Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/3c7c4703-2876-4e04-b857-8c0298bd0897.roa
File: 3c7c4703-2876-4e04-b857-8c0298bd0897.roa (raw, json)
Hash identifier: Kkk5tZlQjdG32lQrPMh3PXeZrppv0+4EPO+YY6mrYKc=
Subject key identifier: AB:2D:F2:72:DC:14:ED:24:3D:FD:CA:B4:62:8D:80:E2:5E:F0:13:DE
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 60BEB118C6E43C01D7F4CF8505ED77A6126135F8
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/3c7c4703-2876-4e04-b857-8c0298bd0897.roa
Signing time: Mon 01 Sep 2025 19:51:12 +0000
ROA not before: Mon 01 Sep 2025 19:51:12 +0000
ROA not after: Mon 06 Oct 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d07f:b000::/40 maxlen: 40
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 09 Sep 2025 10:00:23 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
60:be:b1:18:c6:e4:3c:01:d7:f4:cf:85:05:ed:77:a6:12:61:35:f8
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Sep 1 19:51:12 2025 GMT
Not After : Oct 6 23:59:59 2025 GMT
Subject: serialNumber=e0a7865f65060f248bea7c11304b5ee06e8355fc02fa0f644eff24aba8d7a17e, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a0:0b:69:be:3a:ae:75:cb:84:17:1c:d5:ad:24:
1f:47:52:d3:f4:05:99:4a:93:fb:11:6b:e1:a5:89:
ea:4b:04:3c:39:a8:1f:f6:fb:29:76:c4:e2:86:09:
dc:67:c3:84:41:94:ad:9b:08:7e:63:35:96:9d:65:
98:c0:93:09:ff:2e:3a:76:84:81:7d:6a:df:45:af:
d4:7e:96:9a:0f:ef:60:09:11:2a:7d:42:c0:9a:48:
67:b5:2e:1a:ee:e2:4c:0f:29:00:1d:5c:81:c0:c7:
8d:23:83:df:ec:16:ea:31:bd:67:90:49:37:e0:af:
27:92:16:b4:99:5a:d4:7a:f8:4c:e0:78:a7:66:4b:
ac:94:c8:42:42:7f:ec:24:f5:7f:42:8d:66:fc:42:
44:aa:9d:a2:04:3c:05:09:bf:05:bf:f9:c6:a9:5d:
8d:45:c8:08:61:50:ba:69:04:2c:78:a7:56:c0:a1:
57:85:62:84:cb:d4:5f:9d:01:b6:6c:80:a1:45:09:
79:5c:d4:84:b9:61:cb:b1:71:e3:c5:0b:c0:68:8f:
2c:e4:95:ee:bf:e0:be:20:28:16:0a:27:eb:32:8a:
f1:6f:e5:39:53:eb:e9:20:a9:f3:b0:06:73:33:43:
6e:60:9d:73:7f:a4:72:dc:91:0c:3e:ef:15:6e:95:
a7:9b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AB:2D:F2:72:DC:14:ED:24:3D:FD:CA:B4:62:8D:80:E2:5E:F0:13:DE
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/3c7c4703-2876-4e04-b857-8c0298bd0897.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d07f:b000::/40
Signature Algorithm: sha256WithRSAEncryption
7c:32:bb:13:af:78:73:25:9b:fd:35:ca:10:7e:41:e9:98:8c:
2b:55:4b:cc:be:d3:60:ae:6e:19:c1:46:1f:b7:46:10:cd:36:
1b:1e:fc:0f:f5:f0:97:e0:df:2d:5a:cb:72:c7:85:03:b3:a1:
69:23:04:03:cd:17:d2:14:03:69:60:b0:13:f0:4f:f2:21:2f:
0b:aa:8f:c9:18:ed:05:93:d1:30:3d:20:84:1b:c7:23:a1:14:
00:7f:3b:14:a2:f3:4c:21:c2:5d:36:3e:b5:91:0e:ae:ba:c1:
90:de:21:7b:d3:ab:c2:82:13:e7:5d:22:64:4c:d5:21:d7:a9:
fd:c8:3a:22:32:05:74:22:ec:5c:da:5d:98:d3:ed:ef:9e:ce:
fc:24:ee:00:67:bd:aa:69:9e:33:df:a9:b2:ab:ee:62:c5:19:
b8:11:92:08:ad:72:ff:8d:18:0e:1c:46:93:bd:7f:18:4f:cc:
66:a3:7c:d2:62:87:af:e4:10:05:bf:1f:c3:30:05:17:31:b2:
60:80:23:b1:b2:ce:8d:fa:c5:3e:42:c2:cb:7b:1e:2d:ee:18:
99:6c:52:e1:c9:ec:fb:8c:22:bb:d5:1e:9c:ec:91:ce:c3:41:
36:be:6f:ad:29:a2:64:f1:8f:6e:30:72:d0:bb:89:85:a1:dd:
b8:97:cf:c5
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUYL6xGMbkPAHX9M+FBe13phJhNfgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MDExOTUxMTJaFw0yNTEwMDYyMzU5NTlaMHoxSTBHBgNV
BAUTQGUwYTc4NjVmNjUwNjBmMjQ4YmVhN2MxMTMwNGI1ZWUwNmU4MzU1ZmMwMmZh
MGY2NDRlZmYyNGFiYThkN2ExN2UxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKALab46rnXLhBcc1a0kH0dS0/QFmUqT+xFr4aWJ6ksEPDmoH/b7KXbE4oYJ
3GfDhEGUrZsIfmM1lp1lmMCTCf8uOnaEgX1q30Wv1H6Wmg/vYAkRKn1CwJpIZ7Uu
Gu7iTA8pAB1cgcDHjSOD3+wW6jG9Z5BJN+CvJ5IWtJla1Hr4TOB4p2ZLrJTIQkJ/
7CT1f0KNZvxCRKqdogQ8BQm/Bb/5xqldjUXICGFQumkELHinVsChV4VihMvUX50B
tmyAoUUJeVzUhLlhy7Fx48ULwGiPLOSV7r/gviAoFgon6zKK8W/lOVPr6SCp87AG
czNDbmCdc3+kctyRDD7vFW6Vp5sCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBSrLfJy
3BTtJD39yrRijYDiXvAT3jAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
M2M3YzQ3MDMtMjg3Ni00ZTA0LWI4NTctOGMwMjk4YmQwODk3LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0H+w
MA0GCSqGSIb3DQEBCwUAA4IBAQB8MrsTr3hzJZv9NcoQfkHpmIwrVUvMvtNgrm4Z
wUYft0YQzTYbHvwP9fCX4N8tWstyx4UDs6FpIwQDzRfSFANpYLAT8E/yIS8Lqo/J
GO0Fk9EwPSCEG8cjoRQAfzsUovNMIcJdNj61kQ6uusGQ3iF706vCghPnXSJkTNUh
16n9yDoiMgV0Iuxc2l2Y0+3vns78JO4AZ72qaZ4z36myq+5ixRm4EZIIrXL/jRgO
HEaTvX8YT8xmo3zSYoev5BAFvx/DMAUXMbJggCOxss6N+sU+QsLLex4t7hiZbFLh
yez7jCK71R6c7JHOw0E2vm+tKaJk8Y9uMHLQu4mFod24l8/F
-----END CERTIFICATE-----
Generated at Mon Sep 8 12:09:28 2025 by rpki-client