Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/8b940c44-168e-4976-b17d-778e9341611b.roa
File: 8b940c44-168e-4976-b17d-778e9341611b.roa (raw, json)
Hash identifier: nHz9TzZgwiiiPKNwlh6CdoMyC7tJghJGsIy742gKLVM=
Subject key identifier: BA:E3:B7:B2:F6:B9:76:C9:4F:E9:AB:EA:9A:31:27:CB:4D:20:4B:8C
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 07F3055F61E480B9EED43835F16FE5E78E871DC6
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/8b940c44-168e-4976-b17d-778e9341611b.roa
Signing time: Mon 01 Sep 2025 20:20:10 +0000
ROA not before: Mon 01 Sep 2025 20:20:10 +0000
ROA not after: Mon 06 Oct 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d000:1080::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 09 Sep 2025 10:00:23 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
07:f3:05:5f:61:e4:80:b9:ee:d4:38:35:f1:6f:e5:e7:8e:87:1d:c6
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Sep 1 20:20:10 2025 GMT
Not After : Oct 6 23:59:59 2025 GMT
Subject: serialNumber=68a0c1e621e56d73b26e313174bb536555b4432e8cc3f20d2b0993e19ab0dfb6, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8b:57:f1:68:e5:1a:8e:63:27:d5:91:14:f1:02:
32:9f:d8:85:39:f8:26:25:76:b8:c7:e5:73:55:c3:
51:4f:dd:a5:cc:38:77:a1:d6:2b:9a:bb:62:2c:00:
2d:d2:4e:b8:8f:76:ef:76:97:3b:51:95:52:fb:e3:
99:98:89:26:0d:28:06:04:d5:4c:08:53:b4:d7:4b:
3c:0f:be:1d:b4:9e:ff:aa:d0:8d:78:d0:c7:ee:94:
17:08:eb:6c:a4:af:76:dc:5f:2f:93:2f:b2:88:e3:
ad:f6:62:a9:4d:c9:15:de:34:5b:a0:58:66:5c:3b:
43:00:b7:d5:64:ab:91:40:60:0b:80:ac:ac:72:47:
66:4b:13:40:d2:76:21:8b:09:02:a7:83:da:af:66:
3a:1d:4f:fa:54:ec:69:be:bc:0f:6b:07:7c:49:85:
e7:7a:08:4c:59:09:9c:d0:6a:6e:b3:10:ce:0e:fe:
a6:bd:64:5f:13:f4:d8:d2:81:c5:c5:b0:b5:55:b3:
5a:bd:fb:5b:e5:b0:14:ed:a3:72:dc:28:c2:8c:b0:
0c:86:a8:be:8f:4c:69:c8:af:87:d7:a7:53:69:81:
d8:3f:85:66:a6:7f:00:95:d8:62:6f:fc:31:85:59:
33:55:43:47:13:b1:99:c9:8e:1e:5d:fb:96:fb:f6:
7d:e1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BA:E3:B7:B2:F6:B9:76:C9:4F:E9:AB:EA:9A:31:27:CB:4D:20:4B:8C
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/8b940c44-168e-4976-b17d-778e9341611b.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d000:1080::/48
Signature Algorithm: sha256WithRSAEncryption
ab:b7:37:fc:3f:0d:e9:e8:b4:c3:63:b0:e6:24:b0:2a:11:1a:
f2:83:66:7c:7f:61:16:5b:5b:78:5d:56:8b:f3:de:62:69:ac:
1b:d4:29:e1:cd:e4:fb:b1:b9:61:48:e3:e0:f2:11:c8:6f:f4:
8c:76:67:12:30:fa:f5:a3:75:4f:d8:30:97:6f:c1:de:a5:6b:
7b:57:62:8c:e0:e8:ab:a7:76:d9:66:71:01:db:52:22:ac:21:
5c:08:0a:49:56:9a:45:b7:4d:cc:7b:27:41:a6:c9:f8:6d:c0:
38:77:ae:50:fc:86:37:a2:9e:18:f1:f3:86:0b:b3:a0:da:f3:
5a:ad:81:d5:17:f0:4f:6b:8e:59:97:61:3a:3c:1d:0f:0b:80:
ca:0d:90:7d:30:0d:4c:cd:7b:64:45:0b:69:74:8e:84:fd:47:
a7:22:85:c9:f5:85:b6:ca:ab:6d:07:cf:ee:e9:7e:b9:44:b2:
a6:ed:c6:cb:30:cf:6a:8d:e5:e3:33:34:a6:0c:8b:95:e2:65:
99:19:fc:99:b8:60:1e:32:7d:b2:26:50:e4:88:74:e3:1c:07:
b8:9b:03:bf:61:7e:75:33:90:da:f8:54:c8:3a:08:9b:84:04:
f0:4a:9f:f6:6f:17:49:9b:2a:30:22:11:e3:65:25:cf:95:36:
d4:2f:be:98
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUB/MFX2HkgLnu1Dg18W/l546HHcYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MDEyMDIwMTBaFw0yNTEwMDYyMzU5NTlaMHoxSTBHBgNV
BAUTQDY4YTBjMWU2MjFlNTZkNzNiMjZlMzEzMTc0YmI1MzY1NTViNDQzMmU4Y2Mz
ZjIwZDJiMDk5M2UxOWFiMGRmYjYxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAItX8WjlGo5jJ9WRFPECMp/YhTn4JiV2uMflc1XDUU/dpcw4d6HWK5q7YiwA
LdJOuI9273aXO1GVUvvjmZiJJg0oBgTVTAhTtNdLPA++HbSe/6rQjXjQx+6UFwjr
bKSvdtxfL5MvsojjrfZiqU3JFd40W6BYZlw7QwC31WSrkUBgC4CsrHJHZksTQNJ2
IYsJAqeD2q9mOh1P+lTsab68D2sHfEmF53oITFkJnNBqbrMQzg7+pr1kXxP02NKB
xcWwtVWzWr37W+WwFO2jctwowoywDIaovo9Macivh9enU2mB2D+FZqZ/AJXYYm/8
MYVZM1VDRxOxmcmOHl37lvv2feECAwEAAaOCAiQwggIgMB0GA1UdDgQWBBS647ey
9rl2yU/pq+qaMSfLTSBLjDAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
OGI5NDBjNDQtMTY4ZS00OTc2LWIxN2QtNzc4ZTkzNDE2MTFiLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0AAQ
gDANBgkqhkiG9w0BAQsFAAOCAQEAq7c3/D8N6ei0w2Ow5iSwKhEa8oNmfH9hFltb
eF1Wi/PeYmmsG9Qp4c3k+7G5YUjj4PIRyG/0jHZnEjD69aN1T9gwl2/B3qVre1di
jODoq6d22WZxAdtSIqwhXAgKSVaaRbdNzHsnQabJ+G3AOHeuUPyGN6KeGPHzhguz
oNrzWq2B1RfwT2uOWZdhOjwdDwuAyg2QfTANTM17ZEULaXSOhP1HpyKFyfWFtsqr
bQfP7ul+uUSypu3GyzDPao3l4zM0pgyLleJlmRn8mbhgHjJ9siZQ5Ih04xwHuJsD
v2F+dTOQ2vhUyDoIm4QE8Eqf9m8XSZsqMCIR42Ulz5U21C++mA==
-----END CERTIFICATE-----
Generated at Mon Sep 8 12:16:59 2025 by rpki-client