Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/68d5d934-fed6-49a5-ae03-a28a586e9c2e.roa
File: 68d5d934-fed6-49a5-ae03-a28a586e9c2e.roa (raw, json)
Hash identifier: VlStNUYxZ/QajJQu86TdTA/HZbbxbI2ZwZlLeImvoak=
Subject key identifier: F3:54:E6:BF:C5:CD:6B:0D:9B:72:3F:F7:44:ED:15:E4:12:2B:48:12
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 1C083D5F9872DB1428D5A62388FD2CA47B9C027D
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/68d5d934-fed6-49a5-ae03-a28a586e9c2e.roa
Signing time: Mon 01 Sep 2025 20:41:02 +0000
ROA not before: Mon 01 Sep 2025 20:41:02 +0000
ROA not after: Mon 06 Oct 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d058:a000::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 09 Sep 2025 10:00:23 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
1c:08:3d:5f:98:72:db:14:28:d5:a6:23:88:fd:2c:a4:7b:9c:02:7d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Sep 1 20:41:02 2025 GMT
Not After : Oct 6 23:59:59 2025 GMT
Subject: serialNumber=e2fecf65f910859b80cde131437622785772a9378e6925c793f49ba26ff826bd, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b7:69:e6:84:60:a0:0d:fe:e1:5e:74:ef:bb:63:
56:19:b6:9e:e2:38:be:9c:b2:73:40:4a:85:29:ae:
3f:47:67:34:77:c5:dd:0b:e2:22:aa:ef:48:f6:04:
53:2a:0c:64:1c:cd:a8:e7:df:af:73:f3:fa:aa:a1:
8d:fe:22:89:ad:94:00:4a:e1:59:72:2a:19:da:67:
ae:23:9c:41:14:4f:73:74:24:ce:f1:95:a7:14:e3:
54:17:ac:7d:4e:88:c3:39:8d:ef:46:a3:16:0c:e2:
e1:44:c2:9c:ba:a8:db:e9:0a:02:88:8c:17:0b:2c:
11:0b:75:f6:2e:db:bd:44:66:1e:19:f0:9b:fc:d5:
2e:9b:1c:3f:34:d1:7c:14:81:ee:37:26:e1:6e:a4:
55:99:c7:fb:7d:ae:b7:02:c9:88:c5:85:cd:b1:e6:
d2:98:72:8e:8f:c5:80:94:19:c6:b5:1d:d8:58:b6:
d8:fe:c3:e2:68:06:c5:f8:3d:87:ee:b3:0e:5e:3d:
57:36:23:47:60:4f:ad:f3:aa:fe:71:d4:a6:e2:18:
4c:d0:59:28:88:03:51:4a:59:ea:63:38:3b:6f:37:
27:2d:bc:cd:33:91:92:cb:02:9b:be:20:94:01:53:
3e:1b:42:b1:1b:4b:65:d5:2c:96:d2:6d:62:2f:4c:
f0:bb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F3:54:E6:BF:C5:CD:6B:0D:9B:72:3F:F7:44:ED:15:E4:12:2B:48:12
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/68d5d934-fed6-49a5-ae03-a28a586e9c2e.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d058:a000::/40
Signature Algorithm: sha256WithRSAEncryption
1c:6d:db:8e:46:d1:4d:81:62:8e:3b:e7:bd:06:c1:15:70:d3:
fa:18:20:69:a3:15:9f:d9:25:bd:8a:15:e9:b6:c5:ef:02:d7:
e2:92:a7:f3:d3:f8:3f:f3:53:f8:58:42:df:e6:b2:95:e7:c5:
5f:6d:c5:84:c6:70:e6:e5:fb:20:24:33:65:65:9d:33:74:e5:
82:a2:84:01:bb:af:77:da:26:07:44:7b:1d:23:45:7a:12:5e:
ab:2a:dd:a9:61:3b:fb:3e:e2:ca:49:6e:df:1f:52:a6:51:9d:
b8:1a:ec:14:51:0e:d8:56:bb:be:30:5c:c6:c9:b4:48:7c:ea:
48:93:97:f0:74:8f:fa:b7:d3:75:e4:6a:75:e6:60:e5:e1:38:
bb:8b:2a:7d:7f:e1:02:54:f5:87:52:47:85:48:b1:25:90:fd:
ff:cc:d4:1a:e4:00:47:ee:5c:2b:ac:75:79:d7:5f:fe:21:0a:
9d:cf:32:05:aa:84:20:ab:79:3c:45:f2:90:5b:d3:90:bd:e2:
e8:af:82:76:25:df:62:8f:bb:f5:25:48:40:1a:fa:00:1c:24:
94:ae:12:b2:c4:24:75:91:59:5e:bd:8a:59:ec:3f:10:71:8d:
09:21:28:2d:b4:24:27:ce:91:92:8e:58:e7:4f:30:5f:16:90:
2e:e6:88:4b
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUHAg9X5hy2xQo1aYjiP0spHucAn0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MDEyMDQxMDJaFw0yNTEwMDYyMzU5NTlaMHoxSTBHBgNV
BAUTQGUyZmVjZjY1ZjkxMDg1OWI4MGNkZTEzMTQzNzYyMjc4NTc3MmE5Mzc4ZTY5
MjVjNzkzZjQ5YmEyNmZmODI2YmQxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALdp5oRgoA3+4V5077tjVhm2nuI4vpyyc0BKhSmuP0dnNHfF3QviIqrvSPYE
UyoMZBzNqOffr3Pz+qqhjf4iia2UAErhWXIqGdpnriOcQRRPc3QkzvGVpxTjVBes
fU6IwzmN70ajFgzi4UTCnLqo2+kKAoiMFwssEQt19i7bvURmHhnwm/zVLpscPzTR
fBSB7jcm4W6kVZnH+32utwLJiMWFzbHm0phyjo/FgJQZxrUd2Fi22P7D4mgGxfg9
h+6zDl49VzYjR2BPrfOq/nHUpuIYTNBZKIgDUUpZ6mM4O283Jy28zTORkssCm74g
lAFTPhtCsRtLZdUsltJtYi9M8LsCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBTzVOa/
xc1rDZtyP/dE7RXkEitIEjAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NjhkNWQ5MzQtZmVkNi00OWE1LWFlMDMtYTI4YTU4NmU5YzJlLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0Fig
MA0GCSqGSIb3DQEBCwUAA4IBAQAcbduORtFNgWKOO+e9BsEVcNP6GCBpoxWf2SW9
ihXptsXvAtfikqfz0/g/81P4WELf5rKV58VfbcWExnDm5fsgJDNlZZ0zdOWCooQB
u6932iYHRHsdI0V6El6rKt2pYTv7PuLKSW7fH1KmUZ24GuwUUQ7YVru+MFzGybRI
fOpIk5fwdI/6t9N15Gp15mDl4Ti7iyp9f+ECVPWHUkeFSLElkP3/zNQa5ABH7lwr
rHV511/+IQqdzzIFqoQgq3k8RfKQW9OQveLor4J2Jd9ij7v1JUhAGvoAHCSUrhKy
xCR1kVlevYpZ7D8QcY0JISgttCQnzpGSjljnTzBfFpAu5ohL
-----END CERTIFICATE-----
Generated at Mon Sep 8 12:07:05 2025 by rpki-client