Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/e931caa9-ca4e-428a-aa3c-3af36efafc8c.roa
File: e931caa9-ca4e-428a-aa3c-3af36efafc8c.roa (raw, json)
Hash identifier: I4g38F7ngb5v3GpeuCToRasu0O+E95vzqB82Dd8VZ9s=
Subject key identifier: D2:94:9B:19:CB:CF:56:DF:72:39:82:C6:C9:A1:42:A3:8B:2C:5D:20
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 3F20D142563735872C054B96FD04F5CEF02CF8B6
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/e931caa9-ca4e-428a-aa3c-3af36efafc8c.roa
Signing time: Mon 01 Sep 2025 20:30:08 +0000
ROA not before: Mon 01 Sep 2025 20:30:08 +0000
ROA not after: Mon 06 Oct 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d000:c040::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 09 Sep 2025 10:00:23 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
3f:20:d1:42:56:37:35:87:2c:05:4b:96:fd:04:f5:ce:f0:2c:f8:b6
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Sep 1 20:30:08 2025 GMT
Not After : Oct 6 23:59:59 2025 GMT
Subject: serialNumber=cae9a896acf7247ed0bb69680bdf20289238c7b5ecec5914c97239fd68791d21, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c5:4d:31:9a:ec:01:bb:fe:c2:d9:f4:dc:84:80:
e3:0a:65:04:27:b5:58:c4:cb:8c:21:67:ff:ac:b0:
d4:d6:95:ea:bf:be:5a:46:fd:5f:ac:64:b4:c5:cc:
7e:59:52:15:58:ff:a6:48:65:c3:c6:2f:cf:18:fc:
ac:f6:1e:6a:ba:6f:86:3b:7c:6d:59:4c:9f:4c:eb:
3a:2a:02:68:54:e5:6f:d0:68:fb:b5:6e:9e:d8:d0:
08:82:3a:97:0f:9e:d3:67:d4:cd:ac:23:f9:ca:f1:
60:eb:33:c4:7e:f2:97:a7:9d:50:dd:a0:21:1f:32:
84:84:b3:20:41:fb:43:97:e3:1b:1c:2b:10:97:09:
d2:e0:d8:1c:d5:ed:f6:c3:ef:f8:71:2f:1c:d3:26:
ff:25:e9:f9:30:80:40:c7:1b:57:d2:cd:d3:52:79:
30:d1:f1:83:9e:c5:8a:e8:ea:15:13:34:7f:b4:b4:
ef:ff:81:7c:ac:c7:e1:cd:27:47:db:fc:73:78:09:
34:99:92:66:8a:bb:04:d8:22:f6:49:3e:f1:ce:ae:
ac:a3:35:d6:0a:ee:8c:2e:c2:a3:d2:47:90:23:3b:
86:5b:0d:8c:b7:ef:7d:d0:cf:08:a5:dd:d3:64:10:
6a:3c:fd:fe:44:99:cd:d3:ad:de:9c:9d:9b:ff:83:
32:e7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D2:94:9B:19:CB:CF:56:DF:72:39:82:C6:C9:A1:42:A3:8B:2C:5D:20
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/e931caa9-ca4e-428a-aa3c-3af36efafc8c.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d000:c040::/48
Signature Algorithm: sha256WithRSAEncryption
1e:d5:b6:1d:5a:13:02:41:48:27:54:10:b1:df:38:81:05:9b:
ac:00:a1:69:80:17:65:9c:80:c6:0f:e6:81:49:5e:c1:96:39:
49:f9:c8:2a:8d:d6:57:9d:4e:b7:f0:4d:e1:93:08:4a:85:1b:
2d:08:19:c7:c2:3c:d4:46:76:33:c1:a4:45:82:a7:3e:95:5d:
f2:41:76:76:60:f5:94:e6:34:79:69:fe:1d:c2:4b:6d:65:02:
f2:6e:2a:a2:3f:2e:29:1d:d4:ac:a2:72:11:5d:ea:70:57:b4:
60:2b:3d:50:fb:e4:a6:27:54:d6:cb:8a:7e:05:ab:08:1b:b7:
f5:67:b0:a3:fd:57:56:5f:cf:82:db:6c:c0:37:c3:28:0f:84:
3a:3c:c5:ac:84:d4:af:a4:b5:ae:59:7f:7b:5f:42:16:58:e7:
aa:d2:b8:ab:d9:25:87:e8:e4:e9:ba:38:7f:f8:20:ea:18:d5:
9e:5f:30:45:af:69:e3:58:3f:7c:ea:c3:01:1d:87:f1:00:45:
e7:aa:11:e5:24:7f:b7:7f:d9:a6:29:cb:42:57:d4:1e:9a:a9:
82:c0:c4:b6:e4:56:e2:e5:7d:02:a1:a0:fb:66:c7:84:cd:cb:
52:58:e5:ec:5d:c3:20:63:74:c6:c0:d6:36:87:63:25:6c:22:
85:cc:27:b1
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUPyDRQlY3NYcsBUuW/QT1zvAs+LYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MDEyMDMwMDhaFw0yNTEwMDYyMzU5NTlaMHoxSTBHBgNV
BAUTQGNhZTlhODk2YWNmNzI0N2VkMGJiNjk2ODBiZGYyMDI4OTIzOGM3YjVlY2Vj
NTkxNGM5NzIzOWZkNjg3OTFkMjExLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMVNMZrsAbv+wtn03ISA4wplBCe1WMTLjCFn/6yw1NaV6r++Wkb9X6xktMXM
fllSFVj/pkhlw8Yvzxj8rPYearpvhjt8bVlMn0zrOioCaFTlb9Bo+7VuntjQCII6
lw+e02fUzawj+crxYOszxH7yl6edUN2gIR8yhISzIEH7Q5fjGxwrEJcJ0uDYHNXt
9sPv+HEvHNMm/yXp+TCAQMcbV9LN01J5MNHxg57FiujqFRM0f7S07/+BfKzH4c0n
R9v8c3gJNJmSZoq7BNgi9kk+8c6urKM11grujC7Co9JHkCM7hlsNjLfvfdDPCKXd
02QQajz9/kSZzdOt3pydm/+DMucCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBTSlJsZ
y89W33I5gsbJoUKjiyxdIDAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
ZTkzMWNhYTktY2E0ZS00MjhhLWFhM2MtM2FmMzZlZmFmYzhjLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0ADA
QDANBgkqhkiG9w0BAQsFAAOCAQEAHtW2HVoTAkFIJ1QQsd84gQWbrAChaYAXZZyA
xg/mgUlewZY5SfnIKo3WV51Ot/BN4ZMISoUbLQgZx8I81EZ2M8GkRYKnPpVd8kF2
dmD1lOY0eWn+HcJLbWUC8m4qoj8uKR3UrKJyEV3qcFe0YCs9UPvkpidU1suKfgWr
CBu39Wewo/1XVl/PgttswDfDKA+EOjzFrITUr6S1rll/e19CFljnqtK4q9klh+jk
6bo4f/gg6hjVnl8wRa9p41g/fOrDAR2H8QBF56oR5SR/t3/ZpinLQlfUHpqpgsDE
tuRW4uV9AqGg+2bHhM3LUljl7F3DIGN0xsDWNodjJWwihcwnsQ==
-----END CERTIFICATE-----
Generated at Mon Sep 8 12:07:07 2025 by rpki-client