Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/975dfb4d-ef39-4371-9678-ff7909080d1e.roa
File: 975dfb4d-ef39-4371-9678-ff7909080d1e.roa (raw, json)
Hash identifier: 3YmS9TxxlOkVvZvrTzwu+IvlpIGyg/fIwuhFEwH7XKM=
Subject key identifier: 39:9E:70:D7:27:09:04:EA:12:B6:7A:48:2C:1B:5C:20:34:C2:20:7E
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 2DFFDE1D86CACA4B78FC90974809A6961D076747
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/975dfb4d-ef39-4371-9678-ff7909080d1e.roa
Signing time: Mon 01 Sep 2025 20:01:29 +0000
ROA not before: Mon 01 Sep 2025 20:01:29 +0000
ROA not after: Mon 06 Oct 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d072:b080::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 09 Sep 2025 10:00:23 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
2d:ff:de:1d:86:ca:ca:4b:78:fc:90:97:48:09:a6:96:1d:07:67:47
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Sep 1 20:01:29 2025 GMT
Not After : Oct 6 23:59:59 2025 GMT
Subject: serialNumber=7471e8231a2f274f633aa0b5135c3e6fd1296641d3ce717feb7635177749ed88, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ac:a8:a2:44:33:0c:90:09:ab:e0:cd:c9:9f:f3:
3c:63:36:6a:df:51:c8:07:63:06:6e:fb:e4:6e:b9:
30:c9:98:bb:ea:b8:c8:08:10:e8:ab:90:c0:a6:a0:
13:9e:0c:66:18:5b:c8:bf:71:fa:01:4a:d6:68:1e:
f7:51:bd:7d:fb:93:dc:9c:b2:ce:71:cb:10:58:e2:
a8:46:15:50:b0:f3:e5:5d:1b:3d:75:48:e7:73:12:
94:42:c9:61:88:43:19:b5:11:15:d7:82:44:86:aa:
a8:f7:ea:b5:49:49:99:57:dd:3e:44:e1:5a:3f:47:
84:3f:28:88:11:c1:73:9d:32:9a:e5:fe:0c:3c:c6:
f8:37:ae:b0:1b:7d:4f:bd:f1:2e:10:1d:0c:12:f4:
73:28:b8:3d:b5:31:d7:86:db:64:34:f1:23:c4:9f:
c3:c6:d6:d6:4b:e3:97:d3:fb:52:32:1f:bf:24:19:
57:26:60:59:c2:cb:b7:07:63:34:36:0f:b6:bf:77:
9c:ac:5d:f1:21:9c:2c:69:a2:b4:8c:0c:38:2a:26:
11:77:f5:18:ef:f5:05:cd:e6:18:62:9d:f3:83:58:
91:9e:58:cb:b5:e5:fc:c4:c8:77:d1:6f:9e:fb:7d:
be:9a:19:f4:3b:bc:65:55:81:93:9e:7b:6c:16:f3:
c8:41
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
39:9E:70:D7:27:09:04:EA:12:B6:7A:48:2C:1B:5C:20:34:C2:20:7E
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/975dfb4d-ef39-4371-9678-ff7909080d1e.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d072:b080::/48
Signature Algorithm: sha256WithRSAEncryption
9b:d6:fc:52:fc:7d:a1:4f:9b:b1:a0:35:14:04:fd:64:ad:ab:
ab:1d:0a:ba:01:3e:e0:83:e0:bd:0d:bc:b0:98:b9:fa:27:85:
7f:f7:58:c3:76:b0:c6:fa:d9:66:d0:54:f4:34:29:f5:b0:82:
69:c9:30:0c:55:71:12:9b:22:cf:cb:d2:a7:2f:e8:fa:ad:20:
6d:eb:42:a7:76:a9:1e:19:3b:2e:d5:96:82:bf:4d:df:89:21:
fe:64:5f:ad:bd:bc:9f:fa:ce:5f:e0:d9:36:e3:57:5c:6e:13:
b0:7f:98:76:2b:ba:c5:69:91:74:b4:b5:d9:7b:cb:b8:43:0c:
9b:92:30:32:b9:82:6f:7e:50:3b:28:92:d0:13:cb:37:a6:7e:
6c:94:ba:ae:93:92:aa:42:47:fb:7a:1f:31:ae:9a:17:c2:f2:
03:fb:8d:bb:e8:38:6f:f1:e8:d5:65:d4:5f:79:87:50:8f:6a:
17:41:7f:99:ee:4d:6d:0d:fa:de:d9:5a:cb:23:f2:62:cc:b7:
80:2a:17:4b:38:d1:ec:f3:5d:9d:6a:56:54:45:11:c2:a8:97:
ff:9c:c1:4b:2b:e8:6a:a3:80:48:0a:74:fe:05:1f:bc:10:c3:
91:94:28:6a:98:a9:11:c8:ab:b2:fb:9f:f4:81:dc:de:0e:02:
51:04:ed:73
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIULf/eHYbKykt4/JCXSAmmlh0HZ0cwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MDEyMDAxMjlaFw0yNTEwMDYyMzU5NTlaMHoxSTBHBgNV
BAUTQDc0NzFlODIzMWEyZjI3NGY2MzNhYTBiNTEzNWMzZTZmZDEyOTY2NDFkM2Nl
NzE3ZmViNzYzNTE3Nzc0OWVkODgxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKyookQzDJAJq+DNyZ/zPGM2at9RyAdjBm775G65MMmYu+q4yAgQ6KuQwKag
E54MZhhbyL9x+gFK1mge91G9ffuT3JyyznHLEFjiqEYVULDz5V0bPXVI53MSlELJ
YYhDGbURFdeCRIaqqPfqtUlJmVfdPkThWj9HhD8oiBHBc50ymuX+DDzG+DeusBt9
T73xLhAdDBL0cyi4PbUx14bbZDTxI8Sfw8bW1kvjl9P7UjIfvyQZVyZgWcLLtwdj
NDYPtr93nKxd8SGcLGmitIwMOComEXf1GO/1Bc3mGGKd84NYkZ5Yy7Xl/MTId9Fv
nvt9vpoZ9Du8ZVWBk557bBbzyEECAwEAAaOCAiQwggIgMB0GA1UdDgQWBBQ5nnDX
JwkE6hK2ekgsG1wgNMIgfjAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
OTc1ZGZiNGQtZWYzOS00MzcxLTk2NzgtZmY3OTA5MDgwZDFlLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0HKw
gDANBgkqhkiG9w0BAQsFAAOCAQEAm9b8Uvx9oU+bsaA1FAT9ZK2rqx0KugE+4IPg
vQ28sJi5+ieFf/dYw3awxvrZZtBU9DQp9bCCackwDFVxEpsiz8vSpy/o+q0gbetC
p3apHhk7LtWWgr9N34kh/mRfrb28n/rOX+DZNuNXXG4TsH+Ydiu6xWmRdLS12XvL
uEMMm5IwMrmCb35QOyiS0BPLN6Z+bJS6rpOSqkJH+3ofMa6aF8LyA/uNu+g4b/Ho
1WXUX3mHUI9qF0F/me5NbQ363tlayyPyYsy3gCoXSzjR7PNdnWpWVEURwqiX/5zB
SyvoaqOASAp0/gUfvBDDkZQoapipEcirsvuf9IHc3g4CUQTtcw==
-----END CERTIFICATE-----
Generated at Mon Sep 8 12:10:23 2025 by rpki-client