Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/4b6ddca7-172f-4f0e-9a83-9a359f62c43d.roa
File: 4b6ddca7-172f-4f0e-9a83-9a359f62c43d.roa (raw, json)
Hash identifier: Ue/VlCRTSOu8fUDgYNX+j3svLr20EQERC1MBc3cGLms=
Subject key identifier: F7:72:B6:3A:87:23:4C:13:1F:33:B5:EF:77:25:B3:A3:C0:6A:9C:C6
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 308A51FB5925C105DC62A8F24F45524075F35E2D
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/4b6ddca7-172f-4f0e-9a83-9a359f62c43d.roa
Signing time: Mon 01 Sep 2025 20:40:56 +0000
ROA not before: Mon 01 Sep 2025 20:40:56 +0000
ROA not after: Mon 06 Oct 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d075:4000::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 09 Sep 2025 10:00:23 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
30:8a:51:fb:59:25:c1:05:dc:62:a8:f2:4f:45:52:40:75:f3:5e:2d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Sep 1 20:40:56 2025 GMT
Not After : Oct 6 23:59:59 2025 GMT
Subject: serialNumber=108800c2b38774957a0ef738f3b9504b17ebc472cb46d032c8ecc44726a05d1d, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e4:05:8d:9f:ca:df:be:00:a7:b3:5d:a9:43:e4:
7f:73:b5:92:2e:8c:23:6f:af:55:c1:5c:26:a7:de:
67:c8:bb:40:ea:11:dc:70:c2:ce:a1:76:06:56:de:
01:25:77:4d:54:d6:d5:77:99:09:2f:1c:07:eb:cd:
93:9a:c6:0a:db:4e:4d:65:02:23:e0:75:08:af:a2:
36:5a:f4:9f:8f:7f:31:fe:4e:e0:ea:97:9b:3c:1e:
f7:97:3c:66:c2:96:06:16:c9:02:d7:52:42:d9:3c:
a8:3b:b5:b5:bd:6c:9c:5b:3b:89:94:29:dd:99:5b:
31:92:78:26:c0:24:a0:3e:d8:67:92:4d:4e:c3:94:
c3:52:a0:b4:ab:73:0a:4e:79:9d:d4:39:95:4e:46:
3f:60:d7:79:7f:c5:f2:9d:33:ef:18:de:85:0a:70:
a1:fb:79:02:65:09:f1:11:78:ab:f3:5a:3c:24:d1:
2a:07:9a:88:05:28:4f:07:04:06:4d:a4:ac:e5:86:
89:81:19:0a:e4:27:ac:93:b4:be:b3:36:c7:c2:ed:
6c:d1:06:8f:83:c5:25:4e:f0:6e:31:57:c8:16:49:
f4:ba:91:e5:ba:c8:7d:62:d4:82:4e:8e:14:97:12:
1f:7c:f1:fd:c2:ca:1b:d9:c0:45:c8:9d:9b:54:63:
f0:0b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F7:72:B6:3A:87:23:4C:13:1F:33:B5:EF:77:25:B3:A3:C0:6A:9C:C6
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/4b6ddca7-172f-4f0e-9a83-9a359f62c43d.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d075:4000::/40
Signature Algorithm: sha256WithRSAEncryption
52:c5:33:48:ba:b8:ac:c8:d8:7d:76:ba:b3:7e:f2:a0:f9:f9:
8f:33:64:17:08:de:b1:1d:d4:52:14:55:91:b4:39:5c:50:8e:
ce:75:10:de:02:1d:c2:88:d3:66:f1:bb:ef:e5:af:e6:59:ea:
9a:4c:83:6d:dc:05:bb:53:97:04:a5:1b:b2:fa:d8:cb:d7:d7:
ec:02:b3:38:98:1a:98:59:39:6b:17:84:67:e9:df:1f:36:c7:
e1:f3:f2:0d:6d:0b:fc:8b:e4:28:bc:62:86:97:c5:bd:08:f6:
0c:01:88:00:e2:17:ff:40:89:b4:e2:dd:ea:c7:4a:b6:da:8a:
c3:27:ab:1c:02:ca:24:15:b6:33:49:1a:d3:79:61:f7:e1:f1:
a9:ac:b2:78:a6:75:1f:8e:5c:6f:b7:b0:54:0a:1a:ce:7b:5e:
2d:ac:a2:ab:be:e6:25:d1:aa:05:56:49:fb:d3:f7:4a:91:de:
e2:cb:14:74:63:7d:1a:e4:52:e9:95:ac:b6:b8:14:34:76:1c:
57:63:3d:02:84:f0:9f:b9:9f:90:7f:a6:cb:ea:e9:ea:00:e4:
dc:1b:61:17:dd:e3:1c:64:55:cf:7b:a0:8b:98:5d:18:42:1e:
f4:9f:8a:2f:fa:13:d5:eb:16:bd:94:59:0f:73:da:a9:d8:10:
65:5e:07:ea
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUMIpR+1klwQXcYqjyT0VSQHXzXi0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MDEyMDQwNTZaFw0yNTEwMDYyMzU5NTlaMHoxSTBHBgNV
BAUTQDEwODgwMGMyYjM4Nzc0OTU3YTBlZjczOGYzYjk1MDRiMTdlYmM0NzJjYjQ2
ZDAzMmM4ZWNjNDQ3MjZhMDVkMWQxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAOQFjZ/K374Ap7NdqUPkf3O1ki6MI2+vVcFcJqfeZ8i7QOoR3HDCzqF2Blbe
ASV3TVTW1XeZCS8cB+vNk5rGCttOTWUCI+B1CK+iNlr0n49/Mf5O4OqXmzwe95c8
ZsKWBhbJAtdSQtk8qDu1tb1snFs7iZQp3ZlbMZJ4JsAkoD7YZ5JNTsOUw1KgtKtz
Ck55ndQ5lU5GP2DXeX/F8p0z7xjehQpwoft5AmUJ8RF4q/NaPCTRKgeaiAUoTwcE
Bk2krOWGiYEZCuQnrJO0vrM2x8LtbNEGj4PFJU7wbjFXyBZJ9LqR5brIfWLUgk6O
FJcSH3zx/cLKG9nARcidm1Rj8AsCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBT3crY6
hyNMEx8zte93JbOjwGqcxjAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NGI2ZGRjYTctMTcyZi00ZjBlLTlhODMtOWEzNTlmNjJjNDNkLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0HVA
MA0GCSqGSIb3DQEBCwUAA4IBAQBSxTNIurisyNh9drqzfvKg+fmPM2QXCN6xHdRS
FFWRtDlcUI7OdRDeAh3CiNNm8bvv5a/mWeqaTINt3AW7U5cEpRuy+tjL19fsArM4
mBqYWTlrF4Rn6d8fNsfh8/INbQv8i+QovGKGl8W9CPYMAYgA4hf/QIm04t3qx0q2
2orDJ6scAsokFbYzSRrTeWH34fGprLJ4pnUfjlxvt7BUChrOe14trKKrvuYl0aoF
Vkn70/dKkd7iyxR0Y30a5FLplay2uBQ0dhxXYz0ChPCfuZ+Qf6bL6unqAOTcG2EX
3eMcZFXPe6CLmF0YQh70n4ov+hPV6xa9lFkPc9qp2BBlXgfq
-----END CERTIFICATE-----
Generated at Mon Sep 8 12:07:06 2025 by rpki-client