Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/f9753974-947c-42c4-885b-aa94c43c56a0.roa
File: f9753974-947c-42c4-885b-aa94c43c56a0.roa (raw, json)
Hash identifier: mxJkUd2w1BtleZHfd4HtLT9S/iUrLoSruySnLDpRnXQ=
Subject key identifier: 28:5D:D2:1D:73:CE:83:1E:B5:D3:E8:2F:CB:5D:98:D7:1E:31:42:AC
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 43382BB315D6FD736FDEF782853D22D288C0F702
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/f9753974-947c-42c4-885b-aa94c43c56a0.roa
Signing time: Mon 01 Sep 2025 19:40:32 +0000
ROA not before: Mon 01 Sep 2025 19:40:32 +0000
ROA not after: Mon 06 Oct 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d07f:a0c0::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 09 Sep 2025 10:00:23 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
43:38:2b:b3:15:d6:fd:73:6f:de:f7:82:85:3d:22:d2:88:c0:f7:02
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Sep 1 19:40:32 2025 GMT
Not After : Oct 6 23:59:59 2025 GMT
Subject: serialNumber=b1d1a75ab0291859a70ce6b541b43d0fbff827f4af544850110d90bac69f233d, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8e:22:29:c5:12:f0:90:23:b0:13:94:cf:c3:29:
a6:9c:2e:4e:ea:6e:f9:96:ba:96:9e:5f:fa:90:cf:
5e:c9:a3:f4:b5:a4:7e:8f:6c:e1:2c:60:77:e1:66:
6f:f1:e6:af:59:a8:b1:cb:3d:1f:86:cf:cf:f2:6b:
12:41:84:4e:3b:30:31:12:68:44:c0:1c:82:aa:84:
8e:2c:0b:a9:97:f0:e4:bf:75:ec:b4:ff:5e:30:48:
66:e2:3d:62:8b:fc:21:0d:7a:5f:60:0b:d9:1e:c9:
a1:b4:7d:d0:e0:7d:9e:10:c5:b8:46:80:75:a9:0d:
bd:0c:7a:8b:49:d7:8d:e9:73:64:5c:7b:76:a1:d5:
0b:9b:7e:b6:65:91:c5:a2:5d:10:28:ae:2e:13:86:
1d:01:27:af:53:58:6a:b6:df:41:67:8f:e3:53:5b:
d8:01:b0:f2:6b:95:0b:23:00:fa:a3:b5:1b:c8:f4:
8e:af:13:d4:8b:fd:d7:fd:aa:37:df:82:ed:0a:66:
74:f6:61:d1:64:6c:0c:aa:3f:69:c2:6b:46:82:5a:
9b:7c:ba:e4:f4:ac:d3:50:d4:c9:72:64:8d:a3:af:
83:a2:aa:4d:b5:3a:9a:10:81:32:36:99:14:e5:4b:
06:d7:e1:fe:20:01:a8:03:ae:61:6c:aa:78:92:3b:
be:3f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
28:5D:D2:1D:73:CE:83:1E:B5:D3:E8:2F:CB:5D:98:D7:1E:31:42:AC
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/f9753974-947c-42c4-885b-aa94c43c56a0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d07f:a0c0::/48
Signature Algorithm: sha256WithRSAEncryption
26:8d:f8:5e:e8:68:1b:32:c0:d2:53:e8:ba:e2:5a:eb:8e:f4:
11:96:11:45:59:b1:49:0a:29:ab:60:e0:7e:15:62:36:3a:e8:
8e:64:dc:9e:17:ff:a1:61:99:57:e4:c4:9f:de:be:6d:0c:ed:
51:72:58:71:fe:08:97:cc:18:09:50:2e:59:4f:b9:c9:36:d6:
25:ce:b2:36:ba:e2:08:cd:af:da:ee:2a:8b:50:2a:63:8d:7f:
47:8c:d0:27:a4:bc:03:50:8c:23:1e:8d:19:20:be:d5:86:25:
c5:fc:51:f2:e1:98:61:48:76:da:0a:12:21:14:0c:10:f9:08:
9e:5d:3b:4f:05:5d:f7:b9:a8:b2:89:af:4d:1d:5a:b2:09:42:
4e:99:68:6d:d0:95:52:26:8f:7f:f9:32:93:0f:08:14:a4:bf:
c3:67:79:85:d4:72:59:1e:a3:28:ab:ed:89:a9:13:32:7a:e8:
fc:78:0f:ff:ae:f5:47:59:85:3b:0e:67:3a:87:c9:43:ab:11:
39:0c:ee:33:d4:24:0a:8d:a1:79:0d:12:f5:ab:9a:5e:c1:6c:
ba:44:55:fe:32:11:fc:5d:43:9d:11:de:99:77:71:1b:61:f4:
da:d3:a1:47:cf:0e:7f:33:1a:66:d8:89:46:52:65:9b:72:73:
80:e7:e7:b2
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUQzgrsxXW/XNv3veChT0i0ojA9wIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MDExOTQwMzJaFw0yNTEwMDYyMzU5NTlaMHoxSTBHBgNV
BAUTQGIxZDFhNzVhYjAyOTE4NTlhNzBjZTZiNTQxYjQzZDBmYmZmODI3ZjRhZjU0
NDg1MDExMGQ5MGJhYzY5ZjIzM2QxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAI4iKcUS8JAjsBOUz8MpppwuTupu+Za6lp5f+pDPXsmj9LWkfo9s4Sxgd+Fm
b/Hmr1moscs9H4bPz/JrEkGETjswMRJoRMAcgqqEjiwLqZfw5L917LT/XjBIZuI9
Yov8IQ16X2AL2R7JobR90OB9nhDFuEaAdakNvQx6i0nXjelzZFx7dqHVC5t+tmWR
xaJdECiuLhOGHQEnr1NYarbfQWeP41Nb2AGw8muVCyMA+qO1G8j0jq8T1Iv91/2q
N9+C7QpmdPZh0WRsDKo/acJrRoJam3y65PSs01DUyXJkjaOvg6KqTbU6mhCBMjaZ
FOVLBtfh/iABqAOuYWyqeJI7vj8CAwEAAaOCAiQwggIgMB0GA1UdDgQWBBQoXdId
c86DHrXT6C/LXZjXHjFCrDAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
Zjk3NTM5NzQtOTQ3Yy00MmM0LTg4NWItYWE5NGM0M2M1NmEwLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0H+g
wDANBgkqhkiG9w0BAQsFAAOCAQEAJo34XuhoGzLA0lPouuJa6470EZYRRVmxSQop
q2DgfhViNjrojmTcnhf/oWGZV+TEn96+bQztUXJYcf4Il8wYCVAuWU+5yTbWJc6y
NrriCM2v2u4qi1AqY41/R4zQJ6S8A1CMIx6NGSC+1YYlxfxR8uGYYUh22goSIRQM
EPkInl07TwVd97mosomvTR1asglCTplobdCVUiaPf/kykw8IFKS/w2d5hdRyWR6j
KKvtiakTMnro/HgP/671R1mFOw5nOofJQ6sROQzuM9QkCo2heQ0S9auaXsFsukRV
/jIR/F1DnRHemXdxG2H02tOhR88OfzMaZtiJRlJlm3JzgOfnsg==
-----END CERTIFICATE-----
Generated at Mon Sep 8 12:06:03 2025 by rpki-client