Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/63af811a-6e40-455f-b7a8-223951036a11.roa
File: 63af811a-6e40-455f-b7a8-223951036a11.roa (raw, json)
Hash identifier: 5ro1LNTdv+8br4ntOQ+MhKqAtppDpT0saD7nrXGMxQU=
Subject key identifier: 16:83:E9:AC:59:73:74:E7:D4:A2:54:D0:4E:DA:D3:71:3D:F4:F4:32
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 4764BFD1B5943246ED693026CCC1B305B2B7C8C2
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/63af811a-6e40-455f-b7a8-223951036a11.roa
Signing time: Mon 01 Sep 2025 20:20:52 +0000
ROA not before: Mon 01 Sep 2025 20:20:52 +0000
ROA not after: Mon 06 Oct 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d072:9000::/40 maxlen: 40
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 09 Sep 2025 10:00:23 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
47:64:bf:d1:b5:94:32:46:ed:69:30:26:cc:c1:b3:05:b2:b7:c8:c2
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Sep 1 20:20:52 2025 GMT
Not After : Oct 6 23:59:59 2025 GMT
Subject: serialNumber=94015ae5a626d495d037f596f3b5b7901e967b924898d6cb1694528497f5a665, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:96:58:2e:fe:8c:8e:b8:2f:dc:0f:ef:b1:ad:03:
c3:cc:2f:15:00:95:5b:bb:80:da:81:d8:c1:b9:50:
82:24:b0:28:f3:8c:d5:13:8c:92:f3:73:00:ec:d4:
bc:98:e1:ab:a0:bf:d3:fd:a6:93:03:c2:4b:32:61:
ac:df:77:38:59:02:cb:65:ed:66:49:2c:1c:2e:ae:
54:fa:47:dc:a4:52:2b:83:cb:76:60:dd:85:d9:f9:
ae:a5:26:db:51:ce:33:ee:c2:b8:e2:4c:c9:12:46:
c3:6e:d0:6e:34:06:ed:ff:28:0a:85:5c:0c:65:5a:
e7:11:e3:19:75:aa:05:26:c5:a0:2d:85:ba:64:c2:
e3:fa:d3:df:ae:2b:4e:49:5a:2d:42:9e:27:03:8e:
dc:07:b5:09:59:15:08:bc:29:8b:04:69:46:fb:c2:
78:fe:b0:c2:44:56:bb:db:2f:f9:cc:c6:85:d1:cb:
97:78:75:57:a2:74:3b:70:4c:c3:97:6a:65:14:94:
7c:11:34:c3:af:ee:ff:71:10:ec:89:a7:41:f6:b1:
a7:68:b5:85:35:20:af:65:13:d2:02:90:fb:1c:ed:
bc:82:e9:2e:e3:68:0b:43:eb:46:2a:ca:d8:e5:b0:
42:0d:73:94:69:99:6a:27:a2:db:db:50:a6:9f:db:
92:f5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
16:83:E9:AC:59:73:74:E7:D4:A2:54:D0:4E:DA:D3:71:3D:F4:F4:32
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/63af811a-6e40-455f-b7a8-223951036a11.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d072:9000::/40
Signature Algorithm: sha256WithRSAEncryption
57:54:00:8c:84:34:99:a8:46:df:46:dd:74:a6:d6:bd:37:fd:
eb:12:6e:64:3c:55:9c:ce:9a:2c:42:c2:bd:67:7d:0a:7e:44:
f5:5e:f9:6d:bf:c4:35:ed:a6:b1:58:64:c7:50:a3:59:55:48:
29:5a:f4:42:0d:41:77:02:50:eb:37:b0:50:b4:49:3c:2a:5a:
e0:25:af:d1:7f:d6:b6:05:da:b3:51:3f:a1:12:bd:d4:f1:10:
24:54:75:06:cb:ef:8f:ab:9d:0a:75:c0:3b:21:b6:e6:19:9e:
29:6b:12:b3:7f:b4:aa:d4:19:b6:74:72:59:8b:4a:b5:1d:ca:
4d:3a:7e:fb:ad:3f:08:1c:30:84:7a:9c:aa:15:e6:fd:c8:ad:
ad:53:1d:e1:49:00:70:d5:cb:69:1e:b4:34:b8:ca:77:77:c6:
8b:71:f2:eb:43:f1:ed:c3:25:ff:99:82:ee:1a:d0:42:fd:e6:
2d:2e:14:79:c0:12:b8:ba:51:ec:07:ff:4f:45:82:1c:42:e1:
ee:13:a8:e0:d9:05:2d:cb:97:61:6f:4f:ee:6a:d1:3b:90:de:
f0:0e:7a:9a:39:14:5e:73:79:46:01:6b:92:27:1c:69:be:25:
53:44:63:3d:9a:1f:95:f3:4e:d3:c6:22:25:ec:cb:b6:80:f7:
b0:80:e8:b0
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUR2S/0bWUMkbtaTAmzMGzBbK3yMIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MDEyMDIwNTJaFw0yNTEwMDYyMzU5NTlaMHoxSTBHBgNV
BAUTQDk0MDE1YWU1YTYyNmQ0OTVkMDM3ZjU5NmYzYjViNzkwMWU5NjdiOTI0ODk4
ZDZjYjE2OTQ1Mjg0OTdmNWE2NjUxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJZYLv6Mjrgv3A/vsa0Dw8wvFQCVW7uA2oHYwblQgiSwKPOM1ROMkvNzAOzU
vJjhq6C/0/2mkwPCSzJhrN93OFkCy2XtZkksHC6uVPpH3KRSK4PLdmDdhdn5rqUm
21HOM+7CuOJMyRJGw27QbjQG7f8oCoVcDGVa5xHjGXWqBSbFoC2FumTC4/rT364r
TklaLUKeJwOO3Ae1CVkVCLwpiwRpRvvCeP6wwkRWu9sv+czGhdHLl3h1V6J0O3BM
w5dqZRSUfBE0w6/u/3EQ7ImnQfaxp2i1hTUgr2UT0gKQ+xztvILpLuNoC0PrRirK
2OWwQg1zlGmZaiei29tQpp/bkvUCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBQWg+ms
WXN059SiVNBO2tNxPfT0MjAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NjNhZjgxMWEtNmU0MC00NTVmLWI3YTgtMjIzOTUxMDM2YTExLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0HKQ
MA0GCSqGSIb3DQEBCwUAA4IBAQBXVACMhDSZqEbfRt10pta9N/3rEm5kPFWczpos
QsK9Z30KfkT1Xvltv8Q17aaxWGTHUKNZVUgpWvRCDUF3AlDrN7BQtEk8KlrgJa/R
f9a2BdqzUT+hEr3U8RAkVHUGy++Pq50KdcA7IbbmGZ4paxKzf7Sq1Bm2dHJZi0q1
HcpNOn77rT8IHDCEepyqFeb9yK2tUx3hSQBw1ctpHrQ0uMp3d8aLcfLrQ/HtwyX/
mYLuGtBC/eYtLhR5wBK4ulHsB/9PRYIcQuHuE6jg2QUty5dhb0/uatE7kN7wDnqa
ORRec3lGAWuSJxxpviVTRGM9mh+V807TxiIl7Mu2gPewgOiw
-----END CERTIFICATE-----
Generated at Mon Sep 8 12:06:12 2025 by rpki-client