Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/44d8b686-7db5-4309-8f09-3af611be3753.roa
File: 44d8b686-7db5-4309-8f09-3af611be3753.roa (raw, json)
Hash identifier: f9u9hDEq4M3iLnWO+LtXiZbnMJZMeuPCJHkq5POrNOw=
Subject key identifier: 3B:75:6C:BC:88:70:E8:64:E8:69:8F:FF:83:5E:B8:C5:9A:86:66:8C
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 52EF823AEF1EC0B314E8E48CBFCF654A815C0124
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/44d8b686-7db5-4309-8f09-3af611be3753.roa
Signing time: Mon 01 Sep 2025 20:31:07 +0000
ROA not before: Mon 01 Sep 2025 20:31:07 +0000
ROA not after: Mon 06 Oct 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d07a:c000::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 09 Sep 2025 10:00:23 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
52:ef:82:3a:ef:1e:c0:b3:14:e8:e4:8c:bf:cf:65:4a:81:5c:01:24
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Sep 1 20:31:07 2025 GMT
Not After : Oct 6 23:59:59 2025 GMT
Subject: serialNumber=ae4e6022156c374f023cb382f609b025a0ffc5d305add6136569d3c5d79b235c, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e3:09:99:64:9b:54:bc:23:a2:16:b6:04:48:78:
a3:ce:8a:2a:04:4f:51:31:01:68:68:67:ab:72:43:
10:5c:95:55:31:09:3b:3e:6d:b2:9e:86:3d:79:e3:
f6:39:f4:c8:77:10:b2:b5:ae:2c:d2:64:4f:3c:d3:
a7:c6:7f:e1:78:c4:ea:b4:f9:c9:85:39:e9:b3:75:
94:5b:c4:e2:8d:40:f4:4f:fc:5f:90:d3:86:16:26:
1b:57:bc:f0:6b:36:b4:f8:54:e5:97:9c:79:31:e5:
cb:2d:e2:aa:37:95:32:e1:e2:19:44:d3:e0:b2:6e:
a8:b6:ae:ac:5f:99:63:7c:be:99:9f:e0:71:ee:17:
02:23:9c:7a:3d:ea:15:52:d3:e4:cc:ad:e7:32:a9:
aa:1f:2a:a6:93:86:5e:3b:6c:c9:9c:0b:2a:16:5b:
0b:98:72:dc:0d:7e:04:70:9b:8d:4e:d2:77:72:f9:
d6:ec:f3:c9:b0:c6:bc:62:29:30:39:fa:5d:da:18:
09:47:f0:5d:1a:27:1a:7f:cd:ef:05:29:85:58:d7:
1e:fc:b5:61:68:61:c9:45:4e:7c:9e:9e:31:95:62:
76:af:6b:82:ce:c9:2c:33:c8:a3:86:6a:c8:92:cd:
c8:d8:41:70:86:64:45:9b:63:6a:21:69:41:46:96:
b1:a7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3B:75:6C:BC:88:70:E8:64:E8:69:8F:FF:83:5E:B8:C5:9A:86:66:8C
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/44d8b686-7db5-4309-8f09-3af611be3753.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d07a:c000::/40
Signature Algorithm: sha256WithRSAEncryption
c5:ef:11:ea:99:c8:da:b7:fc:a1:45:ef:82:5e:8a:97:33:a0:
a6:c5:3c:76:3b:79:39:95:df:b3:c0:bd:a2:9a:8a:3f:82:89:
ee:91:5d:6f:86:fd:7f:67:9b:a7:ee:d7:32:84:08:85:e9:01:
7b:ad:87:67:e2:43:05:3f:92:58:d2:78:4f:bf:2c:b9:70:0b:
d1:c5:5c:83:a0:ba:12:fa:e9:12:a4:18:5b:81:75:14:62:64:
e4:15:0c:c9:ca:73:bc:1a:91:3e:4c:3d:77:e9:32:b4:aa:e1:
c3:f6:87:31:95:b1:f0:ae:1e:df:94:d4:62:d7:21:70:c2:3d:
cf:ff:bb:75:8f:d8:97:fb:c2:6c:d5:36:59:e8:ce:6d:a8:a4:
b1:82:69:70:b5:be:8b:d5:f3:d0:74:53:34:22:1e:61:86:9b:
67:4d:1b:5e:df:70:cd:e1:7f:74:79:58:d4:cd:21:1d:f7:89:
0e:0b:a8:c8:56:67:6a:5d:de:70:1b:88:90:02:4a:41:c6:59:
4b:d9:d0:c1:8f:a3:e9:3c:27:6b:3b:e7:6d:31:81:8c:b0:a1:
5b:04:3e:40:28:0c:57:24:35:e7:1e:78:dd:07:7d:b2:1e:fa:
e7:d6:b4:f7:36:f0:66:51:64:68:64:30:33:d8:6e:ac:68:b5:
05:d9:a3:15
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUUu+COu8ewLMU6OSMv89lSoFcASQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MDEyMDMxMDdaFw0yNTEwMDYyMzU5NTlaMHoxSTBHBgNV
BAUTQGFlNGU2MDIyMTU2YzM3NGYwMjNjYjM4MmY2MDliMDI1YTBmZmM1ZDMwNWFk
ZDYxMzY1NjlkM2M1ZDc5YjIzNWMxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAOMJmWSbVLwjoha2BEh4o86KKgRPUTEBaGhnq3JDEFyVVTEJOz5tsp6GPXnj
9jn0yHcQsrWuLNJkTzzTp8Z/4XjE6rT5yYU56bN1lFvE4o1A9E/8X5DThhYmG1e8
8Gs2tPhU5ZeceTHlyy3iqjeVMuHiGUTT4LJuqLaurF+ZY3y+mZ/gce4XAiOcej3q
FVLT5Myt5zKpqh8qppOGXjtsyZwLKhZbC5hy3A1+BHCbjU7Sd3L51uzzybDGvGIp
MDn6XdoYCUfwXRonGn/N7wUphVjXHvy1YWhhyUVOfJ6eMZVidq9rgs7JLDPIo4Zq
yJLNyNhBcIZkRZtjaiFpQUaWsacCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBQ7dWy8
iHDoZOhpj/+DXrjFmoZmjDAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NDRkOGI2ODYtN2RiNS00MzA5LThmMDktM2FmNjExYmUzNzUzLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0HrA
MA0GCSqGSIb3DQEBCwUAA4IBAQDF7xHqmcjat/yhRe+CXoqXM6CmxTx2O3k5ld+z
wL2imoo/gonukV1vhv1/Z5un7tcyhAiF6QF7rYdn4kMFP5JY0nhPvyy5cAvRxVyD
oLoS+ukSpBhbgXUUYmTkFQzJynO8GpE+TD136TK0quHD9ocxlbHwrh7flNRi1yFw
wj3P/7t1j9iX+8Js1TZZ6M5tqKSxgmlwtb6L1fPQdFM0Ih5hhptnTRte33DN4X90
eVjUzSEd94kOC6jIVmdqXd5wG4iQAkpBxllL2dDBj6PpPCdrO+dtMYGMsKFbBD5A
KAxXJDXnHnjdB32yHvrn1rT3NvBmUWRoZDAz2G6saLUF2aMV
-----END CERTIFICATE-----
Generated at Mon Sep 8 12:18:32 2025 by rpki-client