Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/bfae711e-b0c4-404f-be1f-a99990818ac6.roa
File: bfae711e-b0c4-404f-be1f-a99990818ac6.roa (raw, json)
Hash identifier: XgpFr+2+CgcFYLh0wo8EtjVaYz5V9pnzSdiA6Z11zks=
Subject key identifier: 07:62:3D:56:8F:01:D0:E1:76:49:1E:35:AB:62:5C:91:1F:FC:F2:64
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 12D23A5CE12DCFDCD4F613E7A7D123AECAA853B4
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/bfae711e-b0c4-404f-be1f-a99990818ac6.roa
Signing time: Mon 01 Sep 2025 21:21:33 +0000
ROA not before: Mon 01 Sep 2025 21:21:33 +0000
ROA not after: Mon 06 Oct 2025 23:59:59 +0000
asID: 16509
IP address blocks: 79.125.0.0/23 maxlen: 23
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 09 Sep 2025 10:00:23 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
12:d2:3a:5c:e1:2d:cf:dc:d4:f6:13:e7:a7:d1:23:ae:ca:a8:53:b4
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Sep 1 21:21:33 2025 GMT
Not After : Oct 6 23:59:59 2025 GMT
Subject: serialNumber=9a6b4b89e14861750e9c557bde94be149aef38301b01417ce08950c935858bec, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d4:a3:05:cc:9c:c3:a2:12:7a:e3:49:2b:1a:da:
d3:fb:bb:58:98:51:16:45:b5:39:f9:08:bb:9e:6d:
fc:e9:8a:bb:56:8f:fb:3a:84:13:54:ca:6f:f9:a3:
bb:ac:55:a7:2a:1b:89:33:cc:49:0a:05:35:79:df:
79:01:84:58:55:ca:e4:bd:e9:a4:0e:f8:b1:d1:ef:
bb:a4:73:53:e7:e7:5b:36:90:ab:10:20:6d:3b:c7:
2d:35:8c:51:da:ed:85:f7:06:63:a2:bf:ae:7e:5e:
61:d0:f4:b7:e7:f6:bd:31:56:12:54:81:a6:e6:72:
a6:bf:18:fb:87:0e:4c:b9:59:66:e4:c9:ef:a3:44:
9b:0d:43:67:41:73:8a:7e:bb:05:1a:7a:98:17:d1:
f3:06:26:e7:cd:9c:73:90:33:51:7b:9d:1e:b3:a1:
1e:70:e6:bd:5a:25:17:3f:48:34:c6:85:b1:02:03:
74:ed:fc:f2:24:de:99:6c:bb:b2:bc:04:1c:a9:f1:
ba:9f:9f:db:31:64:56:68:a3:9b:d4:75:e5:21:23:
f2:91:61:52:37:ce:84:26:75:5c:ee:95:22:43:ca:
ff:89:84:dc:8b:b5:ee:fe:f3:bf:01:65:52:1d:6e:
50:0a:60:bd:cd:75:03:af:0b:19:9c:b8:e0:6f:e2:
e7:29
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
07:62:3D:56:8F:01:D0:E1:76:49:1E:35:AB:62:5C:91:1F:FC:F2:64
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/bfae711e-b0c4-404f-be1f-a99990818ac6.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
79.125.0.0/23
Signature Algorithm: sha256WithRSAEncryption
9b:85:37:4f:c4:65:da:6e:22:0a:ac:b1:4f:21:ab:56:d7:be:
97:a5:f1:40:44:e3:ab:b8:52:ff:20:c8:c9:f4:c0:56:49:11:
be:07:0a:20:36:f6:da:a1:ee:cd:96:c6:c2:09:c2:3e:85:22:
0d:53:ab:55:8a:2f:b7:6b:4f:f2:fb:64:7c:7e:3a:ae:66:b9:
f4:8b:31:8b:3b:94:0a:8b:df:b6:df:bd:77:c4:4d:fe:60:9d:
79:41:33:ff:ce:27:77:e9:9d:6b:a4:14:b9:8f:b0:63:3e:17:
4f:c0:3d:8e:3d:ee:f4:79:a0:b8:f0:fb:18:fc:c7:fb:c4:78:
fd:fe:a6:1c:93:33:af:63:a9:a6:26:df:40:a9:a2:25:7b:ca:
0e:89:a2:e9:37:b3:16:c5:12:69:71:0e:4c:c3:47:4d:e6:d3:
6a:05:0a:12:f7:05:ea:50:3b:cb:c3:d0:70:f6:d6:85:4d:13:
f5:83:d6:a6:7b:27:d5:01:fd:62:25:47:c1:89:30:be:a9:ac:
66:ad:13:95:29:88:61:bd:dc:e8:de:e0:57:45:b6:64:2b:c0:
e1:3c:93:fc:4e:86:e6:23:71:68:bd:7e:b1:8d:72:7b:3e:55:
56:81:d2:e3:45:dc:8f:35:8b:f0:bc:40:c4:a4:d6:84:9d:a5:
1b:4e:2b:55
-----BEGIN CERTIFICATE-----
MIIFXjCCBEagAwIBAgIUEtI6XOEtz9zU9hPnp9EjrsqoU7QwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MDEyMTIxMzNaFw0yNTEwMDYyMzU5NTlaMHoxSTBHBgNV
BAUTQDlhNmI0Yjg5ZTE0ODYxNzUwZTljNTU3YmRlOTRiZTE0OWFlZjM4MzAxYjAx
NDE3Y2UwODk1MGM5MzU4NThiZWMxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANSjBcycw6ISeuNJKxra0/u7WJhRFkW1OfkIu55t/OmKu1aP+zqEE1TKb/mj
u6xVpyobiTPMSQoFNXnfeQGEWFXK5L3ppA74sdHvu6RzU+fnWzaQqxAgbTvHLTWM
UdrthfcGY6K/rn5eYdD0t+f2vTFWElSBpuZypr8Y+4cOTLlZZuTJ76NEmw1DZ0Fz
in67BRp6mBfR8wYm582cc5AzUXudHrOhHnDmvVolFz9INMaFsQIDdO388iTemWy7
srwEHKnxup+f2zFkVmijm9R15SEj8pFhUjfOhCZ1XO6VIkPK/4mE3Iu17v7zvwFl
Uh1uUApgvc11A68LGZy44G/i5ykCAwEAAaOCAiEwggIdMB0GA1UdDgQWBBQHYj1W
jwHQ4XZJHjWrYlyRH/zyZDAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
YmZhZTcxMWUtYjBjNC00MDRmLWJlMWYtYTk5OTkwODE4YWM2LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAU99ADAN
BgkqhkiG9w0BAQsFAAOCAQEAm4U3T8Rl2m4iCqyxTyGrVte+l6XxQETjq7hS/yDI
yfTAVkkRvgcKIDb22qHuzZbGwgnCPoUiDVOrVYovt2tP8vtkfH46rma59IsxizuU
Covftt+9d8RN/mCdeUEz/84nd+mda6QUuY+wYz4XT8A9jj3u9HmguPD7GPzH+8R4
/f6mHJMzr2OppibfQKmiJXvKDomi6TezFsUSaXEOTMNHTebTagUKEvcF6lA7y8PQ
cPbWhU0T9YPWpnsn1QH9YiVHwYkwvqmsZq0TlSmIYb3c6N7gV0W2ZCvA4TyT/E6G
5iNxaL1+sY1yez5VVoHS40XcjzWL8LxAxKTWhJ2lG04rVQ==
-----END CERTIFICATE-----
Generated at Mon Sep 8 12:06:04 2025 by rpki-client