Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/d2e5cd11-e33b-4080-91d5-f550f1d7a0b5.roa
File: d2e5cd11-e33b-4080-91d5-f550f1d7a0b5.roa (raw, json)
Hash identifier: kKxQUxUr+vhbbNfDfABChvRSsOO+4tldXVKOFPTP6Qg=
Subject key identifier: 4B:07:60:E8:59:FA:DA:41:BA:09:AA:45:EA:A2:CF:E4:67:61:A1:2E
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 5F8626E57B482F33FF54E372079432BE81BA3C6A
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/d2e5cd11-e33b-4080-91d5-f550f1d7a0b5.roa
Signing time: Wed 03 Sep 2025 00:10:31 +0000
ROA not before: Wed 03 Sep 2025 00:10:31 +0000
ROA not after: Wed 08 Oct 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d01f::/37 maxlen: 37
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 09 Sep 2025 10:00:23 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
5f:86:26:e5:7b:48:2f:33:ff:54:e3:72:07:94:32:be:81:ba:3c:6a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Sep 3 00:10:31 2025 GMT
Not After : Oct 8 23:59:59 2025 GMT
Subject: serialNumber=eff73bf515448319f54f74e84912c234fcde48bb681e17d498d7c0098aeef66f, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c5:c7:60:78:94:53:b0:28:0d:fd:8c:f5:df:d6:
45:ae:ad:3d:62:9c:50:69:a5:7d:8c:19:03:74:ed:
15:c2:39:42:b7:21:60:83:b7:14:ca:ac:75:17:a9:
a9:c2:32:60:2b:9e:24:d8:9d:eb:da:5c:b5:b7:6c:
9b:9b:f1:42:80:8c:ca:01:e4:ec:de:a0:38:7a:77:
ee:ed:44:13:70:94:d1:1d:16:21:66:a7:db:c9:4d:
2b:9b:59:e4:17:da:d0:e7:8c:70:82:bc:bf:fb:84:
4b:d3:b2:c1:3a:c9:64:1b:6c:48:65:ab:d5:10:74:
2b:97:19:4d:3a:13:84:74:bf:fc:a5:d9:7b:f2:c4:
f7:34:91:69:81:3d:fa:05:aa:96:cc:f8:9f:2e:ed:
e6:dc:0b:13:9e:34:78:96:11:11:a6:25:b0:d8:16:
75:7c:81:4e:4b:4d:42:92:a1:0a:27:b8:e1:af:3c:
67:e2:3c:c0:33:7b:77:d7:0c:f4:1c:88:4d:2a:b8:
be:b7:6b:ef:3a:6f:54:f8:82:8f:13:55:0f:1d:84:
b6:a9:2c:0d:63:3f:b8:fa:a3:6c:6f:cd:a9:d6:b5:
e6:76:00:a3:e3:bb:c1:7e:dd:be:08:c5:26:82:5e:
65:dd:30:4a:6c:a8:90:75:2c:c7:f6:65:f9:24:9f:
5c:17
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4B:07:60:E8:59:FA:DA:41:BA:09:AA:45:EA:A2:CF:E4:67:61:A1:2E
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/d2e5cd11-e33b-4080-91d5-f550f1d7a0b5.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d01f::/37
Signature Algorithm: sha256WithRSAEncryption
6a:47:36:3e:4f:5c:f6:46:93:63:a0:86:b8:4a:69:8e:74:66:
58:4e:ba:aa:07:72:a9:5c:bc:9a:76:82:d1:4d:31:c8:e5:04:
e8:86:b3:e2:63:bf:42:de:9f:19:38:eb:7a:56:ba:e7:9e:46:
49:9f:7d:51:a6:66:f4:bb:11:4c:c9:08:34:a5:dc:89:25:d7:
db:1e:7c:22:93:1f:7b:23:e9:e9:9b:10:c7:a8:d8:70:bf:2c:
52:c2:4d:f0:00:61:44:6f:38:1b:ce:96:18:91:41:7b:72:43:
e4:d7:83:91:18:42:f5:a6:a8:6d:c4:d9:4c:94:04:2a:ad:43:
b4:16:3b:4a:68:6c:48:21:a1:17:59:1f:ff:a2:b6:50:dc:05:
62:2e:d1:b4:bf:ff:5e:bf:30:74:6b:b6:e6:96:8a:7f:f5:55:
72:06:36:e5:e8:cb:d3:cc:fd:de:e5:f4:74:83:26:15:b9:0f:
84:98:9e:80:28:fb:03:f8:73:b0:5d:ac:97:00:35:00:0c:41:
ac:b4:ba:04:23:6b:d2:e0:eb:fe:6b:ed:a4:79:47:14:a6:db:
c5:53:b5:34:ba:94:17:a9:39:ca:b0:b1:2e:c7:e8:6c:fd:28:
73:b2:17:b5:0b:69:fa:b6:8a:6a:64:b0:aa:4d:00:23:0c:37:
3c:e7:f7:9a
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUX4Ym5XtILzP/VONyB5QyvoG6PGowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MDMwMDEwMzFaFw0yNTEwMDgyMzU5NTlaMHoxSTBHBgNV
BAUTQGVmZjczYmY1MTU0NDgzMTlmNTRmNzRlODQ5MTJjMjM0ZmNkZTQ4YmI2ODFl
MTdkNDk4ZDdjMDA5OGFlZWY2NmYxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMXHYHiUU7AoDf2M9d/WRa6tPWKcUGmlfYwZA3TtFcI5QrchYIO3FMqsdRep
qcIyYCueJNid69pctbdsm5vxQoCMygHk7N6gOHp37u1EE3CU0R0WIWan28lNK5tZ
5Bfa0OeMcIK8v/uES9OywTrJZBtsSGWr1RB0K5cZTToThHS//KXZe/LE9zSRaYE9
+gWqlsz4ny7t5twLE540eJYREaYlsNgWdXyBTktNQpKhCie44a88Z+I8wDN7d9cM
9ByITSq4vrdr7zpvVPiCjxNVDx2EtqksDWM/uPqjbG/Nqda15nYAo+O7wX7dvgjF
JoJeZd0wSmyokHUsx/Zl+SSfXBcCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBRLB2Do
WfraQboJqkXqos/kZ2GhLjAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
ZDJlNWNkMTEtZTMzYi00MDgwLTkxZDUtZjU1MGYxZDdhMGI1LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGAyoF0B8A
MA0GCSqGSIb3DQEBCwUAA4IBAQBqRzY+T1z2RpNjoIa4SmmOdGZYTrqqB3KpXLya
doLRTTHI5QTohrPiY79C3p8ZOOt6VrrnnkZJn31Rpmb0uxFMyQg0pdyJJdfbHnwi
kx97I+npmxDHqNhwvyxSwk3wAGFEbzgbzpYYkUF7ckPk14ORGEL1pqhtxNlMlAQq
rUO0FjtKaGxIIaEXWR//orZQ3AViLtG0v/9evzB0a7bmlop/9VVyBjbl6MvTzP3e
5fR0gyYVuQ+EmJ6AKPsD+HOwXayXADUADEGstLoEI2vS4Ov+a+2keUcUptvFU7U0
upQXqTnKsLEux+hs/Shzshe1C2n6topqZLCqTQAjDDc85/ea
-----END CERTIFICATE-----
Generated at Mon Sep 8 12:12:49 2025 by rpki-client