Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/431d8e22-a384-419e-9218-32a80c0ce0e3.roa
File: 431d8e22-a384-419e-9218-32a80c0ce0e3.roa (raw, json)
Hash identifier: DgDTViCfgUHp6nlTPBm8v4YsMZapY3CxdaZL+iNTJ7I=
Subject key identifier: 11:EE:EC:05:DE:8D:C7:1B:30:6A:2A:5F:69:C2:96:B9:A2:92:50:E0
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 3D2AE5EC6689018170B39DA330B63C957DA6FD03
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/431d8e22-a384-419e-9218-32a80c0ce0e3.roa
Signing time: Mon 25 Aug 2025 19:00:21 +0000
ROA not before: Mon 25 Aug 2025 19:00:21 +0000
ROA not after: Mon 29 Sep 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d076:e000::/40 maxlen: 40
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 09 Sep 2025 10:00:23 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
3d:2a:e5:ec:66:89:01:81:70:b3:9d:a3:30:b6:3c:95:7d:a6:fd:03
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Aug 25 19:00:21 2025 GMT
Not After : Sep 29 23:59:59 2025 GMT
Subject: serialNumber=64a58c6406a63bf406b23ec24c4395820dc6051e76a5338a0ec4bdda55658b64, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b8:49:56:31:af:ff:49:ab:52:4e:3d:af:c4:5d:
7f:2e:3f:a9:fe:19:7a:b8:61:0a:07:74:5a:d5:7c:
7b:30:a9:d2:bb:d3:42:f3:aa:75:f7:48:89:7a:c7:
2d:03:97:36:04:27:8b:f8:e8:10:fe:84:a3:92:a0:
0c:62:1e:3e:d1:dc:8f:3d:af:cd:48:8a:69:f0:2f:
0d:51:7a:ad:47:49:0a:85:8c:5b:20:69:63:d9:2b:
60:42:a3:43:30:f2:21:2f:c3:cb:6c:df:c8:54:99:
4d:61:dd:45:03:81:0f:10:0d:ac:39:54:cc:83:83:
3e:8d:e4:9e:08:f6:1a:ae:e1:49:bf:a7:1c:79:0c:
09:16:07:b1:cb:e5:d8:51:67:02:bf:da:51:17:28:
ae:b3:2b:f0:53:39:b7:a2:a3:38:f9:e2:f9:f3:36:
3b:9d:19:0e:90:08:c1:65:8a:e7:f0:ee:82:be:28:
72:e8:a5:b3:61:12:b3:c0:5d:de:1d:fd:83:60:10:
e7:8e:fa:72:28:45:98:d2:76:a3:57:d2:fb:8e:9f:
77:fb:23:ce:36:e7:90:18:c6:1d:3a:15:24:f4:c5:
f0:94:7a:f8:51:61:d7:04:72:ba:a9:ef:96:9f:b4:
ec:b9:7d:20:3f:b5:a2:80:75:16:b4:00:1f:e5:98:
1b:83
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
11:EE:EC:05:DE:8D:C7:1B:30:6A:2A:5F:69:C2:96:B9:A2:92:50:E0
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/431d8e22-a384-419e-9218-32a80c0ce0e3.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d076:e000::/40
Signature Algorithm: sha256WithRSAEncryption
a0:2f:05:28:05:52:09:4a:dd:83:5e:de:5f:5f:5a:87:6a:76:
0d:9a:bf:7e:fa:27:7c:33:36:5f:12:1b:26:b6:09:42:30:d5:
e1:e4:22:c9:90:d4:35:b4:87:c3:55:ec:56:8e:4d:09:95:cc:
28:65:29:ed:c6:58:01:a7:05:79:57:42:56:a9:39:d6:76:c4:
27:84:17:0e:f7:85:8d:ac:34:31:51:cb:4f:0b:cf:d6:71:3d:
eb:f1:00:50:43:35:5f:ac:6c:91:0a:9c:9b:11:3e:ce:fa:b9:
0e:c2:cf:c5:97:ba:f7:cf:a6:f1:db:64:db:23:a7:59:99:c6:
91:b9:bd:9f:43:30:b4:a4:ca:fb:1c:18:b4:ff:4b:71:b1:4e:
bf:67:a9:38:05:c8:e2:25:9a:09:c2:dd:38:60:82:cb:63:3e:
63:8b:22:55:b1:68:22:0b:e3:e0:73:8c:f8:bd:6d:db:2e:57:
a8:40:69:f5:00:0f:da:e8:b7:41:22:10:3c:e9:dd:a8:3c:b6:
80:31:bc:38:65:b2:56:04:d1:8d:4b:a8:cc:c2:02:e3:f5:88:
b9:7c:77:78:cf:b4:8c:86:55:1d:14:b9:58:17:d7:6e:7b:27:
60:4e:d0:26:97:4d:f7:24:ae:89:82:21:f4:e3:6f:5c:c3:36:
bb:10:9b:12
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUPSrl7GaJAYFws52jMLY8lX2m/QMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA4MjUxOTAwMjFaFw0yNTA5MjkyMzU5NTlaMHoxSTBHBgNV
BAUTQDY0YTU4YzY0MDZhNjNiZjQwNmIyM2VjMjRjNDM5NTgyMGRjNjA1MWU3NmE1
MzM4YTBlYzRiZGRhNTU2NThiNjQxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALhJVjGv/0mrUk49r8Rdfy4/qf4ZerhhCgd0WtV8ezCp0rvTQvOqdfdIiXrH
LQOXNgQni/joEP6Eo5KgDGIePtHcjz2vzUiKafAvDVF6rUdJCoWMWyBpY9krYEKj
QzDyIS/Dy2zfyFSZTWHdRQOBDxANrDlUzIODPo3kngj2Gq7hSb+nHHkMCRYHscvl
2FFnAr/aURcorrMr8FM5t6KjOPni+fM2O50ZDpAIwWWK5/Dugr4ocuils2ESs8Bd
3h39g2AQ5476cihFmNJ2o1fS+46fd/sjzjbnkBjGHToVJPTF8JR6+FFh1wRyuqnv
lp+07Ll9ID+1ooB1FrQAH+WYG4MCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBQR7uwF
3o3HGzBqKl9pwpa5opJQ4DAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NDMxZDhlMjItYTM4NC00MTllLTkyMTgtMzJhODBjMGNlMGUzLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0Hbg
MA0GCSqGSIb3DQEBCwUAA4IBAQCgLwUoBVIJSt2DXt5fX1qHanYNmr9++id8MzZf
EhsmtglCMNXh5CLJkNQ1tIfDVexWjk0JlcwoZSntxlgBpwV5V0JWqTnWdsQnhBcO
94WNrDQxUctPC8/WcT3r8QBQQzVfrGyRCpybET7O+rkOws/Fl7r3z6bx22TbI6dZ
mcaRub2fQzC0pMr7HBi0/0txsU6/Z6k4BcjiJZoJwt04YILLYz5jiyJVsWgiC+Pg
c4z4vW3bLleoQGn1AA/a6LdBIhA86d2oPLaAMbw4ZbJWBNGNS6jMwgLj9Yi5fHd4
z7SMhlUdFLlYF9dueydgTtAml033JK6JgiH0429cwza7EJsS
-----END CERTIFICATE-----
Generated at Mon Sep 8 12:12:46 2025 by rpki-client