Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/fc40321f-72c2-43a4-8c42-0e935f8f1943.roa
File: fc40321f-72c2-43a4-8c42-0e935f8f1943.roa (raw, json)
Hash identifier: Xnx4sQAu70SpfKBbuvX7Xs8b0YTC5FhGjGLDR/mdVGk=
Subject key identifier: EA:77:8E:F2:92:0D:3F:F5:2D:4B:A3:A7:C3:C2:F0:71:D5:96:40:09
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 35CC51791631FD90FACF4A5460783F0C21117CBE
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/fc40321f-72c2-43a4-8c42-0e935f8f1943.roa
Signing time: Mon 01 Sep 2025 20:00:54 +0000
ROA not before: Mon 01 Sep 2025 20:00:54 +0000
ROA not after: Mon 06 Oct 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d000:20c0::/48 maxlen: 48
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 09 Sep 2025 10:00:23 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
35:cc:51:79:16:31:fd:90:fa:cf:4a:54:60:78:3f:0c:21:11:7c:be
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Sep 1 20:00:54 2025 GMT
Not After : Oct 6 23:59:59 2025 GMT
Subject: serialNumber=0e6a8d2eff0830b8ee949cb50576c51dd153b3a58879980c676b12a93b816bd0, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b8:5c:d1:6d:b3:04:cb:26:9d:37:e3:5c:76:b1:
10:d1:35:34:21:98:7f:c4:20:a5:5f:66:21:1c:f3:
c4:93:48:13:9d:04:ac:f3:69:19:bd:15:88:a6:22:
e9:39:bb:d0:77:30:57:3f:9c:d4:da:c8:e2:7f:2c:
48:bb:13:f8:77:6b:dc:22:3c:ef:fd:89:f6:81:68:
a8:df:e3:1b:c4:ec:ae:5d:b7:0b:61:01:b5:2c:1d:
3c:43:e2:d1:54:b2:fa:fe:15:6c:b2:b3:be:89:cb:
ef:6a:2f:c9:c2:bb:0f:78:38:d8:d9:5a:5a:1b:86:
8c:3f:cf:42:04:a4:e2:da:ce:cc:0b:46:61:6d:b1:
c9:5a:ef:b7:63:26:70:93:94:1f:91:6b:c5:da:4f:
ed:14:1c:a9:ff:93:32:97:65:95:d0:0a:94:09:3e:
32:e0:b8:9e:5a:06:25:00:01:86:7f:d7:20:87:21:
a9:4b:7e:d8:e3:2b:23:8e:4e:f0:36:bf:b0:6d:d6:
62:b3:dd:42:da:4f:07:a6:10:0c:71:c3:06:a5:e6:
c6:7a:2d:ae:ca:9d:de:e8:41:ae:e8:55:04:a9:51:
77:a4:5c:f0:c2:3a:c4:99:9e:c5:f4:cf:6f:a1:cc:
bc:e5:6f:6b:ff:1f:39:be:7e:3b:04:5e:9a:aa:77:
68:83
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
EA:77:8E:F2:92:0D:3F:F5:2D:4B:A3:A7:C3:C2:F0:71:D5:96:40:09
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/fc40321f-72c2-43a4-8c42-0e935f8f1943.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d000:20c0::/48
Signature Algorithm: sha256WithRSAEncryption
76:62:7b:f2:0b:30:20:3e:d2:2a:7f:ea:ae:ce:f9:cb:8c:a8:
a3:8e:3e:6b:d7:8f:53:72:8e:6f:75:32:24:4f:d4:f8:c1:36:
bf:49:e7:b3:75:38:46:cb:9e:8d:00:95:b7:e3:39:65:96:26:
12:d0:44:0b:4e:3b:98:fb:52:f8:77:ed:26:be:11:ff:27:db:
64:72:59:df:f8:34:2f:d5:b7:25:eb:52:e7:86:3a:81:ca:e6:
c8:93:83:c3:ff:17:03:98:b6:59:f7:f6:8f:7a:b8:1c:a4:c8:
ae:5a:b9:ee:f6:f1:fa:b1:27:f1:c3:1b:ae:87:84:29:83:f7:
bc:74:32:ce:9b:7d:cb:a0:a6:f7:9e:60:04:8c:87:37:e9:f0:
46:99:41:6f:5a:13:9d:a6:0a:43:ec:81:58:93:3e:4e:7a:66:
5e:a6:da:7e:2e:a8:39:93:50:df:44:41:0b:b2:0a:43:a6:dd:
b0:5e:5a:50:be:d3:ba:b1:1b:2a:46:ba:c5:f9:4e:af:c1:0c:
95:d8:4c:9f:fd:9b:16:b5:21:ae:99:72:95:30:09:e2:1a:f9:
cd:61:83:36:74:43:17:3a:37:47:2d:71:9e:3b:8f:9b:e2:7b:
1b:07:e5:b7:8d:d2:8a:43:8a:dd:dd:45:f3:c9:1b:eb:57:f7:
d7:12:81:d2
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIUNcxReRYx/ZD6z0pUYHg/DCERfL4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA5MDEyMDAwNTRaFw0yNTEwMDYyMzU5NTlaMHoxSTBHBgNV
BAUTQDBlNmE4ZDJlZmYwODMwYjhlZTk0OWNiNTA1NzZjNTFkZDE1M2IzYTU4ODc5
OTgwYzY3NmIxMmE5M2I4MTZiZDAxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALhc0W2zBMsmnTfjXHaxENE1NCGYf8QgpV9mIRzzxJNIE50ErPNpGb0ViKYi
6Tm70HcwVz+c1NrI4n8sSLsT+Hdr3CI87/2J9oFoqN/jG8Tsrl23C2EBtSwdPEPi
0VSy+v4VbLKzvonL72ovycK7D3g42NlaWhuGjD/PQgSk4trOzAtGYW2xyVrvt2Mm
cJOUH5FrxdpP7RQcqf+TMpdlldAKlAk+MuC4nloGJQABhn/XIIchqUt+2OMrI45O
8Da/sG3WYrPdQtpPB6YQDHHDBqXmxnotrsqd3uhBruhVBKlRd6Rc8MI6xJmexfTP
b6HMvOVva/8fOb5+OwRemqp3aIMCAwEAAaOCAiQwggIgMB0GA1UdDgQWBBTqd47y
kg0/9S1Lo6fDwvBx1ZZACTAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
ZmM0MDMyMWYtNzJjMi00M2E0LThjNDItMGU5MzVmOGYxOTQzLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoF0AAg
wDANBgkqhkiG9w0BAQsFAAOCAQEAdmJ78gswID7SKn/qrs75y4yoo44+a9ePU3KO
b3UyJE/U+ME2v0nns3U4RsuejQCVt+M5ZZYmEtBEC047mPtS+HftJr4R/yfbZHJZ
3/g0L9W3JetS54Y6gcrmyJODw/8XA5i2Wff2j3q4HKTIrlq57vbx+rEn8cMbroeE
KYP3vHQyzpt9y6Cm955gBIyHN+nwRplBb1oTnaYKQ+yBWJM+TnpmXqbafi6oOZNQ
30RBC7IKQ6bdsF5aUL7TurEbKka6xflOr8EMldhMn/2bFrUhrplylTAJ4hr5zWGD
NnRDFzo3Ry1xnjuPm+J7Gwflt43SikOK3d1F88kb61f31xKB0g==
-----END CERTIFICATE-----
Generated at Mon Sep 8 12:07:01 2025 by rpki-client