Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/8553b3da-6a47-43ee-87d3-5259a23c371b.roa
File: 8553b3da-6a47-43ee-87d3-5259a23c371b.roa (raw, json)
Hash identifier: D5Kv4XC+nGXQdZWAk5jZzHrypnmistTjrs4wRPmEy5E=
Subject key identifier: D9:8A:4A:52:5A:DA:78:5F:4B:46:77:76:64:DD:62:54:C5:1A:86:27
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 4E04C86777C9ACC5ED644D81EEF8031ADDF0298B
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/8553b3da-6a47-43ee-87d3-5259a23c371b.roa
Signing time: Mon 01 Sep 2025 20:51:11 +0000
ROA not before: Mon 01 Sep 2025 20:51:11 +0000
ROA not after: Mon 06 Oct 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d071:2000::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 14 Sep 2025 20:00:15 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
4e:04:c8:67:77:c9:ac:c5:ed:64:4d:81:ee:f8:03:1a:dd:f0:29:8b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Sep 1 20:51:11 2025 GMT
Not After : Oct 6 23:59:59 2025 GMT
Subject: serialNumber=d298c985f1d06f919bcda639f46cffe2251a56ddef9428b171bbf0eb0ca9b65b, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b1:b3:0b:8d:4d:fe:20:85:9e:57:af:e1:4d:41:
96:4a:4f:8a:df:6b:f5:99:4b:c1:2c:a3:fc:b8:b9:
52:c0:26:6a:52:37:8b:98:71:e5:84:88:78:70:88:
44:83:aa:b0:8f:f7:4b:7f:27:81:80:9c:55:52:7e:
3e:86:f3:c7:4f:3a:d6:ec:5b:76:28:0b:93:6a:38:
34:09:aa:4e:95:1a:ef:25:1c:f7:bc:d1:1c:3e:59:
b6:16:5d:87:22:c6:93:89:f8:b7:6b:b3:30:03:ef:
c0:67:2a:73:35:74:00:64:48:90:bf:ab:30:3a:63:
d7:91:6b:6f:f2:b7:95:5d:96:39:da:53:31:f5:cf:
d6:b7:05:6f:7d:4d:dc:c3:4d:e0:66:15:0c:9b:7d:
1f:dc:ba:62:38:29:9f:eb:41:71:e9:4b:b9:f4:ba:
b6:43:ed:67:aa:c9:54:c0:5d:ee:d0:5e:b6:73:44:
ce:a0:b8:65:e1:b9:56:40:50:95:5f:6c:ab:c3:15:
f6:3b:68:e4:77:cb:15:66:9c:5a:7f:f9:6a:ec:bf:
78:f0:fc:bb:57:05:41:5e:4a:9c:fb:6e:b2:d4:69:
5f:33:1e:ab:9b:19:b0:fc:21:e3:b2:10:d6:c0:4e:
21:08:84:59:98:2c:fe:a5:c1:25:21:5b:e4:47:64:
43:51
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D9:8A:4A:52:5A:DA:78:5F:4B:46:77:76:64:DD:62:54:C5:1A:86:27
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/8553b3da-6a47-43ee-87d3-5259a23c371b.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d071:2000::/40
Signature Algorithm: sha256WithRSAEncryption
72:0c:53:bb:49:48:45:e8:a2:61:73:cd:91:f1:52:1e:68:c9:
a3:26:d3:7d:73:7a:b9:ea:25:8b:88:9a:0d:74:0c:dd:b5:20:
ef:a0:59:42:45:b1:68:60:d3:30:30:c5:c5:e7:93:59:43:0c:
2d:97:9b:83:87:14:cc:20:5f:08:09:ec:99:cf:30:3a:5b:00:
db:ea:11:9b:77:b0:1d:3b:71:e6:d4:8b:17:a8:4e:82:ec:04:
23:cf:06:a2:3f:ce:e9:dc:e6:a3:31:40:b1:d1:8f:b0:2a:9f:
dd:f9:c4:24:ed:9a:1a:83:b5:38:46:bf:45:af:10:1a:1e:bd:
ad:d2:05:55:d4:b6:12:e5:8f:fb:4d:db:30:4e:3b:03:ac:d7:
1f:10:d2:47:3e:6c:b3:c6:f4:9b:9f:f4:71:c6:de:1b:5f:e7:
17:f6:d5:07:05:25:c9:7f:29:34:05:a2:68:01:b1:38:da:f7:
b9:43:64:9a:c3:38:13:04:84:2d:a8:76:61:58:27:8b:a7:7d:
0c:07:65:8a:cc:97:e3:87:3c:d5:b9:cb:10:ec:5f:d1:66:09:
d3:15:7c:09:74:e7:3d:14:e9:26:17:7a:fa:48:c8:13:10:42:
aa:4e:b3:7e:00:14:7b:93:0d:03:69:c2:9f:91:4b:f3:95:40:
e0:ec:d3:d5
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUTgTIZ3fJrMXtZE2B7vgDGt3wKYswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MDEyMDUxMTFaFw0yNTEwMDYyMzU5NTlaMHoxSTBHBgNV
BAUTQGQyOThjOTg1ZjFkMDZmOTE5YmNkYTYzOWY0NmNmZmUyMjUxYTU2ZGRlZjk0
MjhiMTcxYmJmMGViMGNhOWI2NWIxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALGzC41N/iCFnlev4U1BlkpPit9r9ZlLwSyj/Li5UsAmalI3i5hx5YSIeHCI
RIOqsI/3S38ngYCcVVJ+Pobzx0861uxbdigLk2o4NAmqTpUa7yUc97zRHD5ZthZd
hyLGk4n4t2uzMAPvwGcqczV0AGRIkL+rMDpj15Frb/K3lV2WOdpTMfXP1rcFb31N
3MNN4GYVDJt9H9y6Yjgpn+tBcelLufS6tkPtZ6rJVMBd7tBetnNEzqC4ZeG5VkBQ
lV9sq8MV9jto5HfLFWacWn/5auy/ePD8u1cFQV5KnPtustRpXzMeq5sZsPwh47IQ
1sBOIQiEWZgs/qXBJSFb5EdkQ1ECAwEAAaOCAiMwggIfMB0GA1UdDgQWBBTZikpS
Wtp4X0tGd3Zk3WJUxRqGJzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
ODU1M2IzZGEtNmE0Ny00M2VlLTg3ZDMtNTI1OWEyM2MzNzFiLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0HEg
MA0GCSqGSIb3DQEBCwUAA4IBAQByDFO7SUhF6KJhc82R8VIeaMmjJtN9c3q56iWL
iJoNdAzdtSDvoFlCRbFoYNMwMMXF55NZQwwtl5uDhxTMIF8ICeyZzzA6WwDb6hGb
d7AdO3Hm1IsXqE6C7AQjzwaiP87p3OajMUCx0Y+wKp/d+cQk7Zoag7U4Rr9FrxAa
Hr2t0gVV1LYS5Y/7TdswTjsDrNcfENJHPmyzxvSbn/Rxxt4bX+cX9tUHBSXJfyk0
BaJoAbE42ve5Q2SawzgTBIQtqHZhWCeLp30MB2WKzJfjhzzVucsQ7F/RZgnTFXwJ
dOc9FOkmF3r6SMgTEEKqTrN+ABR7kw0DacKfkUvzlUDg7NPV
-----END CERTIFICATE-----
Generated at Sun Sep 14 00:50:39 2025 by rpki-client