Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/4ee4d823-9869-449e-9541-10a647125e4a.roa
File: 4ee4d823-9869-449e-9541-10a647125e4a.roa (raw, json)
Hash identifier: oIOCBMUoh0lp8Gm464LCp1GOfjyNti4g81O2/dTWMAc=
Subject key identifier: 39:07:1A:F7:A3:D6:19:90:D1:86:D1:76:82:E7:0B:7F:13:E1:B5:58
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 2B4E0A526E393921FCA920AE89CA93F8661180A6
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/4ee4d823-9869-449e-9541-10a647125e4a.roa
Signing time: Mon 01 Sep 2025 20:21:30 +0000
ROA not before: Mon 01 Sep 2025 20:21:30 +0000
ROA not after: Mon 06 Oct 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d07f:c000::/40 maxlen: 40
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 09 Sep 2025 10:00:23 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
2b:4e:0a:52:6e:39:39:21:fc:a9:20:ae:89:ca:93:f8:66:11:80:a6
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Sep 1 20:21:30 2025 GMT
Not After : Oct 6 23:59:59 2025 GMT
Subject: serialNumber=f3251fa6fc181635288c792ddfde94fb49a97f3a327cceb8b74493c3d3ab6b11, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9c:5c:4b:f2:9b:16:f9:37:26:d8:45:d7:03:a5:
67:db:17:da:29:14:0e:95:bd:0d:0f:50:ee:fb:7b:
96:b0:71:e0:a0:0b:72:c8:ef:e9:9f:10:37:8e:10:
0d:4c:e9:08:d9:22:42:14:bb:0b:fe:3e:be:6c:3b:
9f:0e:58:40:8d:9c:a8:ec:1a:99:b1:b0:20:af:f1:
15:15:4a:f8:01:9f:b1:55:c5:d9:bc:a6:1d:7f:d1:
77:ac:8f:d3:b0:cb:49:ac:9b:e0:0d:07:ea:ae:c8:
bf:e6:0c:8d:35:a2:e6:a1:d8:87:b4:8f:7b:11:a8:
0d:8b:36:8e:d8:47:89:3f:45:00:02:2a:57:1d:87:
19:fc:58:64:ed:49:1e:a3:4c:7c:02:fe:39:7a:39:
54:34:24:cf:df:21:18:8b:f2:2b:43:48:7b:9e:68:
ad:0e:59:04:91:0e:7c:5f:20:da:77:64:79:11:05:
d0:13:b1:8b:7f:51:59:c0:51:a3:f4:c6:7a:a2:1c:
45:e4:b7:ce:26:89:55:4f:1a:7c:06:f2:e1:ef:d8:
32:b7:ab:be:29:ad:39:ca:c4:dd:cf:a1:5a:59:a0:
c9:fa:3f:a8:ff:38:b1:05:a5:e3:7b:00:5a:3f:c4:
f8:97:7b:67:49:ed:eb:38:b0:d5:07:6c:45:3e:f4:
6f:39
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
39:07:1A:F7:A3:D6:19:90:D1:86:D1:76:82:E7:0B:7F:13:E1:B5:58
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/4ee4d823-9869-449e-9541-10a647125e4a.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d07f:c000::/40
Signature Algorithm: sha256WithRSAEncryption
1a:1f:2e:79:82:0c:3d:4b:34:18:f3:51:81:6a:40:59:ad:4f:
54:e8:c3:15:cf:8d:0d:2b:55:3d:94:2f:6a:d2:5a:6c:63:13:
92:dc:b4:e8:5f:c7:09:31:1c:56:ff:cf:4f:2c:b1:e6:20:00:
c6:a7:1f:1a:53:0b:02:57:f4:6d:b8:1c:43:cf:29:04:9b:f9:
4f:d5:27:dc:12:25:58:6c:95:db:14:75:b0:49:0a:bc:79:c7:
bd:ee:f2:c1:72:f2:d2:c6:e7:79:f5:70:db:22:40:cb:a5:72:
c7:ae:6a:2d:75:42:1d:44:df:11:0c:46:60:54:45:cc:bc:5d:
c7:ea:f8:3e:86:79:d9:aa:f6:e9:dc:39:88:31:9f:ce:90:26:
ba:a7:66:d7:ea:06:eb:1e:06:5b:87:09:6d:8e:af:13:8e:87:
2a:90:08:d1:3b:68:f3:1f:9d:9c:76:f0:6c:c3:7e:e0:a4:4e:
42:b2:06:af:88:58:95:14:82:0f:d5:eb:c4:4c:91:53:a0:6b:
a7:38:f0:64:63:cb:79:ad:d6:0d:3c:58:af:21:61:75:de:4a:
86:b2:29:30:84:38:f2:cb:45:69:cf:d5:02:36:fa:89:12:60:
ce:df:8d:d4:78:64:16:48:55:89:d0:0b:20:a9:f2:f2:38:83:
7b:63:37:74
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUK04KUm45OSH8qSCuicqT+GYRgKYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MDEyMDIxMzBaFw0yNTEwMDYyMzU5NTlaMHoxSTBHBgNV
BAUTQGYzMjUxZmE2ZmMxODE2MzUyODhjNzkyZGRmZGU5NGZiNDlhOTdmM2EzMjdj
Y2ViOGI3NDQ5M2MzZDNhYjZiMTExLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJxcS/KbFvk3JthF1wOlZ9sX2ikUDpW9DQ9Q7vt7lrBx4KALcsjv6Z8QN44Q
DUzpCNkiQhS7C/4+vmw7nw5YQI2cqOwambGwIK/xFRVK+AGfsVXF2bymHX/Rd6yP
07DLSayb4A0H6q7Iv+YMjTWi5qHYh7SPexGoDYs2jthHiT9FAAIqVx2HGfxYZO1J
HqNMfAL+OXo5VDQkz98hGIvyK0NIe55orQ5ZBJEOfF8g2ndkeREF0BOxi39RWcBR
o/TGeqIcReS3ziaJVU8afAby4e/YMrervimtOcrE3c+hWlmgyfo/qP84sQWl43sA
Wj/E+Jd7Z0nt6ziw1QdsRT70bzkCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBQ5Bxr3
o9YZkNGG0XaC5wt/E+G1WDAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NGVlNGQ4MjMtOTg2OS00NDllLTk1NDEtMTBhNjQ3MTI1ZTRhLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0H/A
MA0GCSqGSIb3DQEBCwUAA4IBAQAaHy55ggw9SzQY81GBakBZrU9U6MMVz40NK1U9
lC9q0lpsYxOS3LToX8cJMRxW/89PLLHmIADGpx8aUwsCV/RtuBxDzykEm/lP1Sfc
EiVYbJXbFHWwSQq8ece97vLBcvLSxud59XDbIkDLpXLHrmotdUIdRN8RDEZgVEXM
vF3H6vg+hnnZqvbp3DmIMZ/OkCa6p2bX6gbrHgZbhwltjq8TjocqkAjRO2jzH52c
dvBsw37gpE5CsgaviFiVFIIP1evETJFToGunOPBkY8t5rdYNPFivIWF13kqGsikw
hDjyy0Vpz9UCNvqJEmDO343UeGQWSFWJ0AsgqfLyOIN7Yzd0
-----END CERTIFICATE-----
Generated at Mon Sep 8 12:18:33 2025 by rpki-client