Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/a4cf0339-93b9-475e-be84-baec893db7a6.roa
File: a4cf0339-93b9-475e-be84-baec893db7a6.roa (raw, json)
Hash identifier: AP0vZamT2CwtR2bvxZR/I7NCFOa1Ha3piOtNbWLIgaU=
Subject key identifier: 2D:FE:D6:55:D2:50:0F:66:BE:E5:50:CC:A0:A2:45:99:46:31:F2:1F
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 02561A1998B2BE7960AD1B8FC73FAFF2D9F4D0FE
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/a4cf0339-93b9-475e-be84-baec893db7a6.roa
Signing time: Mon 25 Aug 2025 16:37:13 +0000
ROA not before: Mon 25 Aug 2025 16:37:13 +0000
ROA not after: Mon 29 Sep 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d06c:f000::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 09 Sep 2025 10:00:23 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
02:56:1a:19:98:b2:be:79:60:ad:1b:8f:c7:3f:af:f2:d9:f4:d0:fe
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Aug 25 16:37:13 2025 GMT
Not After : Sep 29 23:59:59 2025 GMT
Subject: serialNumber=9a9956b42b956a84e96ff8ca179910f5289b2b382b37fb90fdfc1e2a1652bec7, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c3:2d:65:e6:ab:0f:c4:e0:0c:c2:45:f6:f3:f9:
a1:89:02:9d:6c:2a:43:67:6d:e8:49:12:c5:c6:29:
08:f1:b0:b3:ac:82:cf:08:77:2b:fc:46:8d:69:c9:
ec:4c:c3:1a:90:fb:99:52:76:c1:c4:74:30:2f:3b:
3e:92:12:c2:0c:6a:eb:40:0f:22:f6:29:ea:e7:f0:
c2:69:05:2e:f2:99:fa:79:f1:70:d3:3c:b6:ef:9d:
4c:d7:54:7e:f6:3e:0e:55:80:d7:e0:44:30:18:3c:
9a:c0:f0:0c:d0:a5:e6:91:7f:40:a4:3f:21:86:10:
05:6f:c2:62:83:bd:81:ed:b6:fb:0d:58:bb:1a:0d:
d9:a3:e3:83:0c:78:d3:b0:0b:31:b7:a8:29:c4:38:
86:42:8c:e3:e1:cc:8b:6d:f7:2b:ea:a4:e8:cc:72:
ec:37:6d:a0:e0:df:e4:bd:ec:75:e3:21:cd:69:2a:
8f:ca:06:67:51:e5:cc:4e:e7:5d:98:76:d8:b8:23:
50:47:aa:fd:c9:44:0e:bc:e8:3e:89:ad:f1:8c:f8:
0e:23:6b:78:a5:f4:94:75:06:c9:af:6d:15:8d:9b:
8e:83:ec:dd:35:c2:5e:cc:ba:14:a2:e4:a2:a6:51:
ae:9d:d4:46:1d:0a:c8:89:25:0a:0f:4c:07:c6:69:
3e:cb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2D:FE:D6:55:D2:50:0F:66:BE:E5:50:CC:A0:A2:45:99:46:31:F2:1F
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/a4cf0339-93b9-475e-be84-baec893db7a6.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d06c:f000::/48
Signature Algorithm: sha256WithRSAEncryption
8b:a4:d8:f2:5d:04:95:7d:5b:29:f8:c4:ec:75:ea:5d:1d:d7:
94:c2:f9:4f:40:20:00:fc:0b:2f:b5:bf:6e:22:de:46:81:28:
bf:93:64:4a:cd:7d:47:de:20:4b:1e:37:5d:61:69:e1:d5:a0:
bd:2b:4f:9e:60:65:59:ac:4f:24:16:82:6c:9d:f0:7f:e3:65:
c6:60:7d:20:b5:14:70:b6:5d:46:e8:71:ab:f5:7a:6a:4b:32:
ef:f9:b3:3a:d7:0f:d1:52:08:f6:84:4e:d9:74:99:4e:5b:5f:
17:ce:e2:76:ab:88:4b:6d:7b:d7:71:00:ef:99:83:d1:fb:68:
8f:ae:fc:53:3c:5e:47:95:ab:68:19:14:da:6a:7a:a7:0f:11:
2f:fb:2f:93:60:5e:c4:b4:33:1f:62:19:7a:74:ec:36:63:89:
fb:e7:8c:e2:46:da:c9:f8:70:dc:33:70:95:d6:ab:b9:55:e4:
27:6c:0b:4f:85:66:59:9a:c7:48:f6:9d:4c:70:4e:ff:b2:a1:
05:37:d2:b6:3b:bd:43:38:f7:ae:ec:b1:9b:fd:95:93:cf:70:
c3:2f:f6:23:af:1b:c7:35:d8:e3:55:3e:66:5c:d5:b8:d9:cb:
7e:b8:a0:22:e5:22:ae:f8:6f:22:7e:25:a4:6f:16:8a:8e:6b:
3f:7a:58:4d
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUAlYaGZiyvnlgrRuPxz+v8tn00P4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA4MjUxNjM3MTNaFw0yNTA5MjkyMzU5NTlaMHoxSTBHBgNV
BAUTQDlhOTk1NmI0MmI5NTZhODRlOTZmZjhjYTE3OTkxMGY1Mjg5YjJiMzgyYjM3
ZmI5MGZkZmMxZTJhMTY1MmJlYzcxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMMtZearD8TgDMJF9vP5oYkCnWwqQ2dt6EkSxcYpCPGws6yCzwh3K/xGjWnJ
7EzDGpD7mVJ2wcR0MC87PpISwgxq60APIvYp6ufwwmkFLvKZ+nnxcNM8tu+dTNdU
fvY+DlWA1+BEMBg8msDwDNCl5pF/QKQ/IYYQBW/CYoO9ge22+w1YuxoN2aPjgwx4
07ALMbeoKcQ4hkKM4+HMi233K+qk6Mxy7DdtoODf5L3sdeMhzWkqj8oGZ1HlzE7n
XZh22LgjUEeq/clEDrzoPomt8Yz4DiNreKX0lHUGya9tFY2bjoPs3TXCXsy6FKLk
oqZRrp3URh0KyIklCg9MB8ZpPssCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBQt/tZV
0lAPZr7lUMygokWZRjHyHzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
YTRjZjAzMzktOTNiOS00NzVlLWJlODQtYmFlYzg5M2RiN2E2LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0Gzw
ADANBgkqhkiG9w0BAQsFAAOCAQEAi6TY8l0ElX1bKfjE7HXqXR3XlML5T0AgAPwL
L7W/biLeRoEov5NkSs19R94gSx43XWFp4dWgvStPnmBlWaxPJBaCbJ3wf+NlxmB9
ILUUcLZdRuhxq/V6aksy7/mzOtcP0VII9oRO2XSZTltfF87idquIS21713EA75mD
0ftoj678UzxeR5WraBkU2mp6pw8RL/svk2BexLQzH2IZenTsNmOJ++eM4kbayfhw
3DNwldaruVXkJ2wLT4VmWZrHSPadTHBO/7KhBTfStju9Qzj3ruyxm/2Vk89wwy/2
I68bxzXY41U+ZlzVuNnLfrigIuUirvhvIn4lpG8Wio5rP3pYTQ==
-----END CERTIFICATE-----
Generated at Mon Sep 8 12:09:26 2025 by rpki-client