Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/bad6d47b-d932-44b6-8939-bd8993b444d2.roa
File: bad6d47b-d932-44b6-8939-bd8993b444d2.roa (raw, json)
Hash identifier: jttb3PcY6i07J6Ray88K5pWH7gogZ0hIbCKuF1wjB0Q=
Subject key identifier: A5:73:08:57:C5:F2:47:2D:30:4F:7A:AE:DF:E9:B5:F7:29:84:33:AF
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 6F1F934AA1694C56391BE4D41126158427E159FE
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/bad6d47b-d932-44b6-8939-bd8993b444d2.roa
Signing time: Thu 04 Sep 2025 19:52:07 +0000
ROA not before: Thu 04 Sep 2025 19:52:07 +0000
ROA not after: Thu 09 Oct 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d034:80c0::/46 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 09 Sep 2025 10:00:23 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
6f:1f:93:4a:a1:69:4c:56:39:1b:e4:d4:11:26:15:84:27:e1:59:fe
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Sep 4 19:52:07 2025 GMT
Not After : Oct 9 23:59:59 2025 GMT
Subject: serialNumber=dd5e4be09066e38f744a59b587fbaf30677930586d76f87e189ba54938150284, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cd:2c:d4:29:cb:8e:e5:71:31:fa:27:e7:1a:46:
13:2b:8f:04:a3:f9:ad:f0:84:42:cc:89:b5:c9:18:
6c:00:79:f4:6e:6f:1b:f6:de:64:7c:6b:74:f6:50:
1e:30:af:14:fc:9d:d4:9d:c2:af:74:ba:72:b9:b6:
c3:38:6e:13:a5:46:c7:6e:b0:8a:0e:7b:39:44:3a:
71:a0:50:2d:61:7a:2c:d6:c3:9c:17:58:46:85:f1:
9d:e4:4d:5c:07:65:2a:cf:74:3f:59:96:92:f8:3f:
d4:c3:aa:b0:53:b9:fd:55:d2:3f:a8:73:94:12:41:
47:95:f4:4d:0f:60:83:7f:c1:6a:17:36:d5:b4:f2:
98:59:34:a9:7f:d5:fb:ca:0c:5c:a9:d7:70:e4:77:
bb:2e:a5:67:6c:06:71:da:34:66:33:a1:e3:05:ab:
39:74:0d:f9:77:8a:f3:fb:19:91:07:7e:25:7b:0d:
1e:bb:9a:7a:b6:ab:88:e3:17:f7:40:f4:db:b2:64:
54:73:dd:b9:1e:71:fa:a9:ae:03:88:a3:08:93:6c:
6d:de:12:cd:07:fb:64:a0:03:ec:92:47:ef:67:a8:
23:4b:a0:77:d1:4e:37:9d:57:29:e9:0e:2f:82:06:
ca:67:0f:64:ef:88:4d:8d:13:80:7e:78:a0:62:d5:
a2:97
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A5:73:08:57:C5:F2:47:2D:30:4F:7A:AE:DF:E9:B5:F7:29:84:33:AF
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/bad6d47b-d932-44b6-8939-bd8993b444d2.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d034:80c0::/46
Signature Algorithm: sha256WithRSAEncryption
32:76:24:91:20:de:00:ba:f6:32:f9:c5:c4:34:32:8b:fe:84:
7d:17:a6:65:11:03:3f:1e:ca:e6:a7:14:a8:23:a7:25:66:66:
8a:bd:1d:50:66:3f:da:35:c1:6c:a0:ed:d5:ad:98:4c:4d:c0:
28:de:c3:4a:08:7d:1e:75:37:5f:5e:75:4a:8e:78:12:f1:49:
57:77:47:49:19:4c:eb:68:28:11:33:c7:d3:74:d1:64:5a:0d:
2d:39:6d:52:02:64:ed:cf:95:48:03:f9:86:03:84:28:0d:68:
2b:6f:9d:65:85:0f:c7:7d:78:18:d3:d9:b6:6c:e6:5a:96:cb:
a7:48:ed:01:78:94:8b:ea:b0:4f:d6:54:3a:6b:ed:7b:5d:81:
25:d2:d3:03:30:ab:c4:c7:7b:52:a6:4b:96:04:90:02:e5:36:
c8:e9:7e:37:00:90:ed:15:2b:32:9f:f1:ad:08:9c:18:50:31:
08:c9:0d:d3:12:32:f6:44:18:7f:22:8d:6c:60:3c:e0:1d:5b:
96:60:d6:30:9a:fe:94:4d:1f:fe:65:2d:8e:1e:53:e2:4b:d5:
55:01:20:92:17:8f:0e:96:ee:da:63:44:03:19:14:a9:f1:8b:
79:37:14:e9:07:bd:2d:18:29:45:9d:ed:85:ae:2f:49:67:91:
02:1f:7f:ad
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUbx+TSqFpTFY5G+TUESYVhCfhWf4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MDQxOTUyMDdaFw0yNTEwMDkyMzU5NTlaMHoxSTBHBgNV
BAUTQGRkNWU0YmUwOTA2NmUzOGY3NDRhNTliNTg3ZmJhZjMwNjc3OTMwNTg2ZDc2
Zjg3ZTE4OWJhNTQ5MzgxNTAyODQxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAM0s1CnLjuVxMfon5xpGEyuPBKP5rfCEQsyJtckYbAB59G5vG/beZHxrdPZQ
HjCvFPyd1J3Cr3S6crm2wzhuE6VGx26wig57OUQ6caBQLWF6LNbDnBdYRoXxneRN
XAdlKs90P1mWkvg/1MOqsFO5/VXSP6hzlBJBR5X0TQ9gg3/Bahc21bTymFk0qX/V
+8oMXKnXcOR3uy6lZ2wGcdo0ZjOh4wWrOXQN+XeK8/sZkQd+JXsNHruaerariOMX
90D027JkVHPduR5x+qmuA4ijCJNsbd4SzQf7ZKAD7JJH72eoI0ugd9FON51XKekO
L4IGymcPZO+ITY0TgH54oGLVopcCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBSlcwhX
xfJHLTBPeq7f6bX3KYQzrzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
YmFkNmQ0N2ItZDkzMi00NGI2LTg5MzktYmQ4OTkzYjQ0NGQyLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHAioF0DSA
wDANBgkqhkiG9w0BAQsFAAOCAQEAMnYkkSDeALr2MvnFxDQyi/6EfRemZREDPx7K
5qcUqCOnJWZmir0dUGY/2jXBbKDt1a2YTE3AKN7DSgh9HnU3X151So54EvFJV3dH
SRlM62goETPH03TRZFoNLTltUgJk7c+VSAP5hgOEKA1oK2+dZYUPx314GNPZtmzm
WpbLp0jtAXiUi+qwT9ZUOmvte12BJdLTAzCrxMd7UqZLlgSQAuU2yOl+NwCQ7RUr
Mp/xrQicGFAxCMkN0xIy9kQYfyKNbGA84B1blmDWMJr+lE0f/mUtjh5T4kvVVQEg
khePDpbu2mNEAxkUqfGLeTcU6Qe9LRgpRZ3tha4vSWeRAh9/rQ==
-----END CERTIFICATE-----
Generated at Mon Sep 8 12:08:18 2025 by rpki-client