Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/f1951bda-59cd-4b11-b7a1-19b1f5d32116.roa
File: f1951bda-59cd-4b11-b7a1-19b1f5d32116.roa (raw, json)
Hash identifier: qd0jievquRpQkOq1U/sUsmqOzmSz2WwHuT2IJZ5yG3k=
Subject key identifier: 12:C6:2A:90:3E:E3:5B:60:22:B1:F6:38:92:CD:79:59:3A:FC:95:8B
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 529359637FE5316699BE7098EC102AC58D99A3AA
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/f1951bda-59cd-4b11-b7a1-19b1f5d32116.roa
Signing time: Mon 01 Sep 2025 20:00:09 +0000
ROA not before: Mon 01 Sep 2025 20:00:09 +0000
ROA not after: Mon 06 Oct 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d072:5080::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 09 Sep 2025 10:00:23 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
52:93:59:63:7f:e5:31:66:99:be:70:98:ec:10:2a:c5:8d:99:a3:aa
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Sep 1 20:00:09 2025 GMT
Not After : Oct 6 23:59:59 2025 GMT
Subject: serialNumber=ed6332dc3e904d6cdc3363331165e68748fad30fdb91cb7718661029304a3931, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c7:4c:7c:06:e2:33:82:3c:90:0a:15:c9:d1:e8:
91:70:34:8e:53:3b:d5:c4:a2:3a:ec:e2:b7:61:b9:
04:31:c3:f5:f4:95:0d:1b:98:10:87:c4:66:16:3c:
d4:30:d3:08:d8:95:37:52:79:80:11:fc:f4:3f:02:
c7:ef:c1:9a:18:53:4f:75:79:39:2f:28:fe:b1:f0:
7e:a1:96:81:0e:35:af:a0:c9:1d:0d:26:67:a5:6d:
f5:4c:37:35:ac:a4:c2:7a:c6:23:4b:ef:db:71:23:
ce:be:ee:aa:b9:4e:84:da:27:92:50:a3:db:d5:43:
ba:aa:9e:9c:32:1f:d0:f7:22:32:58:d9:aa:96:4d:
a3:63:1a:e5:e2:76:a4:6b:80:82:aa:d7:24:c8:c5:
55:0d:ea:da:e2:a3:e2:a7:2e:0c:3b:56:b5:03:47:
e7:2a:4a:fd:51:6a:05:89:88:b6:25:46:93:41:ad:
2a:1e:e8:14:0b:93:d8:87:a0:9b:19:cb:d6:46:07:
77:c6:90:68:84:a4:ea:6e:99:e8:20:6d:f4:02:d1:
42:d1:f2:ee:07:c0:8c:e2:90:f5:98:b8:92:4d:14:
d2:40:3e:73:c2:fc:3e:72:a5:ac:94:6e:ad:10:ac:
a4:43:ad:9a:bb:9f:45:de:a9:ec:1e:96:20:56:57:
e6:0f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
12:C6:2A:90:3E:E3:5B:60:22:B1:F6:38:92:CD:79:59:3A:FC:95:8B
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/f1951bda-59cd-4b11-b7a1-19b1f5d32116.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d072:5080::/48
Signature Algorithm: sha256WithRSAEncryption
a4:6d:fc:3b:64:69:8a:ed:19:0a:b2:cf:98:0d:9e:9c:7a:c7:
27:cd:30:14:b2:44:5a:5f:72:d5:56:5c:89:ad:e9:be:6f:97:
d7:56:dd:32:2e:22:d2:ff:42:40:ad:c8:e2:52:3f:9f:95:87:
17:04:2c:9c:2b:02:3a:90:82:a0:0f:ad:2b:2c:95:8a:71:e3:
72:67:89:3b:6c:db:10:87:e4:51:99:a1:6b:5f:81:df:6c:9b:
6b:1f:ba:bf:2a:0e:50:6a:5c:f9:94:36:2d:bd:20:f2:ad:4c:
7a:13:a3:d3:f3:6f:9b:10:2e:10:06:43:22:bd:4f:fe:cf:a8:
82:0a:e6:0e:98:c6:58:89:bd:2a:57:97:8f:da:a4:9c:39:43:
aa:b9:ae:3e:45:c3:69:fa:05:64:35:c9:c1:fd:19:62:f2:b8:
5c:b9:56:80:f5:e1:8c:6b:4f:f4:2c:6c:99:81:9e:a6:f1:8d:
b9:a3:41:39:f7:96:4d:eb:41:a8:32:4f:8a:0f:f9:d0:be:9d:
7a:a7:c3:66:63:8e:57:10:34:bc:d0:0e:b4:b2:0b:27:ec:14:
2a:9e:89:c4:b2:8e:a9:c5:99:cf:d3:79:7c:20:84:1d:3b:8a:
c9:b7:5f:8e:b5:8d:9a:b0:60:81:85:04:75:83:8a:ae:67:5b:
43:a8:2a:54
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUUpNZY3/lMWaZvnCY7BAqxY2Zo6owDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MDEyMDAwMDlaFw0yNTEwMDYyMzU5NTlaMHoxSTBHBgNV
BAUTQGVkNjMzMmRjM2U5MDRkNmNkYzMzNjMzMzExNjVlNjg3NDhmYWQzMGZkYjkx
Y2I3NzE4NjYxMDI5MzA0YTM5MzExLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMdMfAbiM4I8kAoVydHokXA0jlM71cSiOuzit2G5BDHD9fSVDRuYEIfEZhY8
1DDTCNiVN1J5gBH89D8Cx+/BmhhTT3V5OS8o/rHwfqGWgQ41r6DJHQ0mZ6Vt9Uw3
NaykwnrGI0vv23Ejzr7uqrlOhNonklCj29VDuqqenDIf0PciMljZqpZNo2Ma5eJ2
pGuAgqrXJMjFVQ3q2uKj4qcuDDtWtQNH5ypK/VFqBYmItiVGk0GtKh7oFAuT2Ieg
mxnL1kYHd8aQaISk6m6Z6CBt9ALRQtHy7gfAjOKQ9Zi4kk0U0kA+c8L8PnKlrJRu
rRCspEOtmrufRd6p7B6WIFZX5g8CAwEAAaOCAiQwggIgMB0GA1UdDgQWBBQSxiqQ
PuNbYCKx9jiSzXlZOvyVizAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
ZjE5NTFiZGEtNTljZC00YjExLWI3YTEtMTliMWY1ZDMyMTE2LnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0HJQ
gDANBgkqhkiG9w0BAQsFAAOCAQEApG38O2Rpiu0ZCrLPmA2enHrHJ80wFLJEWl9y
1VZcia3pvm+X11bdMi4i0v9CQK3I4lI/n5WHFwQsnCsCOpCCoA+tKyyVinHjcmeJ
O2zbEIfkUZmha1+B32ybax+6vyoOUGpc+ZQ2Lb0g8q1MehOj0/NvmxAuEAZDIr1P
/s+oggrmDpjGWIm9KleXj9qknDlDqrmuPkXDafoFZDXJwf0ZYvK4XLlWgPXhjGtP
9CxsmYGepvGNuaNBOfeWTetBqDJPig/50L6deqfDZmOOVxA0vNAOtLILJ+wUKp6J
xLKOqcWZz9N5fCCEHTuKybdfjrWNmrBggYUEdYOKrmdbQ6gqVA==
-----END CERTIFICATE-----
Generated at Mon Sep 8 12:18:27 2025 by rpki-client