHCVYuLV
MTcj0FfQPxl8Kkv9TZMPHxsJgSoI4nXkwVAnCF+Bp7EFFwXZ0sb6uPwoEMiyATij
yRmuREwCwS7OF9/J8ep/1XtMjODRQV9AUz3qJRK9XxpQHwGN+Mma7QeSkr2b9zA3
7siil62NFFzn2+vZadiJ+KFXzsnuSSeydHa7K1sJkObBF/3r7NaOSNI4svFHu/6U
ru30mVgmLP9Kkx30Giyl7XN+/LMCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBRAXwwb
XZF9NFhhg1CJ0je1glZpzzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MzNmNDQyZTEtNzY2ZS00NjFkLWEzYjktMmIwZmQwMWIwOGNjLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0Hhg
MA0GCSqGSIb3DQEBCwUAA4IBAQBIbH72T3/NfSXva+/sLksv9tcAvEg/10muiBiW
IdhPnbiSOVO/Y++IG3hCeXNsFanulUmljgLFKhsMAzJnchXAuDW+mB9LUg4YjU9I
7gKxOh8lmvq4ZcO1qtE76HGMseOfV80/XnzJl6z3WU3VqVOxovu6LpbrlAp1Zudx
pVygQxjvstRTbLD5gH1Sf9s/Y+9uq5wPApijP/1LQ7x55Sl8L2Gksc/Il5OFuYNc
TsgZiA6XNCBJFKTzixHP6YyknTSiMANXo4qlQGyZ49+G2pfmRGZkC5Vkhjf3tqSH
fqOHwE8eJ5WRJVIU9JDxUnVWHrWGI4jI7ym+hR8BrVQvfD9j
-----END CERTIFICATE-----
Generated at Wed Aug 20 10:37:41 2025 by rpki-client