Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/dbd2d56a-b699-4b33-a153-fa826b6b80c0.roa
File: dbd2d56a-b699-4b33-a153-fa826b6b80c0.roa (raw, json)
Hash identifier: lohj+43e+EP7bS+Fqym24cJlJQXDWLvAQiXh4Ifnq1Y=
Subject key identifier: 66:24:4B:C3:73:4D:E6:7A:7D:21:A1:91:17:F7:B8:BD:6D:98:82:C3
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 5B5805E736755A5CC4AE9D013060144B16CD9039
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/dbd2d56a-b699-4b33-a153-fa826b6b80c0.roa
Signing time: Mon 01 Sep 2025 20:20:12 +0000
ROA not before: Mon 01 Sep 2025 20:20:12 +0000
ROA not after: Mon 06 Oct 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d000:4000::/40 maxlen: 40
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 09 Sep 2025 10:00:23 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
5b:58:05:e7:36:75:5a:5c:c4:ae:9d:01:30:60:14:4b:16:cd:90:39
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Sep 1 20:20:12 2025 GMT
Not After : Oct 6 23:59:59 2025 GMT
Subject: serialNumber=80d3ad3092107438018f766c6b2c423b344324418e309d2635e673155ead9429, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:95:8b:a6:7a:42:82:bf:06:2f:0f:30:f8:d9:0d:
18:39:a3:b9:05:8f:0b:f1:c6:7b:3c:a6:8f:c1:bf:
23:8d:55:01:55:9a:d6:59:e8:8c:48:aa:0a:ed:f5:
02:d9:04:aa:b7:57:3b:ee:23:8b:6e:2d:db:a5:da:
63:0e:fc:fe:ac:2b:d6:ab:3b:f2:07:f8:5e:b8:68:
2a:bd:14:50:a2:41:ea:aa:c7:5c:fb:c2:dc:b4:20:
55:45:ae:0f:30:21:cd:a9:57:60:2e:03:68:a2:32:
c0:05:74:f4:8c:37:55:e4:9a:83:06:19:a8:ac:3c:
f1:dc:29:b7:f2:ab:7f:cc:04:7e:66:07:35:d5:3e:
8e:92:74:13:aa:0f:f8:b4:ae:66:70:3e:1e:e8:6f:
ac:89:b9:db:9f:23:97:cd:9c:fd:e3:e8:e4:ac:1c:
17:b0:0e:5f:19:6e:ce:1e:5f:62:f0:2f:38:2e:fa:
eb:74:db:0a:c4:b8:0d:c3:f7:af:3b:6c:34:44:30:
19:95:ba:d7:18:38:46:95:2c:4a:18:39:81:81:b5:
ed:54:af:86:ca:23:e7:42:1c:2d:ff:ef:90:7d:7f:
2f:ae:19:d1:30:ce:e1:fe:66:90:8a:6f:b9:40:ec:
7c:82:20:c1:06:59:07:41:b8:e5:2e:7b:63:07:cc:
94:ab
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
66:24:4B:C3:73:4D:E6:7A:7D:21:A1:91:17:F7:B8:BD:6D:98:82:C3
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/dbd2d56a-b699-4b33-a153-fa826b6b80c0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d000:4000::/40
Signature Algorithm: sha256WithRSAEncryption
13:3e:96:db:c9:1b:56:bd:62:da:b3:39:cd:2a:ce:22:04:39:
f5:a5:95:d3:83:dc:b2:c3:aa:3e:e1:74:45:8c:73:c6:7a:77:
15:a5:03:b9:48:98:78:d6:f7:b6:88:59:ad:bc:3b:08:58:bf:
ab:db:0f:4c:72:e5:ad:37:3e:11:8b:42:51:7d:e8:78:ea:eb:
09:d5:a5:2a:67:57:c3:47:ec:a3:4c:9a:fe:8f:33:ec:e7:d0:
2a:fc:a5:8e:ff:d5:df:a8:71:30:e5:a7:dc:90:6f:d0:bd:08:
54:21:c5:e9:67:ba:d2:9a:c5:6d:38:aa:9e:8f:25:b5:82:b3:
59:dc:9a:c1:46:77:41:2c:1d:ab:42:ac:ba:3b:45:4b:ad:72:
27:74:92:ee:b4:b1:f9:77:ae:1d:4d:4d:97:cd:a1:8e:d9:d8:
96:8d:88:04:87:5b:83:7c:91:95:c2:eb:cd:8f:fb:51:d7:ca:
dc:67:9d:0b:50:ca:7c:19:84:9c:7f:f0:ea:56:6c:0b:cb:b9:
c9:cb:54:c5:28:34:fe:5d:bf:0a:a3:10:d9:55:b7:c0:84:ad:
c7:08:d9:23:9e:09:3d:9e:4e:2b:c1:81:63:e0:88:59:b9:92:
78:ab:c0:95:7d:36:8c:ea:26:e6:8a:6a:22:c0:9c:ae:87:a6:
19:b2:55:d1
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUW1gF5zZ1WlzErp0BMGAUSxbNkDkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MDEyMDIwMTJaFw0yNTEwMDYyMzU5NTlaMHoxSTBHBgNV
BAUTQDgwZDNhZDMwOTIxMDc0MzgwMThmNzY2YzZiMmM0MjNiMzQ0MzI0NDE4ZTMw
OWQyNjM1ZTY3MzE1NWVhZDk0MjkxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJWLpnpCgr8GLw8w+NkNGDmjuQWPC/HGezymj8G/I41VAVWa1lnojEiqCu31
AtkEqrdXO+4ji24t26XaYw78/qwr1qs78gf4XrhoKr0UUKJB6qrHXPvC3LQgVUWu
DzAhzalXYC4DaKIywAV09Iw3VeSagwYZqKw88dwpt/Krf8wEfmYHNdU+jpJ0E6oP
+LSuZnA+HuhvrIm5258jl82c/ePo5KwcF7AOXxluzh5fYvAvOC7663TbCsS4DcP3
rztsNEQwGZW61xg4RpUsShg5gYG17VSvhsoj50IcLf/vkH1/L64Z0TDO4f5mkIpv
uUDsfIIgwQZZB0G45S57YwfMlKsCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBRmJEvD
c03men0hoZEX97i9bZiCwzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
ZGJkMmQ1NmEtYjY5OS00YjMzLWExNTMtZmE4MjZiNmI4MGMwLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0ABA
MA0GCSqGSIb3DQEBCwUAA4IBAQATPpbbyRtWvWLasznNKs4iBDn1pZXTg9yyw6o+
4XRFjHPGencVpQO5SJh41ve2iFmtvDsIWL+r2w9McuWtNz4Ri0JRfeh46usJ1aUq
Z1fDR+yjTJr+jzPs59Aq/KWO/9XfqHEw5afckG/QvQhUIcXpZ7rSmsVtOKqejyW1
grNZ3JrBRndBLB2rQqy6O0VLrXIndJLutLH5d64dTU2XzaGO2diWjYgEh1uDfJGV
wuvNj/tR18rcZ50LUMp8GYScf/DqVmwLy7nJy1TFKDT+Xb8KoxDZVbfAhK3HCNkj
ngk9nk4rwYFj4IhZuZJ4q8CVfTaM6ibmimoiwJyuh6YZslXR
-----END CERTIFICATE-----
Generated at Mon Sep 8 12:06:11 2025 by rpki-client