Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/3901d4e7-d120-481a-a199-4762783cff5b.roa
File: 3901d4e7-d120-481a-a199-4762783cff5b.roa (raw, json)
Hash identifier: uvWi3um+mK93VB5W3oFghBuLs6jF5Blp3TSksvlZ7Ws=
Subject key identifier: 1C:2A:CC:11:DF:B9:E9:5E:B4:E5:E1:25:A7:F4:D3:0D:21:B6:3F:AC
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 36B17224BC44A6C7CF64B004C56B3CD2A7457FC4
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/3901d4e7-d120-481a-a199-4762783cff5b.roa
Signing time: Mon 01 Sep 2025 21:00:56 +0000
ROA not before: Mon 01 Sep 2025 21:00:56 +0000
ROA not after: Mon 06 Oct 2025 23:59:59 +0000
asID: 14618
IP address blocks: 2a05:d059:4000::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 09 Sep 2025 10:00:23 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
36:b1:72:24:bc:44:a6:c7:cf:64:b0:04:c5:6b:3c:d2:a7:45:7f:c4
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Sep 1 21:00:56 2025 GMT
Not After : Oct 6 23:59:59 2025 GMT
Subject: serialNumber=65cfdaac0bb86792626872de579b748998941ae39021acd9e659ad9472ac470d, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ad:13:4f:d2:0b:c3:d7:af:7b:03:93:8e:82:e8:
15:f7:20:8f:da:42:eb:f7:00:50:20:11:a1:d4:db:
52:3d:dd:c2:70:8f:e4:41:0b:47:51:88:35:58:4d:
bf:3b:fa:98:1a:2c:4c:2e:d2:57:35:23:93:16:b8:
05:c4:30:6b:21:90:6a:4d:f7:a0:89:4c:94:6d:7f:
e3:b9:3d:eb:05:5c:32:16:c0:86:94:ac:27:16:21:
ca:4d:41:be:b1:91:84:8a:0d:86:3b:df:ed:c2:c7:
d7:2c:b8:57:16:82:79:fc:dd:cb:d8:c4:28:4c:e1:
b8:07:e4:ab:d3:1b:44:4f:41:8c:d8:3f:f9:71:e7:
81:12:e4:e9:54:69:92:07:7a:ef:b1:e5:b9:1d:3c:
6f:93:98:8e:c5:08:37:20:9f:1e:30:66:ef:81:f8:
00:89:56:23:e8:ce:84:b9:a3:49:f8:59:30:ed:ea:
01:a4:e1:04:0b:a3:d3:9d:e5:3f:b0:b2:58:e8:5e:
e4:b4:54:02:85:db:9c:ef:26:a6:1e:a1:f5:69:dd:
91:fe:b0:d3:ef:08:cd:b7:6a:63:d5:b0:30:db:fb:
3d:29:f8:84:2d:49:6a:10:43:21:fc:a7:b5:66:39:
5e:ef:24:e6:c1:6b:a4:f8:0f:d7:fd:47:56:ac:d1:
38:d5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1C:2A:CC:11:DF:B9:E9:5E:B4:E5:E1:25:A7:F4:D3:0D:21:B6:3F:AC
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/3901d4e7-d120-481a-a199-4762783cff5b.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d059:4000::/40
Signature Algorithm: sha256WithRSAEncryption
bc:f1:e1:83:ca:40:e9:fa:55:24:7f:29:0e:bd:4f:86:4f:06:
03:6e:c4:f7:d2:3f:dd:24:26:ae:3d:c2:dd:43:39:f8:47:f1:
65:6f:87:f4:7c:08:48:39:b9:9f:a5:50:4a:a9:3b:82:38:5b:
d6:6d:a2:31:25:e7:67:5f:24:e7:73:b4:6c:f7:12:10:7f:c6:
47:8d:a1:96:c1:0b:b8:81:bc:a3:30:e9:bc:ef:18:d4:2b:88:
84:26:b6:dd:18:a7:70:00:bb:c5:4e:cb:b3:ef:4f:74:35:ea:
cf:b3:87:10:18:0f:ab:f5:df:b1:20:25:93:cf:ae:80:37:34:
ad:1f:80:3a:1e:a7:89:24:1d:c5:c5:de:e8:8f:f9:bd:78:e2:
7a:05:9f:4c:f6:b9:75:68:7c:d4:d3:5c:4d:25:cc:d0:a1:09:
a8:df:93:29:ce:17:b4:3a:00:e1:c7:eb:e2:ed:7c:c0:bb:bc:
fd:bc:ec:43:aa:85:73:0b:a8:ff:c9:88:5d:2c:8d:a4:16:0e:
2d:e0:f3:a3:01:b7:fe:da:a3:68:e9:a1:d7:22:b5:bb:6b:23:
17:2d:01:be:b6:62:9b:c9:9e:6d:99:0b:8d:3a:e4:77:e0:86:
a1:f5:6d:da:0f:c6:22:51:cb:32:ad:96:9e:f6:0a:63:6e:f9:
7e:13:24:24
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUNrFyJLxEpsfPZLAExWs80qdFf8QwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MDEyMTAwNTZaFw0yNTEwMDYyMzU5NTlaMHoxSTBHBgNV
BAUTQDY1Y2ZkYWFjMGJiODY3OTI2MjY4NzJkZTU3OWI3NDg5OTg5NDFhZTM5MDIx
YWNkOWU2NTlhZDk0NzJhYzQ3MGQxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAK0TT9ILw9evewOTjoLoFfcgj9pC6/cAUCARodTbUj3dwnCP5EELR1GINVhN
vzv6mBosTC7SVzUjkxa4BcQwayGQak33oIlMlG1/47k96wVcMhbAhpSsJxYhyk1B
vrGRhIoNhjvf7cLH1yy4VxaCefzdy9jEKEzhuAfkq9MbRE9BjNg/+XHngRLk6VRp
kgd677HluR08b5OYjsUINyCfHjBm74H4AIlWI+jOhLmjSfhZMO3qAaThBAuj053l
P7CyWOhe5LRUAoXbnO8mph6h9Wndkf6w0+8IzbdqY9WwMNv7PSn4hC1JahBDIfyn
tWY5Xu8k5sFrpPgP1/1HVqzRONUCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBQcKswR
37npXrTl4SWn9NMNIbY/rDAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MzkwMWQ0ZTctZDEyMC00ODFhLWExOTktNDc2Mjc4M2NmZjViLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0FlA
MA0GCSqGSIb3DQEBCwUAA4IBAQC88eGDykDp+lUkfykOvU+GTwYDbsT30j/dJCau
PcLdQzn4R/Flb4f0fAhIObmfpVBKqTuCOFvWbaIxJednXyTnc7Rs9xIQf8ZHjaGW
wQu4gbyjMOm87xjUK4iEJrbdGKdwALvFTsuz7090NerPs4cQGA+r9d+xICWTz66A
NzStH4A6HqeJJB3Fxd7oj/m9eOJ6BZ9M9rl1aHzU01xNJczQoQmo35Mpzhe0OgDh
x+vi7XzAu7z9vOxDqoVzC6j/yYhdLI2kFg4t4POjAbf+2qNo6aHXIrW7ayMXLQG+
tmKbyZ5tmQuNOuR34Iah9W3aD8YiUcsyrZae9gpjbvl+EyQk
-----END CERTIFICATE-----
Generated at Mon Sep 8 12:07:01 2025 by rpki-client