Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/cac850f8-5aa9-4a56-aea2-e22d3afd4e38.roa
File: cac850f8-5aa9-4a56-aea2-e22d3afd4e38.roa (raw, json)
Hash identifier: Jxn67HEogV9E/9UO+MqTAdzqqBfqKK958pLqsQcTwaI=
Subject key identifier: B5:41:64:7E:5B:EE:6E:5A:41:80:2F:4F:6B:84:17:5F:55:15:9C:D9
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 41808B4083B15E31F53CF62DC26F0069FC32BAE7
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/cac850f8-5aa9-4a56-aea2-e22d3afd4e38.roa
Signing time: Mon 01 Sep 2025 20:30:15 +0000
ROA not before: Mon 01 Sep 2025 20:30:15 +0000
ROA not after: Mon 06 Oct 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d000:1040::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 09 Sep 2025 10:00:23 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
41:80:8b:40:83:b1:5e:31:f5:3c:f6:2d:c2:6f:00:69:fc:32:ba:e7
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Sep 1 20:30:15 2025 GMT
Not After : Oct 6 23:59:59 2025 GMT
Subject: serialNumber=77d3e1a353145aeca6dfb3f6d2cddc5187101221cc1af0d6bccd7ae3940717c7, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cf:57:9b:f4:09:44:75:af:8d:28:7c:12:69:23:
50:19:3e:41:69:1c:85:ea:e6:43:33:50:92:0e:76:
df:a2:14:b0:f6:52:f0:ad:e1:5b:e9:33:30:50:48:
01:92:f1:cd:68:1c:7e:b1:20:13:3c:fd:39:25:86:
12:26:e2:da:6e:1b:98:92:de:cb:39:55:4d:3d:43:
b5:16:0c:2b:8a:be:ad:da:17:0e:5e:5f:97:26:8c:
06:e0:8f:fe:f0:53:ec:b9:76:8a:61:44:fa:9d:3b:
dc:47:2f:c3:03:1a:49:26:59:b6:f0:ac:dd:6b:f1:
17:c9:c9:38:ff:a9:85:48:53:11:2e:11:68:a6:53:
ce:0f:dc:41:52:a4:57:84:70:82:39:ef:8a:26:2d:
e9:1a:bc:1e:63:b8:f3:d2:12:6d:e4:07:9a:b2:b2:
eb:2f:97:b3:7c:c3:99:72:eb:0e:a0:b3:db:82:92:
50:2f:17:ee:ea:73:10:73:d0:06:38:72:26:80:4a:
84:b0:fe:ac:1e:c1:b0:f5:52:80:bb:93:1d:ff:92:
10:45:31:9e:41:19:5b:82:41:e7:74:31:22:10:6b:
d1:4c:df:7b:d5:7a:e5:e6:74:91:ef:2f:37:f8:f3:
c2:ec:83:db:4f:4e:a8:65:40:78:cd:56:1d:52:7e:
6c:41
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B5:41:64:7E:5B:EE:6E:5A:41:80:2F:4F:6B:84:17:5F:55:15:9C:D9
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/cac850f8-5aa9-4a56-aea2-e22d3afd4e38.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d000:1040::/48
Signature Algorithm: sha256WithRSAEncryption
73:b6:64:35:10:4f:55:1b:fa:f4:93:3d:4a:91:10:f0:51:21:
78:c3:f7:d7:5f:1d:ab:65:5d:c4:67:f1:a9:02:f1:03:f5:42:
ee:c6:ff:80:cf:8c:83:a1:69:b6:8e:6b:35:a6:36:f7:9a:63:
cb:92:c9:f4:f2:cc:a1:9f:5a:57:dc:9e:85:48:ab:a1:78:4a:
a7:39:2f:2d:21:d1:50:b3:d1:3f:5a:c3:02:45:53:87:84:1f:
4f:3a:a4:6e:9c:9f:f0:b5:b5:7f:8d:38:d8:5c:b4:2d:e1:2a:
1e:8b:29:c7:99:3b:96:90:79:94:7d:ac:99:50:6d:0c:96:3f:
1a:7c:65:3e:d9:1f:5c:22:b2:db:e8:e9:50:3b:c9:25:06:02:
c1:0c:35:cb:4a:ea:a2:8d:b2:93:db:df:42:02:08:f1:37:ca:
6f:8d:35:62:e8:ee:bd:7b:90:90:5f:c1:48:e6:2c:77:20:b9:
77:67:a1:85:d4:b9:38:88:91:a7:53:90:32:23:7a:4e:d6:d6:
5a:71:d1:6e:a2:e2:eb:a8:29:12:33:05:73:9d:5e:ff:4f:cb:
0f:88:b7:61:2d:e4:fd:3c:3c:5c:71:17:91:15:dd:5d:4c:79:
2a:e0:50:55:87:9c:4e:51:e3:d1:0d:b5:15:dd:56:55:e5:8a:
c7:29:70:92
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUQYCLQIOxXjH1PPYtwm8AafwyuucwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MDEyMDMwMTVaFw0yNTEwMDYyMzU5NTlaMHoxSTBHBgNV
BAUTQDc3ZDNlMWEzNTMxNDVhZWNhNmRmYjNmNmQyY2RkYzUxODcxMDEyMjFjYzFh
ZjBkNmJjY2Q3YWUzOTQwNzE3YzcxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAM9Xm/QJRHWvjSh8EmkjUBk+QWkchermQzNQkg5236IUsPZS8K3hW+kzMFBI
AZLxzWgcfrEgEzz9OSWGEibi2m4bmJLeyzlVTT1DtRYMK4q+rdoXDl5flyaMBuCP
/vBT7Ll2imFE+p073EcvwwMaSSZZtvCs3WvxF8nJOP+phUhTES4RaKZTzg/cQVKk
V4RwgjnviiYt6Rq8HmO489ISbeQHmrKy6y+Xs3zDmXLrDqCz24KSUC8X7upzEHPQ
BjhyJoBKhLD+rB7BsPVSgLuTHf+SEEUxnkEZW4JB53QxIhBr0Uzfe9V65eZ0ke8v
N/jzwuyD209OqGVAeM1WHVJ+bEECAwEAAaOCAiQwggIgMB0GA1UdDgQWBBS1QWR+
W+5uWkGAL09rhBdfVRWc2TAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
Y2FjODUwZjgtNWFhOS00YTU2LWFlYTItZTIyZDNhZmQ0ZTM4LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0AAQ
QDANBgkqhkiG9w0BAQsFAAOCAQEAc7ZkNRBPVRv69JM9SpEQ8FEheMP3118dq2Vd
xGfxqQLxA/VC7sb/gM+Mg6Fpto5rNaY295pjy5LJ9PLMoZ9aV9yehUiroXhKpzkv
LSHRULPRP1rDAkVTh4QfTzqkbpyf8LW1f4042Fy0LeEqHospx5k7lpB5lH2smVBt
DJY/GnxlPtkfXCKy2+jpUDvJJQYCwQw1y0rqoo2yk9vfQgII8TfKb401YujuvXuQ
kF/BSOYsdyC5d2ehhdS5OIiRp1OQMiN6TtbWWnHRbqLi66gpEjMFc51e/0/LD4i3
YS3k/Tw8XHEXkRXdXUx5KuBQVYecTlHj0Q21Fd1WVeWKxylwkg==
-----END CERTIFICATE-----
Generated at Mon Sep 8 12:17:11 2025 by rpki-client