Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/404ef1af-e052-41b8-a0bf-70e3fa0aa052.roa
File: 404ef1af-e052-41b8-a0bf-70e3fa0aa052.roa (raw, json)
Hash identifier: Vwo4IrcJZqElc8VvQYXzzt74kuBuANv1nCZwy0vaJy8=
Subject key identifier: FD:DD:A0:B2:F4:7B:E8:8F:8A:35:2D:52:73:5B:76:FC:EF:DA:35:1D
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 4035A92FFB73238F447E9CD091BE95595BE6B5E4
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/404ef1af-e052-41b8-a0bf-70e3fa0aa052.roa
Signing time: Mon 01 Sep 2025 21:21:11 +0000
ROA not before: Mon 01 Sep 2025 21:21:11 +0000
ROA not after: Mon 06 Oct 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d017::/36 maxlen: 36
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 09 Sep 2025 10:00:23 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
40:35:a9:2f:fb:73:23:8f:44:7e:9c:d0:91:be:95:59:5b:e6:b5:e4
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Sep 1 21:21:11 2025 GMT
Not After : Oct 6 23:59:59 2025 GMT
Subject: serialNumber=c2fb6a3b63dfce401e903ad7eae84e9482bb0ec2ca0d6ac6bc1f408905031086, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9a:d8:65:d1:61:d4:88:b8:77:5e:ee:61:bb:4e:
5b:b9:4b:30:aa:7d:98:5e:ba:15:60:71:dd:e8:30:
35:26:6c:3b:f0:07:72:15:08:0c:2c:e9:ad:fa:47:
47:81:87:8a:a2:f3:ca:59:7e:cd:fa:1a:1f:3f:e4:
fa:15:c8:34:32:4e:84:63:7c:ab:4f:dc:ba:4d:94:
59:85:24:c4:0e:ab:72:dd:d0:60:81:ba:c8:4b:ba:
98:c4:1c:f0:83:5c:d8:4a:21:82:98:e8:be:ff:e8:
00:3b:94:7b:8e:97:4c:9a:3b:97:9e:cf:92:64:c1:
57:f3:bb:d8:7b:00:f0:d6:a2:df:f0:be:c1:f1:5a:
7e:6e:7e:39:3b:24:6f:cf:e7:7f:db:1a:62:54:14:
93:5f:5d:f4:df:ff:3c:08:dd:f1:4b:f1:2d:f7:91:
f3:5b:1e:c2:c3:83:57:a0:6a:a8:3e:81:4e:2b:b1:
6d:db:33:2e:9f:48:f7:1e:39:5e:d7:f5:e0:0a:fd:
51:60:80:93:b2:5e:f1:4b:01:4d:61:bc:ec:c6:e6:
bc:0a:93:2a:3f:8b:45:59:9b:03:16:12:7c:f9:e9:
2b:e5:b3:44:d2:52:6e:a3:5a:a3:f4:60:16:fd:e1:
92:4e:7e:6f:0d:0e:18:27:e8:56:83:4c:a9:f0:7c:
b8:0d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FD:DD:A0:B2:F4:7B:E8:8F:8A:35:2D:52:73:5B:76:FC:EF:DA:35:1D
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/404ef1af-e052-41b8-a0bf-70e3fa0aa052.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d017::/36
Signature Algorithm: sha256WithRSAEncryption
a6:d8:91:18:d5:15:1b:1b:ff:e1:d8:20:71:3a:d6:f1:f0:15:
e1:33:00:a3:ed:f1:2c:59:67:97:cf:ab:af:12:2e:53:e4:d8:
2c:f7:29:f9:7f:0e:f1:aa:12:16:9c:6b:a6:bd:d0:aa:93:29:
8a:ce:5a:a0:b3:7d:dd:a8:e4:ab:af:c0:af:ae:8f:f4:e0:07:
6e:ee:e2:7e:90:2a:72:cd:0c:fd:11:9b:5e:75:45:65:76:5d:
93:b6:25:69:5e:d6:69:16:52:0b:1e:19:40:f6:89:46:f4:9c:
86:9b:a5:70:71:15:68:df:77:19:c1:f2:13:1a:a1:41:3d:19:
97:b9:83:d8:94:1a:e0:8e:cd:f2:2f:37:47:1b:06:e3:ff:24:
15:be:e8:d3:f9:55:b9:16:3c:2f:13:5d:d3:6d:9a:5e:49:14:
c7:dd:9b:09:7a:4b:c2:18:03:b6:6b:dc:42:55:77:a0:cb:eb:
96:c7:8c:60:a7:1b:9f:58:8b:fb:0b:15:b1:86:85:57:88:f8:
c8:a9:ae:66:54:2d:65:b7:3a:37:85:05:bb:f2:07:8e:dc:b6:
c9:3b:81:25:c3:b1:b4:43:d7:11:ab:a0:14:4a:3f:5c:d3:37:
9f:cf:2d:db:07:de:ce:25:95:59:39:e2:41:03:fb:41:09:57:
ea:3c:d8:07
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUQDWpL/tzI49EfpzQkb6VWVvmteQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MDEyMTIxMTFaFw0yNTEwMDYyMzU5NTlaMHoxSTBHBgNV
BAUTQGMyZmI2YTNiNjNkZmNlNDAxZTkwM2FkN2VhZTg0ZTk0ODJiYjBlYzJjYTBk
NmFjNmJjMWY0MDg5MDUwMzEwODYxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJrYZdFh1Ii4d17uYbtOW7lLMKp9mF66FWBx3egwNSZsO/AHchUIDCzprfpH
R4GHiqLzyll+zfoaHz/k+hXINDJOhGN8q0/cuk2UWYUkxA6rct3QYIG6yEu6mMQc
8INc2Eohgpjovv/oADuUe46XTJo7l57PkmTBV/O72HsA8Nai3/C+wfFafm5+OTsk
b8/nf9saYlQUk19d9N//PAjd8UvxLfeR81sewsODV6BqqD6BTiuxbdszLp9I9x45
Xtf14Ar9UWCAk7Je8UsBTWG87MbmvAqTKj+LRVmbAxYSfPnpK+WzRNJSbqNao/Rg
Fv3hkk5+bw0OGCfoVoNMqfB8uA0CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBT93aCy
9Hvoj4o1LVJzW3b879o1HTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NDA0ZWYxYWYtZTA1Mi00MWI4LWEwYmYtNzBlM2ZhMGFhMDUyLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGBCoF0BcA
MA0GCSqGSIb3DQEBCwUAA4IBAQCm2JEY1RUbG//h2CBxOtbx8BXhMwCj7fEsWWeX
z6uvEi5T5Ngs9yn5fw7xqhIWnGumvdCqkymKzlqgs33dqOSrr8Cvro/04Adu7uJ+
kCpyzQz9EZtedUVldl2TtiVpXtZpFlILHhlA9olG9JyGm6VwcRVo33cZwfITGqFB
PRmXuYPYlBrgjs3yLzdHGwbj/yQVvujT+VW5FjwvE13TbZpeSRTH3ZsJekvCGAO2
a9xCVXegy+uWx4xgpxufWIv7CxWxhoVXiPjIqa5mVC1ltzo3hQW78geO3LbJO4El
w7G0Q9cRq6AUSj9c0zefzy3bB97OJZVZOeJBA/tBCVfqPNgH
-----END CERTIFICATE-----
Generated at Mon Sep 8 12:08:20 2025 by rpki-client