Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/b9f26696-5522-477d-b8bf-72de7350b09a.roa
File: b9f26696-5522-477d-b8bf-72de7350b09a.roa (raw, json)
Hash identifier: D/fgynWZFs0WGCyVHxfYcOvkvKe+hjB2LE/sTrKU+Ok=
Subject key identifier: 5A:13:C1:4C:DE:B4:68:51:0B:17:2E:27:3D:5A:2A:EF:F1:FD:09:0E
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 0EC9B65D0AB8D6D3065EC13333928ECF4E87ADF8
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/b9f26696-5522-477d-b8bf-72de7350b09a.roa
Signing time: Mon 01 Sep 2025 20:00:11 +0000
ROA not before: Mon 01 Sep 2025 20:00:11 +0000
ROA not after: Mon 06 Oct 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d072:5000::/40 maxlen: 40
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 09 Sep 2025 10:00:23 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
0e:c9:b6:5d:0a:b8:d6:d3:06:5e:c1:33:33:92:8e:cf:4e:87:ad:f8
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Sep 1 20:00:11 2025 GMT
Not After : Oct 6 23:59:59 2025 GMT
Subject: serialNumber=4ab8dd6597165b3c9cd86a6bd9beefbdaeda14d4c8b9c8671b4c839632c45e60, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a7:13:af:4e:4a:db:90:14:6d:e7:e9:58:b5:70:
a5:d5:13:07:d4:99:0c:f5:f0:02:11:5d:16:28:e8:
83:d9:bf:20:83:71:8b:1b:37:d3:6b:1f:70:0a:2c:
3b:a0:fd:0f:95:53:a8:b0:63:5a:a1:67:06:7b:55:
37:12:99:2b:83:e5:8a:b2:89:69:9d:15:a6:b3:08:
f4:8b:6b:3c:a1:5a:7d:69:c6:35:94:e8:bb:b2:dd:
47:1e:64:55:08:56:29:82:74:cc:a9:c6:34:0d:4f:
44:09:32:4d:f8:95:df:86:8c:24:f3:41:c7:13:e8:
f8:b6:07:31:5a:cc:7b:bd:e2:5a:f1:e2:3f:4e:55:
72:cb:ad:90:94:fd:74:d3:a3:47:23:7b:1b:03:bc:
52:4f:fd:88:65:bd:3d:9e:f2:b4:12:d1:b1:18:43:
04:63:3c:f3:6b:3c:18:64:e2:7a:d5:98:7f:0e:ae:
46:66:94:a3:62:20:02:be:f1:d2:18:45:58:4c:96:
61:fb:f8:9a:5d:04:1d:33:97:90:28:f9:58:15:51:
1b:1e:25:da:9d:f6:0b:d7:ec:f5:da:34:50:60:7b:
f7:1d:07:3c:0e:d1:f2:7a:5a:78:76:b0:6d:26:b8:
b3:a6:6d:72:5f:70:f6:99:37:fd:b2:cb:8d:fa:51:
db:5b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5A:13:C1:4C:DE:B4:68:51:0B:17:2E:27:3D:5A:2A:EF:F1:FD:09:0E
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/b9f26696-5522-477d-b8bf-72de7350b09a.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d072:5000::/40
Signature Algorithm: sha256WithRSAEncryption
ae:6b:91:4a:bc:df:18:44:6e:8d:5d:d4:c6:24:0c:f3:ce:b6:
24:22:de:22:4c:1c:8b:2a:97:dd:1e:56:6b:ac:3e:67:a2:a4:
bb:dd:e1:34:4f:cb:2f:d4:91:8e:7e:2a:c2:02:13:fd:8a:1b:
18:d3:1f:73:c8:b7:12:4d:a8:45:f5:41:0a:bc:e0:40:e9:ba:
f6:47:1c:15:2f:f1:5c:55:bf:24:af:96:ed:a4:3f:4f:9a:da:
c0:2d:40:b3:77:6c:70:82:90:97:dc:c6:5e:7e:5c:8e:5c:7c:
9e:63:49:50:a4:13:12:9d:de:d9:dd:10:83:c4:85:e0:c9:80:
72:84:f3:73:e0:8b:20:f0:be:80:dc:a2:01:a4:bd:00:dd:ca:
d5:ab:ee:bb:22:79:a6:f4:d4:60:b1:90:97:09:f3:85:85:14:
32:c3:6f:c5:02:99:ec:11:0b:01:e2:1a:ef:49:d8:4f:90:49:
8a:4a:b2:8f:4c:bc:bf:ee:3e:ba:2b:27:a3:a4:f5:06:5d:b9:
98:bc:a5:df:13:dd:45:8e:06:43:66:fc:5f:3c:04:db:f2:67:
d0:4d:8b:31:68:83:6d:43:da:6d:fc:6a:01:d4:c8:42:0f:91:
8a:53:d1:01:d9:db:3c:2e:44:ec:2a:85:74:22:c6:91:6e:97:
c2:e8:cc:46
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUDsm2XQq41tMGXsEzM5KOz06HrfgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MDEyMDAwMTFaFw0yNTEwMDYyMzU5NTlaMHoxSTBHBgNV
BAUTQDRhYjhkZDY1OTcxNjViM2M5Y2Q4NmE2YmQ5YmVlZmJkYWVkYTE0ZDRjOGI5
Yzg2NzFiNGM4Mzk2MzJjNDVlNjAxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKcTr05K25AUbefpWLVwpdUTB9SZDPXwAhFdFijog9m/IINxixs302sfcAos
O6D9D5VTqLBjWqFnBntVNxKZK4PlirKJaZ0VprMI9ItrPKFafWnGNZTou7LdRx5k
VQhWKYJ0zKnGNA1PRAkyTfiV34aMJPNBxxPo+LYHMVrMe73iWvHiP05VcsutkJT9
dNOjRyN7GwO8Uk/9iGW9PZ7ytBLRsRhDBGM882s8GGTietWYfw6uRmaUo2IgAr7x
0hhFWEyWYfv4ml0EHTOXkCj5WBVRGx4l2p32C9fs9do0UGB79x0HPA7R8npaeHaw
bSa4s6Ztcl9w9pk3/bLLjfpR21sCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBRaE8FM
3rRoUQsXLic9Wirv8f0JDjAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
YjlmMjY2OTYtNTUyMi00NzdkLWI4YmYtNzJkZTczNTBiMDlhLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0HJQ
MA0GCSqGSIb3DQEBCwUAA4IBAQCua5FKvN8YRG6NXdTGJAzzzrYkIt4iTByLKpfd
HlZrrD5noqS73eE0T8sv1JGOfirCAhP9ihsY0x9zyLcSTahF9UEKvOBA6br2RxwV
L/FcVb8kr5btpD9PmtrALUCzd2xwgpCX3MZeflyOXHyeY0lQpBMSnd7Z3RCDxIXg
yYByhPNz4Isg8L6A3KIBpL0A3crVq+67Inmm9NRgsZCXCfOFhRQyw2/FApnsEQsB
4hrvSdhPkEmKSrKPTLy/7j66KyejpPUGXbmYvKXfE91FjgZDZvxfPATb8mfQTYsx
aINtQ9pt/GoB1MhCD5GKU9EB2ds8LkTsKoV0IsaRbpfC6MxG
-----END CERTIFICATE-----
Generated at Mon Sep 8 12:09:23 2025 by rpki-client