Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/4dc2c958-c749-4f2f-a83c-b419f7f45487.roa
File: 4dc2c958-c749-4f2f-a83c-b419f7f45487.roa (raw, json)
Hash identifier: X3q36+Kg2YSk/M3kH4GAkO5LkjU0+6VWodHt5PoHTiQ=
Subject key identifier: C3:D5:B2:A9:26:7E:C3:8D:18:41:60:37:37:99:3B:96:5E:B2:EC:D4
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 7CBAC9D5C3C1AC37E0254C912476E16CF0D5ED50
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/4dc2c958-c749-4f2f-a83c-b419f7f45487.roa
Signing time: Mon 01 Sep 2025 20:40:23 +0000
ROA not before: Mon 01 Sep 2025 20:40:23 +0000
ROA not after: Mon 06 Oct 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d07a:e000::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 09 Sep 2025 10:00:23 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
7c:ba:c9:d5:c3:c1:ac:37:e0:25:4c:91:24:76:e1:6c:f0:d5:ed:50
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Sep 1 20:40:23 2025 GMT
Not After : Oct 6 23:59:59 2025 GMT
Subject: serialNumber=49e2ec46129f2ad043ff61ca77d2bbf9a24149d7537769c7f30166245a7995be, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cd:dc:ab:df:6e:18:c0:e1:e6:d3:e1:cc:2d:31:
d5:d5:e7:d3:91:f9:81:b5:e8:2e:ae:50:c6:e2:02:
e2:d9:ec:34:08:82:12:d7:c7:1c:2a:c8:79:79:ae:
4a:02:53:dd:11:d4:8a:a5:62:ce:3a:27:f4:1c:65:
29:3f:dd:e6:e7:6b:dc:fe:d3:b3:af:3c:4b:80:fe:
c1:ff:56:57:8f:ac:dd:d6:ae:11:49:d5:7a:f9:c6:
4e:30:dd:40:3d:42:37:a7:f4:6c:d3:91:df:f1:51:
26:0e:09:fe:be:43:da:b4:4e:88:98:47:41:02:3a:
98:79:1e:21:24:02:72:7c:85:b3:cd:b1:e3:7b:e8:
f4:a2:f2:0d:26:5b:08:67:40:ab:29:9f:95:c7:ab:
34:a4:ee:25:c2:21:45:14:5d:a4:ea:da:40:b1:12:
3a:9a:df:e7:cd:3b:ea:93:b2:a3:dd:68:74:ad:dd:
da:b0:6c:f7:ad:92:dc:79:1a:8d:ae:d3:2a:57:25:
55:12:8e:e0:4b:69:96:63:78:4f:63:ce:b4:e1:38:
a9:19:bb:d6:85:99:02:c8:c1:02:28:ea:b5:70:91:
5d:8e:f8:37:d5:89:bf:a1:70:95:b0:e3:38:6d:f8:
34:d3:f7:31:1d:c0:f1:2b:fa:aa:ce:bc:07:39:4b:
c6:d1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C3:D5:B2:A9:26:7E:C3:8D:18:41:60:37:37:99:3B:96:5E:B2:EC:D4
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/4dc2c958-c749-4f2f-a83c-b419f7f45487.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d07a:e000::/40
Signature Algorithm: sha256WithRSAEncryption
9b:8d:b9:57:78:46:71:fb:80:fe:e9:93:3a:f3:2e:fc:7a:3f:
6b:a5:e4:65:de:e3:a2:92:9a:ae:94:c7:88:c0:58:db:51:95:
e3:97:5d:3e:e4:89:24:f5:e2:dd:64:c4:33:85:f8:6f:ab:39:
25:31:56:eb:11:0f:78:cf:83:6d:8a:07:2b:e7:86:dc:41:16:
07:e2:de:1a:af:56:bb:af:ec:8f:e1:9d:03:93:be:28:fa:0c:
69:cf:78:10:32:8a:92:fb:2d:7d:b8:58:bc:a9:81:2e:ee:95:
27:e2:c8:0d:57:d1:15:57:34:0f:0d:9e:8e:61:28:f1:ca:6e:
cc:04:60:13:72:48:0c:7b:e2:f8:64:54:90:0b:90:c7:c9:e3:
02:f6:90:0f:3e:2f:2c:66:86:1e:ab:5d:0d:13:ee:96:41:af:
23:78:e1:4c:aa:fc:f8:d3:16:f7:13:71:8a:c1:81:b4:77:3f:
ec:b9:58:06:ef:1c:dc:10:89:fd:a1:2b:c5:f5:78:42:fa:a5:
ea:db:93:4f:2a:5b:85:d7:e3:7d:83:6f:ed:0d:bc:b0:94:97:
5c:b5:08:b1:2a:b5:90:5d:d7:19:1b:cc:5c:8f:58:3e:72:6b:
14:15:3b:82:49:68:4a:b2:46:e4:04:2b:58:98:2e:91:63:92:
45:42:15:e9
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUfLrJ1cPBrDfgJUyRJHbhbPDV7VAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MDEyMDQwMjNaFw0yNTEwMDYyMzU5NTlaMHoxSTBHBgNV
BAUTQDQ5ZTJlYzQ2MTI5ZjJhZDA0M2ZmNjFjYTc3ZDJiYmY5YTI0MTQ5ZDc1Mzc3
NjljN2YzMDE2NjI0NWE3OTk1YmUxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAM3cq99uGMDh5tPhzC0x1dXn05H5gbXoLq5QxuIC4tnsNAiCEtfHHCrIeXmu
SgJT3RHUiqVizjon9BxlKT/d5udr3P7Ts688S4D+wf9WV4+s3dauEUnVevnGTjDd
QD1CN6f0bNOR3/FRJg4J/r5D2rROiJhHQQI6mHkeISQCcnyFs82x43vo9KLyDSZb
CGdAqymflcerNKTuJcIhRRRdpOraQLESOprf58076pOyo91odK3d2rBs962S3Hka
ja7TKlclVRKO4EtplmN4T2POtOE4qRm71oWZAsjBAijqtXCRXY74N9WJv6FwlbDj
OG34NNP3MR3A8Sv6qs68BzlLxtECAwEAAaOCAiMwggIfMB0GA1UdDgQWBBTD1bKp
Jn7DjRhBYDc3mTuWXrLs1DAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NGRjMmM5NTgtYzc0OS00ZjJmLWE4M2MtYjQxOWY3ZjQ1NDg3LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0Hrg
MA0GCSqGSIb3DQEBCwUAA4IBAQCbjblXeEZx+4D+6ZM68y78ej9rpeRl3uOikpqu
lMeIwFjbUZXjl10+5Ikk9eLdZMQzhfhvqzklMVbrEQ94z4Ntigcr54bcQRYH4t4a
r1a7r+yP4Z0Dk74o+gxpz3gQMoqS+y19uFi8qYEu7pUn4sgNV9EVVzQPDZ6OYSjx
ym7MBGATckgMe+L4ZFSQC5DHyeMC9pAPPi8sZoYeq10NE+6WQa8jeOFMqvz40xb3
E3GKwYG0dz/suVgG7xzcEIn9oSvF9XhC+qXq25NPKluF1+N9g2/tDbywlJdctQix
KrWQXdcZG8xcj1g+cmsUFTuCSWhKskbkBCtYmC6RY5JFQhXp
-----END CERTIFICATE-----
Generated at Mon Sep 8 12:06:07 2025 by rpki-client