Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/56c31249-f32b-4fc4-a69f-07420913a101.roa
File: 56c31249-f32b-4fc4-a69f-07420913a101.roa (raw, json)
Hash identifier: 1yjpc6A04Esg8G6OYjKt4cSaZT9YPAsDFIfFRQwg5OE=
Subject key identifier: 8B:2E:FA:D2:EE:7E:51:C6:C0:A1:38:7A:28:1A:EA:A0:B2:E6:A3:83
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 31C2093E1840675305647C3B60F8A15B720E18C2
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/56c31249-f32b-4fc4-a69f-07420913a101.roa
Signing time: Mon 01 Sep 2025 20:11:27 +0000
ROA not before: Mon 01 Sep 2025 20:11:27 +0000
ROA not after: Mon 06 Oct 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d072:4000::/40 maxlen: 40
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 09 Sep 2025 10:00:23 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
31:c2:09:3e:18:40:67:53:05:64:7c:3b:60:f8:a1:5b:72:0e:18:c2
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Sep 1 20:11:27 2025 GMT
Not After : Oct 6 23:59:59 2025 GMT
Subject: serialNumber=a9def96e0269af607989c6f4e1d954b837295a4197d899527ad655a6148a34c9, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c7:50:ec:44:da:9b:bb:6d:91:99:be:51:c8:d7:
d4:65:78:a6:5e:3d:01:44:bb:9e:f7:3e:46:95:f5:
b2:55:fc:25:6e:82:ff:a8:84:9d:eb:fa:51:67:59:
5d:7b:f8:0c:af:07:b7:06:8c:68:1a:ce:29:9a:fb:
6d:39:7a:2f:e1:d0:90:a8:08:df:65:f9:af:76:c5:
5e:cb:86:c9:a1:99:4c:1a:8d:e0:e2:e7:0a:85:96:
18:d8:ff:9c:97:ca:1f:df:d5:f1:52:cc:6a:64:34:
fe:00:45:8f:95:23:44:6d:f0:1c:56:00:2e:9c:16:
91:22:fe:8c:b7:5d:22:3a:23:9a:eb:a3:2e:e7:a1:
8d:c4:4b:e3:5f:85:83:dc:e3:b8:2f:67:1f:e4:db:
e3:7d:b4:a0:cc:9c:f5:e1:69:62:31:57:45:24:84:
07:8f:ee:f4:a6:8b:cf:f7:8e:6f:3f:18:f2:09:95:
52:3e:24:76:3a:b4:21:c4:08:f3:c6:c3:6b:4e:14:
ed:41:60:2f:2e:72:c6:f3:a1:93:fe:6a:5c:22:7b:
f2:db:f7:3b:58:23:2c:6b:27:6b:c3:03:89:98:45:
31:bd:4b:ed:07:f6:c6:a3:55:f9:58:50:82:7a:eb:
55:80:93:ff:d3:05:03:29:cb:1f:17:36:74:2e:97:
20:f5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8B:2E:FA:D2:EE:7E:51:C6:C0:A1:38:7A:28:1A:EA:A0:B2:E6:A3:83
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/56c31249-f32b-4fc4-a69f-07420913a101.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d072:4000::/40
Signature Algorithm: sha256WithRSAEncryption
76:fe:b2:dc:4f:1e:57:fa:20:bb:9e:f5:45:75:47:82:58:4e:
1a:33:15:35:c0:20:b7:6b:c6:5c:14:af:72:4c:c1:3b:c1:c3:
40:f6:00:a4:e4:03:fe:43:fb:2b:e7:03:4c:03:34:16:50:4d:
6c:07:0b:e7:de:0b:dc:89:0f:45:ca:bf:4c:16:0b:20:fd:73:
fa:72:00:12:7d:d8:7a:56:50:df:97:88:00:5a:e7:19:a4:4b:
66:77:4a:bc:36:69:37:5a:58:7c:11:d9:e0:97:13:10:fe:92:
50:8f:ae:65:71:f3:13:d5:31:00:17:73:19:f3:37:0c:4b:64:
f4:00:70:38:a6:4c:6b:e7:30:cc:57:1a:a8:ed:4e:ee:33:d2:
9e:f4:5d:3b:da:7e:e5:a2:2c:fa:ca:b7:d4:bf:27:b3:6f:45:
63:ca:89:5a:12:c4:f0:af:1a:8f:7a:24:ed:75:35:8e:96:bc:
ac:f4:99:45:6d:9c:e2:6c:56:64:ac:ac:7a:0b:16:e4:9c:5b:
43:1e:30:a0:19:59:0f:08:cf:90:59:30:50:01:1b:af:f3:ab:
e3:eb:9e:24:5e:90:48:4b:ea:fd:7f:b7:41:47:c5:ec:95:f2:
3a:af:ab:46:13:12:8f:81:d5:5b:d7:b9:c3:cd:08:2e:b2:da:
0e:e8:fa:38
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUMcIJPhhAZ1MFZHw7YPihW3IOGMIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MDEyMDExMjdaFw0yNTEwMDYyMzU5NTlaMHoxSTBHBgNV
BAUTQGE5ZGVmOTZlMDI2OWFmNjA3OTg5YzZmNGUxZDk1NGI4MzcyOTVhNDE5N2Q4
OTk1MjdhZDY1NWE2MTQ4YTM0YzkxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMdQ7ETam7ttkZm+UcjX1GV4pl49AUS7nvc+RpX1slX8JW6C/6iEnev6UWdZ
XXv4DK8HtwaMaBrOKZr7bTl6L+HQkKgI32X5r3bFXsuGyaGZTBqN4OLnCoWWGNj/
nJfKH9/V8VLMamQ0/gBFj5UjRG3wHFYALpwWkSL+jLddIjojmuujLuehjcRL41+F
g9zjuC9nH+Tb4320oMyc9eFpYjFXRSSEB4/u9KaLz/eObz8Y8gmVUj4kdjq0IcQI
88bDa04U7UFgLy5yxvOhk/5qXCJ78tv3O1gjLGsna8MDiZhFMb1L7Qf2xqNV+VhQ
gnrrVYCT/9MFAynLHxc2dC6XIPUCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBSLLvrS
7n5RxsChOHooGuqgsuajgzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NTZjMzEyNDktZjMyYi00ZmM0LWE2OWYtMDc0MjA5MTNhMTAxLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0HJA
MA0GCSqGSIb3DQEBCwUAA4IBAQB2/rLcTx5X+iC7nvVFdUeCWE4aMxU1wCC3a8Zc
FK9yTME7wcNA9gCk5AP+Q/sr5wNMAzQWUE1sBwvn3gvciQ9Fyr9MFgsg/XP6cgAS
fdh6VlDfl4gAWucZpEtmd0q8Nmk3Wlh8EdnglxMQ/pJQj65lcfMT1TEAF3MZ8zcM
S2T0AHA4pkxr5zDMVxqo7U7uM9Ke9F072n7loiz6yrfUvyezb0VjyolaEsTwrxqP
eiTtdTWOlrys9JlFbZzibFZkrKx6CxbknFtDHjCgGVkPCM+QWTBQARuv86vj654k
XpBIS+r9f7dBR8XslfI6r6tGExKPgdVb17nDzQgustoO6Po4
-----END CERTIFICATE-----
Generated at Mon Sep 8 12:06:08 2025 by rpki-client