Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/68ece0e7-075e-4bcd-873e-0c74882a8546.roa
File: 68ece0e7-075e-4bcd-873e-0c74882a8546.roa (raw, json)
Hash identifier: aDx+QFweXzRQKKPUhRlugDYOVozPh9fOJetv7K9Z1MQ=
Subject key identifier: D4:8A:E2:5D:C4:BE:03:FF:FB:C2:C4:E6:63:8E:1A:F5:C3:A1:21:4A
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 79767177ABD493CCAB90C19D50D241A47AF7DB47
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/68ece0e7-075e-4bcd-873e-0c74882a8546.roa
Signing time: Mon 01 Sep 2025 20:21:02 +0000
ROA not before: Mon 01 Sep 2025 20:21:02 +0000
ROA not after: Mon 06 Oct 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d07f:8080::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 09 Sep 2025 10:00:23 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
79:76:71:77:ab:d4:93:cc:ab:90:c1:9d:50:d2:41:a4:7a:f7:db:47
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Sep 1 20:21:02 2025 GMT
Not After : Oct 6 23:59:59 2025 GMT
Subject: serialNumber=47c6c83e97724eee52fc54b46da41085c9d060fe3dcc19e40e7108849a637094, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:94:51:5f:e2:c8:b3:72:d4:74:da:22:d2:19:46:
92:9e:cf:4b:bb:7a:48:c5:11:0c:7d:44:4f:a9:b9:
a7:89:03:95:9b:e7:df:e9:95:7d:42:47:71:0a:50:
57:32:6d:d8:ac:90:8a:4b:23:0d:6a:00:4a:0c:b2:
d7:70:07:b2:c9:e7:e1:65:76:f6:48:21:d8:e7:d0:
91:70:4b:03:85:ab:cb:0f:ff:a6:b8:39:41:00:c8:
e9:a1:08:d4:35:7b:be:69:28:2d:62:d9:2c:62:30:
98:05:6c:29:f3:06:1e:fc:88:0d:70:bb:de:26:33:
4a:6d:28:86:13:42:5c:60:de:ef:0c:31:81:d9:6c:
c5:88:ec:9b:1e:b1:6b:13:3c:ac:f4:62:85:33:40:
bf:dc:15:19:7b:aa:72:50:0f:78:f6:a8:5f:a7:59:
5b:ba:1b:6b:4d:54:dd:f8:3e:54:bf:af:37:e4:8e:
3a:5a:0d:f2:0d:e2:49:d9:90:94:9e:47:c7:3d:53:
44:85:72:1c:23:76:2b:5f:73:9b:3f:1d:cc:5d:08:
13:82:41:5c:c8:ac:27:6f:a8:57:12:1f:1e:86:44:
9d:b1:cd:8f:55:a9:93:1a:0a:3d:4c:03:1f:43:d2:
2f:44:17:e0:fb:cc:4a:25:45:0c:6b:68:5c:8f:ef:
52:3b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D4:8A:E2:5D:C4:BE:03:FF:FB:C2:C4:E6:63:8E:1A:F5:C3:A1:21:4A
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/68ece0e7-075e-4bcd-873e-0c74882a8546.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d07f:8080::/48
Signature Algorithm: sha256WithRSAEncryption
7e:24:56:31:a5:7d:00:aa:0b:86:8b:d4:5c:8b:39:34:7a:d8:
ab:6d:20:2a:08:ec:e8:70:e7:c0:f6:b7:6e:8a:3b:54:00:6f:
09:fa:00:e4:a4:2b:9c:c6:e3:f8:0d:98:f3:43:39:2c:94:28:
ca:0d:c7:27:b3:e5:63:65:38:e8:e2:ae:a2:65:36:37:36:d1:
fe:c3:8b:bb:05:03:9b:95:1d:0f:f8:13:b2:66:59:10:a1:89:
02:20:12:b8:7c:e5:ec:77:61:d0:93:24:64:21:e6:6f:6f:46:
1d:19:eb:35:28:2a:df:a2:de:14:bc:d7:41:fb:55:6b:93:00:
b8:76:ef:63:cd:62:9a:b3:7f:50:ae:7a:ac:3d:4d:9a:57:7a:
77:01:6e:b9:7a:11:b8:2d:4c:d0:a1:df:0e:18:7b:d7:a9:9f:
0d:5d:17:4c:83:66:d5:63:0d:18:a2:27:52:9e:87:7c:16:6f:
09:c6:84:3c:51:74:64:8d:d7:56:a2:96:ef:5f:4e:f5:a2:eb:
04:17:b2:e0:a0:8f:4e:d1:c5:be:e4:51:73:09:b9:f7:16:e0:
9d:0f:a9:bf:6d:b6:0d:9b:0c:b7:50:d5:0b:26:4a:54:1d:46:
bb:5b:44:0f:b5:85:89:12:7e:90:ed:79:85:4c:48:46:ee:d1:
12:53:97:87
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUeXZxd6vUk8yrkMGdUNJBpHr320cwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MDEyMDIxMDJaFw0yNTEwMDYyMzU5NTlaMHoxSTBHBgNV
BAUTQDQ3YzZjODNlOTc3MjRlZWU1MmZjNTRiNDZkYTQxMDg1YzlkMDYwZmUzZGNj
MTllNDBlNzEwODg0OWE2MzcwOTQxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJRRX+LIs3LUdNoi0hlGkp7PS7t6SMURDH1ET6m5p4kDlZvn3+mVfUJHcQpQ
VzJt2KyQiksjDWoASgyy13AHssnn4WV29kgh2OfQkXBLA4Wryw//prg5QQDI6aEI
1DV7vmkoLWLZLGIwmAVsKfMGHvyIDXC73iYzSm0ohhNCXGDe7wwxgdlsxYjsmx6x
axM8rPRihTNAv9wVGXuqclAPePaoX6dZW7oba01U3fg+VL+vN+SOOloN8g3iSdmQ
lJ5Hxz1TRIVyHCN2K19zmz8dzF0IE4JBXMisJ2+oVxIfHoZEnbHNj1WpkxoKPUwD
H0PSL0QX4PvMSiVFDGtoXI/vUjsCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBTUiuJd
xL4D//vCxOZjjhr1w6EhSjAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NjhlY2UwZTctMDc1ZS00YmNkLTg3M2UtMGM3NDg4MmE4NTQ2LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0H+A
gDANBgkqhkiG9w0BAQsFAAOCAQEAfiRWMaV9AKoLhovUXIs5NHrYq20gKgjs6HDn
wPa3boo7VABvCfoA5KQrnMbj+A2Y80M5LJQoyg3HJ7PlY2U46OKuomU2NzbR/sOL
uwUDm5UdD/gTsmZZEKGJAiASuHzl7Hdh0JMkZCHmb29GHRnrNSgq36LeFLzXQftV
a5MAuHbvY81imrN/UK56rD1Nmld6dwFuuXoRuC1M0KHfDhh716mfDV0XTINm1WMN
GKInUp6HfBZvCcaEPFF0ZI3XVqKW719O9aLrBBey4KCPTtHFvuRRcwm59xbgnQ+p
v222DZsMt1DVCyZKVB1Gu1tED7WFiRJ+kO15hUxIRu7RElOXhw==
-----END CERTIFICATE-----
Generated at Mon Sep 8 12:12:48 2025 by rpki-client