Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/9fd987fa-30e8-40bc-89c2-d89705d5fb83.roa
File: 9fd987fa-30e8-40bc-89c2-d89705d5fb83.roa (raw, json)
Hash identifier: TiII59lyzv91l+sNxdjKY3/I3MB4iWSHut/tz3KIs/o=
Subject key identifier: A4:19:9B:6F:8E:66:C0:95:29:08:0C:95:5B:AE:99:2E:F7:EB:0F:F2
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 5C27B2DA1C894B1AE847D1399E6FF28D01F85C5A
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/9fd987fa-30e8-40bc-89c2-d89705d5fb83.roa
Signing time: Mon 01 Sep 2025 20:21:26 +0000
ROA not before: Mon 01 Sep 2025 20:21:26 +0000
ROA not after: Mon 06 Oct 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d000:a000::/40 maxlen: 40
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 09 Sep 2025 10:00:23 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
5c:27:b2:da:1c:89:4b:1a:e8:47:d1:39:9e:6f:f2:8d:01:f8:5c:5a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Sep 1 20:21:26 2025 GMT
Not After : Oct 6 23:59:59 2025 GMT
Subject: serialNumber=ec5fb1e90b288583edccd4e15438e1210012c865654b2b0dc07502fc4081aa29, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d0:90:5b:ad:4c:76:ff:10:3c:9f:30:cd:b0:92:
f4:c6:91:4f:b6:67:fd:00:a9:82:a9:dc:24:f0:3f:
9a:e7:2d:57:63:5f:3d:d4:49:0e:39:5e:31:bc:6c:
ad:74:43:6c:b8:a3:a3:57:de:59:7d:24:72:93:a3:
2a:ca:7b:9a:55:4c:91:76:66:1b:e0:0b:81:fb:d3:
75:dc:74:04:e3:72:ff:b7:c1:a3:d4:6e:89:ec:d9:
22:b1:2e:a7:04:f7:f6:6b:22:2c:92:68:e6:91:22:
ef:49:13:2f:05:e2:19:be:7a:16:9c:be:d0:08:f5:
63:e4:f5:9f:7b:f1:9c:fb:7d:d0:2c:d5:b5:b7:d7:
fa:c7:a0:10:d7:a0:fb:f1:64:dc:f1:4d:ce:cf:18:
12:86:f7:f7:1d:72:92:e4:fd:f5:83:f1:9d:9a:b5:
53:03:02:7c:5d:4b:88:f7:7a:fa:e6:d3:26:7c:c5:
d9:a0:da:b7:50:e1:e2:0e:5a:e1:33:ef:e7:8a:36:
da:1f:8e:58:97:15:84:d7:b8:53:4c:c8:d2:13:45:
1d:af:a9:8a:ca:d5:a3:d6:cf:62:c3:79:1b:10:71:
aa:19:72:63:a8:78:e0:66:1f:20:3b:19:b4:82:f8:
3e:2b:54:85:89:3c:85:2d:77:aa:65:11:9f:c7:34:
16:77
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A4:19:9B:6F:8E:66:C0:95:29:08:0C:95:5B:AE:99:2E:F7:EB:0F:F2
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/9fd987fa-30e8-40bc-89c2-d89705d5fb83.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d000:a000::/40
Signature Algorithm: sha256WithRSAEncryption
8b:84:95:69:d2:b5:46:cc:96:51:9c:de:c3:9c:28:21:8c:10:
43:f3:65:9c:1e:03:d0:2e:e7:8e:68:56:90:a0:0c:58:bd:84:
93:9d:1b:9b:81:0b:94:37:19:4f:6f:b8:e6:c3:56:ee:ee:d3:
cc:05:89:22:bb:ad:e7:9a:ef:07:82:1b:c0:96:6f:ae:09:eb:
d3:3b:2c:c5:ed:49:75:18:94:da:5b:27:fe:59:d3:11:2e:e9:
e2:7c:f2:92:54:0d:a3:e3:80:30:8d:99:f3:c8:15:14:bd:70:
13:81:75:fa:fa:a8:86:ff:06:4b:ec:e7:59:63:07:04:12:05:
fb:de:f7:eb:22:37:10:9e:33:cd:a9:94:ea:ef:b8:e9:80:af:
68:0e:07:66:82:56:b0:b3:03:73:6a:e9:07:79:f4:99:4a:32:
81:5f:98:a1:ae:6a:8a:56:7c:35:ac:1b:aa:7c:97:c7:e2:fa:
a3:77:e1:d3:8d:be:67:92:4a:00:0b:87:18:05:c1:5c:9e:f7:
d2:6c:09:06:1f:f8:6b:d9:a2:c4:aa:f1:97:c7:a6:e3:ef:dc:
e3:b2:b7:5f:46:b2:57:38:a9:a8:28:92:04:8f:31:28:7b:dc:
95:92:27:f6:b5:af:6b:9f:bb:40:a3:ca:17:51:7b:1e:2f:1a:
4c:46:00:9c
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUXCey2hyJSxroR9E5nm/yjQH4XFowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MDEyMDIxMjZaFw0yNTEwMDYyMzU5NTlaMHoxSTBHBgNV
BAUTQGVjNWZiMWU5MGIyODg1ODNlZGNjZDRlMTU0MzhlMTIxMDAxMmM4NjU2NTRi
MmIwZGMwNzUwMmZjNDA4MWFhMjkxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANCQW61Mdv8QPJ8wzbCS9MaRT7Zn/QCpgqncJPA/muctV2NfPdRJDjleMbxs
rXRDbLijo1feWX0kcpOjKsp7mlVMkXZmG+ALgfvTddx0BONy/7fBo9RuiezZIrEu
pwT39msiLJJo5pEi70kTLwXiGb56Fpy+0Aj1Y+T1n3vxnPt90CzVtbfX+segENeg
+/Fk3PFNzs8YEob39x1ykuT99YPxnZq1UwMCfF1LiPd6+ubTJnzF2aDat1Dh4g5a
4TPv54o22h+OWJcVhNe4U0zI0hNFHa+pisrVo9bPYsN5GxBxqhlyY6h44GYfIDsZ
tIL4PitUhYk8hS13qmURn8c0FncCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBSkGZtv
jmbAlSkIDJVbrpku9+sP8jAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
OWZkOTg3ZmEtMzBlOC00MGJjLTg5YzItZDg5NzA1ZDVmYjgzLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0ACg
MA0GCSqGSIb3DQEBCwUAA4IBAQCLhJVp0rVGzJZRnN7DnCghjBBD82WcHgPQLueO
aFaQoAxYvYSTnRubgQuUNxlPb7jmw1bu7tPMBYkiu63nmu8HghvAlm+uCevTOyzF
7Ul1GJTaWyf+WdMRLunifPKSVA2j44AwjZnzyBUUvXATgXX6+qiG/wZL7OdZYwcE
EgX73vfrIjcQnjPNqZTq77jpgK9oDgdmglawswNzaukHefSZSjKBX5ihrmqKVnw1
rBuqfJfH4vqjd+HTjb5nkkoAC4cYBcFcnvfSbAkGH/hr2aLEqvGXx6bj79zjsrdf
RrJXOKmoKJIEjzEoe9yVkif2ta9rn7tAo8oXUXseLxpMRgCc
-----END CERTIFICATE-----
Generated at Mon Sep 8 12:13:30 2025 by rpki-client