Route Origin Authorization
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/0bf6cef8-8c60-4a0e-8932-cfda648d2772.roa
File: 0bf6cef8-8c60-4a0e-8932-cfda648d2772.roa (raw, json)
Hash identifier: bufrqTq1DoG2jdUqWqhE3FwWR4eKatPqgAy8oW+LHf8=
Subject key identifier: 26:A8:2D:C5:75:D2:65:42:FF:1E:95:4B:02:6B:F2:0C:38:60:84:97
Certificate issuer: /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial: 2F4ABF56A259907DA5F75209D4797FD86A0DB08E
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/0bf6cef8-8c60-4a0e-8932-cfda648d2772.roa
Signing time: Tue 05 Aug 2025 20:20:11 +0000
ROA not before: Tue 05 Aug 2025 20:20:11 +0000
ROA not after: Tue 09 Sep 2025 23:59:59 +0000
asID: 16509
IP address blocks: 2a05:d018:1000::/36 maxlen: 36
Validation: OK
Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 24 Aug 2025 05:01:29 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
2f:4a:bf:56:a2:59:90:7d:a5:f7:52:09:d4:79:7f:d8:6a:0d:b0:8e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Validity
Not Before: Aug 5 20:20:11 2025 GMT
Not After : Sep 9 23:59:59 2025 GMT
Subject: serialNumber=9b34fd86f94758f159f6b424da6200d3081434b77d683b3b8540a67a485bfaa3, CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d4:55:82:56:ab:b1:da:c2:d2:bd:c0:c0:f9:52:
e9:f6:6a:0a:19:56:df:41:e3:b6:4d:76:d3:d3:a4:
e4:ae:c0:09:44:a0:b7:be:ae:ee:dd:f7:eb:66:82:
c9:9a:ad:94:92:0f:d1:c2:1e:87:32:ae:6b:72:ca:
d9:1c:9a:5f:e1:c7:6b:58:25:2f:66:49:e0:1f:14:
88:dd:60:a9:ff:20:9f:89:a8:50:4c:0e:ea:33:7f:
c7:4b:66:19:5a:b3:bd:db:a4:8d:92:f3:66:82:01:
42:46:91:03:f6:39:96:c8:d8:f6:5b:41:a0:d1:74:
9b:9a:36:06:61:64:9f:00:06:df:8e:be:19:b9:9d:
41:9f:d3:03:00:a2:81:33:54:15:74:f4:1d:7a:fc:
50:f3:3e:cb:04:82:4c:a5:1a:8e:f0:37:2a:8e:7e:
41:b3:83:c3:ab:17:5b:9f:81:ab:2c:2b:2e:9b:c0:
a9:4a:ec:fe:46:c9:1b:e1:27:b8:47:7e:6f:f9:d1:
73:81:e5:b0:50:a9:dc:9a:af:b2:81:d9:c2:25:b6:
31:56:cf:16:dd:70:7c:8d:56:56:d1:19:31:87:97:
a5:a2:18:12:9c:16:de:1c:01:88:d4:6c:2b:e9:8a:
17:ce:34:bb:d4:26:2f:2a:69:6c:e3:81:2a:e6:dd:
8b:9d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
26:A8:2D:C5:75:D2:65:42:FF:1E:95:4B:02:6B:F2:0C:38:60:84:97
X509v3 Authority Key Identifier:
keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/0bf6cef8-8c60-4a0e-8932-cfda648d2772.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a05:d018:1000::/36
Signature Algorithm: sha256WithRSAEncryption
88:6e:26:17:e4:b8:de:94:0f:91:57:0b:1b:b4:04:bd:1b:fd:
99:83:59:ba:1d:ae:00:96:58:f2:fa:f4:04:28:f5:57:10:ad:
df:8f:31:39:d7:d3:19:d9:e7:e2:cb:7c:49:00:56:57:09:3b:
b9:dd:49:a0:76:86:0e:d4:be:ba:f0:af:96:95:bf:f1:13:2a:
33:d5:ad:bb:9a:22:b6:65:cd:b5:84:1a:49:84:87:04:e4:1b:
6a:ca:70:5f:8c:d8:fc:b8:8a:4e:fd:01:85:f8:cc:84:db:65:
08:a2:fd:f5:a4:eb:69:ac:d2:c0:0a:dc:db:29:d5:7f:8b:23:
58:89:71:1d:70:58:7d:4e:16:85:14:bf:53:ac:af:cb:89:82:
99:4e:04:e7:48:72:53:ff:bc:f6:62:30:ea:0b:3f:08:1e:21:
49:f1:5b:c5:90:b1:0f:44:19:6a:fa:62:c4:d6:87:1c:a4:5f:
ff:b2:d0:fe:b3:93:5f:d1:1f:64:95:18:e4:da:31:c9:3b:19:
14:e7:ff:a6:cf:d6:0e:e0:06:f8:6d:12:f3:36:f2:1e:3b:ce:
25:d1:1a:5d:78:57:39:4f:ed:c1:f3:17:a8:9d:3f:38:12:bd:
b7:f0:62:57:25:1f:79:65:ca:ee:bc:02:6c:72:b1:11:e1:bb:
9c:ee:cb:00
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUL0q/VqJZkH2l91IJ1Hl/2GoNsI4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTA4MDUyMDIwMTFaFw0yNTA5MDkyMzU5NTlaMHoxSTBHBgNV
BAUTQDliMzRmZDg2Zjk0NzU4ZjE1OWY2YjQyNGRhNjIwMGQzMDgxNDM0Yjc3ZDY4
M2IzYjg1NDBhNjdhNDg1YmZhYTMxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANRVglarsdrC0r3AwPlS6fZqChlW30Hjtk1209Ok5K7ACUSgt76u7t3362aC
yZqtlJIP0cIehzKua3LK2RyaX+HHa1glL2ZJ4B8UiN1gqf8gn4moUEwO6jN/x0tm
GVqzvdukjZLzZoIBQkaRA/Y5lsjY9ltBoNF0m5o2BmFknwAG346+GbmdQZ/TAwCi
gTNUFXT0HXr8UPM+ywSCTKUajvA3Ko5+QbODw6sXW5+BqywrLpvAqUrs/kbJG+En
uEd+b/nRc4HlsFCp3JqvsoHZwiW2MVbPFt1wfI1WVtEZMYeXpaIYEpwW3hwBiNRs
K+mKF840u9QmLyppbOOBKubdi50CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBQmqC3F
ddJlQv8elUsCa/IMOGCElzAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
MGJmNmNlZjgtOGM2MC00YTBlLTg5MzItY2ZkYTY0OGQyNzcyLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGBCoF0BgQ
MA0GCSqGSIb3DQEBCwUAA4IBAQCIbiYX5LjelA+RVwsbtAS9G/2Zg1m6Ha4Alljy
+vQEKPVXEK3fjzE519MZ2efiy3xJAFZXCTu53UmgdoYO1L668K+Wlb/xEyoz1a27
miK2Zc21hBpJhIcE5BtqynBfjNj8uIpO/QGF+MyE22UIov31pOtprNLACtzbKdV/
iyNYiXEdcFh9ThaFFL9TrK/LiYKZTgTnSHJT/7z2YjDqCz8IHiFJ8VvFkLEPRBlq
+mLE1occpF//stD+s5Nf0R9klRjk2jHJOxkU5/+mz9YO4Ab4bRLzNvIeO84l0Rpd
eFc5T+3B8xeonT84Er238GJXJR95ZcruvAJscrER4buc7ssA
-----END CERTIFICATE-----
Generated at Sat Aug 23 11:50:52 2025 by rpki-client