Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/408fc879-4db9-446c-bdb3-37bf4ee28c97.roa
File: 408fc879-4db9-446c-bdb3-37bf4ee28c97.roa (raw, json)
Hash identifier: j3Txv9SPP9zc/XIZbU4pxu/Efzb+MAthnH6NGB8VBHA=
Subject key identifier: 8E:DC:14:4A:03:D6:4A:90:03:76:24:E1:88:D0:B7:F2:1B:25:8B:B7
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 6CF8198B9B4587EB0BA3F62C0D3107B5ECC3E93D
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/408fc879-4db9-446c-bdb3-37bf4ee28c97.roa
Signing time: Mon 01 Sep 2025 20:40:56 +0000
ROA not before: Mon 01 Sep 2025 20:40:56 +0000
ROA not after: Mon 06 Oct 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d07a:a000::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 09 Sep 2025 10:00:23 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
6c:f8:19:8b:9b:45:87:eb:0b:a3:f6:2c:0d:31:07:b5:ec:c3:e9:3d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Sep 1 20:40:56 2025 GMT
Not After : Oct 6 23:59:59 2025 GMT
Subject: serialNumber=43ea666b60523627e70f0ed3db23da238b3cc43f9a7a7e861eb44921e408a7b8, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a8:9b:a7:27:df:24:20:7a:1b:b0:96:28:ac:5e:
b1:35:68:45:21:c7:31:fd:a1:39:35:02:2a:8f:75:
bb:b6:31:06:c5:3a:59:b1:c8:56:aa:27:41:6e:b0:
bf:bd:13:e3:cc:59:be:d9:7c:72:c0:17:c5:3d:db:
01:02:3e:e5:1c:4d:e3:c2:4f:7e:84:3d:bf:17:07:
13:86:d5:f1:cf:2d:94:d6:e0:67:a6:c9:a5:4e:be:
1a:2f:5b:4e:a4:67:2f:36:62:6d:96:97:4d:76:68:
65:f8:ea:ba:de:dd:78:0a:08:0f:c7:0e:5d:49:cb:
8d:03:31:aa:fe:e3:e0:e4:ae:ca:dd:02:83:35:b9:
4d:5e:8f:9a:f1:25:79:37:ff:05:ce:fd:21:d4:37:
06:42:c0:0d:04:4f:a3:3a:78:73:94:2e:ff:17:16:
22:9f:f6:bd:9e:e4:09:cf:53:04:5a:b2:60:cf:68:
bf:98:86:14:18:ea:e1:9e:b8:39:72:6b:7e:63:cd:
e4:b2:a1:c2:a4:f9:9b:b3:00:50:a1:67:23:20:ae:
84:da:9c:77:9e:16:ee:35:3d:6f:89:e2:f0:a7:87:
34:a4:cf:9e:2a:d3:a0:2c:e8:28:bc:ec:a4:b6:c6:
a0:fc:d0:05:ad:e9:c7:06:02:1a:3c:55:81:51:09:
a0:a7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8E:DC:14:4A:03:D6:4A:90:03:76:24:E1:88:D0:B7:F2:1B:25:8B:B7
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/408fc879-4db9-446c-bdb3-37bf4ee28c97.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d07a:a000::/40
Signature Algorithm: sha256WithRSAEncryption
67:da:b1:ab:b4:9d:f6:c9:67:da:c5:7d:dd:07:9e:fa:7c:91:
5d:83:cb:bb:e4:74:c0:f7:10:99:2f:24:98:d6:15:bd:28:7b:
db:dd:c7:50:d3:7e:8d:6e:64:eb:b0:b0:03:cc:73:01:76:d8:
16:46:80:16:af:8b:89:4e:ae:43:17:20:20:06:8a:29:cb:cc:
c9:e9:50:41:53:f1:f8:2c:58:58:98:4a:38:7f:0d:11:df:51:
7c:d5:17:82:a4:2f:36:81:8e:23:1b:f3:c9:0d:a9:f1:9b:a4:
bd:37:c6:bb:cc:0b:00:8b:fe:e1:a5:bb:b8:28:67:52:3f:17:
54:f3:a7:9c:dc:e5:aa:d0:af:14:ec:0d:eb:b1:36:91:38:a4:
9c:fd:21:82:5c:61:42:cd:18:3f:2e:ce:cb:44:76:91:92:1a:
7b:a6:b3:d1:a2:3a:e8:10:de:20:00:00:ea:6d:cd:e5:5d:6b:
37:d4:31:6c:2e:6d:98:54:88:bd:d7:5b:b2:da:83:76:6d:0c:
1c:da:42:23:3c:eb:b6:47:60:60:ef:ed:c3:23:f7:28:96:6e:
21:32:67:15:4d:32:93:7e:f3:aa:ac:b0:72:ae:a2:86:58:fe:
c9:4f:ee:ff:11:12:90:57:02:32:f1:cc:da:25:8e:a4:23:2a:
f0:a1:e5:ca
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUbPgZi5tFh+sLo/YsDTEHtezD6T0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MDEyMDQwNTZaFw0yNTEwMDYyMzU5NTlaMHoxSTBHBgNV
BAUTQDQzZWE2NjZiNjA1MjM2MjdlNzBmMGVkM2RiMjNkYTIzOGIzY2M0M2Y5YTdh
N2U4NjFlYjQ0OTIxZTQwOGE3YjgxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKibpyffJCB6G7CWKKxesTVoRSHHMf2hOTUCKo91u7YxBsU6WbHIVqonQW6w
v70T48xZvtl8csAXxT3bAQI+5RxN48JPfoQ9vxcHE4bV8c8tlNbgZ6bJpU6+Gi9b
TqRnLzZibZaXTXZoZfjqut7deAoID8cOXUnLjQMxqv7j4OSuyt0CgzW5TV6PmvEl
eTf/Bc79IdQ3BkLADQRPozp4c5Qu/xcWIp/2vZ7kCc9TBFqyYM9ov5iGFBjq4Z64
OXJrfmPN5LKhwqT5m7MAUKFnIyCuhNqcd54W7jU9b4ni8KeHNKTPnirToCzoKLzs
pLbGoPzQBa3pxwYCGjxVgVEJoKcCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBSO3BRK
A9ZKkAN2JOGI0LfyGyWLtzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NDA4ZmM4NzktNGRiOS00NDZjLWJkYjMtMzdiZjRlZTI4Yzk3LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0Hqg
MA0GCSqGSIb3DQEBCwUAA4IBAQBn2rGrtJ32yWfaxX3dB576fJFdg8u75HTA9xCZ
LySY1hW9KHvb3cdQ036NbmTrsLADzHMBdtgWRoAWr4uJTq5DFyAgBoopy8zJ6VBB
U/H4LFhYmEo4fw0R31F81ReCpC82gY4jG/PJDanxm6S9N8a7zAsAi/7hpbu4KGdS
PxdU86ec3OWq0K8U7A3rsTaROKSc/SGCXGFCzRg/Ls7LRHaRkhp7prPRojroEN4g
AADqbc3lXWs31DFsLm2YVIi911uy2oN2bQwc2kIjPOu2R2Bg7+3DI/colm4hMmcV
TTKTfvOqrLByrqKGWP7JT+7/ERKQVwIy8czaJY6kIyrwoeXK
-----END CERTIFICATE-----
Generated at Mon Sep 8 12:18:35 2025 by rpki-client