Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/ce577ba2-d2ac-4e2a-a4f9-ea37e9d56903.roa
File: ce577ba2-d2ac-4e2a-a4f9-ea37e9d56903.roa (raw, json)
Hash identifier: 1JaGSuaYC4q2XSuvW3ZhlCZoP8Tir6J03PKBZlLd9wA=
Subject key identifier: 82:3C:5C:25:A8:9F:F3:28:0D:2E:0C:FF:4B:89:E0:B4:29:BB:F8:5C
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 33B34724D9425F116D35ADC3DCF25CE2FE11DFD4
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/ce577ba2-d2ac-4e2a-a4f9-ea37e9d56903.roa
Signing time: Mon 01 Sep 2025 20:31:12 +0000
ROA not before: Mon 01 Sep 2025 20:31:12 +0000
ROA not after: Mon 06 Oct 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d06d:2000::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 09 Sep 2025 10:00:23 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
33:b3:47:24:d9:42:5f:11:6d:35:ad:c3:dc:f2:5c:e2:fe:11:df:d4
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Sep 1 20:31:12 2025 GMT
Not After : Oct 6 23:59:59 2025 GMT
Subject: serialNumber=9a48212901a325afdb6ea9c48131d5768580896c78ae0c3b28e09ec6315bccb5, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:dc:6b:b9:8f:c7:e0:dd:61:c0:da:bb:f6:bf:bf:
f7:4d:e7:aa:f9:6f:60:b4:de:a9:6f:98:68:5a:74:
bc:4b:c2:93:57:b8:d9:66:47:96:c5:44:8d:2b:ee:
e1:13:ff:7b:f8:7a:05:63:47:48:2a:40:35:df:ba:
76:87:48:b2:5c:ee:f6:50:56:8e:7b:76:bc:c7:de:
28:a5:4a:dc:13:a3:10:86:9a:9b:35:29:11:0a:84:
fe:21:9c:4d:1e:e4:10:8e:43:69:b4:dd:ec:59:4d:
32:9e:e1:ca:9d:47:49:8f:6a:96:19:d0:00:d5:d2:
a5:da:0d:e9:73:de:33:06:98:7f:bc:5a:35:98:e6:
37:3b:d6:03:01:ab:54:00:53:f6:67:e7:f0:42:6e:
f3:51:29:d3:a3:a3:20:2a:9c:51:e2:ac:16:1f:fb:
b9:a3:9f:07:da:dc:78:0f:21:4c:ed:16:5a:8b:e0:
64:bf:9a:05:02:ae:2f:01:6b:43:71:8d:bd:d3:e7:
b3:bf:87:a9:80:83:05:25:6a:b4:d4:45:4d:a7:8d:
b2:b2:4a:10:99:8f:76:d0:4d:c9:eb:01:06:62:ad:
94:1f:ee:bf:ce:9d:3a:5b:a4:cd:1e:ac:fc:71:fa:
32:d5:48:d3:c1:df:e9:1b:1c:27:b3:c2:ab:d9:eb:
64:07
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
82:3C:5C:25:A8:9F:F3:28:0D:2E:0C:FF:4B:89:E0:B4:29:BB:F8:5C
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/ce577ba2-d2ac-4e2a-a4f9-ea37e9d56903.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d06d:2000::/40
Signature Algorithm: sha256WithRSAEncryption
ab:d1:14:02:aa:9b:c4:ea:ba:4b:5c:11:ef:79:d4:93:72:4a:
84:30:cb:64:87:61:ba:91:bd:7f:25:6a:fd:63:98:f3:f4:ce:
35:aa:e2:62:46:5a:a1:f2:c5:04:41:30:c5:93:bc:41:c9:91:
c6:91:3f:0f:15:e9:e9:59:42:b2:79:82:57:5b:ff:ae:52:a9:
c4:c1:dc:65:4c:ca:2b:e5:90:65:91:ad:55:c4:bd:05:68:42:
c8:cf:17:38:11:b8:72:f9:8b:0b:4a:91:64:86:ee:33:8e:32:
26:ec:64:d5:19:da:e8:35:03:19:77:ac:9f:67:4a:75:6d:5f:
2d:68:fe:23:37:01:1b:c4:41:f1:7d:69:11:ef:93:05:19:37:
af:e5:bf:27:e0:0b:3a:aa:e0:c7:a5:41:7d:63:b4:08:36:a8:
4e:cb:7c:98:78:3a:cc:ce:8b:43:2f:d2:48:91:1e:81:b2:3d:
be:2f:5a:8d:b0:78:2e:fa:96:15:31:5e:84:fc:76:35:0a:6b:
a5:90:3a:e9:d9:05:c0:3e:55:a1:73:2b:41:32:ab:9e:8c:2c:
4a:ad:ef:a7:aa:da:1a:f4:01:ad:67:07:a6:64:4c:7f:f8:ca:
d3:79:83:64:35:cb:21:0d:6c:66:d6:01:4e:30:e8:d2:0e:44:
24:2d:a2:5e
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUM7NHJNlCXxFtNa3D3PJc4v4R39QwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MDEyMDMxMTJaFw0yNTEwMDYyMzU5NTlaMHoxSTBHBgNV
BAUTQDlhNDgyMTI5MDFhMzI1YWZkYjZlYTljNDgxMzFkNTc2ODU4MDg5NmM3OGFl
MGMzYjI4ZTA5ZWM2MzE1YmNjYjUxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANxruY/H4N1hwNq79r+/903nqvlvYLTeqW+YaFp0vEvCk1e42WZHlsVEjSvu
4RP/e/h6BWNHSCpANd+6dodIslzu9lBWjnt2vMfeKKVK3BOjEIaamzUpEQqE/iGc
TR7kEI5DabTd7FlNMp7hyp1HSY9qlhnQANXSpdoN6XPeMwaYf7xaNZjmNzvWAwGr
VABT9mfn8EJu81Ep06OjICqcUeKsFh/7uaOfB9rceA8hTO0WWovgZL+aBQKuLwFr
Q3GNvdPns7+HqYCDBSVqtNRFTaeNsrJKEJmPdtBNyesBBmKtlB/uv86dOlukzR6s
/HH6MtVI08Hf6RscJ7PCq9nrZAcCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBSCPFwl
qJ/zKA0uDP9LieC0Kbv4XDAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
Y2U1NzdiYTItZDJhYy00ZTJhLWE0ZjktZWEzN2U5ZDU2OTAzLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0G0g
MA0GCSqGSIb3DQEBCwUAA4IBAQCr0RQCqpvE6rpLXBHvedSTckqEMMtkh2G6kb1/
JWr9Y5jz9M41quJiRlqh8sUEQTDFk7xByZHGkT8PFenpWUKyeYJXW/+uUqnEwdxl
TMor5ZBlka1VxL0FaELIzxc4Ebhy+YsLSpFkhu4zjjIm7GTVGdroNQMZd6yfZ0p1
bV8taP4jNwEbxEHxfWkR75MFGTev5b8n4As6quDHpUF9Y7QINqhOy3yYeDrMzotD
L9JIkR6Bsj2+L1qNsHgu+pYVMV6E/HY1CmulkDrp2QXAPlWhcytBMquejCxKre+n
qtoa9AGtZwemZEx/+MrTeYNkNcshDWxm1gFOMOjSDkQkLaJe
-----END CERTIFICATE-----
Generated at Mon Sep 8 12:06:08 2025 by rpki-client