Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/d7bd85bf-2af2-46a0-91d6-f945e7063231.roa
File: d7bd85bf-2af2-46a0-91d6-f945e7063231.roa (raw, json)
Hash identifier: nHPk2svQ0MPDt2x/ZG7FptXwMNokpkj9WtfkNjihuW8=
Subject key identifier: D9:C7:98:96:75:E7:4E:79:18:57:AA:04:BC:A7:A9:56:42:7C:3F:C6
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 6789086E7358130323B8E7F2815FDFE2691CE087
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/d7bd85bf-2af2-46a0-91d6-f945e7063231.roa
Signing time: Mon 01 Sep 2025 20:21:00 +0000
ROA not before: Mon 01 Sep 2025 20:21:00 +0000
ROA not after: Mon 06 Oct 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d07f:c080::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 09 Sep 2025 10:00:23 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
67:89:08:6e:73:58:13:03:23:b8:e7:f2:81:5f:df:e2:69:1c:e0:87
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Sep 1 20:21:00 2025 GMT
Not After : Oct 6 23:59:59 2025 GMT
Subject: serialNumber=b5f774200ccbc9804d53ad1b937f23d5614af5c756598bbca0ae036eb39794f2, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a7:15:91:64:9d:a1:c4:85:d8:77:c4:fb:fe:a9:
4c:3e:0d:98:39:42:06:02:e5:15:7c:5d:e0:f0:b9:
58:79:5a:58:49:6c:d2:7c:ac:62:4a:ae:45:4d:14:
00:c1:f9:d5:f2:39:e0:34:90:27:5b:e9:61:a9:fe:
f6:2b:e6:7f:3d:fc:3f:54:42:e9:c5:df:98:ce:8f:
82:31:1f:0c:ec:2c:27:64:d9:11:31:aa:94:ae:37:
49:8b:0e:21:8f:ac:7e:c7:b4:df:9d:4d:ca:13:97:
fb:ea:94:ed:b1:c6:a7:79:0a:14:62:3e:c9:cf:ae:
62:9b:29:0e:48:fd:be:44:a6:74:a7:19:59:96:72:
b4:e5:bf:66:34:54:24:5f:48:ca:f0:ca:e5:97:16:
34:bb:1d:0d:07:ae:67:05:86:91:c0:ce:b4:29:4e:
76:3a:d8:ad:02:85:19:e3:51:02:41:82:67:65:0f:
ff:d7:b8:1c:db:57:ad:f3:e3:c9:d1:41:48:9d:73:
2a:63:5c:4c:2f:ee:db:d1:0d:9c:9d:2f:5d:89:da:
0c:8a:65:09:da:7c:d9:bf:31:85:f8:6f:f3:4d:b5:
86:21:3d:77:20:62:1d:15:28:cb:29:24:d7:e2:d5:
e1:10:ce:43:8c:3a:f5:a7:68:90:5d:fe:c2:c2:23:
3b:e5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D9:C7:98:96:75:E7:4E:79:18:57:AA:04:BC:A7:A9:56:42:7C:3F:C6
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/d7bd85bf-2af2-46a0-91d6-f945e7063231.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d07f:c080::/48
Signature Algorithm: sha256WithRSAEncryption
4c:e9:ef:1e:29:ce:c6:6e:b6:40:64:69:54:41:15:3a:b7:0c:
db:5c:d6:f6:c4:b5:3a:aa:6b:d5:c2:17:2c:b6:b1:62:c7:23:
31:5b:3d:4c:2b:a4:39:49:1d:33:ff:e2:23:ff:f4:48:46:3b:
79:23:8f:d6:de:b1:9b:98:06:ef:82:91:03:01:90:aa:46:dd:
82:50:a2:81:24:9c:c5:df:19:c3:03:9a:93:36:2b:6a:a7:20:
08:5c:ed:92:d9:7c:b5:cc:1b:d9:8d:09:7a:75:88:f1:28:16:
2e:5d:60:eb:0d:fb:50:47:7e:a7:97:dc:ab:fa:a4:b9:76:08:
20:fb:e3:1f:a0:f8:5f:d5:a2:05:72:3f:10:94:cb:21:3d:6b:
f8:a6:b2:82:cf:0c:32:65:90:46:9c:22:09:b4:93:48:4c:48:
8b:f3:6b:07:53:88:e8:cb:94:80:b9:e0:91:15:37:c9:39:4d:
4d:04:39:1b:8f:c5:fe:8e:7c:36:6b:09:8a:f9:cd:16:ca:86:
4d:5c:a4:ef:c4:cb:44:fa:7a:65:44:4f:37:94:e2:be:30:b6:
a7:0e:03:4f:52:a8:a0:30:7a:72:d7:5b:71:43:e9:c9:f3:e9:
78:9a:a5:57:a9:a8:a9:ce:f0:a1:98:cc:49:65:4e:33:10:9e:
50:71:4e:78
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUZ4kIbnNYEwMjuOfygV/f4mkc4IcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MDEyMDIxMDBaFw0yNTEwMDYyMzU5NTlaMHoxSTBHBgNV
BAUTQGI1Zjc3NDIwMGNjYmM5ODA0ZDUzYWQxYjkzN2YyM2Q1NjE0YWY1Yzc1NjU5
OGJiY2EwYWUwMzZlYjM5Nzk0ZjIxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKcVkWSdocSF2HfE+/6pTD4NmDlCBgLlFXxd4PC5WHlaWEls0nysYkquRU0U
AMH51fI54DSQJ1vpYan+9ivmfz38P1RC6cXfmM6PgjEfDOwsJ2TZETGqlK43SYsO
IY+sfse0351NyhOX++qU7bHGp3kKFGI+yc+uYpspDkj9vkSmdKcZWZZytOW/ZjRU
JF9IyvDK5ZcWNLsdDQeuZwWGkcDOtClOdjrYrQKFGeNRAkGCZ2UP/9e4HNtXrfPj
ydFBSJ1zKmNcTC/u29ENnJ0vXYnaDIplCdp82b8xhfhv8021hiE9dyBiHRUoyykk
1+LV4RDOQ4w69adokF3+wsIjO+UCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBTZx5iW
dedOeRhXqgS8p6lWQnw/xjAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
ZDdiZDg1YmYtMmFmMi00NmEwLTkxZDYtZjk0NWU3MDYzMjMxLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0H/A
gDANBgkqhkiG9w0BAQsFAAOCAQEATOnvHinOxm62QGRpVEEVOrcM21zW9sS1Oqpr
1cIXLLaxYscjMVs9TCukOUkdM//iI//0SEY7eSOP1t6xm5gG74KRAwGQqkbdglCi
gSScxd8ZwwOakzYraqcgCFztktl8tcwb2Y0JenWI8SgWLl1g6w37UEd+p5fcq/qk
uXYIIPvjH6D4X9WiBXI/EJTLIT1r+Kaygs8MMmWQRpwiCbSTSExIi/NrB1OI6MuU
gLngkRU3yTlNTQQ5G4/F/o58NmsJivnNFsqGTVyk78TLRPp6ZURPN5TivjC2pw4D
T1KooDB6ctdbcUPpyfPpeJqlV6moqc7woZjMSWVOMxCeUHFOeA==
-----END CERTIFICATE-----
Generated at Mon Sep 8 12:13:24 2025 by rpki-client