Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/7802179a-c80f-42f1-a50b-a0af1df078c2.roa
File: 7802179a-c80f-42f1-a50b-a0af1df078c2.roa (raw, json)
Hash identifier: qT+FcTliSl4kh+6VaFtLrVODDmTjRwQUC37ZdDpD8v0=
Subject key identifier: 71:31:08:6B:05:D3:C5:A6:ED:DF:2D:97:4C:88:EC:19:F8:A8:77:8E
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 213F9E1FE4F9ABECAD1CEABADC6F2FAEA33C1002
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/7802179a-c80f-42f1-a50b-a0af1df078c2.roa
Signing time: Mon 01 Sep 2025 21:00:57 +0000
ROA not before: Mon 01 Sep 2025 21:00:57 +0000
ROA not after: Mon 06 Oct 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d059:4000::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 09 Sep 2025 10:00:23 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
21:3f:9e:1f:e4:f9:ab:ec:ad:1c:ea:ba:dc:6f:2f:ae:a3:3c:10:02
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Sep 1 21:00:57 2025 GMT
Not After : Oct 6 23:59:59 2025 GMT
Subject: serialNumber=c009efd6ffd3b2404c064f0aa9060731940e8d15d755f7f034741d6aeadb46be, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a9:8f:bc:7f:f3:be:2b:fe:24:f8:8a:ef:72:a2:
62:77:52:35:0a:29:25:b7:31:5f:92:3f:e0:7b:a3:
c5:57:2f:6f:de:11:8e:90:f7:f0:32:ad:3e:bf:c3:
30:be:b3:48:71:d4:47:d6:81:33:23:b6:08:a2:c7:
39:1b:75:70:49:ba:dc:4c:02:3d:b6:d0:a6:bb:c3:
ea:c9:78:c5:d8:50:67:7c:41:40:70:32:87:91:e6:
08:09:01:a4:cf:5d:a9:ea:63:57:e4:3c:01:95:3f:
a4:95:c1:62:ed:16:a3:e7:43:19:36:72:1a:02:13:
0c:8a:8d:85:94:e6:55:ad:b1:3b:e0:1b:af:32:3a:
0a:89:f4:af:a0:8a:27:0a:cb:8b:3b:af:99:1e:8a:
c3:31:09:38:13:66:b0:a4:ab:b8:e7:1f:8f:f6:ff:
60:ba:46:be:be:bf:a8:22:32:b5:ea:ea:15:15:ab:
c6:ec:96:73:1e:ce:00:28:c0:b7:22:96:c6:0a:ed:
27:70:b5:2a:70:08:79:52:b2:0d:24:36:0b:66:88:
28:7e:5f:ca:75:18:67:39:43:f2:dc:65:f6:0a:ed:
15:c7:e9:6c:c9:30:72:43:e2:d9:d6:e2:c6:04:02:
4a:23:f7:3e:26:f7:ac:c5:30:b3:14:2d:95:37:94:
b1:fd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
71:31:08:6B:05:D3:C5:A6:ED:DF:2D:97:4C:88:EC:19:F8:A8:77:8E
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/7802179a-c80f-42f1-a50b-a0af1df078c2.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d059:4000::/40
Signature Algorithm: sha256WithRSAEncryption
9d:29:ec:14:c8:26:67:94:92:35:e9:ee:4a:c6:9a:38:6c:cd:
b0:c4:61:c2:3c:05:1f:d3:da:6b:ef:4a:e8:19:c7:b2:62:f3:
63:26:59:fa:1c:ec:04:0a:f7:eb:aa:c8:1b:ac:dd:2b:80:5a:
62:39:a6:c3:c7:de:5a:5e:73:76:ef:ec:00:54:09:7c:96:09:
a5:bc:18:8f:88:45:03:68:d1:9e:46:ce:33:05:53:3f:8f:32:
9e:8b:ae:2f:f3:7e:90:43:12:68:95:a2:a2:8b:eb:b2:b4:53:
d4:e2:b9:26:61:a9:c3:cd:17:c9:90:7d:9b:bb:a8:78:d2:45:
ac:95:96:04:8e:a1:4d:e8:7b:8a:2c:69:e3:40:53:03:79:d5:
05:0c:2f:c7:cf:08:70:d8:0d:fd:1e:1d:2e:7a:4b:d4:a4:f1:
84:9f:93:87:4b:04:18:d1:37:d8:36:96:4d:43:e3:b5:1f:42:
6c:6b:62:0b:50:1b:64:9a:2c:c3:b5:ed:c9:b3:5e:83:7b:fc:
1d:9b:50:b7:f0:9c:7a:97:f6:ca:d7:a7:15:d1:0c:df:e3:7c:
1b:81:d6:7d:43:97:b5:af:8c:53:db:c3:28:8a:01:ce:ae:c6:
6f:6e:9f:ce:c3:c9:65:ea:4e:4f:43:7e:7e:26:25:f8:62:14:
49:c9:95:ec
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUIT+eH+T5q+ytHOq63G8vrqM8EAIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MDEyMTAwNTdaFw0yNTEwMDYyMzU5NTlaMHoxSTBHBgNV
BAUTQGMwMDllZmQ2ZmZkM2IyNDA0YzA2NGYwYWE5MDYwNzMxOTQwZThkMTVkNzU1
ZjdmMDM0NzQxZDZhZWFkYjQ2YmUxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKmPvH/zviv+JPiK73KiYndSNQopJbcxX5I/4HujxVcvb94RjpD38DKtPr/D
ML6zSHHUR9aBMyO2CKLHORt1cEm63EwCPbbQprvD6sl4xdhQZ3xBQHAyh5HmCAkB
pM9dqepjV+Q8AZU/pJXBYu0Wo+dDGTZyGgITDIqNhZTmVa2xO+AbrzI6Con0r6CK
JwrLizuvmR6KwzEJOBNmsKSruOcfj/b/YLpGvr6/qCIyterqFRWrxuyWcx7OACjA
tyKWxgrtJ3C1KnAIeVKyDSQ2C2aIKH5fynUYZzlD8txl9grtFcfpbMkwckPi2dbi
xgQCSiP3Pib3rMUwsxQtlTeUsf0CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBRxMQhr
BdPFpu3fLZdMiOwZ+Kh3jjAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NzgwMjE3OWEtYzgwZi00MmYxLWE1MGItYTBhZjFkZjA3OGMyLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0FlA
MA0GCSqGSIb3DQEBCwUAA4IBAQCdKewUyCZnlJI16e5Kxpo4bM2wxGHCPAUf09pr
70roGceyYvNjJln6HOwECvfrqsgbrN0rgFpiOabDx95aXnN27+wAVAl8lgmlvBiP
iEUDaNGeRs4zBVM/jzKei64v836QQxJolaKii+uytFPU4rkmYanDzRfJkH2bu6h4
0kWslZYEjqFN6HuKLGnjQFMDedUFDC/Hzwhw2A39Hh0uekvUpPGEn5OHSwQY0TfY
NpZNQ+O1H0Jsa2ILUBtkmizDte3Js16De/wdm1C38Jx6l/bK16cV0Qzf43wbgdZ9
Q5e1r4xT28MoigHOrsZvbp/Ow8ll6k5PQ35+JiX4YhRJyZXs
-----END CERTIFICATE-----
Generated at Mon Sep 8 12:06:09 2025 by rpki-client