Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/a626735f-cb4b-4dff-992e-95390a4e2eea.roa
File: a626735f-cb4b-4dff-992e-95390a4e2eea.roa (raw, json)
Hash identifier: Q/GsnV6hthwrbllyBrfbQUDbIjnREbQYFur5Bi02gyY=
Subject key identifier: 59:4C:10:7C:FD:66:6A:AA:DF:BC:C2:42:47:E6:4F:1E:EB:9A:1C:6F
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 55CAE1DD5E35651555089F92BCA5BDB3F14BCDE1
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/a626735f-cb4b-4dff-992e-95390a4e2eea.roa
Signing time: Mon 01 Sep 2025 21:00:15 +0000
ROA not before: Mon 01 Sep 2025 21:00:15 +0000
ROA not after: Mon 06 Oct 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d059:2000::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 09 Sep 2025 10:00:23 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
55:ca:e1:dd:5e:35:65:15:55:08:9f:92:bc:a5:bd:b3:f1:4b:cd:e1
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Sep 1 21:00:15 2025 GMT
Not After : Oct 6 23:59:59 2025 GMT
Subject: serialNumber=d3baf0264cd2fbaa36d3a42883788d82a3e489661ebf997ec4712557292e89d1, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cd:9b:17:cf:80:39:7c:9a:6c:26:b9:39:76:57:
68:6c:f7:d9:a5:1c:da:2e:f9:4c:a0:bd:fe:80:50:
7f:d4:5d:29:3a:28:4c:3d:50:c5:d9:7b:65:a4:ff:
b8:7a:e7:6d:1d:ba:a7:61:a3:90:61:d9:f7:d1:aa:
43:67:09:de:5e:ef:72:53:87:58:3c:df:5b:18:95:
e2:fa:70:49:a8:50:fb:f4:1b:56:ef:8f:14:21:1b:
6a:9e:21:f0:4e:d6:95:58:99:69:4c:42:6e:66:b9:
25:73:df:71:11:0b:7b:ff:5a:c7:f8:37:ce:b4:e9:
8d:21:73:5c:0b:1a:b5:bf:7b:99:cc:bd:a7:c4:c4:
7d:7c:f8:7b:2f:41:6b:14:88:14:b1:78:cf:88:a3:
b3:5d:9d:d0:9f:16:64:11:47:ed:70:4a:39:b1:1a:
d7:d2:d0:22:23:e5:88:e7:d2:a0:51:0d:2e:80:48:
ff:b4:25:b2:a1:6c:fe:43:0b:7b:f2:99:1c:61:e7:
06:fa:b8:65:a9:d5:00:da:79:5a:a4:a6:b8:2f:08:
f1:ca:47:b4:98:f0:ad:45:57:1d:7b:ef:4a:8b:6e:
67:d0:10:de:bb:3b:c2:cf:53:e7:f8:8b:46:c1:4e:
ec:c6:1f:6f:b5:14:ff:87:90:be:50:87:de:2d:ab:
63:25
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
59:4C:10:7C:FD:66:6A:AA:DF:BC:C2:42:47:E6:4F:1E:EB:9A:1C:6F
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/a626735f-cb4b-4dff-992e-95390a4e2eea.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d059:2000::/40
Signature Algorithm: sha256WithRSAEncryption
ad:52:2c:49:5f:7c:d4:ef:49:43:06:4a:2b:96:54:9b:f7:49:
f6:b9:ec:5a:fd:7f:10:57:1d:de:db:4f:9b:10:f2:75:34:1f:
8a:05:ac:56:f8:07:f9:04:7f:f1:c9:b8:b2:a9:ab:a8:31:a4:
68:a8:03:13:7f:a6:3d:eb:1d:b4:21:6a:ea:ed:53:b6:88:87:
57:0f:5b:5f:d7:e3:ae:f3:60:70:3d:f6:a5:d6:87:d8:dc:0f:
b6:bb:de:c7:c4:de:32:2a:1b:50:49:5f:44:eb:d4:83:bf:f9:
28:8b:30:45:95:2b:77:58:95:05:2e:9d:b9:c8:8e:c6:2a:37:
01:5d:26:e5:fc:c3:b7:ad:14:54:7f:11:c8:05:e7:df:a6:8a:
4f:6c:37:91:42:e4:95:b7:bf:62:11:aa:60:ba:8f:30:50:bd:
83:33:28:90:9a:1a:4a:92:0b:ac:e7:88:e5:18:42:c9:bc:b9:
59:18:dc:3e:0a:3c:9a:1b:62:3a:89:6e:76:ee:71:95:e6:a1:
11:10:a8:51:48:0d:8a:9e:3e:14:03:d7:c8:1f:6f:c2:fa:f8:
1d:11:34:1a:71:73:8e:be:e5:cf:35:70:b1:bd:e9:99:b4:a5:
61:17:82:6c:31:5e:bc:d6:e6:00:a3:e6:e9:fb:11:db:e1:85:
20:93:ca:c6
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUVcrh3V41ZRVVCJ+SvKW9s/FLzeEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MDEyMTAwMTVaFw0yNTEwMDYyMzU5NTlaMHoxSTBHBgNV
BAUTQGQzYmFmMDI2NGNkMmZiYWEzNmQzYTQyODgzNzg4ZDgyYTNlNDg5NjYxZWJm
OTk3ZWM0NzEyNTU3MjkyZTg5ZDExLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAM2bF8+AOXyabCa5OXZXaGz32aUc2i75TKC9/oBQf9RdKTooTD1Qxdl7ZaT/
uHrnbR26p2GjkGHZ99GqQ2cJ3l7vclOHWDzfWxiV4vpwSahQ+/QbVu+PFCEbap4h
8E7WlViZaUxCbma5JXPfcRELe/9ax/g3zrTpjSFzXAsatb97mcy9p8TEfXz4ey9B
axSIFLF4z4ijs12d0J8WZBFH7XBKObEa19LQIiPliOfSoFENLoBI/7QlsqFs/kML
e/KZHGHnBvq4ZanVANp5WqSmuC8I8cpHtJjwrUVXHXvvSotuZ9AQ3rs7ws9T5/iL
RsFO7MYfb7UU/4eQvlCH3i2rYyUCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBRZTBB8
/WZqqt+8wkJH5k8e65ocbzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
YTYyNjczNWYtY2I0Yi00ZGZmLTk5MmUtOTUzOTBhNGUyZWVhLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0Fkg
MA0GCSqGSIb3DQEBCwUAA4IBAQCtUixJX3zU70lDBkorllSb90n2uexa/X8QVx3e
20+bEPJ1NB+KBaxW+Af5BH/xybiyqauoMaRoqAMTf6Y96x20IWrq7VO2iIdXD1tf
1+Ou82BwPfal1ofY3A+2u97HxN4yKhtQSV9E69SDv/koizBFlSt3WJUFLp25yI7G
KjcBXSbl/MO3rRRUfxHIBeffpopPbDeRQuSVt79iEapguo8wUL2DMyiQmhpKkgus
54jlGELJvLlZGNw+CjyaG2I6iW527nGV5qEREKhRSA2Knj4UA9fIH2/C+vgdETQa
cXOOvuXPNXCxvemZtKVhF4JsMV681uYAo+bp+xHb4YUgk8rG
-----END CERTIFICATE-----
Generated at Mon Sep 8 12:08:15 2025 by rpki-client