Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/8aeef071-ad76-436d-a059-ad727b09eb3b.roa
File: 8aeef071-ad76-436d-a059-ad727b09eb3b.roa (raw, json)
Hash identifier: mijVlenhLQRk6XmM8FTqY2M+rqr1Cx6jj7XZ4NCwVKc=
Subject key identifier: 68:7C:48:77:93:3D:BD:C0:0F:EC:71:02:7B:B6:3B:9B:EE:D6:BD:8F
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 55094B96B42A46C259F6295ACA03BAE1083FAB2A
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/8aeef071-ad76-436d-a059-ad727b09eb3b.roa
Signing time: Mon 01 Sep 2025 21:01:14 +0000
ROA not before: Mon 01 Sep 2025 21:01:14 +0000
ROA not after: Mon 06 Oct 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d038:2000::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 09 Sep 2025 10:00:23 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
55:09:4b:96:b4:2a:46:c2:59:f6:29:5a:ca:03:ba:e1:08:3f:ab:2a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Sep 1 21:01:14 2025 GMT
Not After : Oct 6 23:59:59 2025 GMT
Subject: serialNumber=ba390684bf2d09b581150434367e954d88d5da736fbbbd49520b85f805a38649, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b4:ba:21:31:1e:1c:7f:d9:ac:46:20:24:30:1e:
37:f6:00:52:5b:3d:eb:15:3e:f8:a7:ad:9b:4c:e4:
1f:ed:46:f0:3e:ef:43:bd:ff:fb:2a:c3:cc:e6:46:
3d:78:7f:bd:70:cb:16:6b:f1:e8:36:bb:0f:7a:5c:
96:ca:5b:8d:2d:ab:28:36:e9:6a:fb:4b:c6:63:dc:
1f:53:21:0b:42:da:c4:3c:26:32:7b:b5:09:9f:04:
da:72:28:13:da:38:41:05:13:a6:db:e7:32:b6:38:
08:d4:8d:d5:ee:9e:32:f1:f1:42:88:4d:ce:b5:2c:
32:39:42:d6:62:c5:ca:7a:68:b5:82:8e:c0:41:16:
a3:d2:71:85:3f:1d:d1:b3:46:a7:da:19:0c:31:fa:
d3:62:13:db:66:7e:71:8a:c4:f8:b7:fe:1b:21:14:
f1:ba:47:18:4c:e3:65:7d:46:0a:c4:0c:bf:6a:a9:
4d:f4:0b:e2:d1:95:2d:8a:8d:79:d1:68:0d:e3:65:
d4:13:1f:20:d9:62:92:60:44:09:0c:2d:fd:b7:b4:
4e:57:a4:8c:16:3a:52:22:67:6c:a7:d0:13:43:69:
42:3c:1f:6b:bd:5c:e4:c9:21:b7:32:3f:6c:8e:53:
24:0f:36:41:55:fb:18:99:f0:54:6c:f2:07:30:7f:
f0:4f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
68:7C:48:77:93:3D:BD:C0:0F:EC:71:02:7B:B6:3B:9B:EE:D6:BD:8F
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/8aeef071-ad76-436d-a059-ad727b09eb3b.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d038:2000::/40
Signature Algorithm: sha256WithRSAEncryption
5b:78:ea:03:c3:be:70:43:12:99:77:52:ef:eb:9f:cb:a8:82:
ae:65:2e:fb:3e:75:94:f6:8b:a5:f2:8f:d4:12:e4:db:b3:e2:
3e:31:02:3b:e7:24:d0:74:0a:f2:21:c5:da:60:1a:a0:49:a7:
07:76:dc:e5:6f:7f:3f:a1:44:d8:40:80:ac:5d:66:15:48:77:
98:18:56:7e:5c:26:c3:9d:ec:df:e6:2b:ab:a6:73:92:19:b8:
2e:80:68:85:5f:bd:f0:59:af:86:9b:10:be:43:8e:52:e1:e7:
71:4d:19:1c:1a:9a:bc:2d:5f:74:91:a0:af:38:23:e5:e6:08:
14:93:07:79:78:f3:50:61:08:67:82:06:e1:e4:c1:24:26:5a:
77:40:23:62:f9:4d:76:ec:09:e7:18:18:b8:a9:ed:72:8a:d5:
e7:d7:c3:7f:56:ba:8d:29:bf:73:38:9e:55:52:11:0d:e0:64:
2a:9b:4f:29:50:e5:24:7e:ec:03:58:ee:47:14:0c:ba:65:43:
cb:eb:e0:dd:b5:84:ca:f1:90:e8:02:44:7b:5c:f8:3e:23:f2:
4d:02:7b:ad:f2:68:ed:99:17:02:b9:29:33:9c:f9:b5:76:2a:
49:53:17:e1:7a:f1:8c:6c:4e:b4:e4:eb:1b:93:2a:7a:6a:36:
57:2f:7e:63
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUVQlLlrQqRsJZ9ilaygO64Qg/qyowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MDEyMTAxMTRaFw0yNTEwMDYyMzU5NTlaMHoxSTBHBgNV
BAUTQGJhMzkwNjg0YmYyZDA5YjU4MTE1MDQzNDM2N2U5NTRkODhkNWRhNzM2ZmJi
YmQ0OTUyMGI4NWY4MDVhMzg2NDkxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALS6ITEeHH/ZrEYgJDAeN/YAUls96xU++Ketm0zkH+1G8D7vQ73/+yrDzOZG
PXh/vXDLFmvx6Da7D3pclspbjS2rKDbpavtLxmPcH1MhC0LaxDwmMnu1CZ8E2nIo
E9o4QQUTptvnMrY4CNSN1e6eMvHxQohNzrUsMjlC1mLFynpotYKOwEEWo9JxhT8d
0bNGp9oZDDH602IT22Z+cYrE+Lf+GyEU8bpHGEzjZX1GCsQMv2qpTfQL4tGVLYqN
edFoDeNl1BMfINlikmBECQwt/be0TlekjBY6UiJnbKfQE0NpQjwfa71c5MkhtzI/
bI5TJA82QVX7GJnwVGzyBzB/8E8CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBRofEh3
kz29wA/scQJ7tjub7ta9jzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
OGFlZWYwNzEtYWQ3Ni00MzZkLWEwNTktYWQ3MjdiMDllYjNiLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0Dgg
MA0GCSqGSIb3DQEBCwUAA4IBAQBbeOoDw75wQxKZd1Lv65/LqIKuZS77PnWU9oul
8o/UEuTbs+I+MQI75yTQdAryIcXaYBqgSacHdtzlb38/oUTYQICsXWYVSHeYGFZ+
XCbDnezf5iurpnOSGbgugGiFX73wWa+GmxC+Q45S4edxTRkcGpq8LV90kaCvOCPl
5ggUkwd5ePNQYQhnggbh5MEkJlp3QCNi+U127AnnGBi4qe1yitXn18N/VrqNKb9z
OJ5VUhEN4GQqm08pUOUkfuwDWO5HFAy6ZUPL6+DdtYTK8ZDoAkR7XPg+I/JNAnut
8mjtmRcCuSkznPm1dipJUxfhevGMbE605Osbkyp6ajZXL35j
-----END CERTIFICATE-----
Generated at Mon Sep 8 12:17:09 2025 by rpki-client