Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/c768f15e-576e-48c0-91d4-8446a6be70a8.roa
File: c768f15e-576e-48c0-91d4-8446a6be70a8.roa (raw, json)
Hash identifier: xZXhGKl96D/UBBhze8GldUYoMXqXY6OAU2ir5lqnmLk=
Subject key identifier: 99:E8:48:D6:6D:E4:2A:4E:CB:57:D5:29:8F:01:09:FA:3A:5A:E0:D9
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 293DDD099A1BEBB42AE59BD743303AACAC8DB651
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/c768f15e-576e-48c0-91d4-8446a6be70a8.roa
Signing time: Mon 01 Sep 2025 20:50:57 +0000
ROA not before: Mon 01 Sep 2025 20:50:57 +0000
ROA not after: Mon 06 Oct 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d032:e000::/40 maxlen: 40
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 09 Sep 2025 10:00:23 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
29:3d:dd:09:9a:1b:eb:b4:2a:e5:9b:d7:43:30:3a:ac:ac:8d:b6:51
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Sep 1 20:50:57 2025 GMT
Not After : Oct 6 23:59:59 2025 GMT
Subject: serialNumber=6593f5ec3367d2016a902d1b7cd78f92fdfaa39c888a5db78d08b5b32b187bc9, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:94:8d:57:26:d7:d8:ba:65:18:c9:fb:21:75:94:
a3:54:ea:9a:02:79:b6:06:f6:88:34:35:d5:15:3c:
71:99:7b:b4:4c:4f:88:c8:39:9d:54:22:63:d0:48:
82:87:0f:a2:8d:92:d7:0a:85:d6:54:55:b0:6a:a7:
0f:df:dc:32:4f:04:3e:20:d4:60:78:f3:c4:87:e4:
3f:70:42:7e:ef:bf:85:4f:b2:53:49:a2:0f:c9:52:
36:54:70:d5:5a:c9:c0:51:7c:6f:b4:7b:36:a9:9e:
e6:1f:a3:5b:d9:02:e9:b7:ec:6e:cf:6c:9e:c3:47:
20:a3:9f:be:ec:2c:b7:8d:c4:57:6b:88:00:96:9e:
27:d7:6b:b5:84:dd:89:a2:8e:0e:63:8d:c7:75:8c:
e0:4e:21:0e:32:eb:26:c4:e2:97:74:67:17:ee:9b:
0d:fd:5c:4d:fb:75:00:7b:07:a3:eb:78:6a:f6:20:
9b:17:d7:79:61:7c:e6:d9:14:f5:5a:49:1c:eb:bc:
1f:27:e4:9c:a4:7a:07:1f:fa:de:3e:e9:b4:85:8b:
2a:5e:1d:a1:51:6e:76:f3:11:4d:67:41:e6:9e:8e:
c7:bd:c3:03:cc:e3:a9:54:84:50:45:64:19:12:7c:
90:76:d8:39:42:89:5a:2b:5d:c0:28:d8:05:1d:8a:
73:b7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
99:E8:48:D6:6D:E4:2A:4E:CB:57:D5:29:8F:01:09:FA:3A:5A:E0:D9
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/c768f15e-576e-48c0-91d4-8446a6be70a8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d032:e000::/40
Signature Algorithm: sha256WithRSAEncryption
6e:aa:63:c4:be:90:c2:dc:c0:06:0e:ae:f1:e3:8e:a9:f0:8f:
0f:81:f6:9d:14:71:ea:77:0c:37:3a:b7:37:db:ef:db:b9:2a:
c1:a2:ed:67:f1:0c:2a:ce:df:7f:aa:8f:fe:07:57:be:c5:68:
20:e4:fc:a8:0b:dd:f5:44:ef:1b:f4:e5:b9:f6:87:db:c7:2d:
3b:e3:a0:70:9b:6e:51:76:da:d3:c8:d7:66:12:2b:a2:50:bb:
d4:58:2d:ea:52:e1:07:4e:8a:04:8c:82:c8:8f:09:b5:81:8f:
c5:94:50:6f:58:f9:8a:22:b4:9b:fe:29:c0:a0:2d:21:b1:d8:
3e:26:47:d8:47:db:84:d2:11:ab:2b:4e:41:90:8f:59:29:4e:
52:8d:b7:ac:4d:51:67:99:de:5f:72:fb:28:fa:54:4c:db:37:
bc:bc:04:0c:47:67:64:3e:6d:2f:b3:a6:ea:90:d9:39:02:4a:
0f:71:f6:59:78:07:ef:53:89:51:6d:e3:2b:cc:64:86:4c:da:
b6:ed:7c:12:88:07:f9:50:ad:10:02:d9:64:f6:3c:56:d4:b6:
e5:b4:d0:fa:2b:0a:c0:9d:3a:e2:7c:b8:46:db:cf:eb:92:d7:
1b:b6:5d:49:32:4b:35:92:5f:ba:2a:ad:d7:4f:bb:8f:78:8c:
87:a6:76:91
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUKT3dCZob67Qq5ZvXQzA6rKyNtlEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MDEyMDUwNTdaFw0yNTEwMDYyMzU5NTlaMHoxSTBHBgNV
BAUTQDY1OTNmNWVjMzM2N2QyMDE2YTkwMmQxYjdjZDc4ZjkyZmRmYWEzOWM4ODhh
NWRiNzhkMDhiNWIzMmIxODdiYzkxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJSNVybX2LplGMn7IXWUo1TqmgJ5tgb2iDQ11RU8cZl7tExPiMg5nVQiY9BI
gocPoo2S1wqF1lRVsGqnD9/cMk8EPiDUYHjzxIfkP3BCfu+/hU+yU0miD8lSNlRw
1VrJwFF8b7R7Nqme5h+jW9kC6bfsbs9snsNHIKOfvuwst43EV2uIAJaeJ9drtYTd
iaKODmONx3WM4E4hDjLrJsTil3RnF+6bDf1cTft1AHsHo+t4avYgmxfXeWF85tkU
9VpJHOu8HyfknKR6Bx/63j7ptIWLKl4doVFudvMRTWdB5p6Ox73DA8zjqVSEUEVk
GRJ8kHbYOUKJWitdwCjYBR2Kc7cCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBSZ6EjW
beQqTstX1SmPAQn6Olrg2TAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
Yzc2OGYxNWUtNTc2ZS00OGMwLTkxZDQtODQ0NmE2YmU3MGE4LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0DLg
MA0GCSqGSIb3DQEBCwUAA4IBAQBuqmPEvpDC3MAGDq7x446p8I8PgfadFHHqdww3
Orc32+/buSrBou1n8Qwqzt9/qo/+B1e+xWgg5PyoC931RO8b9OW59ofbxy0746Bw
m25RdtrTyNdmEiuiULvUWC3qUuEHTooEjILIjwm1gY/FlFBvWPmKIrSb/inAoC0h
sdg+JkfYR9uE0hGrK05BkI9ZKU5SjbesTVFnmd5fcvso+lRM2ze8vAQMR2dkPm0v
s6bqkNk5AkoPcfZZeAfvU4lRbeMrzGSGTNq27XwSiAf5UK0QAtlk9jxW1LbltND6
KwrAnTrifLhG28/rktcbtl1JMks1kl+6Kq3XT7uPeIyHpnaR
-----END CERTIFICATE-----
Generated at Mon Sep 8 12:06:08 2025 by rpki-client