Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/d995c3a1-2858-4090-a096-1bf6aeccd5f2.roa
File: d995c3a1-2858-4090-a096-1bf6aeccd5f2.roa (raw, json)
Hash identifier: gc7GkHb4FmXhl1HqKprSqnqgXmLzCpRKmyOCsaxU3fk=
Subject key identifier: CE:E3:01:FB:70:9B:C4:F8:13:E5:6A:F9:00:70:99:A7:27:69:A8:22
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 64ED81D0ADBADAECE083C968093C80F00120CB0F
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/d995c3a1-2858-4090-a096-1bf6aeccd5f2.roa
Signing time: Tue 02 Sep 2025 00:40:32 +0000
ROA not before: Tue 02 Sep 2025 00:40:32 +0000
ROA not after: Tue 07 Oct 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d014:1800::/38 maxlen: 38
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 09 Sep 2025 10:00:23 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
64:ed:81:d0:ad:ba:da:ec:e0:83:c9:68:09:3c:80:f0:01:20:cb:0f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Sep 2 00:40:32 2025 GMT
Not After : Oct 7 23:59:59 2025 GMT
Subject: serialNumber=a95be98248b2e78983572f345980ffdf3c80a07120eb2329ab872979e6c3d3f7, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:98:fd:be:d3:be:91:8d:86:e5:0a:53:33:ac:29:
a1:b1:3b:8e:17:77:45:c0:f1:26:94:64:42:ef:b9:
a5:3a:d6:36:12:d7:ad:3d:ee:95:ad:f3:7e:76:4d:
f5:a2:06:a1:e4:b8:1e:fa:d2:ec:5d:45:23:f4:5c:
fe:5e:89:a4:4b:00:ef:4d:16:8d:25:2b:d1:15:eb:
49:25:61:e8:18:be:9a:9d:3b:fd:cf:28:a7:b1:fc:
25:e6:1d:47:18:d3:35:d4:40:b1:e8:e2:6a:08:cc:
d4:e5:ee:c6:01:b3:fc:8f:3e:06:04:39:40:15:5b:
33:86:2d:6a:58:ee:a2:08:ad:aa:85:60:48:f1:b5:
0d:82:9f:ac:45:db:f3:5a:69:83:61:6f:93:c2:2e:
c0:4a:16:5e:c4:2c:13:dc:6b:d5:e8:35:45:e2:f4:
ab:0d:74:74:c2:c5:38:19:be:8e:ca:36:72:e1:5f:
8d:c7:41:04:73:61:31:4d:be:50:c7:93:17:36:1b:
d3:c1:eb:31:93:e6:13:95:2b:ff:15:0b:4c:3c:d3:
79:9c:be:d4:6d:f2:44:1f:60:fa:71:5b:08:1a:e2:
64:13:40:65:51:a0:87:2e:c4:db:69:74:42:9b:44:
9a:97:b8:24:ab:9b:c7:6f:55:26:cd:7b:94:fb:a5:
f7:c9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CE:E3:01:FB:70:9B:C4:F8:13:E5:6A:F9:00:70:99:A7:27:69:A8:22
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/d995c3a1-2858-4090-a096-1bf6aeccd5f2.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d014:1800::/38
Signature Algorithm: sha256WithRSAEncryption
52:1f:34:9c:80:09:6c:d4:cc:02:60:b9:34:0a:40:6f:46:69:
6a:3b:91:6c:89:be:d9:35:9d:96:73:20:cb:1b:2e:00:a0:73:
92:d5:c1:36:9a:0c:d9:fd:b9:3b:55:cc:a5:1d:b9:75:d7:80:
d6:0c:81:0b:4f:eb:0a:1c:65:dd:3c:7b:86:1a:6a:b1:59:79:
2d:61:cf:60:b1:cf:b6:8e:cf:3e:b5:c3:4f:59:ae:cd:ff:db:
51:21:47:89:c2:53:d8:0e:dc:6e:7b:a6:4f:7d:13:87:2d:c3:
04:7e:0b:ee:e2:9c:ba:93:62:11:5e:e5:ed:a2:d2:41:33:93:
ec:f4:90:08:43:1b:f0:d6:71:32:86:68:fe:26:dd:1b:79:2a:
e4:42:2c:7b:96:79:ff:3a:84:37:3c:aa:bd:bd:e9:ec:1f:93:
17:ef:7e:86:19:34:a0:fa:41:12:81:34:6a:aa:3e:7e:0e:78:
e1:b4:bb:0e:81:f2:09:ef:5b:6b:85:8a:d0:61:33:9c:9a:cd:
8e:72:8a:9c:91:83:41:4e:ea:35:d1:33:5d:f4:65:e3:46:5c:
1f:c7:22:9c:31:7e:da:e9:26:48:c0:21:eb:e9:50:de:f7:ff:
b7:4e:9f:6e:d8:4d:10:00:ea:be:26:aa:6c:88:ad:21:61:da:
0a:f1:33:58
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUZO2B0K262uzgg8loCTyA8AEgyw8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MDIwMDQwMzJaFw0yNTEwMDcyMzU5NTlaMHoxSTBHBgNV
BAUTQGE5NWJlOTgyNDhiMmU3ODk4MzU3MmYzNDU5ODBmZmRmM2M4MGEwNzEyMGVi
MjMyOWFiODcyOTc5ZTZjM2QzZjcxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJj9vtO+kY2G5QpTM6wpobE7jhd3RcDxJpRkQu+5pTrWNhLXrT3ula3zfnZN
9aIGoeS4HvrS7F1FI/Rc/l6JpEsA700WjSUr0RXrSSVh6Bi+mp07/c8op7H8JeYd
RxjTNdRAsejiagjM1OXuxgGz/I8+BgQ5QBVbM4YtaljuogitqoVgSPG1DYKfrEXb
81ppg2Fvk8IuwEoWXsQsE9xr1eg1ReL0qw10dMLFOBm+jso2cuFfjcdBBHNhMU2+
UMeTFzYb08HrMZPmE5Ur/xULTDzTeZy+1G3yRB9g+nFbCBriZBNAZVGghy7E22l0
QptEmpe4JKubx29VJs17lPul98kCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBTO4wH7
cJvE+BPlavkAcJmnJ2moIjAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
ZDk5NWMzYTEtMjg1OC00MDkwLWEwOTYtMWJmNmFlY2NkNWYyLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGAioF0BQY
MA0GCSqGSIb3DQEBCwUAA4IBAQBSHzScgAls1MwCYLk0CkBvRmlqO5Fsib7ZNZ2W
cyDLGy4AoHOS1cE2mgzZ/bk7VcylHbl114DWDIELT+sKHGXdPHuGGmqxWXktYc9g
sc+2js8+tcNPWa7N/9tRIUeJwlPYDtxue6ZPfROHLcMEfgvu4py6k2IRXuXtotJB
M5Ps9JAIQxvw1nEyhmj+Jt0beSrkQix7lnn/OoQ3PKq9vensH5MX736GGTSg+kES
gTRqqj5+DnjhtLsOgfIJ71trhYrQYTOcms2OcoqckYNBTuo10TNd9GXjRlwfxyKc
MX7a6SZIwCHr6VDe9/+3Tp9u2E0QAOq+JqpsiK0hYdoK8TNY
-----END CERTIFICATE-----
Generated at Mon Sep 8 12:17:06 2025 by rpki-client