Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/d7bcc124-bcd8-42ec-911f-1b551dceda68.roa
File: d7bcc124-bcd8-42ec-911f-1b551dceda68.roa (raw, json)
Hash identifier: 33/WOonPgLZc8hJ7mAtxnyZxVFkDAtXaNmxpFn58TmM=
Subject key identifier: 71:71:9B:EF:76:D1:86:3D:80:C6:F3:A9:D0:74:D7:65:1C:11:2C:19
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 47E364728D0F453FB90EEF756397CC67A93582B8
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/d7bcc124-bcd8-42ec-911f-1b551dceda68.roa
Signing time: Mon 01 Sep 2025 20:41:20 +0000
ROA not before: Mon 01 Sep 2025 20:41:20 +0000
ROA not after: Mon 06 Oct 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d07e:e000::/40 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 09 Sep 2025 10:00:23 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
47:e3:64:72:8d:0f:45:3f:b9:0e:ef:75:63:97:cc:67:a9:35:82:b8
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Sep 1 20:41:20 2025 GMT
Not After : Oct 6 23:59:59 2025 GMT
Subject: serialNumber=1c343d1e1cda1fa2e68af91ae2879fd4a0c4233aa563036dd0d82fd7a8ea1518, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d1:19:98:5b:69:a5:5c:c0:d4:5e:54:55:ac:a8:
d8:fc:cd:a8:0d:8b:5f:4d:b4:d1:a3:d8:33:27:67:
83:cb:1e:fb:ea:02:1a:f9:2b:02:31:b6:4b:59:96:
d7:4e:e3:66:21:61:07:b2:2f:09:56:36:7d:b2:68:
be:f0:a2:f2:09:48:0d:8e:83:de:a4:36:05:85:c8:
6a:4e:17:40:f1:6b:70:9a:a6:b6:03:71:e5:0a:ea:
fa:6e:64:ea:b9:98:e6:71:ae:9a:79:9d:3d:3e:ab:
ec:f8:6c:29:2a:25:17:03:6e:86:0f:67:43:2e:56:
57:00:bd:0c:9f:75:cb:c9:90:3a:28:03:89:cf:dd:
b9:ca:b6:d7:1a:99:a6:aa:0a:98:99:3b:78:f7:5d:
03:6d:6a:25:72:85:f1:7c:0c:b1:6e:76:27:99:bb:
36:53:3e:55:f0:74:3f:78:d6:59:48:d9:98:0d:2e:
3e:8d:82:ed:14:d4:fd:6a:58:3a:e2:37:3e:05:6f:
91:fd:e4:9b:7a:49:f6:c0:78:3f:65:8e:87:ee:50:
75:d9:33:e7:fb:01:13:8a:14:3f:ce:45:2d:98:c3:
8d:6e:0e:9b:e2:90:48:37:83:32:29:77:f2:f2:86:
03:51:4b:20:9f:f4:4d:c6:dc:d4:45:c3:4c:d6:e4:
33:7d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
71:71:9B:EF:76:D1:86:3D:80:C6:F3:A9:D0:74:D7:65:1C:11:2C:19
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/d7bcc124-bcd8-42ec-911f-1b551dceda68.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d07e:e000::/40
Signature Algorithm: sha256WithRSAEncryption
82:50:da:8a:c2:87:e3:d0:07:79:da:3a:65:28:e3:8a:40:42:
18:38:4e:b8:8c:99:fd:72:9e:86:06:0c:ab:88:5c:f3:ad:2c:
cc:57:58:39:6e:88:31:01:ed:dd:6f:4e:1b:3a:ec:42:dc:97:
9f:aa:56:ee:ec:8d:4e:aa:20:a3:17:9f:e3:71:9a:82:02:0a:
11:55:8f:22:7c:68:4a:7d:77:d3:c8:ae:8b:9f:18:e9:0f:1b:
44:8e:05:54:c1:08:de:7e:81:a0:ae:8c:ae:ac:4b:3e:8a:0b:
1f:02:fb:67:dd:52:ed:9f:80:80:fc:08:b2:ee:23:32:25:31:
80:25:bf:9e:44:4e:4b:27:cb:c7:68:51:b3:77:90:56:14:01:
66:1c:7e:dd:a7:f5:ec:20:85:63:5e:f4:3d:55:43:a3:7e:61:
2e:ed:e4:5e:1d:4d:d9:09:27:4e:59:b7:a8:85:82:07:6b:5c:
3e:bb:62:d7:6d:01:07:58:82:e6:81:17:61:6f:a9:40:46:57:
cc:6a:7e:c4:d4:e6:c6:04:d8:33:3e:79:a1:5a:2c:31:6f:91:
88:3f:da:8b:97:98:f9:be:49:49:b0:d2:52:fc:93:f1:f7:83:
cd:42:34:c4:ce:65:b7:dc:28:27:fb:0c:52:01:71:f4:18:91:
01:27:78:50
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUR+Nkco0PRT+5Du91Y5fMZ6k1grgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MDEyMDQxMjBaFw0yNTEwMDYyMzU5NTlaMHoxSTBHBgNV
BAUTQDFjMzQzZDFlMWNkYTFmYTJlNjhhZjkxYWUyODc5ZmQ0YTBjNDIzM2FhNTYz
MDM2ZGQwZDgyZmQ3YThlYTE1MTgxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANEZmFtppVzA1F5UVayo2PzNqA2LX0200aPYMydng8se++oCGvkrAjG2S1mW
107jZiFhB7IvCVY2fbJovvCi8glIDY6D3qQ2BYXIak4XQPFrcJqmtgNx5Qrq+m5k
6rmY5nGumnmdPT6r7PhsKSolFwNuhg9nQy5WVwC9DJ91y8mQOigDic/ducq21xqZ
pqoKmJk7ePddA21qJXKF8XwMsW52J5m7NlM+VfB0P3jWWUjZmA0uPo2C7RTU/WpY
OuI3PgVvkf3km3pJ9sB4P2WOh+5Qddkz5/sBE4oUP85FLZjDjW4Om+KQSDeDMil3
8vKGA1FLIJ/0Tcbc1EXDTNbkM30CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBRxcZvv
dtGGPYDG86nQdNdlHBEsGTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
ZDdiY2MxMjQtYmNkOC00MmVjLTkxMWYtMWI1NTFkY2VkYTY4LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0H7g
MA0GCSqGSIb3DQEBCwUAA4IBAQCCUNqKwofj0Ad52jplKOOKQEIYOE64jJn9cp6G
BgyriFzzrSzMV1g5bogxAe3db04bOuxC3Jefqlbu7I1OqiCjF5/jcZqCAgoRVY8i
fGhKfXfTyK6LnxjpDxtEjgVUwQjefoGgroyurEs+igsfAvtn3VLtn4CA/Aiy7iMy
JTGAJb+eRE5LJ8vHaFGzd5BWFAFmHH7dp/XsIIVjXvQ9VUOjfmEu7eReHU3ZCSdO
WbeohYIHa1w+u2LXbQEHWILmgRdhb6lARlfMan7E1ObGBNgzPnmhWiwxb5GIP9qL
l5j5vklJsNJS/JPx94PNQjTEzmW33Cgn+wxSAXH0GJEBJ3hQ
-----END CERTIFICATE-----
Generated at Mon Sep 8 12:17:10 2025 by rpki-client