Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/c8af18fc-ae06-42ae-9533-a5516ea722d4.roa
File: c8af18fc-ae06-42ae-9533-a5516ea722d4.roa (raw, json)
Hash identifier: rFw407Ml7RTarANbADW8CB4iPMWm2zimIB814vx2wjU=
Subject key identifier: B2:00:7C:9A:B1:70:A3:D2:F7:2A:C6:97:2A:8D:43:9F:A3:30:71:0A
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 6D4E205D4ABCA187E2D86AEC879F64F740F370D8
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/c8af18fc-ae06-42ae-9533-a5516ea722d4.roa
Signing time: Mon 01 Sep 2025 20:11:19 +0000
ROA not before: Mon 01 Sep 2025 20:11:19 +0000
ROA not after: Mon 06 Oct 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d000:9080::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 09 Sep 2025 10:00:23 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
6d:4e:20:5d:4a:bc:a1:87:e2:d8:6a:ec:87:9f:64:f7:40:f3:70:d8
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Sep 1 20:11:19 2025 GMT
Not After : Oct 6 23:59:59 2025 GMT
Subject: serialNumber=246cb9cd6af19c6470f0ea1ea244c5ab080486cf07d515df6319ae34785c63ea, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:fb:75:80:bd:67:41:1e:b8:83:28:4d:8d:00:f1:
af:2e:22:90:55:f7:52:83:2b:cf:26:bc:dd:66:09:
65:ce:c1:ef:a4:a2:4e:b6:b2:61:7b:ec:d9:11:8a:
56:2b:33:74:7e:ae:96:16:fb:ef:64:40:26:e2:82:
a3:11:d4:9e:3c:35:be:09:25:d6:54:c8:36:5b:40:
65:45:e5:62:63:e9:c3:b5:09:6a:08:69:1e:39:06:
ae:2e:c7:2f:01:8c:61:a8:7f:d3:94:7b:97:15:ae:
f4:5c:ea:43:91:8e:2a:e3:c3:1d:f9:9c:c8:98:e0:
cb:ad:a9:13:1c:75:91:a0:f8:f6:88:90:ee:6b:6a:
79:c6:f7:70:47:61:af:43:b6:39:05:a7:e9:ff:52:
53:5b:46:01:c2:01:6f:48:ba:23:60:36:57:b2:33:
c8:77:a1:d8:07:ab:ff:98:f8:23:35:8c:7a:cb:61:
63:d0:d3:f5:b0:6d:e0:ce:4a:68:36:3c:0d:c3:6f:
3d:d3:9d:a1:8b:75:c1:cf:4e:3d:ea:dc:54:e0:96:
41:2d:99:bf:44:1f:6c:5a:67:fe:39:a7:4f:93:fe:
f1:a1:53:fd:89:60:6b:18:98:10:2d:9c:c2:1b:5a:
4f:27:fe:c0:bd:a1:23:90:a0:6f:7c:b7:6f:f6:2c:
be:c7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B2:00:7C:9A:B1:70:A3:D2:F7:2A:C6:97:2A:8D:43:9F:A3:30:71:0A
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/c8af18fc-ae06-42ae-9533-a5516ea722d4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d000:9080::/48
Signature Algorithm: sha256WithRSAEncryption
53:ad:83:17:68:76:c6:fe:05:ee:e1:b2:63:06:d7:8c:9d:ae:
d7:19:c7:4e:ce:39:b9:a6:0a:84:4c:06:58:92:93:ae:cb:7f:
fa:9a:4f:82:df:8b:c5:e6:af:21:99:0a:8e:45:7b:43:14:fb:
eb:3a:c9:c8:eb:0f:40:1e:70:2a:c0:bc:73:3d:cc:3e:09:e2:
72:d9:a2:a7:d4:ff:0b:0c:ea:a3:5d:72:53:6e:c3:d1:17:37:
27:68:82:46:dd:10:1d:4f:d5:03:e7:9e:65:e9:68:8d:da:d3:
2c:80:6e:5e:da:7e:56:64:d8:df:3f:12:22:74:d0:85:0b:85:
66:a5:e2:a5:f9:b4:74:7c:68:c8:e8:17:15:44:c9:4d:f8:ef:
ee:a2:93:64:df:65:32:1e:65:5b:dd:1a:de:da:6e:39:34:79:
75:1f:39:3f:ff:60:cf:4f:5c:dc:ea:07:7d:ca:de:92:3e:ea:
1b:9c:ab:32:f9:f0:e9:c9:c2:86:6b:a1:61:50:a6:51:4f:c9:
69:51:c1:9a:d9:4a:ce:0d:69:02:05:03:f4:c4:22:42:af:5a:
f3:3b:8b:76:6f:bb:94:37:f5:cf:da:dc:79:fb:75:a0:f9:62:
e5:19:94:5f:da:6e:b2:86:8f:a4:80:fa:94:14:54:64:71:04:
eb:c2:42:6c
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUbU4gXUq8oYfi2Grsh59k90DzcNgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MDEyMDExMTlaFw0yNTEwMDYyMzU5NTlaMHoxSTBHBgNV
BAUTQDI0NmNiOWNkNmFmMTljNjQ3MGYwZWExZWEyNDRjNWFiMDgwNDg2Y2YwN2Q1
MTVkZjYzMTlhZTM0Nzg1YzYzZWExLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAPt1gL1nQR64gyhNjQDxry4ikFX3UoMrzya83WYJZc7B76SiTrayYXvs2RGK
ViszdH6ulhb772RAJuKCoxHUnjw1vgkl1lTINltAZUXlYmPpw7UJaghpHjkGri7H
LwGMYah/05R7lxWu9FzqQ5GOKuPDHfmcyJjgy62pExx1kaD49oiQ7mtqecb3cEdh
r0O2OQWn6f9SU1tGAcIBb0i6I2A2V7IzyHeh2Aer/5j4IzWMesthY9DT9bBt4M5K
aDY8DcNvPdOdoYt1wc9OPercVOCWQS2Zv0QfbFpn/jmnT5P+8aFT/YlgaxiYEC2c
whtaTyf+wL2hI5Cgb3y3b/YsvscCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBSyAHya
sXCj0vcqxpcqjUOfozBxCjAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
YzhhZjE4ZmMtYWUwNi00MmFlLTk1MzMtYTU1MTZlYTcyMmQ0LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0ACQ
gDANBgkqhkiG9w0BAQsFAAOCAQEAU62DF2h2xv4F7uGyYwbXjJ2u1xnHTs45uaYK
hEwGWJKTrst/+ppPgt+LxeavIZkKjkV7QxT76zrJyOsPQB5wKsC8cz3MPgnictmi
p9T/Cwzqo11yU27D0Rc3J2iCRt0QHU/VA+eeZelojdrTLIBuXtp+VmTY3z8SInTQ
hQuFZqXipfm0dHxoyOgXFUTJTfjv7qKTZN9lMh5lW90a3tpuOTR5dR85P/9gz09c
3OoHfcrekj7qG5yrMvnw6cnChmuhYVCmUU/JaVHBmtlKzg1pAgUD9MQiQq9a8zuL
dm+7lDf1z9rceft1oPli5RmUX9pusoaPpID6lBRUZHEE68JCbA==
-----END CERTIFICATE-----
Generated at Mon Sep 8 12:08:19 2025 by rpki-client