Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/4a7b2b27-8130-47da-97da-78c91087b05e.roa
File: 4a7b2b27-8130-47da-97da-78c91087b05e.roa (raw, json)
Hash identifier: 7Ou4XTz1ubIFty32caicrWYmgynty5zKL6FqP7QV3No=
Subject key identifier: BF:F3:53:75:FC:8B:93:BB:BF:6E:C2:8C:2B:1B:31:7C:7A:A2:27:11
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 34FD36BA5A02E98D536EAAA63FD6C02A865F4BCF
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/4a7b2b27-8130-47da-97da-78c91087b05e.roa
Signing time: Mon 01 Sep 2025 19:51:42 +0000
ROA not before: Mon 01 Sep 2025 19:51:42 +0000
ROA not after: Mon 06 Oct 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d072:c040::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 09 Sep 2025 10:00:23 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
34:fd:36:ba:5a:02:e9:8d:53:6e:aa:a6:3f:d6:c0:2a:86:5f:4b:cf
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Sep 1 19:51:42 2025 GMT
Not After : Oct 6 23:59:59 2025 GMT
Subject: serialNumber=340874bad09158323608acd4f2bce5b7367cd78a040dd43b5864b876fe8152f3, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a7:1e:0c:77:96:fc:83:51:c6:2b:68:4f:ee:3e:
7d:a4:83:95:ed:e0:f6:68:63:41:d5:46:ce:45:ec:
5c:a9:8e:f3:5d:69:55:63:f9:50:9d:29:01:79:2c:
66:a5:c2:48:eb:f1:0f:9e:0e:8a:11:23:68:d0:30:
24:e2:35:6a:b6:2e:42:5e:c9:8c:56:6e:88:5c:72:
67:37:7e:53:77:64:19:1f:ef:75:ac:ac:bc:b2:4a:
75:38:25:f8:13:58:de:50:a4:31:7c:13:ac:8c:bf:
fd:9d:77:c4:1e:6e:fd:23:81:a6:fb:cc:35:d2:2f:
16:7c:23:96:36:80:e2:cf:5c:57:df:e9:1b:77:77:
fe:56:3d:68:5b:50:da:c8:c5:fe:85:16:b8:58:b3:
4c:c9:09:4a:fd:5b:c9:b6:16:10:40:97:5c:ea:0a:
bc:a5:9f:01:2a:21:f2:53:35:52:f7:21:4b:09:f6:
12:ec:b0:b3:40:0c:1c:6d:a6:74:c2:5a:46:02:ba:
67:05:19:ff:12:68:fd:8b:7c:d4:d7:f6:b8:a5:c0:
fc:96:6e:94:8d:22:ad:78:56:25:b6:1c:a6:9c:6e:
4c:e3:9e:c7:94:80:a4:69:8c:d2:27:6f:15:b5:6d:
66:db:f5:8a:30:3f:e8:8c:b8:5f:13:e1:8d:4e:fe:
c2:c7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BF:F3:53:75:FC:8B:93:BB:BF:6E:C2:8C:2B:1B:31:7C:7A:A2:27:11
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/4a7b2b27-8130-47da-97da-78c91087b05e.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d072:c040::/48
Signature Algorithm: sha256WithRSAEncryption
91:17:95:4f:c8:f6:35:f1:82:61:60:fb:64:05:27:dc:89:ce:
18:37:6e:08:f5:85:a9:b8:86:28:b2:ea:4c:eb:70:4b:6e:93:
f3:a1:28:35:5e:0c:f9:fa:08:63:d0:32:8d:92:4b:c9:f6:52:
ee:1c:bf:b8:39:67:65:f9:b7:72:04:fa:6f:6c:2a:f9:7c:78:
68:bc:5b:62:f8:87:6c:59:38:67:8f:9d:53:36:c4:06:90:27:
5f:d5:30:28:e5:f3:b8:bf:69:8e:5d:5c:47:3c:31:95:67:a4:
a9:1d:dd:58:60:7d:fc:ba:eb:4a:f8:0a:14:6a:25:59:48:77:
e2:1c:ff:18:4e:97:d2:1a:8e:29:69:7f:cd:2d:47:9e:65:5e:
10:45:7f:85:a3:04:7f:11:ef:3d:8f:b7:08:e0:b8:2b:d2:5e:
5d:08:c8:04:5a:8d:6e:bb:8f:e7:93:1b:a7:af:31:dc:7a:9f:
a9:09:cd:a7:d4:71:23:a7:26:29:cb:4e:30:83:da:95:0d:73:
8c:bd:a9:36:10:65:f3:37:5c:23:6a:c7:99:07:05:55:c0:9b:
dc:7d:3c:25:de:4d:29:fe:48:d0:58:a0:96:b7:23:ad:b1:ce:
70:e6:24:30:19:5f:98:db:6f:09:a6:1a:17:14:ef:4c:5e:af:
b4:2e:24:a7
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUNP02uloC6Y1TbqqmP9bAKoZfS88wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MDExOTUxNDJaFw0yNTEwMDYyMzU5NTlaMHoxSTBHBgNV
BAUTQDM0MDg3NGJhZDA5MTU4MzIzNjA4YWNkNGYyYmNlNWI3MzY3Y2Q3OGEwNDBk
ZDQzYjU4NjRiODc2ZmU4MTUyZjMxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKceDHeW/INRxitoT+4+faSDle3g9mhjQdVGzkXsXKmO811pVWP5UJ0pAXks
ZqXCSOvxD54OihEjaNAwJOI1arYuQl7JjFZuiFxyZzd+U3dkGR/vdaysvLJKdTgl
+BNY3lCkMXwTrIy//Z13xB5u/SOBpvvMNdIvFnwjljaA4s9cV9/pG3d3/lY9aFtQ
2sjF/oUWuFizTMkJSv1bybYWEECXXOoKvKWfASoh8lM1UvchSwn2Euyws0AMHG2m
dMJaRgK6ZwUZ/xJo/Yt81Nf2uKXA/JZulI0irXhWJbYcppxuTOOex5SApGmM0idv
FbVtZtv1ijA/6Iy4XxPhjU7+wscCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBS/81N1
/IuTu79uwowrGzF8eqInETAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NGE3YjJiMjctODEzMC00N2RhLTk3ZGEtNzhjOTEwODdiMDVlLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0HLA
QDANBgkqhkiG9w0BAQsFAAOCAQEAkReVT8j2NfGCYWD7ZAUn3InOGDduCPWFqbiG
KLLqTOtwS26T86EoNV4M+foIY9AyjZJLyfZS7hy/uDlnZfm3cgT6b2wq+Xx4aLxb
YviHbFk4Z4+dUzbEBpAnX9UwKOXzuL9pjl1cRzwxlWekqR3dWGB9/LrrSvgKFGol
WUh34hz/GE6X0hqOKWl/zS1HnmVeEEV/haMEfxHvPY+3COC4K9JeXQjIBFqNbruP
55Mbp68x3HqfqQnNp9RxI6cmKctOMIPalQ1zjL2pNhBl8zdcI2rHmQcFVcCb3H08
Jd5NKf5I0FiglrcjrbHOcOYkMBlfmNtvCaYaFxTvTF6vtC4kpw==
-----END CERTIFICATE-----
Generated at Mon Sep 8 12:18:36 2025 by rpki-client