Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/5f28c807-572d-4641-be39-53109963f4c3.roa
File: 5f28c807-572d-4641-be39-53109963f4c3.roa (raw, json)
Hash identifier: eEU1LbrvDlQlleOoJCEAspu9j7uJrZQm9r/yVpG1Cpg=
Subject key identifier: DA:59:70:76:CD:1C:BC:30:78:E7:E2:81:4B:96:5F:31:3F:E1:EB:E8
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 5521E584A913ED22F82C38CE19C36175143A8191
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/5f28c807-572d-4641-be39-53109963f4c3.roa
Signing time: Mon 01 Sep 2025 20:30:25 +0000
ROA not before: Mon 01 Sep 2025 20:30:25 +0000
ROA not after: Mon 06 Oct 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d036:a000::/40 maxlen: 40
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 09 Sep 2025 10:00:23 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
55:21:e5:84:a9:13:ed:22:f8:2c:38:ce:19:c3:61:75:14:3a:81:91
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Sep 1 20:30:25 2025 GMT
Not After : Oct 6 23:59:59 2025 GMT
Subject: serialNumber=eb0451e914cb4eb258fd20d7d537007a98c0387cf15b16e613f61fbef35c2675, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c3:18:50:85:9a:65:a8:5c:a3:9d:4d:e1:71:93:
01:cf:4e:7c:e1:f4:24:6f:f7:f1:9f:da:e2:b1:9b:
26:dc:9e:3e:d7:56:af:2a:c8:c4:4d:1d:27:39:e4:
b9:a2:e7:ae:eb:06:9f:de:8f:7f:3c:c2:d3:86:ca:
77:03:17:63:cd:f6:ef:e1:0f:63:a5:75:e7:66:6a:
e2:c7:19:6c:27:f8:e3:f1:c8:d7:46:4a:34:cc:00:
3e:6f:76:fb:bb:b2:fe:f3:c5:c9:10:1d:41:d1:eb:
bb:1c:fe:c2:2d:9a:fd:24:8d:c6:63:93:d9:14:c5:
41:bd:fe:be:20:6d:87:aa:47:44:b3:bf:94:c7:cb:
64:ec:5e:43:0c:2e:b8:9b:6d:59:93:e9:13:ad:e2:
54:17:be:b0:36:35:6a:f7:36:65:3c:00:1f:b9:0f:
2b:c6:c9:94:38:10:91:53:f0:9e:39:da:37:a8:fa:
36:e5:7c:1e:b6:2d:20:ca:9c:f4:97:5d:e2:5f:5d:
60:1b:ec:7a:b3:b4:f1:ff:c2:37:53:59:88:d4:04:
9d:8d:fa:0b:91:e9:a0:5d:bf:da:5f:dd:c2:d9:76:
9a:20:88:3c:a7:42:70:bc:1f:44:6e:80:e9:cb:0a:
e3:46:a3:78:d7:de:ff:ee:04:45:f8:56:3d:11:40:
91:91
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DA:59:70:76:CD:1C:BC:30:78:E7:E2:81:4B:96:5F:31:3F:E1:EB:E8
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/5f28c807-572d-4641-be39-53109963f4c3.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d036:a000::/40
Signature Algorithm: sha256WithRSAEncryption
ca:14:29:0b:7f:72:9d:98:41:63:4f:99:7d:f6:5d:3d:b8:48:
f7:22:6e:97:30:cd:76:55:da:a2:f9:94:4a:f4:4b:80:c9:3e:
6f:fe:67:c9:25:a9:cc:74:2b:1c:76:ec:7a:b9:a7:bc:08:2a:
89:5c:db:cf:63:81:a1:2a:54:79:3f:4f:b8:3c:2d:5c:d2:0d:
c6:f3:a1:9a:f4:d9:4b:f0:8b:0c:87:9b:bc:3e:f5:52:42:fc:
1c:66:0b:91:c7:88:e6:3b:3a:bc:16:08:40:45:52:1e:99:1a:
e9:c1:c8:e5:66:78:66:0b:ad:3e:3f:8e:0a:22:c5:f3:12:96:
53:81:e2:0e:54:59:e5:32:e9:e4:d0:59:d7:54:a8:bf:f4:79:
67:46:b6:ce:8e:eb:af:d0:ff:b3:16:10:dc:9f:de:29:45:5b:
75:02:49:71:c9:79:fb:e4:02:f7:d5:ae:10:3c:3d:09:e6:77:
9d:57:f3:af:20:4e:62:2d:5c:a1:65:57:85:71:c6:d0:94:ad:
bc:ad:e9:7d:41:1a:5c:a7:f3:02:ca:a2:b8:59:a3:4e:0b:5d:
60:54:07:b6:2d:fd:60:60:21:39:a1:cd:87:b8:0b:97:19:db:
f2:1e:96:30:e1:c7:a8:0c:6e:95:20:f5:e7:1f:4f:c1:05:ba:
c9:9e:f5:b6
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUVSHlhKkT7SL4LDjOGcNhdRQ6gZEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MDEyMDMwMjVaFw0yNTEwMDYyMzU5NTlaMHoxSTBHBgNV
BAUTQGViMDQ1MWU5MTRjYjRlYjI1OGZkMjBkN2Q1MzcwMDdhOThjMDM4N2NmMTVi
MTZlNjEzZjYxZmJlZjM1YzI2NzUxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMMYUIWaZahco51N4XGTAc9OfOH0JG/38Z/a4rGbJtyePtdWryrIxE0dJznk
uaLnrusGn96PfzzC04bKdwMXY8327+EPY6V152Zq4scZbCf44/HI10ZKNMwAPm92
+7uy/vPFyRAdQdHruxz+wi2a/SSNxmOT2RTFQb3+viBth6pHRLO/lMfLZOxeQwwu
uJttWZPpE63iVBe+sDY1avc2ZTwAH7kPK8bJlDgQkVPwnjnaN6j6NuV8HrYtIMqc
9Jdd4l9dYBvserO08f/CN1NZiNQEnY36C5HpoF2/2l/dwtl2miCIPKdCcLwfRG6A
6csK40ajeNfe/+4ERfhWPRFAkZECAwEAAaOCAiMwggIfMB0GA1UdDgQWBBTaWXB2
zRy8MHjn4oFLll8xP+Hr6DAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NWYyOGM4MDctNTcyZC00NjQxLWJlMzktNTMxMDk5NjNmNGMzLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0Dag
MA0GCSqGSIb3DQEBCwUAA4IBAQDKFCkLf3KdmEFjT5l99l09uEj3Im6XMM12Vdqi
+ZRK9EuAyT5v/mfJJanMdCscdux6uae8CCqJXNvPY4GhKlR5P0+4PC1c0g3G86Ga
9NlL8IsMh5u8PvVSQvwcZguRx4jmOzq8FghARVIemRrpwcjlZnhmC60+P44KIsXz
EpZTgeIOVFnlMunk0FnXVKi/9HlnRrbOjuuv0P+zFhDcn94pRVt1AklxyXn75AL3
1a4QPD0J5nedV/OvIE5iLVyhZVeFccbQlK28rel9QRpcp/MCyqK4WaNOC11gVAe2
Lf1gYCE5oc2HuAuXGdvyHpYw4ceoDG6VIPXnH0/BBbrJnvW2
-----END CERTIFICATE-----
Generated at Mon Sep 8 12:09:26 2025 by rpki-client