Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/595250c3-e9f2-4e23-9779-87c47497f520.roa
File: 595250c3-e9f2-4e23-9779-87c47497f520.roa (raw, json)
Hash identifier: oNZAk6mbmQDEWIjEFrHLDzgsCe7a+GWyqebqOsFrog4=
Subject key identifier: D8:BB:BC:95:D6:11:5B:65:8A:FB:4A:3B:B6:0B:45:44:6C:2F:E6:34
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 11C4F4DB4989D97B839D5F77D2355B6EBD9CE7D9
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/595250c3-e9f2-4e23-9779-87c47497f520.roa
Signing time: Mon 01 Sep 2025 20:41:22 +0000
ROA not before: Mon 01 Sep 2025 20:41:22 +0000
ROA not after: Mon 06 Oct 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d078:5000::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 09 Sep 2025 10:00:23 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
11:c4:f4:db:49:89:d9:7b:83:9d:5f:77:d2:35:5b:6e:bd:9c:e7:d9
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Sep 1 20:41:22 2025 GMT
Not After : Oct 6 23:59:59 2025 GMT
Subject: serialNumber=4e1a2c044cf0166e888962730c1de6c585f34f2a2ed042b61aee3b4be596b916, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e7:6b:78:f9:0b:11:88:dd:d2:46:91:c9:63:b1:
f4:95:ce:46:d3:68:3b:60:8a:73:70:bc:32:7a:4c:
f2:e4:7d:dd:a1:f9:71:b2:64:1b:ad:ea:cb:d9:bc:
8a:db:4c:c8:d4:e6:5c:37:9d:28:3b:18:f3:51:8a:
34:27:0a:99:ba:9a:a9:c7:14:d5:30:21:c2:69:b2:
1b:24:f3:21:f7:2a:22:41:28:8c:60:ce:83:f2:99:
9d:c4:ef:fe:03:88:46:55:c2:d7:15:43:c5:73:09:
12:7d:e2:1b:97:2a:c8:05:93:5d:bb:87:7d:1d:18:
c0:7b:b9:c7:f1:6e:68:27:9d:0b:a1:0e:79:27:16:
65:8d:39:38:a9:63:a0:71:1f:12:04:4d:9b:43:52:
ed:e3:e6:c0:3d:26:26:cc:59:bc:a5:a2:1a:f2:f5:
6f:db:6e:b6:06:c5:55:ad:9a:76:60:49:df:e8:95:
90:b3:89:11:0c:43:71:9f:5b:ae:d7:28:d0:eb:be:
22:29:38:2e:50:63:c9:91:81:62:4a:1d:7e:10:ee:
6d:e9:e7:f8:ee:00:56:29:6b:ee:db:78:bc:cf:7c:
d2:ef:24:22:76:03:7f:e8:13:96:7f:77:f9:6d:8e:
6f:56:c3:53:72:2f:29:3f:1a:37:49:f9:c5:2c:9c:
33:a5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D8:BB:BC:95:D6:11:5B:65:8A:FB:4A:3B:B6:0B:45:44:6C:2F:E6:34
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/595250c3-e9f2-4e23-9779-87c47497f520.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d078:5000::/40
Signature Algorithm: sha256WithRSAEncryption
85:3a:30:29:f1:12:41:99:1f:f2:9d:90:13:38:04:67:29:d6:
ce:b2:a0:60:47:b6:12:c0:a3:35:f7:aa:d5:8f:c3:87:02:a8:
8d:da:e0:d7:1c:62:71:aa:be:c4:3f:e4:2a:31:b6:78:39:ee:
39:b0:bf:44:4d:5b:f7:57:0a:8b:02:eb:f0:b1:c9:4a:49:46:
73:6d:3f:e2:03:3c:09:cb:10:3d:56:74:1f:a7:f2:9d:dc:8d:
6a:16:3b:6f:cd:a0:6c:9d:1c:dd:3e:41:85:69:bd:01:4e:81:
61:5f:84:51:cf:ff:7e:2c:61:b6:9a:ed:c6:16:82:d2:66:64:
d9:1f:46:22:f5:d6:e7:dd:8d:86:78:1c:34:13:a6:22:61:f7:
65:df:2e:ba:a3:f4:e2:69:14:c4:da:76:52:0b:7d:20:ae:dd:
59:3b:95:4b:4a:61:31:63:06:83:e7:ef:dd:7c:42:ce:dc:86:
82:dd:d1:be:d3:8e:4d:54:9d:9a:06:7e:89:12:23:7c:dc:95:
4e:44:79:2a:c8:49:d4:15:6f:2b:eb:6c:fe:08:92:5f:33:be:
5d:00:79:52:49:8c:4e:4c:4e:68:98:43:04:bf:48:d0:0a:e3:
16:8f:b6:b6:cc:9d:13:92:72:15:0b:4b:a6:9b:70:16:28:0d:
6f:00:f8:a6
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUEcT020mJ2XuDnV930jVbbr2c59kwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MDEyMDQxMjJaFw0yNTEwMDYyMzU5NTlaMHoxSTBHBgNV
BAUTQDRlMWEyYzA0NGNmMDE2NmU4ODg5NjI3MzBjMWRlNmM1ODVmMzRmMmEyZWQw
NDJiNjFhZWUzYjRiZTU5NmI5MTYxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAOdrePkLEYjd0kaRyWOx9JXORtNoO2CKc3C8MnpM8uR93aH5cbJkG63qy9m8
ittMyNTmXDedKDsY81GKNCcKmbqaqccU1TAhwmmyGyTzIfcqIkEojGDOg/KZncTv
/gOIRlXC1xVDxXMJEn3iG5cqyAWTXbuHfR0YwHu5x/FuaCedC6EOeScWZY05OKlj
oHEfEgRNm0NS7ePmwD0mJsxZvKWiGvL1b9tutgbFVa2admBJ3+iVkLOJEQxDcZ9b
rtco0Ou+Iik4LlBjyZGBYkodfhDubenn+O4AVilr7tt4vM980u8kInYDf+gTln93
+W2Ob1bDU3IvKT8aN0n5xSycM6UCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBTYu7yV
1hFbZYr7Sju2C0VEbC/mNDAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NTk1MjUwYzMtZTlmMi00ZTIzLTk3NzktODdjNDc0OTdmNTIwLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0HhQ
MA0GCSqGSIb3DQEBCwUAA4IBAQCFOjAp8RJBmR/ynZATOARnKdbOsqBgR7YSwKM1
96rVj8OHAqiN2uDXHGJxqr7EP+QqMbZ4Oe45sL9ETVv3VwqLAuvwsclKSUZzbT/i
AzwJyxA9VnQfp/Kd3I1qFjtvzaBsnRzdPkGFab0BToFhX4RRz/9+LGG2mu3GFoLS
ZmTZH0Yi9dbn3Y2GeBw0E6YiYfdl3y66o/TiaRTE2nZSC30grt1ZO5VLSmExYwaD
5+/dfELO3IaC3dG+045NVJ2aBn6JEiN83JVORHkqyEnUFW8r62z+CJJfM75dAHlS
SYxOTE5omEMEv0jQCuMWj7a2zJ0TknIVC0umm3AWKA1vAPim
-----END CERTIFICATE-----
Generated at Mon Sep 8 12:13:23 2025 by rpki-client