Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/3bde61a2-7506-48c2-8365-3447411d858e.roa
File: 3bde61a2-7506-48c2-8365-3447411d858e.roa (raw, json)
Hash identifier: 7JZ+pooC8pFEmZYGN15sLIG1c8RpGgIw2tiJSG4n1Ds=
Subject key identifier: 5B:4F:06:AC:9A:67:42:7E:CF:08:C2:A5:4C:CA:1C:94:82:26:9C:57
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 3550491016A8EFC60907953F127B5ECD95371CE5
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/3bde61a2-7506-48c2-8365-3447411d858e.roa
Signing time: Mon 01 Sep 2025 20:51:24 +0000
ROA not before: Mon 01 Sep 2025 20:51:24 +0000
ROA not after: Mon 06 Oct 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d050:5000::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 09 Sep 2025 10:00:23 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
35:50:49:10:16:a8:ef:c6:09:07:95:3f:12:7b:5e:cd:95:37:1c:e5
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Sep 1 20:51:24 2025 GMT
Not After : Oct 6 23:59:59 2025 GMT
Subject: serialNumber=c7f12897ac3a76e97eb77defc4c3162fbaeeacb57b3ea55d65c79ed984e57977, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e5:4f:e6:5f:9b:b8:63:b1:61:0b:d6:4b:c9:ba:
5f:ca:d1:67:a1:55:6f:8d:a6:ab:6e:8f:89:81:2a:
0b:e0:b4:23:71:f8:e1:ea:bf:6e:84:a5:8c:85:3c:
0c:43:09:91:0b:47:de:9b:e9:76:23:73:c1:85:08:
1c:01:78:94:0b:86:4c:0d:21:5f:b0:1c:05:bc:d8:
42:7b:9f:02:ab:76:a7:6c:54:e4:67:98:32:50:da:
9d:36:bc:87:e8:02:b9:e8:33:c3:1d:fc:c3:cc:b3:
b7:40:e6:f7:c9:6e:e5:ef:eb:e0:a9:89:21:74:f4:
b5:5d:b6:51:75:cf:37:f0:ba:ae:2e:3c:46:f2:c6:
6a:58:72:bb:c6:89:fe:6d:ba:60:8f:7a:2e:60:d1:
e3:7a:15:21:2f:93:45:24:da:a3:a5:4c:e5:92:37:
c6:c9:3a:7a:0f:f3:70:b3:ce:ab:81:3a:73:99:5c:
20:51:ec:ef:d3:27:d7:3f:fb:39:60:75:1e:2d:89:
9f:76:ff:78:92:ee:c5:88:48:3a:4d:c4:28:66:1e:
d3:53:5d:da:a1:89:8f:aa:b6:21:30:9d:46:2a:6a:
14:ea:ac:b8:3f:2c:c6:4a:4f:f6:c2:f3:ad:19:f0:
4e:e1:ae:ac:39:04:82:0b:50:6c:4a:89:bc:b6:26:
6b:25
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5B:4F:06:AC:9A:67:42:7E:CF:08:C2:A5:4C:CA:1C:94:82:26:9C:57
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/3bde61a2-7506-48c2-8365-3447411d858e.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d050:5000::/40
Signature Algorithm: sha256WithRSAEncryption
9d:52:67:b1:a7:fe:38:5e:55:75:e5:8b:00:8c:0c:94:7b:b3:
cb:99:46:5e:f1:99:86:e5:35:d4:be:ea:ef:77:3a:e3:e6:b2:
0d:f0:b7:cd:3f:2e:1f:02:37:83:78:35:c9:90:97:0d:dc:5a:
40:aa:b2:3c:4b:0c:33:14:1f:10:ad:56:b5:41:65:be:d4:c9:
58:4c:c3:97:1e:8d:8c:ee:21:d5:8d:bd:b6:1d:2f:b2:d3:7f:
c1:8f:a7:3f:6d:9c:2f:e9:17:e2:f8:a5:19:7e:7e:69:35:8a:
f0:f8:8d:0b:4f:c0:7d:65:51:45:43:b6:4e:cf:c4:74:8a:c7:
79:40:22:92:f2:4b:0a:d5:e3:03:0c:ab:5b:e4:0b:71:70:32:
70:16:bc:3f:d7:9d:28:f6:a7:93:4c:05:3e:cb:df:c5:a1:08:
e5:d3:a7:ee:04:39:66:17:e3:c6:19:76:72:88:af:a0:ac:bb:
a1:b6:43:44:40:12:d0:36:db:45:6c:d8:19:ea:1c:63:ad:6f:
7f:be:71:62:8b:cc:d8:a8:f6:81:59:78:02:36:c2:66:0f:48:
25:42:33:e3:c4:1a:e0:f4:a8:1c:cd:37:24:36:b5:87:97:7f:
4d:bc:a8:df:c5:1d:57:a7:c5:9f:fe:cc:18:b4:3f:09:98:1e:
a5:79:c0:e4
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUNVBJEBao78YJB5U/EntezZU3HOUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MDEyMDUxMjRaFw0yNTEwMDYyMzU5NTlaMHoxSTBHBgNV
BAUTQGM3ZjEyODk3YWMzYTc2ZTk3ZWI3N2RlZmM0YzMxNjJmYmFlZWFjYjU3YjNl
YTU1ZDY1Yzc5ZWQ5ODRlNTc5NzcxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAOVP5l+buGOxYQvWS8m6X8rRZ6FVb42mq26PiYEqC+C0I3H44eq/boSljIU8
DEMJkQtH3pvpdiNzwYUIHAF4lAuGTA0hX7AcBbzYQnufAqt2p2xU5GeYMlDanTa8
h+gCuegzwx38w8yzt0Dm98lu5e/r4KmJIXT0tV22UXXPN/C6ri48RvLGalhyu8aJ
/m26YI96LmDR43oVIS+TRSTao6VM5ZI3xsk6eg/zcLPOq4E6c5lcIFHs79Mn1z/7
OWB1Hi2Jn3b/eJLuxYhIOk3EKGYe01Nd2qGJj6q2ITCdRipqFOqsuD8sxkpP9sLz
rRnwTuGurDkEggtQbEqJvLYmayUCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBRbTwas
mmdCfs8IwqVMyhyUgiacVzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
M2JkZTYxYTItNzUwNi00OGMyLTgzNjUtMzQ0NzQxMWQ4NThlLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0FBQ
MA0GCSqGSIb3DQEBCwUAA4IBAQCdUmexp/44XlV15YsAjAyUe7PLmUZe8ZmG5TXU
vurvdzrj5rIN8LfNPy4fAjeDeDXJkJcN3FpAqrI8SwwzFB8QrVa1QWW+1MlYTMOX
Ho2M7iHVjb22HS+y03/Bj6c/bZwv6Rfi+KUZfn5pNYrw+I0LT8B9ZVFFQ7ZOz8R0
isd5QCKS8ksK1eMDDKtb5AtxcDJwFrw/150o9qeTTAU+y9/FoQjl06fuBDlmF+PG
GXZyiK+grLuhtkNEQBLQNttFbNgZ6hxjrW9/vnFii8zYqPaBWXgCNsJmD0glQjPj
xBrg9KgczTckNrWHl39NvKjfxR1Xp8Wf/swYtD8JmB6lecDk
-----END CERTIFICATE-----
Generated at Mon Sep 8 12:16:57 2025 by rpki-client