Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/8a06e909-5227-47d9-a58c-be623a2a4cad.roa
File: 8a06e909-5227-47d9-a58c-be623a2a4cad.roa (raw, json)
Hash identifier: dI3K6o68k31DO/tuI+BrRlzHU5ux3whUGimUFBVRSz4=
Subject key identifier: 1F:22:20:CC:FB:D9:DD:64:15:9F:04:C6:5E:5D:62:AD:18:C8:85:D1
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 4E4AA5FE509362AED6A2FC4FDB9BF7783EFFE7C3
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/8a06e909-5227-47d9-a58c-be623a2a4cad.roa
Signing time: Mon 01 Sep 2025 20:50:59 +0000
ROA not before: Mon 01 Sep 2025 20:50:59 +0000
ROA not after: Mon 06 Oct 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d058:4000::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 09 Sep 2025 10:00:23 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
4e:4a:a5:fe:50:93:62:ae:d6:a2:fc:4f:db:9b:f7:78:3e:ff:e7:c3
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Sep 1 20:50:59 2025 GMT
Not After : Oct 6 23:59:59 2025 GMT
Subject: serialNumber=cdb3d2d991381c738ce514fdaab80390638fd610af2f8aaf60bcfeca5961d405, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ce:2c:8f:b1:15:a4:c3:da:2d:e9:a3:22:01:cb:
7d:0f:c8:ff:6e:16:a8:7b:e5:3c:6e:d3:fe:22:d1:
48:d6:0c:06:98:3e:e1:6d:3b:96:6e:da:e9:07:91:
ca:cc:cb:14:8b:68:7c:cb:e4:77:9a:d2:3d:2e:03:
47:7e:dd:09:c1:00:3e:d7:a9:72:f1:bf:ff:6d:47:
dd:62:11:ba:2d:46:90:45:a6:3c:94:69:2a:ef:93:
c6:62:20:ed:77:0a:10:b3:fc:07:a2:b2:30:9a:09:
a6:77:f7:c0:c8:f8:f8:b6:c4:90:a2:9e:53:2a:0f:
61:db:02:7a:1f:5c:bc:2b:0a:35:92:5a:83:46:a6:
88:37:66:81:f3:9d:71:56:0e:43:84:20:1d:d3:12:
07:99:e7:2a:e6:3a:26:35:5f:77:8d:42:b7:12:44:
eb:fb:49:9f:66:02:54:f2:9d:96:43:3e:48:08:e6:
b2:27:dc:28:01:84:21:d1:19:51:eb:18:e7:74:8d:
57:b9:82:3e:1f:a0:5f:f5:e5:6a:dd:e4:6b:41:42:
5a:c6:f3:b9:86:25:b0:76:d4:3e:a0:28:39:fd:f6:
5e:5c:bb:17:76:62:6f:d3:ba:e0:a9:b0:e9:ed:06:
4a:e2:53:1a:c2:e1:69:83:d1:af:ee:97:15:2e:74:
20:3f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1F:22:20:CC:FB:D9:DD:64:15:9F:04:C6:5E:5D:62:AD:18:C8:85:D1
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/8a06e909-5227-47d9-a58c-be623a2a4cad.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d058:4000::/40
Signature Algorithm: sha256WithRSAEncryption
93:a2:e6:c9:be:bf:91:e1:b8:ad:65:94:55:00:92:8f:1c:08:
2c:7c:f9:e1:6e:9a:99:77:5e:54:35:a3:53:1f:c9:0f:f4:2d:
97:41:5a:5d:14:95:e0:98:06:dd:6d:2d:25:1e:ac:0d:5d:53:
d4:ca:59:af:9a:4b:7d:6a:6b:cb:ad:fc:26:3c:f0:71:b9:50:
ed:72:3b:06:44:29:9b:f0:7e:a8:81:f9:53:9c:45:de:cf:68:
74:d5:74:8a:19:8e:00:a0:ed:0d:25:c7:9d:4a:11:5d:a0:72:
88:d8:a3:ff:59:30:b4:21:2e:e3:bf:de:70:f0:8c:0b:a8:21:
be:f6:3c:4d:d3:6c:5e:f7:53:0c:07:5b:4b:de:33:e9:08:43:
76:30:b5:32:c9:7a:25:a5:3d:64:a5:3e:7a:de:a4:86:5e:d7:
b7:80:0d:93:fa:3c:e9:5d:a1:44:8e:3b:10:3c:c8:03:14:42:
fe:35:1b:a3:b7:b2:81:08:a4:fb:bc:c6:d3:37:ce:0f:26:b7:
5b:c1:a2:a7:1d:b5:3e:66:cb:08:9b:dc:39:bf:f1:db:57:73:
54:17:51:d4:2c:e9:0c:59:78:98:e4:d3:5b:d7:0e:6b:0c:86:
c2:a6:f0:94:21:88:3a:cf:29:b6:a2:d9:85:fc:35:e7:0a:e2:
69:a7:ec:ec
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUTkql/lCTYq7WovxP25v3eD7/58MwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MDEyMDUwNTlaFw0yNTEwMDYyMzU5NTlaMHoxSTBHBgNV
BAUTQGNkYjNkMmQ5OTEzODFjNzM4Y2U1MTRmZGFhYjgwMzkwNjM4ZmQ2MTBhZjJm
OGFhZjYwYmNmZWNhNTk2MWQ0MDUxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAM4sj7EVpMPaLemjIgHLfQ/I/24WqHvlPG7T/iLRSNYMBpg+4W07lm7a6QeR
yszLFItofMvkd5rSPS4DR37dCcEAPtepcvG//21H3WIRui1GkEWmPJRpKu+TxmIg
7XcKELP8B6KyMJoJpnf3wMj4+LbEkKKeUyoPYdsCeh9cvCsKNZJag0amiDdmgfOd
cVYOQ4QgHdMSB5nnKuY6JjVfd41CtxJE6/tJn2YCVPKdlkM+SAjmsifcKAGEIdEZ
UesY53SNV7mCPh+gX/Xlat3ka0FCWsbzuYYlsHbUPqAoOf32Xly7F3Zib9O64Kmw
6e0GSuJTGsLhaYPRr+6XFS50ID8CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBQfIiDM
+9ndZBWfBMZeXWKtGMiF0TAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
OGEwNmU5MDktNTIyNy00N2Q5LWE1OGMtYmU2MjNhMmE0Y2FkLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0FhA
MA0GCSqGSIb3DQEBCwUAA4IBAQCToubJvr+R4bitZZRVAJKPHAgsfPnhbpqZd15U
NaNTH8kP9C2XQVpdFJXgmAbdbS0lHqwNXVPUylmvmkt9amvLrfwmPPBxuVDtcjsG
RCmb8H6ogflTnEXez2h01XSKGY4AoO0NJcedShFdoHKI2KP/WTC0IS7jv95w8IwL
qCG+9jxN02xe91MMB1tL3jPpCEN2MLUyyXolpT1kpT563qSGXte3gA2T+jzpXaFE
jjsQPMgDFEL+NRujt7KBCKT7vMbTN84PJrdbwaKnHbU+ZssIm9w5v/HbV3NUF1HU
LOkMWXiY5NNb1w5rDIbCpvCUIYg6zym2otmF/DXnCuJpp+zs
-----END CERTIFICATE-----
Generated at Mon Sep 8 12:12:46 2025 by rpki-client