Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/fa3b401f-ea91-45a9-8182-d567cfac077a.roa
File: fa3b401f-ea91-45a9-8182-d567cfac077a.roa (raw, json)
Hash identifier: 73O6gEFwU/DeElg5DCL76JUBSGs2/ZDTX+iH/qj7cGk=
Subject key identifier: B1:CC:E3:BD:ED:05:C1:B3:D6:2F:AB:4D:E7:13:CD:66:53:9A:7C:4B
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 194ECD499C8BCC4A841F4AD2737AEA10CC8C47D8
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/fa3b401f-ea91-45a9-8182-d567cfac077a.roa
Signing time: Mon 01 Sep 2025 19:41:10 +0000
ROA not before: Mon 01 Sep 2025 19:41:10 +0000
ROA not after: Mon 06 Oct 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d031:b080::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 09 Sep 2025 10:00:23 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
19:4e:cd:49:9c:8b:cc:4a:84:1f:4a:d2:73:7a:ea:10:cc:8c:47:d8
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Sep 1 19:41:10 2025 GMT
Not After : Oct 6 23:59:59 2025 GMT
Subject: serialNumber=01c1124c727e7dd20dea1ad969d4f5549b66e181e4960ba29c8792cef92b23ed, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a3:42:be:35:5a:32:d5:d4:b1:bd:b0:31:95:15:
01:66:30:9d:d3:3b:10:e9:61:91:8a:da:84:5e:e3:
48:99:0f:a1:76:52:28:79:7f:73:68:37:19:74:84:
e1:7f:01:8b:63:d1:23:a9:79:8e:2d:c6:d3:e6:38:
28:35:2b:3f:7b:be:6a:17:9e:0b:b4:31:f5:8b:a2:
05:49:73:9f:09:11:39:f2:cb:a9:bc:45:7e:de:70:
23:a1:50:65:ae:a1:cc:50:c3:77:d1:3f:26:8e:63:
eb:00:15:c3:be:02:f1:46:e5:e0:af:c7:9e:aa:63:
29:33:a7:83:4f:da:cf:62:c7:4c:9b:f1:e1:1b:26:
77:dc:ac:89:54:35:d7:fc:45:c4:15:09:14:cc:ea:
90:ee:eb:1b:02:f3:fc:f3:30:94:9e:2f:ad:5e:da:
47:d1:99:fb:47:ba:72:ef:53:9d:54:f1:2d:99:7f:
41:02:91:87:a4:cf:c0:1c:ee:f4:b3:b8:95:fb:98:
5e:3b:1e:ae:38:35:5a:19:c1:bc:79:22:df:28:53:
e8:61:d0:a3:7e:02:ec:6c:9f:25:0e:29:c9:b0:2e:
55:98:1b:7d:1d:a7:94:a4:5f:9b:44:67:26:77:c9:
9c:7b:10:d7:71:6e:15:aa:84:2c:17:c9:9d:94:92:
b0:9f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B1:CC:E3:BD:ED:05:C1:B3:D6:2F:AB:4D:E7:13:CD:66:53:9A:7C:4B
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/fa3b401f-ea91-45a9-8182-d567cfac077a.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d031:b080::/48
Signature Algorithm: sha256WithRSAEncryption
3c:67:68:fc:4a:6e:a7:cb:dd:39:c1:53:42:7c:33:59:fd:cc:
f3:a6:0d:20:7a:86:b7:ec:7c:22:2c:47:8d:34:05:ce:d6:50:
7c:db:f0:08:60:5b:ba:4c:54:9c:1a:18:40:de:b6:09:e9:13:
71:03:2f:69:4f:ce:8f:5e:f7:db:4e:e2:5f:a8:3d:5f:e2:98:
2e:09:30:ca:ab:2b:7d:79:03:62:a0:2a:b4:3c:72:bd:db:95:
0b:ab:ab:62:05:f6:7a:ee:22:a9:45:2c:99:7b:18:db:b1:34:
de:ef:70:09:1e:27:24:a6:ad:0d:16:8b:91:68:e7:e7:63:fb:
d5:b9:a9:86:4e:b6:c0:be:0f:a6:2b:a1:8d:6e:18:5a:b9:05:
7d:55:5f:60:0e:69:82:6a:84:bf:24:8f:b6:ee:c8:dd:15:4b:
11:b0:42:72:11:66:2c:93:4a:e1:2d:d4:35:5e:2d:01:f4:78:
33:e8:56:42:ad:41:13:a0:bf:eb:4a:64:43:36:bd:38:1f:20:
0c:65:eb:79:c3:41:d6:1f:29:83:dc:09:ab:ae:d2:85:04:d1:
8d:78:60:69:f4:6f:d0:d3:b1:96:91:77:1f:79:9a:24:5a:7a:
cf:a0:af:0a:da:8c:35:61:fb:a7:94:7e:bf:1e:23:ed:6c:c3:
ba:03:37:00
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUGU7NSZyLzEqEH0rSc3rqEMyMR9gwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MDExOTQxMTBaFw0yNTEwMDYyMzU5NTlaMHoxSTBHBgNV
BAUTQDAxYzExMjRjNzI3ZTdkZDIwZGVhMWFkOTY5ZDRmNTU0OWI2NmUxODFlNDk2
MGJhMjljODc5MmNlZjkyYjIzZWQxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKNCvjVaMtXUsb2wMZUVAWYwndM7EOlhkYrahF7jSJkPoXZSKHl/c2g3GXSE
4X8Bi2PRI6l5ji3G0+Y4KDUrP3u+aheeC7Qx9YuiBUlznwkROfLLqbxFft5wI6FQ
Za6hzFDDd9E/Jo5j6wAVw74C8Ubl4K/HnqpjKTOng0/az2LHTJvx4Rsmd9ysiVQ1
1/xFxBUJFMzqkO7rGwLz/PMwlJ4vrV7aR9GZ+0e6cu9TnVTxLZl/QQKRh6TPwBzu
9LO4lfuYXjserjg1WhnBvHki3yhT6GHQo34C7GyfJQ4pybAuVZgbfR2nlKRfm0Rn
JnfJnHsQ13FuFaqELBfJnZSSsJ8CAwEAAaOCAiQwggIgMB0GA1UdDgQWBBSxzOO9
7QXBs9Yvq03nE81mU5p8SzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
ZmEzYjQwMWYtZWE5MS00NWE5LTgxODItZDU2N2NmYWMwNzdhLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0DGw
gDANBgkqhkiG9w0BAQsFAAOCAQEAPGdo/Epup8vdOcFTQnwzWf3M86YNIHqGt+x8
IixHjTQFztZQfNvwCGBbukxUnBoYQN62CekTcQMvaU/Oj173207iX6g9X+KYLgkw
yqsrfXkDYqAqtDxyvduVC6urYgX2eu4iqUUsmXsY27E03u9wCR4nJKatDRaLkWjn
52P71bmphk62wL4PpiuhjW4YWrkFfVVfYA5pgmqEvySPtu7I3RVLEbBCchFmLJNK
4S3UNV4tAfR4M+hWQq1BE6C/60pkQza9OB8gDGXrecNB1h8pg9wJq67ShQTRjXhg
afRv0NOxlpF3H3maJFp6z6CvCtqMNWH7p5R+vx4j7WzDugM3AA==
-----END CERTIFICATE-----
Generated at Mon Sep 8 12:18:34 2025 by rpki-client