Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/72c1c04d-5c77-431c-825c-1633fac1964d.roa
File: 72c1c04d-5c77-431c-825c-1633fac1964d.roa (raw, json)
Hash identifier: CzwOATBwJnDqjJ5CkTGu6cDzImdvHaIvW3YJOyVNc1g=
Subject key identifier: 89:2A:70:49:3B:02:FA:97:E2:5E:88:A6:6C:03:1C:FD:E4:C0:38:86
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 62F0392C04A2FE6DF836A3067D39A1B8B1F5F15A
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/72c1c04d-5c77-431c-825c-1633fac1964d.roa
Signing time: Mon 01 Sep 2025 20:30:12 +0000
ROA not before: Mon 01 Sep 2025 20:30:12 +0000
ROA not after: Mon 06 Oct 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d07f:8030::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 09 Sep 2025 10:00:23 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
62:f0:39:2c:04:a2:fe:6d:f8:36:a3:06:7d:39:a1:b8:b1:f5:f1:5a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Sep 1 20:30:12 2025 GMT
Not After : Oct 6 23:59:59 2025 GMT
Subject: serialNumber=6f40aa9d68ac69be6667b6dc8b2ff0c7a19f0cb7d9c9bbd2a9eb2d32c6c71e91, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cd:77:9e:24:fc:fd:85:74:b0:68:de:be:fd:54:
24:9e:1a:f6:ef:40:1a:86:7b:14:55:17:96:db:a8:
5c:0e:27:4b:ee:89:e1:a9:0f:ca:eb:bc:11:5c:96:
5e:d6:26:0b:16:d9:a8:cc:ae:c7:24:59:6b:e1:70:
cd:b0:2e:c1:00:46:ce:44:e0:f9:01:e0:42:72:12:
69:98:53:53:bf:6e:45:f7:a7:c6:d1:d4:76:c4:c7:
4e:92:5b:b3:7a:00:1b:7e:d3:ce:ab:3b:e4:70:c7:
e8:de:bc:87:1c:fd:56:b2:0c:14:be:a2:23:5a:2f:
48:3f:c8:97:8b:19:f8:96:7a:46:69:c9:ee:7f:a9:
3a:60:08:04:df:1b:f1:cf:d6:8f:c4:cc:54:41:d6:
5e:ce:e3:c8:26:6b:e8:1b:81:27:1a:aa:ab:db:8c:
12:35:30:88:7f:4f:43:17:3c:ae:47:f4:cf:40:4b:
81:c6:b2:62:df:8d:35:bd:86:c9:9e:dd:da:62:4e:
23:f3:b1:89:d3:69:20:da:af:1d:d5:2f:cd:0e:1c:
1a:54:59:30:b8:e4:4c:eb:c9:a9:29:86:f0:86:ef:
cf:57:ee:6b:c3:88:ba:80:b3:46:96:65:84:56:9a:
ef:51:11:30:f5:43:70:39:80:89:40:b8:77:5a:40:
72:9d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
89:2A:70:49:3B:02:FA:97:E2:5E:88:A6:6C:03:1C:FD:E4:C0:38:86
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/72c1c04d-5c77-431c-825c-1633fac1964d.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d07f:8030::/48
Signature Algorithm: sha256WithRSAEncryption
56:15:bc:70:93:7d:34:92:05:c7:a8:01:4c:fc:63:5a:b0:73:
4a:9c:30:14:07:7b:59:e7:8e:8f:31:e4:0d:20:6b:38:57:2a:
27:e9:47:8c:03:69:e1:48:45:3a:28:52:81:d3:ec:a8:c9:5b:
3e:c5:8b:41:2a:83:3c:c7:0e:e2:fb:7f:7c:1b:5d:38:38:ed:
5d:7d:b9:e7:e3:f2:ff:b5:c4:a0:7e:17:c0:b0:3d:4f:1a:9a:
37:7d:12:bf:47:0c:88:1b:85:d0:7d:21:c9:ef:b8:dd:00:aa:
ee:79:3f:fc:5a:0c:cb:19:90:23:9d:53:d0:e2:b4:86:7b:ee:
d9:7b:32:82:c2:d8:c6:eb:45:60:42:f8:0b:10:30:bd:d3:c7:
1f:e6:05:4a:ea:83:60:2c:80:2a:bc:f1:59:ea:c4:ea:3a:c2:
32:46:d5:9a:64:af:37:3f:fa:f5:2a:97:07:48:fd:8e:91:ba:
93:d2:71:ea:0e:4d:85:f3:ba:23:e6:f3:5d:e6:57:bd:1e:e1:
70:a5:66:74:da:30:f6:9d:a0:58:5f:e9:2e:42:20:5f:96:a5:
62:37:3f:00:e1:e7:d7:1e:58:aa:27:e1:96:e1:f1:01:74:4f:
e2:20:b9:54:92:bd:f9:68:87:14:6f:49:7b:b2:f8:0e:95:0e:
c5:63:21:19
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUYvA5LASi/m34NqMGfTmhuLH18VowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MDEyMDMwMTJaFw0yNTEwMDYyMzU5NTlaMHoxSTBHBgNV
BAUTQDZmNDBhYTlkNjhhYzY5YmU2NjY3YjZkYzhiMmZmMGM3YTE5ZjBjYjdkOWM5
YmJkMmE5ZWIyZDMyYzZjNzFlOTExLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAM13niT8/YV0sGjevv1UJJ4a9u9AGoZ7FFUXltuoXA4nS+6J4akPyuu8EVyW
XtYmCxbZqMyuxyRZa+FwzbAuwQBGzkTg+QHgQnISaZhTU79uRfenxtHUdsTHTpJb
s3oAG37Tzqs75HDH6N68hxz9VrIMFL6iI1ovSD/Il4sZ+JZ6RmnJ7n+pOmAIBN8b
8c/Wj8TMVEHWXs7jyCZr6BuBJxqqq9uMEjUwiH9PQxc8rkf0z0BLgcayYt+NNb2G
yZ7d2mJOI/OxidNpINqvHdUvzQ4cGlRZMLjkTOvJqSmG8Ibvz1fua8OIuoCzRpZl
hFaa71ERMPVDcDmAiUC4d1pAcp0CAwEAAaOCAiQwggIgMB0GA1UdDgQWBBSJKnBJ
OwL6l+JeiKZsAxz95MA4hjAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NzJjMWMwNGQtNWM3Ny00MzFjLTgyNWMtMTYzM2ZhYzE5NjRkLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0H+A
MDANBgkqhkiG9w0BAQsFAAOCAQEAVhW8cJN9NJIFx6gBTPxjWrBzSpwwFAd7WeeO
jzHkDSBrOFcqJ+lHjANp4UhFOihSgdPsqMlbPsWLQSqDPMcO4vt/fBtdODjtXX25
5+Py/7XEoH4XwLA9TxqaN30Sv0cMiBuF0H0hye+43QCq7nk//FoMyxmQI51T0OK0
hnvu2XsygsLYxutFYEL4CxAwvdPHH+YFSuqDYCyAKrzxWerE6jrCMkbVmmSvNz/6
9SqXB0j9jpG6k9Jx6g5NhfO6I+bzXeZXvR7hcKVmdNow9p2gWF/pLkIgX5alYjc/
AOHn1x5YqifhluHxAXRP4iC5VJK9+WiHFG9Je7L4DpUOxWMhGQ==
-----END CERTIFICATE-----
Generated at Mon Sep 8 12:17:10 2025 by rpki-client