Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/593bb6f2-1ee0-4352-97de-e329502838f7.roa
File: 593bb6f2-1ee0-4352-97de-e329502838f7.roa (raw, json)
Hash identifier: W8JHLibT4f0tic9HENvuSWvgnDSVMsiWwfVuL4d095Y=
Subject key identifier: 2B:4C:4B:60:DF:F5:9A:87:1F:A3:8B:3A:AE:D4:0C:B9:C1:31:5E:D2
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 24AF06F12995BFBD51FE1304616E5EA7C458FC62
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/593bb6f2-1ee0-4352-97de-e329502838f7.roa
Signing time: Tue 26 Aug 2025 17:11:21 +0000
ROA not before: Tue 26 Aug 2025 17:11:21 +0000
ROA not after: Tue 30 Sep 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d034:800::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 09 Sep 2025 10:00:23 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
24:af:06:f1:29:95:bf:bd:51:fe:13:04:61:6e:5e:a7:c4:58:fc:62
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Aug 26 17:11:21 2025 GMT
Not After : Sep 30 23:59:59 2025 GMT
Subject: serialNumber=00facfe608bb20776352e885029f08f2ce7c95c5a81937557f3dcbe2be6d487a, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b6:6c:a6:bf:c3:01:f8:f6:ec:a4:8d:17:6b:8d:
31:14:12:35:bb:eb:41:99:41:7c:75:e2:af:54:3a:
f7:92:29:31:16:3b:78:a4:31:5b:9a:f6:a5:e7:32:
85:8d:3b:c2:13:f1:6a:f1:fe:d1:a1:01:8c:9b:37:
f8:7b:04:8b:6a:a4:d2:57:a3:55:c8:ca:9a:ca:91:
e8:16:20:e8:a4:fd:e9:96:9e:98:c5:5f:87:fa:e5:
19:73:4b:f6:3c:6f:7e:c3:4c:2e:ba:7d:fb:9f:29:
61:e7:b0:28:fc:fb:1c:3c:96:84:d0:db:d7:f0:90:
8e:2a:2e:4a:e9:7e:07:d4:fe:1a:23:ca:ff:83:e1:
de:a8:d5:8b:a7:75:00:44:e4:c5:b1:be:2f:14:de:
97:5a:40:43:c3:3b:b6:f0:3f:fa:d0:93:a2:bf:3e:
f0:29:59:96:6d:52:06:fa:a8:c6:61:e7:bf:19:f0:
c3:4f:7a:c9:49:6b:23:b6:e0:5c:fd:6a:da:58:a7:
8e:f1:ca:31:f0:20:03:fd:77:b6:4d:16:e5:fc:a8:
bc:a1:d1:bb:ea:91:d7:47:5d:de:ba:f8:91:45:b0:
b8:6d:a6:5f:3b:a7:bb:bd:cb:1a:88:4f:30:db:bc:
a1:a5:bc:13:4f:68:4d:06:0e:81:1f:4d:97:2e:9c:
8b:4d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2B:4C:4B:60:DF:F5:9A:87:1F:A3:8B:3A:AE:D4:0C:B9:C1:31:5E:D2
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/593bb6f2-1ee0-4352-97de-e329502838f7.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d034:800::/40
Signature Algorithm: sha256WithRSAEncryption
1f:26:61:3a:a9:5a:66:5c:ad:49:56:17:ad:c9:19:92:ee:78:
d4:ab:c3:72:a3:2f:7a:3d:9f:ca:7b:e9:50:a7:15:e4:2f:f4:
5e:76:88:25:89:bd:be:15:a8:0c:fc:5d:19:f3:eb:b8:96:0e:
71:78:e7:26:31:81:d7:04:41:2c:f4:a9:27:21:a5:eb:47:07:
24:31:d5:54:bd:b8:a7:f3:04:2b:31:33:e0:4f:46:f8:75:e4:
3a:4e:f1:8c:ba:72:29:d3:0b:b0:77:69:f6:3b:bd:71:4e:0b:
09:c4:e0:0f:1f:0f:03:39:be:12:0a:11:98:49:ed:7c:54:a8:
04:7f:8d:dc:0e:73:53:a3:75:59:db:0a:f4:21:e1:31:3e:16:
7c:3b:79:39:7c:a8:96:70:e6:3c:d6:e7:b8:e4:2f:0f:9c:d5:
a4:68:b4:63:06:dc:7c:58:a3:37:fa:d4:5b:33:9d:71:17:0b:
c6:5f:f8:6d:2c:41:7d:25:37:dd:1d:be:6a:51:6a:d1:04:ea:
21:5f:da:5f:58:83:cf:26:b3:80:9e:99:c7:31:35:43:b6:3e:
50:2c:55:fb:9f:4d:f6:d6:d9:e9:58:ad:ad:74:41:2a:11:0b:
be:a9:a3:6c:ce:c4:52:83:2e:6d:6e:32:ff:e8:90:e9:01:5f:
c5:57:d2:6a
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUJK8G8SmVv71R/hMEYW5ep8RY/GIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA4MjYxNzExMjFaFw0yNTA5MzAyMzU5NTlaMHoxSTBHBgNV
BAUTQDAwZmFjZmU2MDhiYjIwNzc2MzUyZTg4NTAyOWYwOGYyY2U3Yzk1YzVhODE5
Mzc1NTdmM2RjYmUyYmU2ZDQ4N2ExLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALZspr/DAfj27KSNF2uNMRQSNbvrQZlBfHXir1Q695IpMRY7eKQxW5r2pecy
hY07whPxavH+0aEBjJs3+HsEi2qk0lejVcjKmsqR6BYg6KT96ZaemMVfh/rlGXNL
9jxvfsNMLrp9+58pYeewKPz7HDyWhNDb1/CQjiouSul+B9T+GiPK/4Ph3qjVi6d1
AETkxbG+LxTel1pAQ8M7tvA/+tCTor8+8ClZlm1SBvqoxmHnvxnww096yUlrI7bg
XP1q2linjvHKMfAgA/13tk0W5fyovKHRu+qR10dd3rr4kUWwuG2mXzunu73LGohP
MNu8oaW8E09oTQYOgR9Nly6ci00CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBQrTEtg
3/Wahx+jizqu1Ay5wTFe0jAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NTkzYmI2ZjItMWVlMC00MzUyLTk3ZGUtZTMyOTUwMjgzOGY3LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0DQI
MA0GCSqGSIb3DQEBCwUAA4IBAQAfJmE6qVpmXK1JVhetyRmS7njUq8Nyoy96PZ/K
e+lQpxXkL/Redoglib2+FagM/F0Z8+u4lg5xeOcmMYHXBEEs9KknIaXrRwckMdVU
vbin8wQrMTPgT0b4deQ6TvGMunIp0wuwd2n2O71xTgsJxOAPHw8DOb4SChGYSe18
VKgEf43cDnNTo3VZ2wr0IeExPhZ8O3k5fKiWcOY81ue45C8PnNWkaLRjBtx8WKM3
+tRbM51xFwvGX/htLEF9JTfdHb5qUWrRBOohX9pfWIPPJrOAnpnHMTVDtj5QLFX7
n0321tnpWK2tdEEqEQu+qaNszsRSgy5tbjL/6JDpAV/FV9Jq
-----END CERTIFICATE-----
Generated at Mon Sep 8 12:18:32 2025 by rpki-client