Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/c0520c80-698f-4538-b32e-e9663caeb979.roa
File: c0520c80-698f-4538-b32e-e9663caeb979.roa (raw, json)
Hash identifier: PQCcslEYzopGQfL0IlJYDS8tcUiI8Pbh0MpYsQifFm8=
Subject key identifier: 8B:1B:CA:D8:A7:25:A0:47:1D:20:C3:F2:25:6E:53:F3:84:23:77:4F
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 5C15A948C512C2620D556C3CA9F0851069EA22F7
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/c0520c80-698f-4538-b32e-e9663caeb979.roa
Signing time: Mon 01 Sep 2025 20:11:15 +0000
ROA not before: Mon 01 Sep 2025 20:11:15 +0000
ROA not after: Mon 06 Oct 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d07f:8050::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 09 Sep 2025 10:00:23 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
5c:15:a9:48:c5:12:c2:62:0d:55:6c:3c:a9:f0:85:10:69:ea:22:f7
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Sep 1 20:11:15 2025 GMT
Not After : Oct 6 23:59:59 2025 GMT
Subject: serialNumber=28257592c2a496e7b14ba4397465298703c17c21a750224e679909f6bdc9ce01, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c7:2c:83:c2:db:02:b3:4e:41:bf:22:5f:56:43:
29:a5:2b:08:e3:3f:77:6a:cc:5a:89:93:eb:c0:ca:
be:f1:9b:a4:74:b8:8e:95:4d:93:eb:51:69:d7:cb:
e2:d6:ca:d2:8d:2b:7f:d6:56:19:3f:26:e2:47:9c:
7d:fb:83:f2:e4:67:9b:13:d1:f2:14:d0:28:72:01:
d2:92:c4:be:7a:ba:9c:53:30:49:b8:72:3d:0b:77:
fd:61:2c:23:44:35:72:7d:82:26:60:8e:4f:36:f2:
35:96:48:f3:92:c3:19:54:82:91:99:68:30:8d:0f:
fd:53:3b:0c:5b:1d:65:62:bd:fa:bc:ef:f2:73:46:
e7:55:41:a1:c7:cd:a7:cc:4e:4e:6f:e4:39:0c:4b:
2f:3e:70:60:92:fc:74:b1:ee:5a:79:a6:c8:27:56:
3b:17:03:77:11:55:2a:a4:8f:39:22:4a:54:5c:4f:
68:b6:1f:61:50:38:08:6e:68:16:67:c8:24:94:2c:
ba:44:25:47:8f:54:fe:23:5d:71:db:68:ba:30:ce:
11:48:b8:5e:93:d4:c4:bd:96:4d:60:0d:f4:05:38:
9b:b9:3d:c3:74:61:5c:85:ec:52:2b:f8:a6:61:a9:
17:ee:99:9a:37:4e:f6:02:d1:bf:df:4e:c6:a4:2b:
1a:f1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8B:1B:CA:D8:A7:25:A0:47:1D:20:C3:F2:25:6E:53:F3:84:23:77:4F
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/c0520c80-698f-4538-b32e-e9663caeb979.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d07f:8050::/48
Signature Algorithm: sha256WithRSAEncryption
90:cf:ac:1a:68:6b:6c:3e:c9:7d:42:27:63:af:58:42:55:97:
f5:e6:47:0c:51:43:21:c2:bc:2a:21:e6:2f:fc:dd:8c:b8:10:
3a:f4:a4:5f:60:0a:40:42:aa:3f:73:5f:6a:c8:cc:14:ef:79:
39:61:f5:1b:38:5e:7b:2d:0e:83:54:6f:de:ef:5c:1a:0b:13:
da:1c:e3:91:41:16:45:16:54:03:fe:1b:32:c9:ad:e7:85:80:
d8:5e:2c:20:05:0c:50:fb:19:d4:11:89:a7:30:23:11:0e:41:
08:76:59:79:fb:dc:d6:ee:a0:ab:60:70:b1:83:82:3f:45:7c:
13:8c:72:9e:09:19:b1:27:5b:b5:fc:bd:a8:57:44:62:91:f1:
f7:e5:50:1a:8c:6f:c7:a2:f1:3e:c2:f8:e4:81:55:91:20:39:
0a:9c:ef:7d:58:9a:5f:c6:79:40:82:e4:a2:da:85:75:05:3a:
2f:6f:12:bf:cd:09:41:fd:fa:b5:58:20:49:b7:2a:d8:c1:21:
15:f7:1a:2a:02:61:6a:a0:b6:60:b3:2c:67:6d:b1:8c:0b:0c:
2d:a3:60:47:0a:e8:28:73:4a:a4:45:43:6c:98:3a:cc:9a:66:
0b:45:a7:3b:5d:44:ea:3d:9f:09:50:e2:2a:4e:50:35:e8:30:
20:d2:d7:a4
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUXBWpSMUSwmINVWw8qfCFEGnqIvcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MDEyMDExMTVaFw0yNTEwMDYyMzU5NTlaMHoxSTBHBgNV
BAUTQDI4MjU3NTkyYzJhNDk2ZTdiMTRiYTQzOTc0NjUyOTg3MDNjMTdjMjFhNzUw
MjI0ZTY3OTkwOWY2YmRjOWNlMDExLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMcsg8LbArNOQb8iX1ZDKaUrCOM/d2rMWomT68DKvvGbpHS4jpVNk+tRadfL
4tbK0o0rf9ZWGT8m4kecffuD8uRnmxPR8hTQKHIB0pLEvnq6nFMwSbhyPQt3/WEs
I0Q1cn2CJmCOTzbyNZZI85LDGVSCkZloMI0P/VM7DFsdZWK9+rzv8nNG51VBocfN
p8xOTm/kOQxLLz5wYJL8dLHuWnmmyCdWOxcDdxFVKqSPOSJKVFxPaLYfYVA4CG5o
FmfIJJQsukQlR49U/iNdcdtoujDOEUi4XpPUxL2WTWAN9AU4m7k9w3RhXIXsUiv4
pmGpF+6ZmjdO9gLRv99OxqQrGvECAwEAAaOCAiQwggIgMB0GA1UdDgQWBBSLG8rY
pyWgRx0gw/IlblPzhCN3TzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
YzA1MjBjODAtNjk4Zi00NTM4LWIzMmUtZTk2NjNjYWViOTc5LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0H+A
UDANBgkqhkiG9w0BAQsFAAOCAQEAkM+sGmhrbD7JfUInY69YQlWX9eZHDFFDIcK8
KiHmL/zdjLgQOvSkX2AKQEKqP3NfasjMFO95OWH1Gzheey0Og1Rv3u9cGgsT2hzj
kUEWRRZUA/4bMsmt54WA2F4sIAUMUPsZ1BGJpzAjEQ5BCHZZefvc1u6gq2BwsYOC
P0V8E4xyngkZsSdbtfy9qFdEYpHx9+VQGoxvx6LxPsL45IFVkSA5CpzvfViaX8Z5
QILkotqFdQU6L28Sv80JQf36tVggSbcq2MEhFfcaKgJhaqC2YLMsZ22xjAsMLaNg
RwroKHNKpEVDbJg6zJpmC0WnO11E6j2fCVDiKk5QNegwINLXpA==
-----END CERTIFICATE-----
Generated at Mon Sep 8 12:12:48 2025 by rpki-client