Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/caf40866-a0b4-4882-b28e-32602ae3e0df.roa
File: caf40866-a0b4-4882-b28e-32602ae3e0df.roa (raw, json)
Hash identifier: /CDAx9IelTnEgUVRLG5ynZHY/TMZMgHeQqLtc0KTB08=
Subject key identifier: 4A:E0:3E:B2:92:F4:E2:05:E9:88:04:D7:6A:D2:D0:A4:57:9E:0F:38
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 48E229395AB44060D94804BAF98B874D454A5CE8
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/caf40866-a0b4-4882-b28e-32602ae3e0df.roa
Signing time: Mon 01 Sep 2025 20:41:30 +0000
ROA not before: Mon 01 Sep 2025 20:41:30 +0000
ROA not after: Mon 06 Oct 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d050:a000::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 09 Sep 2025 10:00:23 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
48:e2:29:39:5a:b4:40:60:d9:48:04:ba:f9:8b:87:4d:45:4a:5c:e8
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Sep 1 20:41:30 2025 GMT
Not After : Oct 6 23:59:59 2025 GMT
Subject: serialNumber=fb63140295a27f891094af52d2e56a95f72996208943e0583310b4c9ae1598b9, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9a:97:5e:ef:38:70:68:f5:bd:23:78:f9:e1:7e:
61:4a:08:24:bc:2e:a9:00:54:eb:81:5f:e2:05:14:
0a:76:9f:84:4a:d6:14:a0:9b:dd:8c:4a:57:76:d2:
8f:ad:0e:6d:3e:2c:3a:0b:35:5a:9c:a0:e3:fd:1a:
e8:d7:18:49:8e:d6:0c:36:b0:b3:d7:71:fc:1b:e3:
01:6a:e6:91:f2:bb:f3:90:00:fd:e0:55:76:9f:02:
2d:22:2b:9b:17:60:5d:7e:55:e3:00:49:be:fe:48:
36:07:e4:e1:c3:14:7f:99:ce:94:bd:f0:30:78:1a:
0d:ee:39:35:a8:12:61:c6:15:cd:76:47:90:24:b5:
21:fa:89:45:d0:51:7d:d0:b9:ee:e6:21:b8:2d:1c:
c8:b3:24:08:0c:4a:04:66:24:11:d2:ae:c6:62:dd:
b9:f2:74:6c:15:bc:87:1a:85:e4:bf:5a:b2:4c:82:
1c:af:ca:89:6e:0b:1d:7e:d9:6b:79:a6:f7:2a:dd:
20:32:43:6a:62:7d:52:f7:42:04:9c:1e:98:bb:3f:
9f:01:7a:4f:91:dd:eb:9e:99:6f:66:50:50:70:f7:
6e:bc:c7:30:42:c4:21:79:f8:cd:50:3d:2b:44:10:
b9:aa:7a:76:dc:8f:c9:70:34:49:8b:4a:ba:f0:d8:
08:71
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4A:E0:3E:B2:92:F4:E2:05:E9:88:04:D7:6A:D2:D0:A4:57:9E:0F:38
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/caf40866-a0b4-4882-b28e-32602ae3e0df.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d050:a000::/40
Signature Algorithm: sha256WithRSAEncryption
05:0a:86:76:b4:47:ce:36:19:24:54:48:4f:3c:47:91:75:b8:
32:6a:7e:21:d2:80:04:6f:dc:f0:18:34:cc:76:28:84:3c:db:
10:42:91:45:f8:2a:38:f0:f2:2d:97:f3:28:67:2c:da:d1:29:
01:5e:19:04:80:d2:1d:86:63:35:c4:69:56:cc:18:a1:5d:78:
75:a7:e5:c2:09:c8:c8:22:66:e0:9d:c6:e2:e8:94:08:c3:e5:
76:53:22:2b:ca:7d:a8:33:1f:74:14:c7:16:0a:cc:a6:9e:66:
62:42:c3:7c:f5:ae:13:bb:44:25:ec:c9:31:4a:99:eb:e0:82:
8b:ae:3d:48:1e:b3:e6:e0:de:37:22:d6:8e:88:70:6b:bf:51:
26:85:4a:4e:ed:ad:0c:d2:05:b8:be:99:42:32:cf:c5:69:db:
3c:54:63:5a:f7:96:55:78:ea:4c:f4:1d:10:87:70:8b:c1:80:
f8:23:3b:24:b0:bd:1d:88:7d:ec:4f:53:7d:73:d5:7c:19:f3:
e8:5f:92:00:52:04:bb:b9:54:3a:88:c2:7b:f0:39:12:be:ad:
d2:f1:42:a4:df:04:75:6f:6c:d8:8c:e6:f2:5c:7a:04:28:19:
13:77:f0:5b:1b:e2:4c:7c:9e:9a:26:58:82:57:20:16:68:d9:
4f:37:99:91
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUSOIpOVq0QGDZSAS6+YuHTUVKXOgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MDEyMDQxMzBaFw0yNTEwMDYyMzU5NTlaMHoxSTBHBgNV
BAUTQGZiNjMxNDAyOTVhMjdmODkxMDk0YWY1MmQyZTU2YTk1ZjcyOTk2MjA4OTQz
ZTA1ODMzMTBiNGM5YWUxNTk4YjkxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJqXXu84cGj1vSN4+eF+YUoIJLwuqQBU64Ff4gUUCnafhErWFKCb3YxKV3bS
j60ObT4sOgs1Wpyg4/0a6NcYSY7WDDaws9dx/BvjAWrmkfK785AA/eBVdp8CLSIr
mxdgXX5V4wBJvv5INgfk4cMUf5nOlL3wMHgaDe45NagSYcYVzXZHkCS1IfqJRdBR
fdC57uYhuC0cyLMkCAxKBGYkEdKuxmLdufJ0bBW8hxqF5L9askyCHK/KiW4LHX7Z
a3mm9yrdIDJDamJ9UvdCBJwemLs/nwF6T5Hd656Zb2ZQUHD3brzHMELEIXn4zVA9
K0QQuap6dtyPyXA0SYtKuvDYCHECAwEAAaOCAiMwggIfMB0GA1UdDgQWBBRK4D6y
kvTiBemIBNdq0tCkV54PODAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
Y2FmNDA4NjYtYTBiNC00ODgyLWIyOGUtMzI2MDJhZTNlMGRmLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0FCg
MA0GCSqGSIb3DQEBCwUAA4IBAQAFCoZ2tEfONhkkVEhPPEeRdbgyan4h0oAEb9zw
GDTMdiiEPNsQQpFF+Co48PItl/MoZyza0SkBXhkEgNIdhmM1xGlWzBihXXh1p+XC
CcjIImbgncbi6JQIw+V2UyIryn2oMx90FMcWCsymnmZiQsN89a4Tu0Ql7MkxSpnr
4IKLrj1IHrPm4N43ItaOiHBrv1EmhUpO7a0M0gW4vplCMs/Fads8VGNa95ZVeOpM
9B0Qh3CLwYD4IzsksL0diH3sT1N9c9V8GfPoX5IAUgS7uVQ6iMJ78DkSvq3S8UKk
3wR1b2zYjObyXHoEKBkTd/BbG+JMfJ6aJliCVyAWaNlPN5mR
-----END CERTIFICATE-----
Generated at Mon Sep 8 12:13:26 2025 by rpki-client