Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/bf1db0f3-6cad-4fcc-96c5-ddde700e6264.roa
File: bf1db0f3-6cad-4fcc-96c5-ddde700e6264.roa (raw, json)
Hash identifier: VEHB6zqIzCM77yHtYdyqp/nG8Tmveo9iB9PJ9RpfISQ=
Subject key identifier: 4B:EC:13:7E:14:93:82:D2:B0:E6:64:76:0E:2A:A7:1D:44:C9:7E:2E
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 7A45F694B358AC17B7D97F1B8E5737A3A9F2E870
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/bf1db0f3-6cad-4fcc-96c5-ddde700e6264.roa
Signing time: Mon 01 Sep 2025 20:40:04 +0000
ROA not before: Mon 01 Sep 2025 20:40:04 +0000
ROA not after: Mon 06 Oct 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d075:b000::/40 maxlen: 40
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 09 Sep 2025 10:00:23 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
7a:45:f6:94:b3:58:ac:17:b7:d9:7f:1b:8e:57:37:a3:a9:f2:e8:70
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Sep 1 20:40:04 2025 GMT
Not After : Oct 6 23:59:59 2025 GMT
Subject: serialNumber=9f06c3574887d2a113900cc1f6fbdf636b197383e39de7567bd0cea7e63f20e9, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b3:b4:e9:be:fe:77:b8:ab:7f:dc:e8:00:c7:1a:
8f:30:a8:6a:ac:38:7a:72:bd:56:47:45:c8:92:84:
cf:ef:97:64:a5:9a:85:8e:14:11:08:65:09:22:d8:
07:41:2d:86:7a:9e:45:0e:cb:95:f9:6b:d3:bb:48:
d1:15:aa:2b:27:18:4c:a5:60:56:6d:37:7f:ae:e8:
45:08:f0:ae:86:89:36:c3:41:d6:6b:89:97:0f:e5:
13:a7:42:66:c2:9a:e9:c5:c8:57:34:6b:76:d0:c3:
bb:06:c0:79:50:53:86:a2:f5:4c:23:6f:fd:e8:a3:
ba:30:e9:d4:dc:a8:d2:fb:38:0c:92:c5:bb:ca:1b:
c6:6d:08:7e:ea:87:19:54:2f:0c:47:2d:02:a0:bb:
4c:49:36:8c:8e:fa:02:48:02:ca:0f:8c:a4:72:b3:
c4:e1:fb:72:55:1f:89:b3:39:ce:ad:26:8f:5f:9f:
d1:b9:63:e6:1b:2d:1b:c9:35:f8:b6:6a:f8:d8:4f:
24:06:d5:1c:7f:21:31:2f:6b:e1:a0:89:b4:63:c6:
ba:a8:49:1b:88:26:60:a5:23:49:be:28:0c:e9:2a:
9f:74:e1:b7:1b:14:26:16:b0:03:48:9f:d3:a7:a5:
34:d6:07:25:fe:c1:ab:d5:95:d7:35:27:51:9f:f6:
0b:39
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4B:EC:13:7E:14:93:82:D2:B0:E6:64:76:0E:2A:A7:1D:44:C9:7E:2E
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/bf1db0f3-6cad-4fcc-96c5-ddde700e6264.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d075:b000::/40
Signature Algorithm: sha256WithRSAEncryption
4a:89:ec:e3:fe:e7:49:76:e2:b1:a3:18:25:f8:14:67:60:44:
3c:a7:41:7c:6a:7f:48:3f:49:c1:d0:ec:fe:bd:26:37:5d:bf:
be:96:7e:9d:e9:51:f9:2f:c3:f2:ba:49:69:95:2e:6a:8b:51:
db:2e:f5:84:20:27:f3:54:07:40:fa:ce:e9:cb:35:e6:37:14:
16:24:46:69:4e:98:cc:f8:49:f8:9f:e7:cf:5b:47:9f:8c:10:
7d:c2:9d:c5:be:a6:7f:56:d5:63:f5:e9:ca:b6:8b:9c:85:2b:
e4:2e:a8:2f:5e:11:5e:fe:46:ab:8a:75:87:4a:e7:bd:38:5f:
8e:50:89:43:32:77:64:72:cf:ac:ed:6a:b7:2a:e1:46:c5:23:
3c:6c:0d:87:4d:bf:12:1d:0f:0a:93:f3:da:00:ca:25:de:8b:
98:eb:54:92:9d:41:1e:bf:a4:be:e9:7d:06:72:a3:14:07:42:
5f:69:ab:79:dd:75:88:45:fe:0c:0d:c0:5d:d8:6c:ec:b8:3b:
de:af:e9:58:39:9e:05:1e:57:5d:4a:2a:2d:6e:e6:89:00:19:
31:97:c0:dd:7c:7c:28:e4:36:97:9d:f6:ee:5d:3a:eb:95:05:
57:e6:4e:56:2c:6d:c9:de:92:ce:d8:c7:b5:ef:99:6e:42:fc:
99:ad:89:a8
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUekX2lLNYrBe32X8bjlc3o6ny6HAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MDEyMDQwMDRaFw0yNTEwMDYyMzU5NTlaMHoxSTBHBgNV
BAUTQDlmMDZjMzU3NDg4N2QyYTExMzkwMGNjMWY2ZmJkZjYzNmIxOTczODNlMzlk
ZTc1NjdiZDBjZWE3ZTYzZjIwZTkxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALO06b7+d7irf9zoAMcajzCoaqw4enK9VkdFyJKEz++XZKWahY4UEQhlCSLY
B0EthnqeRQ7Llflr07tI0RWqKycYTKVgVm03f67oRQjwroaJNsNB1muJlw/lE6dC
ZsKa6cXIVzRrdtDDuwbAeVBThqL1TCNv/eijujDp1Nyo0vs4DJLFu8obxm0IfuqH
GVQvDEctAqC7TEk2jI76AkgCyg+MpHKzxOH7clUfibM5zq0mj1+f0blj5hstG8k1
+LZq+NhPJAbVHH8hMS9r4aCJtGPGuqhJG4gmYKUjSb4oDOkqn3ThtxsUJhawA0if
06elNNYHJf7Bq9WV1zUnUZ/2CzkCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBRL7BN+
FJOC0rDmZHYOKqcdRMl+LjAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
YmYxZGIwZjMtNmNhZC00ZmNjLTk2YzUtZGRkZTcwMGU2MjY0LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0HWw
MA0GCSqGSIb3DQEBCwUAA4IBAQBKiezj/udJduKxoxgl+BRnYEQ8p0F8an9IP0nB
0Oz+vSY3Xb++ln6d6VH5L8PyuklplS5qi1HbLvWEICfzVAdA+s7pyzXmNxQWJEZp
TpjM+En4n+fPW0efjBB9wp3FvqZ/VtVj9enKtouchSvkLqgvXhFe/karinWHSue9
OF+OUIlDMndkcs+s7Wq3KuFGxSM8bA2HTb8SHQ8Kk/PaAMol3ouY61SSnUEev6S+
6X0GcqMUB0Jfaat53XWIRf4MDcBd2GzsuDver+lYOZ4FHlddSiotbuaJABkxl8Dd
fHwo5DaXnfbuXTrrlQVX5k5WLG3J3pLO2Me175luQvyZrYmo
-----END CERTIFICATE-----
Generated at Mon Sep 8 12:13:26 2025 by rpki-client