Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/8b578938-3dca-4d72-8385-f8a93e508377.roa
File: 8b578938-3dca-4d72-8385-f8a93e508377.roa (raw, json)
Hash identifier: y8tlAIUo+562JHpVUzIw4ngGjkCsYn7rh/XUmUD+30g=
Subject key identifier: 0D:B9:D9:D7:5D:81:99:76:F3:88:31:8E:85:23:1A:5F:C3:21:35:50
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 070303FBEEA0B91DA4587B12B862FD35DDCB02AE
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/8b578938-3dca-4d72-8385-f8a93e508377.roa
Signing time: Mon 01 Sep 2025 21:10:47 +0000
ROA not before: Mon 01 Sep 2025 21:10:47 +0000
ROA not after: Mon 06 Oct 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d019:400::/38 maxlen: 38
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 09 Sep 2025 10:00:23 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
07:03:03:fb:ee:a0:b9:1d:a4:58:7b:12:b8:62:fd:35:dd:cb:02:ae
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Sep 1 21:10:47 2025 GMT
Not After : Oct 6 23:59:59 2025 GMT
Subject: serialNumber=e2bbe005d94adc837c99e00cc33ad073926b86beb20822e56439cda0987cb168, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bd:c3:3a:5d:0c:84:59:0e:08:4e:56:a5:e2:cf:
3e:36:b2:99:bb:13:78:9e:3e:e9:26:3a:d3:83:aa:
a6:ea:83:88:cf:db:6a:19:81:11:f5:90:38:ff:10:
60:00:fa:89:cb:bb:99:9e:67:57:a7:26:15:70:be:
79:2d:a2:69:a3:ac:b8:c2:76:99:fd:9a:f2:d4:7b:
ca:35:e4:92:84:06:c7:02:43:c0:1a:70:37:47:9e:
a8:cd:bb:26:15:97:5d:be:86:f0:3c:03:4e:92:4e:
50:99:33:54:ae:c1:3d:c6:46:fa:de:5c:df:94:59:
f2:00:cf:25:85:f0:d9:6f:b0:2d:7d:f2:e4:2f:f2:
ca:23:fa:db:4b:12:fd:bf:d4:5f:65:61:0f:ac:cb:
e3:d7:29:74:7e:b1:8c:bc:72:44:4c:22:3f:87:ac:
fd:63:d3:32:1c:a2:a8:d8:04:02:c1:91:24:7c:eb:
18:59:f6:df:08:9e:e8:8a:82:b5:01:2b:e9:81:c6:
3f:db:4f:4b:a3:1a:b6:c7:8a:ee:bb:17:bc:56:22:
8e:99:9e:d4:50:54:cf:71:2e:b8:9f:6e:25:86:18:
02:1f:23:74:cc:ee:2e:d7:35:32:d6:bb:8f:16:ac:
1e:ac:73:66:98:84:49:52:01:b8:57:f0:25:66:af:
71:df
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0D:B9:D9:D7:5D:81:99:76:F3:88:31:8E:85:23:1A:5F:C3:21:35:50
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/8b578938-3dca-4d72-8385-f8a93e508377.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d019:400::/38
Signature Algorithm: sha256WithRSAEncryption
1a:65:09:62:e8:53:ef:ba:3a:d2:b5:02:8e:d7:b8:b7:23:7e:
36:87:1c:3c:91:87:31:d3:74:c4:ac:79:e0:18:f3:d4:9f:bc:
38:2c:5a:a6:ed:70:ce:70:f4:03:d8:aa:f6:59:47:4a:e4:eb:
e4:6b:97:a7:af:44:2e:6b:81:2a:cb:90:55:62:d5:df:48:91:
b7:a8:eb:aa:64:a8:2c:3f:7a:98:e4:21:fa:d9:f7:ff:32:27:
7f:a3:c5:19:1f:e3:0b:f3:da:d7:6d:08:15:73:e4:87:84:d3:
d4:a2:77:a9:e2:4b:2e:3e:63:5c:0c:71:58:5c:82:cf:43:2b:
44:56:1a:df:dd:08:04:09:9b:8b:64:98:7e:30:c0:c2:92:cb:
ca:5e:a2:d5:16:bf:65:c6:26:cd:c2:36:c0:18:a0:5f:fd:cc:
60:eb:49:bb:5e:9d:73:a6:50:1b:13:89:dd:74:28:5a:93:bf:
07:5f:fe:b1:69:9f:95:20:2e:6c:84:ec:e3:ff:4c:d2:ce:90:
c4:6e:c9:fb:e4:b8:7a:64:26:5e:15:08:04:f7:4d:96:8a:8b:
bc:71:0f:97:1b:a5:57:8c:b5:35:98:b6:a0:67:d3:b9:db:ff:
a1:9e:83:f2:6c:5f:fe:52:e2:aa:2c:f5:26:26:24:78:4e:f3:
f9:bb:99:77
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUBwMD++6guR2kWHsSuGL9Nd3LAq4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MDEyMTEwNDdaFw0yNTEwMDYyMzU5NTlaMHoxSTBHBgNV
BAUTQGUyYmJlMDA1ZDk0YWRjODM3Yzk5ZTAwY2MzM2FkMDczOTI2Yjg2YmViMjA4
MjJlNTY0MzljZGEwOTg3Y2IxNjgxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAL3DOl0MhFkOCE5WpeLPPjaymbsTeJ4+6SY604OqpuqDiM/bahmBEfWQOP8Q
YAD6icu7mZ5nV6cmFXC+eS2iaaOsuMJ2mf2a8tR7yjXkkoQGxwJDwBpwN0eeqM27
JhWXXb6G8DwDTpJOUJkzVK7BPcZG+t5c35RZ8gDPJYXw2W+wLX3y5C/yyiP620sS
/b/UX2VhD6zL49cpdH6xjLxyREwiP4es/WPTMhyiqNgEAsGRJHzrGFn23wie6IqC
tQEr6YHGP9tPS6MatseK7rsXvFYijpme1FBUz3EuuJ9uJYYYAh8jdMzuLtc1Mta7
jxasHqxzZpiESVIBuFfwJWavcd8CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBQNudnX
XYGZdvOIMY6FIxpfwyE1UDAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
OGI1Nzg5MzgtM2RjYS00ZDcyLTgzODUtZjhhOTNlNTA4Mzc3LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGAioF0BkE
MA0GCSqGSIb3DQEBCwUAA4IBAQAaZQli6FPvujrStQKO17i3I342hxw8kYcx03TE
rHngGPPUn7w4LFqm7XDOcPQD2Kr2WUdK5Ovka5enr0Qua4Eqy5BVYtXfSJG3qOuq
ZKgsP3qY5CH62ff/Mid/o8UZH+ML89rXbQgVc+SHhNPUonep4ksuPmNcDHFYXILP
QytEVhrf3QgECZuLZJh+MMDCksvKXqLVFr9lxibNwjbAGKBf/cxg60m7Xp1zplAb
E4nddChak78HX/6xaZ+VIC5shOzj/0zSzpDEbsn75Lh6ZCZeFQgE902Wiou8cQ+X
G6VXjLU1mLagZ9O52/+hnoPybF/+UuKqLPUmJiR4TvP5u5l3
-----END CERTIFICATE-----
Generated at Mon Sep 8 12:10:25 2025 by rpki-client