Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/3b5c68d3-e5a1-4742-a90c-59b1e29cfc00.roa
File: 3b5c68d3-e5a1-4742-a90c-59b1e29cfc00.roa (raw, json)
Hash identifier: STDtNuDBM/4+/N2ZYfgyfSR9Wq8Ukp6e4pczfyPGs70=
Subject key identifier: 80:75:9B:83:03:AE:1A:6F:B2:54:B7:62:79:CC:8D:53:6D:15:0C:68
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 2B3593468B4DC2981CEE9A424A924E2EFE4380EB
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/3b5c68d3-e5a1-4742-a90c-59b1e29cfc00.roa
Signing time: Mon 01 Sep 2025 21:00:13 +0000
ROA not before: Mon 01 Sep 2025 21:00:13 +0000
ROA not after: Mon 06 Oct 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d06f:c000::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 09 Sep 2025 10:00:23 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
2b:35:93:46:8b:4d:c2:98:1c:ee:9a:42:4a:92:4e:2e:fe:43:80:eb
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Sep 1 21:00:13 2025 GMT
Not After : Oct 6 23:59:59 2025 GMT
Subject: serialNumber=0eeeb4d988a8505f3e2ca80dcc40512d0915f489bb9a4be384b314ffe4974a4b, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a0:89:95:9c:13:00:79:c4:3c:5f:6c:ef:82:93:
ae:f0:a2:e8:fb:09:cf:c3:92:ce:ba:ab:ff:44:aa:
25:5f:36:c7:c7:b8:77:9e:be:52:78:ab:31:b3:07:
95:98:a8:ac:22:6e:8a:cd:b9:6b:15:57:5e:74:36:
88:46:dd:f3:d2:28:5e:9b:11:87:0d:b7:b6:69:7f:
90:c7:b8:27:11:66:df:05:7a:9f:a5:34:39:36:3d:
e2:45:9e:48:78:c7:91:0d:9b:77:f2:cd:77:67:02:
20:fc:63:19:96:98:80:98:41:65:48:e9:fd:9d:63:
67:b5:df:3d:7d:7a:23:df:c6:39:24:72:4f:54:af:
67:df:d4:82:6f:39:2b:9d:fe:c0:bc:4b:52:9b:68:
13:16:7b:9c:5b:98:bf:7b:36:c6:75:14:80:15:75:
59:f4:f8:fe:74:a8:70:05:ca:51:30:4c:e1:53:3e:
df:da:0a:04:db:67:04:cd:69:00:13:7d:81:59:f5:
31:97:7e:06:c5:32:40:31:2e:29:9a:99:9d:57:cd:
99:54:b9:76:08:7a:72:41:a3:b7:25:c1:9e:e2:7c:
a3:2e:89:33:04:86:58:8e:a0:fc:87:b0:75:27:c7:
31:7b:93:0e:82:fa:08:5f:a5:5a:c7:db:c2:64:0c:
e3:15
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
80:75:9B:83:03:AE:1A:6F:B2:54:B7:62:79:CC:8D:53:6D:15:0C:68
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/3b5c68d3-e5a1-4742-a90c-59b1e29cfc00.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d06f:c000::/40
Signature Algorithm: sha256WithRSAEncryption
76:28:a9:25:1d:cf:6d:9a:f5:e3:6f:fb:c5:b8:04:4f:20:61:
31:46:43:91:e1:c6:d8:4c:62:14:06:85:0c:2c:bb:e2:f4:7b:
2c:46:63:ab:6e:be:75:de:6e:89:29:a4:e1:1b:ef:2c:65:23:
7b:d1:f6:7f:4d:ba:86:26:55:8f:45:cc:33:09:62:45:9d:f1:
53:4c:bc:4a:d5:74:a3:6e:e9:d2:cd:fe:d1:03:a9:eb:37:e9:
ec:d4:05:5c:9e:84:e7:d6:20:d6:c2:bb:76:1c:75:fb:51:b1:
b5:58:46:55:6e:ce:7e:35:76:8f:aa:cc:5c:83:b2:42:8f:9a:
df:8a:18:af:e8:bc:af:2b:d7:09:52:a6:f9:e4:0c:58:97:71:
45:3f:ce:65:10:45:c2:2a:f2:b3:a8:26:9e:c4:18:0c:67:71:
29:42:a2:ce:94:e1:21:14:af:1e:d4:9f:e6:d7:11:1a:34:23:
97:56:fd:57:af:15:ec:cf:88:f8:9c:08:89:c8:52:c1:6b:60:
4d:a8:d9:ba:41:0a:a8:0e:ed:10:97:45:9d:e7:84:38:04:c4:
75:b7:ce:57:23:03:9e:6f:b4:e2:9d:59:52:3a:bb:b1:6d:8c:
00:30:8c:b5:cd:ce:be:0b:7c:e7:b8:71:ff:f5:42:e6:91:c6:
c4:30:21:7a
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUKzWTRotNwpgc7ppCSpJOLv5DgOswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MDEyMTAwMTNaFw0yNTEwMDYyMzU5NTlaMHoxSTBHBgNV
BAUTQDBlZWViNGQ5ODhhODUwNWYzZTJjYTgwZGNjNDA1MTJkMDkxNWY0ODliYjlh
NGJlMzg0YjMxNGZmZTQ5NzRhNGIxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKCJlZwTAHnEPF9s74KTrvCi6PsJz8OSzrqr/0SqJV82x8e4d56+UnirMbMH
lZiorCJuis25axVXXnQ2iEbd89IoXpsRhw23tml/kMe4JxFm3wV6n6U0OTY94kWe
SHjHkQ2bd/LNd2cCIPxjGZaYgJhBZUjp/Z1jZ7XfPX16I9/GOSRyT1SvZ9/Ugm85
K53+wLxLUptoExZ7nFuYv3s2xnUUgBV1WfT4/nSocAXKUTBM4VM+39oKBNtnBM1p
ABN9gVn1MZd+BsUyQDEuKZqZnVfNmVS5dgh6ckGjtyXBnuJ8oy6JMwSGWI6g/Iew
dSfHMXuTDoL6CF+lWsfbwmQM4xUCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBSAdZuD
A64ab7JUt2J5zI1TbRUMaDAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
M2I1YzY4ZDMtZTVhMS00NzQyLWE5MGMtNTliMWUyOWNmYzAwLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0G/A
MA0GCSqGSIb3DQEBCwUAA4IBAQB2KKklHc9tmvXjb/vFuARPIGExRkOR4cbYTGIU
BoUMLLvi9HssRmOrbr513m6JKaThG+8sZSN70fZ/TbqGJlWPRcwzCWJFnfFTTLxK
1XSjbunSzf7RA6nrN+ns1AVcnoTn1iDWwrt2HHX7UbG1WEZVbs5+NXaPqsxcg7JC
j5rfihiv6LyvK9cJUqb55AxYl3FFP85lEEXCKvKzqCaexBgMZ3EpQqLOlOEhFK8e
1J/m1xEaNCOXVv1XrxXsz4j4nAiJyFLBa2BNqNm6QQqoDu0Ql0Wd54Q4BMR1t85X
IwOeb7TinVlSOruxbYwAMIy1zc6+C3znuHH/9ULmkcbEMCF6
-----END CERTIFICATE-----
Generated at Mon Sep 8 12:06:11 2025 by rpki-client